Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/wDW1K2yqEtC3dkX5AT-40CM-Whk.roa
File:                     wDW1K2yqEtC3dkX5AT-40CM-Whk.roa (raw, json)
Hash identifier:          Yg2q/rRPcacusoiJxv28rawDWSU60P4FvZj4wpmh5RQ=
Subject key identifier:   C0:35:B5:2B:6C:AA:12:D0:B7:76:45:F9:01:3F:B8:D0:23:3E:5A:19
Certificate issuer:       /CN=d3c35bc9b7f8550be3e467c54a9d3a66e2443bd4
Certificate serial:       0191F1840C824109D112AB0DDDB7EDB1A1D9
Authority key identifier: D3:C3:5B:C9:B7:F8:55:0B:E3:E4:67:C5:4A:9D:3A:66:E2:44:3B:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/08Nbybf4VQvj5GfFSp06ZuJEO9Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/wDW1K2yqEtC3dkX5AT-40CM-Whk.roa
Signing time:             Sat 14 Sep 2024 17:10:48 +0000
ROA not before:           Sat 14 Sep 2024 17:10:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44382
IP address blocks:        185.9.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/08Nbybf4VQvj5GfFSp06ZuJEO9Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/08Nbybf4VQvj5GfFSp06ZuJEO9Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/08Nbybf4VQvj5GfFSp06ZuJEO9Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:f1:84:0c:82:41:09:d1:12:ab:0d:dd:b7:ed:b1:a1:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3c35bc9b7f8550be3e467c54a9d3a66e2443bd4
        Validity
            Not Before: Sep 14 17:10:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c035b52b6caa12d0b77645f9013fb8d0233e5a19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:b1:af:02:8d:37:f2:0f:21:64:d1:7e:a1:63:
                    e7:c2:01:55:bf:4b:02:5a:70:7f:ed:da:8a:ba:f4:
                    b0:67:58:96:52:7d:e8:8e:a5:f0:ef:51:f6:89:77:
                    19:62:da:42:0a:a3:a9:3e:e9:b5:9d:30:fe:19:f6:
                    fd:ff:b3:c6:f0:58:37:30:9f:c7:57:92:91:31:9b:
                    e7:64:43:9c:4c:12:73:79:d8:f8:14:77:08:2f:e0:
                    c5:50:e4:0b:23:da:c5:1a:8b:b8:0b:ee:1d:ab:27:
                    08:93:a0:b2:27:ca:6b:fb:b9:70:f2:fa:8a:1b:db:
                    06:93:37:94:89:0e:ee:38:4a:9a:0f:c1:c3:67:81:
                    31:32:7b:50:43:7a:5d:dd:f7:2d:f7:64:c8:62:13:
                    04:47:a5:a9:b2:c7:48:16:d4:c3:35:44:29:8f:21:
                    9e:fd:cd:f1:14:51:ed:64:9f:fd:06:1a:05:5d:df:
                    86:b1:fc:89:1a:3d:0d:8e:cf:de:bf:9b:84:24:a2:
                    59:a4:0f:c7:79:f5:a4:92:5c:5f:aa:56:36:34:8f:
                    f0:18:4b:db:4b:3d:28:96:fb:9d:03:b4:37:66:96:
                    32:97:b2:c7:b2:10:d8:d4:0b:5f:2f:2c:45:9f:28:
                    cb:e1:f8:d4:5e:42:e5:bd:e3:92:13:9d:bd:24:91:
                    d2:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:35:B5:2B:6C:AA:12:D0:B7:76:45:F9:01:3F:B8:D0:23:3E:5A:19
            X509v3 Authority Key Identifier:
                keyid:D3:C3:5B:C9:B7:F8:55:0B:E3:E4:67:C5:4A:9D:3A:66:E2:44:3B:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/08Nbybf4VQvj5GfFSp06ZuJEO9Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/wDW1K2yqEtC3dkX5AT-40CM-Whk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/08Nbybf4VQvj5GfFSp06ZuJEO9Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.9.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:20:6e:fd:93:cb:69:6a:3b:47:98:02:d0:3e:09:de:c5:b6:
         02:9b:83:3b:82:9d:a0:7a:00:a0:93:35:14:56:a3:8e:bd:01:
         ac:01:6a:1d:69:02:b2:76:6f:b4:10:b7:40:01:dc:13:70:32:
         c7:fd:8d:b2:a0:45:74:b4:4d:18:b8:7a:ad:32:55:4f:a6:64:
         f5:76:6e:5f:66:79:43:b6:6d:40:63:4c:60:d1:84:5f:e8:f9:
         f5:6c:a7:4b:8d:c2:57:65:f1:9a:be:23:06:5a:b9:83:6c:e5:
         3e:b3:07:ff:ad:bd:e7:4b:a7:0e:53:55:e0:5c:22:de:40:9b:
         13:1a:8b:6f:33:9d:84:aa:22:9c:f3:a1:46:17:ea:65:3a:56:
         72:2e:08:14:a6:bf:7f:fd:ce:be:42:ae:a0:0b:fc:8e:c2:20:
         97:f3:c8:b0:10:2d:13:06:02:9f:4c:91:9c:af:bb:16:3f:77:
         df:36:35:1e:d3:bd:50:a6:14:99:54:1a:b7:75:af:21:6e:89:
         7c:84:bf:bf:c9:14:56:4f:df:d4:28:7c:80:c0:29:86:f1:e5:
         59:9a:b9:a5:ce:05:61:9c:58:4a:48:4e:6f:31:53:42:04:46:
         40:14:2a:af:36:0d:82:de:4f:fe:75:91:31:d9:ab:db:25:02:
         5c:52:34:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHxhAyCQQnREqsN3bftsaHZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYzM1YmM5YjdmODU1MGJlM2U0NjdjNTRhOWQzYTY2ZTI0
NDNiZDQwHhcNMjQwOTE0MTcxMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDM1YjUyYjZjYWExMmQwYjc3NjQ1ZjkwMTNmYjhkMDIzM2U1YTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0rGvAo038g8hZNF+oWPnwgFVv0sC
WnB/7dqKuvSwZ1iWUn3ojqXw71H2iXcZYtpCCqOpPum1nTD+Gfb9/7PG8Fg3MJ/H
V5KRMZvnZEOcTBJzedj4FHcIL+DFUOQLI9rFGou4C+4dqycIk6CyJ8pr+7lw8vqK
G9sGkzeUiQ7uOEqaD8HDZ4ExMntQQ3pd3fct92TIYhMER6WpssdIFtTDNUQpjyGe
/c3xFFHtZJ/9BhoFXd+GsfyJGj0Njs/ev5uEJKJZpA/HefWkklxfqlY2NI/wGEvb
Sz0olvudA7Q3ZpYyl7LHshDY1AtfLyxFnyjL4fjUXkLlveOSE529JJHStQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMA1tStsqhLQt3ZF+QE/uNAjPloZMB8GA1UdIwQY
MBaAFNPDW8m3+FUL4+RnxUqdOmbiRDvUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDhOYnliZjRWUXZqNUdmRlNwMDZadUpFTzlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy84YmE4YmItYzFjMC00ZDM1LTkwYTct
Y2RhNWMzNzY2ZjAzLzEvd0RXMUsyeXFFdEMzZGtYNUFULTQwQ00tV2hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy84YmE4YmItYzFjMC00ZDM1LTkwYTctY2RhNWMzNzY2ZjAz
LzEvMDhOYnliZjRWUXZqNUdmRlNwMDZadUpFTzlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQkBMA0G
CSqGSIb3DQEBCwUAA4IBAQCfIG79k8tpajtHmALQPgnexbYCm4M7gp2gegCgkzUU
VqOOvQGsAWodaQKydm+0ELdAAdwTcDLH/Y2yoEV0tE0YuHqtMlVPpmT1dm5fZnlD
tm1AY0xg0YRf6Pn1bKdLjcJXZfGaviMGWrmDbOU+swf/rb3nS6cOU1XgXCLeQJsT
GotvM52EqiKc86FGF+plOlZyLggUpr9//c6+Qq6gC/yOwiCX88iwEC0TBgKfTJGc
r7sWP3ffNjUe071QphSZVBq3da8hbol8hL+/yRRWT9/UKHyAwCmG8eVZmrmlzgVh
nFhKSE5vMVNCBEZAFCqvNg2C3k/+dZEx2avbJQJcUjTg
-----END CERTIFICATE-----