Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/WdLwTbiV0cacnNi2e8XhOQjvjNM.roa
File:                     WdLwTbiV0cacnNi2e8XhOQjvjNM.roa (raw, json)
Hash identifier:          LODPk2wX+YfkxY8Hs6cyb8Q+LPHL/KlmOG42eP+ANwI=
Subject key identifier:   59:D2:F0:4D:B8:95:D1:C6:9C:9C:D8:B6:7B:C5:E1:39:08:EF:8C:D3
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       0192C37A2E9CBD6D8C53AB994708A1F691D6
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/WdLwTbiV0cacnNi2e8XhOQjvjNM.roa
Signing time:             Fri 25 Oct 2024 11:40:17 +0000
ROA not before:           Fri 25 Oct 2024 11:40:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398465
IP address blocks:        109.122.45.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:c3:7a:2e:9c:bd:6d:8c:53:ab:99:47:08:a1:f6:91:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Oct 25 11:40:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59d2f04db895d1c69c9cd8b67bc5e13908ef8cd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:b6:dc:79:72:ea:34:29:cb:4b:3f:fa:bd:a9:
                    ca:6d:10:bc:83:74:90:da:46:72:02:fc:9d:eb:6d:
                    2a:e6:74:91:fd:e9:f1:d2:4c:67:ba:ed:69:a2:ee:
                    86:70:47:a7:39:3f:23:a7:a9:cc:58:3c:14:56:f9:
                    b6:aa:a4:4d:6a:67:0c:c7:2f:bc:a3:0c:54:e7:b1:
                    7b:e2:11:e4:68:2f:24:3e:28:07:12:2e:76:95:80:
                    44:79:7b:76:fe:fe:d1:70:8c:12:dd:f6:d3:4b:ee:
                    68:2e:11:81:2f:18:d8:32:1e:25:ec:d5:3a:92:b2:
                    f8:4a:4c:5f:94:3a:82:a4:0a:e9:76:5c:9d:69:19:
                    61:b2:2c:fc:89:f5:77:ac:c8:4a:a7:96:7d:c5:20:
                    92:b6:d2:99:dd:c6:e2:8d:41:36:d8:e3:b2:ee:28:
                    76:8a:a1:79:21:c3:32:90:0f:39:78:52:0e:14:98:
                    91:e1:7c:fa:b3:35:52:d8:1e:52:aa:6d:cc:21:67:
                    4f:f1:c7:6d:32:2d:05:db:e3:c7:6f:9f:77:a1:5f:
                    87:c1:bc:fe:e0:3f:0a:31:65:85:36:61:12:9e:2a:
                    df:5f:20:23:b2:ad:10:b2:51:0b:40:03:3e:f6:d0:
                    bc:f3:0d:52:62:da:19:38:46:0a:75:84:f2:65:43:
                    0d:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:D2:F0:4D:B8:95:D1:C6:9C:9C:D8:B6:7B:C5:E1:39:08:EF:8C:D3
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/WdLwTbiV0cacnNi2e8XhOQjvjNM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:02:64:0b:5f:c8:84:2d:e8:ba:22:df:23:03:a3:0f:f5:81:
         e9:ac:51:0b:3b:93:8d:aa:66:ba:72:44:3b:0b:be:a0:ed:e3:
         fc:4d:9f:60:f4:cf:28:8f:12:23:e8:b9:e5:51:96:d4:a4:12:
         2c:e8:7c:40:76:b2:3f:e3:92:b0:36:ca:c1:01:76:f5:12:82:
         94:4b:ec:05:89:f4:b0:8e:69:13:d3:79:98:49:b6:f2:f6:16:
         71:cc:49:57:28:65:02:c2:10:cf:8d:fa:9e:55:64:62:b4:bf:
         a5:27:d9:63:48:55:e7:b9:3c:e2:fd:95:89:25:dc:23:42:0d:
         0b:62:99:7a:6b:2e:19:0d:34:13:a0:0c:f4:12:6f:81:3f:dd:
         b7:c2:da:d5:94:c6:2f:0c:17:1d:dd:eb:e4:86:1e:14:cf:35:
         3c:bc:53:5a:95:2c:23:bd:19:d4:ca:e4:ae:a0:f2:f0:aa:e0:
         c4:42:95:c6:a0:12:7d:11:6d:01:d3:03:f0:7e:2d:49:a6:a6:
         1e:56:48:8a:9b:38:0f:e3:33:99:7f:dd:fb:40:ed:ec:b0:26:
         0f:42:08:71:54:89:83:93:c7:b1:ee:66:17:8a:ae:0a:11:06:
         d1:02:0f:3c:17:55:ad:79:ea:de:6e:bd:77:98:b9:50:b1:87:
         a2:d9:0e:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLDei6cvW2MU6uZRwih9pHWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjQxMDI1MTE0MDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWQyZjA0ZGI4OTVkMWM2OWM5Y2Q4YjY3YmM1ZTEzOTA4ZWY4Y2QzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw7bceXLqNCnLSz/6vanKbRC8g3SQ
2kZyAvyd620q5nSR/enx0kxnuu1pou6GcEenOT8jp6nMWDwUVvm2qqRNamcMxy+8
owxU57F74hHkaC8kPigHEi52lYBEeXt2/v7RcIwS3fbTS+5oLhGBLxjYMh4l7NU6
krL4SkxflDqCpArpdlydaRlhsiz8ifV3rMhKp5Z9xSCSttKZ3cbijUE22OOy7ih2
iqF5IcMykA85eFIOFJiR4Xz6szVS2B5Sqm3MIWdP8cdtMi0F2+PHb593oV+Hwbz+
4D8KMWWFNmESnirfXyAjsq0QslELQAM+9tC88w1SYtoZOEYKdYTyZUMN/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFnS8E24ldHGnJzYtnvF4TkI74zTMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvV2RMd1RiaVYwY2Fjbk5pMmU4WGhPUWp2ak5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXotMA0G
CSqGSIb3DQEBCwUAA4IBAQACAmQLX8iELei6It8jA6MP9YHprFELO5ONqma6ckQ7
C76g7eP8TZ9g9M8ojxIj6LnlUZbUpBIs6HxAdrI/45KwNsrBAXb1EoKUS+wFifSw
jmkT03mYSbby9hZxzElXKGUCwhDPjfqeVWRitL+lJ9ljSFXnuTzi/ZWJJdwjQg0L
Ypl6ay4ZDTQToAz0Em+BP923wtrVlMYvDBcd3evkhh4UzzU8vFNalSwjvRnUyuSu
oPLwquDEQpXGoBJ9EW0B0wPwfi1JpqYeVkiKmzgP4zOZf937QO3ssCYPQghxVImD
k8ex7mYXiq4KEQbRAg88F1Wteerebr13mLlQsYei2Q7N
-----END CERTIFICATE-----