Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/340c73-79ee-4926-8e4f-607d4f37f59f/1/wc712w8oGSp9it2ejzQ6Ex7dXqk.roa
File:                     wc712w8oGSp9it2ejzQ6Ex7dXqk.roa (raw, json)
Hash identifier:          +9LJFrVOw15QOfsJ/2cOJpGzFO3e/x6rxBPd1HVFwbU=
Subject key identifier:   C1:CE:F5:DB:0F:28:19:2A:7D:8A:DD:9E:8F:34:3A:13:1E:DD:5E:A9
Certificate issuer:       /CN=c68c65e699b576ab113a79be8828948f1e6cc260
Certificate serial:       018DFA77BFA7D849F24577DB0957B5F62413
Authority key identifier: C6:8C:65:E6:99:B5:76:AB:11:3A:79:BE:88:28:94:8F:1E:6C:C2:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xoxl5pm1dqsROnm-iCiUjx5swmA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/340c73-79ee-4926-8e4f-607d4f37f59f/1/wc712w8oGSp9it2ejzQ6Ex7dXqk.roa
Signing time:             Fri 01 Mar 2024 14:42:48 +0000
ROA not before:           Fri 01 Mar 2024 14:42:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        82.115.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/340c73-79ee-4926-8e4f-607d4f37f59f/1/xoxl5pm1dqsROnm-iCiUjx5swmA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/340c73-79ee-4926-8e4f-607d4f37f59f/1/xoxl5pm1dqsROnm-iCiUjx5swmA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xoxl5pm1dqsROnm-iCiUjx5swmA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 17:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:fa:77:bf:a7:d8:49:f2:45:77:db:09:57:b5:f6:24:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c68c65e699b576ab113a79be8828948f1e6cc260
        Validity
            Not Before: Mar  1 14:42:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1cef5db0f28192a7d8add9e8f343a131edd5ea9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:7e:75:5a:0b:65:6b:43:0a:ae:b9:c9:0c:e2:
                    25:5b:81:d2:a7:6b:3b:3b:16:5c:67:bc:cc:d1:89:
                    78:9d:d4:23:c5:18:bc:c6:b0:a6:8c:ec:da:ce:8d:
                    a1:4b:74:29:48:c4:4d:00:93:db:d0:2b:1a:e5:b6:
                    2a:71:e9:c6:56:3d:bf:a3:c5:65:d2:08:a7:36:6a:
                    9c:a9:56:6d:b6:22:76:18:ed:6d:0e:30:51:47:8f:
                    93:6b:9d:d4:33:27:6c:ae:6f:9a:60:e0:eb:f3:2f:
                    25:9a:31:e0:2f:76:20:a9:89:b1:1f:df:ff:a0:4b:
                    4c:45:18:0b:e9:89:b7:65:70:af:9a:6e:2e:c3:b6:
                    44:1a:9c:52:ca:e6:2c:9f:51:5a:49:79:1f:f8:af:
                    ec:58:7c:42:0d:62:21:32:a9:61:ae:57:07:59:d3:
                    2e:07:33:c8:cf:8f:90:88:9a:b0:cd:a8:3f:58:db:
                    4e:f5:df:19:46:42:71:e3:04:d7:3d:ec:e3:14:48:
                    30:b5:73:59:9a:b7:f9:80:cc:06:db:52:85:fe:e9:
                    06:5f:7a:97:58:f9:4f:9b:a0:46:05:09:bc:af:62:
                    79:15:e8:19:b0:e2:0e:8a:a9:cc:3f:b1:bc:fb:90:
                    bf:da:b3:81:ae:d7:66:10:e6:eb:05:b2:30:93:b3:
                    ea:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:CE:F5:DB:0F:28:19:2A:7D:8A:DD:9E:8F:34:3A:13:1E:DD:5E:A9
            X509v3 Authority Key Identifier:
                keyid:C6:8C:65:E6:99:B5:76:AB:11:3A:79:BE:88:28:94:8F:1E:6C:C2:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xoxl5pm1dqsROnm-iCiUjx5swmA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/340c73-79ee-4926-8e4f-607d4f37f59f/1/wc712w8oGSp9it2ejzQ6Ex7dXqk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/340c73-79ee-4926-8e4f-607d4f37f59f/1/xoxl5pm1dqsROnm-iCiUjx5swmA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.115.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:1a:b8:ad:22:9c:f7:cb:67:e5:01:25:12:09:1f:cb:7d:0f:
         7d:97:36:2e:4d:20:e7:58:75:5e:af:09:8e:db:ef:de:43:02:
         f7:cd:cc:5a:5a:13:f6:db:eb:d4:c0:01:4c:e8:21:c3:0d:8a:
         00:e7:91:d6:b0:c2:3d:4f:1b:78:d0:91:6e:a3:9a:ce:97:51:
         3b:6c:f4:4b:83:ca:a7:ac:6d:db:c6:f9:be:ad:23:45:2c:55:
         f2:bd:ba:2e:18:a4:81:70:05:ac:5c:96:66:91:1e:1d:22:0d:
         7b:03:35:c8:ac:11:c9:9d:83:45:fd:7f:eb:e4:6c:84:b0:d9:
         32:58:c4:ad:f5:20:ef:d3:f3:3b:cb:57:1f:aa:7d:61:ab:85:
         b2:ff:a0:db:1a:89:61:96:c7:82:fc:41:2b:be:d1:17:6f:33:
         2d:13:7d:20:83:1f:fc:1c:55:22:98:35:0a:c1:28:58:04:78:
         73:e6:13:c2:33:0d:28:97:f6:d4:21:0f:29:66:8c:68:df:d2:
         e8:3e:46:5e:40:e0:d2:f2:b9:e3:4e:7e:ec:ce:fc:f1:dd:12:
         d1:65:ec:fa:f2:8e:23:cc:fc:36:8e:b7:e0:cd:f3:8f:38:1f:
         4a:6d:08:2d:36:f0:00:88:0f:a0:67:dd:5f:17:f3:b9:91:a6:
         85:31:14:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY36d7+n2EnyRXfbCVe19iQTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2OGM2NWU2OTliNTc2YWIxMTNhNzliZTg4Mjg5NDhmMWU2
Y2MyNjAwHhcNMjQwMzAxMTQ0MjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWNlZjVkYjBmMjgxOTJhN2Q4YWRkOWU4ZjM0M2ExMzFlZGQ1ZWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxX51Wgtla0MKrrnJDOIlW4HSp2s7
OxZcZ7zM0Yl4ndQjxRi8xrCmjOzazo2hS3QpSMRNAJPb0Csa5bYqcenGVj2/o8Vl
0ginNmqcqVZttiJ2GO1tDjBRR4+Ta53UMydsrm+aYODr8y8lmjHgL3YgqYmxH9//
oEtMRRgL6Ym3ZXCvmm4uw7ZEGpxSyuYsn1FaSXkf+K/sWHxCDWIhMqlhrlcHWdMu
BzPIz4+QiJqwzag/WNtO9d8ZRkJx4wTXPezjFEgwtXNZmrf5gMwG21KF/ukGX3qX
WPlPm6BGBQm8r2J5FegZsOIOiqnMP7G8+5C/2rOBrtdmEObrBbIwk7PqoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMHO9dsPKBkqfYrdno80OhMe3V6pMB8GA1UdIwQY
MBaAFMaMZeaZtXarETp5vogolI8ebMJgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG94bDVwbTFkcXNST25tLWlDaVVqeDVzd21BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8zNDBjNzMtNzllZS00OTI2LThlNGYt
NjA3ZDRmMzdmNTlmLzEvd2M3MTJ3OG9HU3A5aXQyZWp6UTZFeDdkWHFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8zNDBjNzMtNzllZS00OTI2LThlNGYtNjA3ZDRmMzdmNTlm
LzEveG94bDVwbTFkcXNST25tLWlDaVVqeDVzd21BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUnPZMA0G
CSqGSIb3DQEBCwUAA4IBAQCuGritIpz3y2flASUSCR/LfQ99lzYuTSDnWHVerwmO
2+/eQwL3zcxaWhP22+vUwAFM6CHDDYoA55HWsMI9Txt40JFuo5rOl1E7bPRLg8qn
rG3bxvm+rSNFLFXyvbouGKSBcAWsXJZmkR4dIg17AzXIrBHJnYNF/X/r5GyEsNky
WMSt9SDv0/M7y1cfqn1hq4Wy/6DbGolhlseC/EErvtEXbzMtE30ggx/8HFUimDUK
wShYBHhz5hPCMw0ol/bUIQ8pZoxo39LoPkZeQODS8rnjTn7szvzx3RLRZez68o4j
zPw2jrfgzfOPOB9KbQgtNvAAiA+gZ91fF/O5kaaFMRQs
-----END CERTIFICATE-----