Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/wFjcNXXvZZGVWeRTe-1xM_MU4IM.roa
File:                     wFjcNXXvZZGVWeRTe-1xM_MU4IM.roa (raw, json)
Hash identifier:          T9LOSw/2eAbZFz02xGJPYUIVh78oEJZxe3sE0fzSR78=
Subject key identifier:   C0:58:DC:35:75:EF:65:91:95:59:E4:53:7B:ED:71:33:F3:14:E0:83
Certificate issuer:       /CN=a7ee182d9c43a5ce7068dfd9ba7aa8ed90e5e0ba
Certificate serial:       018CC80184FED070C68B779B14E6BD000ED3
Authority key identifier: A7:EE:18:2D:9C:43:A5:CE:70:68:DF:D9:BA:7A:A8:ED:90:E5:E0:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/wFjcNXXvZZGVWeRTe-1xM_MU4IM.roa
Signing time:             Tue 02 Jan 2024 02:29:51 +0000
ROA not before:           Tue 02 Jan 2024 02:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28776
IP address blocks:        217.9.4.0/24 maxlen: 24
                          217.9.6.0/24 maxlen: 24
                          217.9.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:84:fe:d0:70:c6:8b:77:9b:14:e6:bd:00:0e:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7ee182d9c43a5ce7068dfd9ba7aa8ed90e5e0ba
        Validity
            Not Before: Jan  2 02:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c058dc3575ef65919559e4537bed7133f314e083
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:61:f5:a8:6b:98:8e:a0:22:f1:50:02:a1:18:
                    7e:aa:c1:a8:31:4f:70:93:c6:5f:d0:00:1f:74:f9:
                    cc:04:2b:36:79:6f:35:7d:22:ab:30:ac:f8:9e:1c:
                    5c:45:1b:0b:e5:e7:a4:ca:e7:f8:62:62:8c:ad:e0:
                    86:95:de:41:5c:6c:b7:c4:d0:27:78:e6:1e:1f:00:
                    6c:18:3a:69:08:45:38:50:54:bd:94:5d:30:33:4a:
                    bc:93:6e:6a:8a:63:3c:8c:e3:fd:de:60:ce:de:df:
                    35:c9:64:4b:e7:c0:a6:d6:7d:50:c8:7c:ed:cc:c7:
                    a8:47:4b:9c:0d:bd:98:56:20:00:3f:b2:92:65:52:
                    1f:7a:c5:4d:c9:1a:d0:24:96:bd:36:fa:0e:22:0e:
                    bf:b1:53:27:37:b6:60:e0:60:66:9f:03:62:10:e3:
                    9f:77:c7:42:09:0f:7b:f4:88:71:98:e4:f5:2a:88:
                    7c:50:6e:e9:22:e2:07:2b:45:0a:c1:a7:c4:5f:df:
                    44:23:11:1a:0b:f6:53:d0:c6:ea:5a:10:52:ea:dd:
                    3f:55:c2:b2:fd:33:0e:0d:a0:72:5d:ee:21:19:dc:
                    32:64:2e:4e:d0:21:08:fa:cb:6d:ea:c0:04:f3:49:
                    1f:cd:1d:07:33:d0:25:06:29:f7:ca:b3:96:b8:f2:
                    d7:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:58:DC:35:75:EF:65:91:95:59:E4:53:7B:ED:71:33:F3:14:E0:83
            X509v3 Authority Key Identifier:
                keyid:A7:EE:18:2D:9C:43:A5:CE:70:68:DF:D9:BA:7A:A8:ED:90:E5:E0:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/wFjcNXXvZZGVWeRTe-1xM_MU4IM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.9.4.0-217.9.6.255

    Signature Algorithm: sha256WithRSAEncryption
         29:b7:54:f8:99:08:71:ca:f4:1d:ae:11:d6:6b:e4:7b:5d:6e:
         c2:65:08:fa:45:00:e6:6c:cf:0d:5c:15:85:84:e7:94:56:78:
         9e:3d:7e:f6:5d:01:f1:b1:28:a4:2f:39:3f:e4:34:ea:af:29:
         46:4a:11:6a:4a:74:d5:b2:fa:2e:8d:88:31:c3:4b:d3:00:18:
         52:90:31:55:f6:b3:f4:26:97:ac:df:a8:99:56:c1:2d:8b:bc:
         8e:1a:1a:17:f9:a2:3b:78:6f:35:71:29:85:39:d7:e8:9c:ee:
         56:68:be:a8:e8:89:b8:47:9f:79:3f:f8:64:c7:b2:39:66:68:
         73:f7:e4:e9:e3:9d:b7:33:67:76:c7:cf:32:eb:c3:e2:96:39:
         c5:96:3b:ee:e8:7f:89:ce:af:df:9d:7c:7d:1e:83:b0:a8:47:
         1c:30:4f:57:5f:d6:8f:8c:81:6e:d6:26:8f:da:8b:04:88:04:
         e6:f2:60:c3:29:c7:a4:c3:34:a5:07:ed:7b:65:7c:cd:b1:1b:
         92:c5:bd:1b:9a:30:4f:22:69:75:ae:7b:54:ae:c2:b6:2b:f2:
         dc:c6:cd:3f:37:34:68:15:6d:bc:29:e2:db:dd:4e:77:a2:7d:
         3a:c3:9d:9b:69:2e:f9:d0:df:13:6d:af:32:20:0a:f6:9d:ee:
         ab:7a:5d:70
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzIAYT+0HDGi3ebFOa9AA7TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZWUxODJkOWM0M2E1Y2U3MDY4ZGZkOWJhN2FhOGVkOTBl
NWUwYmEwHhcNMjQwMTAyMDIyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDU4ZGMzNTc1ZWY2NTkxOTU1OWU0NTM3YmVkNzEzM2YzMTRlMDgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhGH1qGuYjqAi8VACoRh+qsGoMU9w
k8Zf0AAfdPnMBCs2eW81fSKrMKz4nhxcRRsL5eekyuf4YmKMreCGld5BXGy3xNAn
eOYeHwBsGDppCEU4UFS9lF0wM0q8k25qimM8jOP93mDO3t81yWRL58Cm1n1QyHzt
zMeoR0ucDb2YViAAP7KSZVIfesVNyRrQJJa9NvoOIg6/sVMnN7Zg4GBmnwNiEOOf
d8dCCQ979IhxmOT1Koh8UG7pIuIHK0UKwafEX99EIxEaC/ZT0MbqWhBS6t0/VcKy
/TMODaByXe4hGdwyZC5O0CEI+stt6sAE80kfzR0HM9AlBin3yrOWuPLXVwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMBY3DV172WRlVnkU3vtcTPzFOCDMB8GA1UdIwQY
MBaAFKfuGC2cQ6XOcGjf2bp6qO2Q5eC6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcC00WUxaeERwYzV3YU5fWnVucW83WkRsNExvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9kYWI0MjAtMGRlMy00MzIxLTljMDkt
NmI1ZjY4NTIyYTdkLzEvd0ZqY05YWHZaWkdWV2VSVGUtMXhNX01VNElNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9kYWI0MjAtMGRlMy00MzIxLTljMDktNmI1ZjY4NTIyYTdk
LzEvcC00WUxaeERwYzV3YU5fWnVucW83WkRsNExvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBALZCQQD
BADZCQYwDQYJKoZIhvcNAQELBQADggEBACm3VPiZCHHK9B2uEdZr5HtdbsJlCPpF
AOZszw1cFYWE55RWeJ49fvZdAfGxKKQvOT/kNOqvKUZKEWpKdNWy+i6NiDHDS9MA
GFKQMVX2s/Qml6zfqJlWwS2LvI4aGhf5ojt4bzVxKYU51+ic7lZovqjoibhHn3k/
+GTHsjlmaHP35OnjnbczZ3bHzzLrw+KWOcWWO+7of4nOr9+dfH0eg7CoRxwwT1df
1o+MgW7WJo/aiwSIBObyYMMpx6TDNKUH7XtlfM2xG5LFvRuaME8iaXWue1SuwrYr
8tzGzT83NGgVbbwp4tvdTneifTrDnZtpLvnQ3xNtrzIgCvad7qt6XXA=
-----END CERTIFICATE-----