Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/wXdoeW66_urPmbH8wWOQTd9wgDU.roa
File:                     wXdoeW66_urPmbH8wWOQTd9wgDU.roa (raw, json)
Hash identifier:          wxIyzkGEmEjGZBNOiuOFopbNrg1Ftxd19t23YudD37Y=
Subject key identifier:   C1:77:68:79:6E:BA:FE:EA:CF:99:B1:FC:C1:63:90:4D:DF:70:80:35
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       018CC94D02A15D080D3982771A29FA9EF37E
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/wXdoeW66_urPmbH8wWOQTd9wgDU.roa
Signing time:             Tue 02 Jan 2024 08:31:56 +0000
ROA not before:           Tue 02 Jan 2024 08:31:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199518
IP address blocks:        2a0a:280:2300::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:02:a1:5d:08:0d:39:82:77:1a:29:fa:9e:f3:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Jan  2 08:31:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c17768796ebafeeacf99b1fcc163904ddf708035
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:79:5e:47:df:d4:08:f7:45:cd:a6:71:f2:73:
                    6c:6b:31:e7:3e:67:53:09:3e:dd:b5:2c:8e:e6:05:
                    32:b6:7d:7e:19:03:3c:3b:12:03:2c:ba:10:cc:f2:
                    88:70:60:4e:67:d3:04:b1:d3:59:2f:26:ac:9e:d0:
                    f5:95:2d:2c:d4:ba:b5:6a:28:f0:eb:4b:ec:ed:f6:
                    5e:4c:89:68:8e:3e:d0:01:39:0d:89:4c:e1:0f:3b:
                    9e:78:08:ad:c5:a4:28:bb:85:d8:eb:c2:9e:c6:53:
                    df:24:16:19:4f:ab:99:b9:ee:1b:cb:27:54:89:62:
                    a5:0b:9f:1d:7c:40:d0:47:fd:90:b3:25:93:29:51:
                    ee:bf:11:b4:cc:4d:d1:62:ba:0c:71:15:f1:c1:95:
                    4c:3e:24:63:7c:b5:a2:04:58:3b:e7:73:2f:8c:6c:
                    e5:e7:22:a9:61:27:e2:85:a8:70:3b:e9:54:d1:67:
                    23:fd:e2:0e:b4:bb:f7:6a:c3:5f:fc:0b:c8:b2:0f:
                    8d:40:1a:ef:b9:b0:4b:17:4b:3a:b9:5e:b7:dc:29:
                    77:cf:56:69:43:63:88:04:98:15:6f:ab:dc:54:b4:
                    c6:ae:e7:79:8b:f1:e0:72:3b:cd:c6:00:a5:33:81:
                    3e:19:c0:27:a9:2c:ad:30:8a:f7:c4:b6:6c:3d:7c:
                    fc:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:77:68:79:6E:BA:FE:EA:CF:99:B1:FC:C1:63:90:4D:DF:70:80:35
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/wXdoeW66_urPmbH8wWOQTd9wgDU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:2300::/40

    Signature Algorithm: sha256WithRSAEncryption
         33:2e:be:da:47:4a:aa:ad:b7:64:f4:80:e4:7e:c3:a9:c5:ff:
         54:00:aa:77:2f:f8:ed:65:24:1c:b2:4f:6f:7b:b4:be:5a:f7:
         14:e8:dc:9f:5a:9c:07:c5:3e:99:c8:91:f5:da:82:27:84:e6:
         97:85:b9:b4:10:d4:c7:10:82:b3:d3:ff:42:0b:53:fd:92:8a:
         11:b5:cc:9e:87:ec:3f:38:94:ba:b3:cd:fd:b8:61:6a:06:b2:
         56:a9:65:4d:b5:8f:d2:d5:70:d5:07:6b:fa:9f:70:9a:ad:19:
         d5:5a:9e:01:69:11:67:4c:19:e7:91:f8:40:a0:db:63:87:31:
         c6:6f:2a:1c:d5:8b:ef:e6:0c:c6:5d:eb:3c:07:cf:4d:83:d8:
         75:48:f2:15:09:d1:43:17:91:6a:92:04:56:bf:6f:4c:72:54:
         8d:ac:fb:13:aa:4b:e6:d8:29:bd:e6:f2:bf:17:89:10:aa:c9:
         c4:9a:7c:f9:3e:f7:61:70:8b:06:3f:7b:05:f4:0a:25:61:fb:
         0b:d9:91:44:16:57:ba:8e:95:fc:87:33:18:2b:63:ff:55:ba:
         ef:02:cb:0c:a7:fb:bc:90:b6:00:82:c2:4f:08:2f:74:db:26:
         4e:ec:29:7c:32:da:9b:c3:cb:2b:d8:82:28:42:b1:79:03:b3:
         5c:6a:1e:30
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJTQKhXQgNOYJ3Gin6nvN+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjQwMTAyMDgzMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTc3Njg3OTZlYmFmZWVhY2Y5OWIxZmNjMTYzOTA0ZGRmNzA4MDM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHleR9/UCPdFzaZx8nNsazHnPmdT
CT7dtSyO5gUytn1+GQM8OxIDLLoQzPKIcGBOZ9MEsdNZLyasntD1lS0s1Lq1aijw
60vs7fZeTIlojj7QATkNiUzhDzueeAitxaQou4XY68KexlPfJBYZT6uZue4byydU
iWKlC58dfEDQR/2QsyWTKVHuvxG0zE3RYroMcRXxwZVMPiRjfLWiBFg753MvjGzl
5yKpYSfihahwO+lU0Wcj/eIOtLv3asNf/AvIsg+NQBrvubBLF0s6uV633Cl3z1Zp
Q2OIBJgVb6vcVLTGrud5i/HgcjvNxgClM4E+GcAnqSytMIr3xLZsPXz8/wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMF3aHluuv7qz5mx/MFjkE3fcIA1MB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvd1hkb2VXNjZfdXJQbWJIOHdXT1FUZDl3Z0RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgoCgCMw
DQYJKoZIhvcNAQELBQADggEBADMuvtpHSqqtt2T0gOR+w6nF/1QAqncv+O1lJByy
T297tL5a9xTo3J9anAfFPpnIkfXagieE5peFubQQ1McQgrPT/0ILU/2SihG1zJ6H
7D84lLqzzf24YWoGslapZU21j9LVcNUHa/qfcJqtGdVangFpEWdMGeeR+ECg22OH
McZvKhzVi+/mDMZd6zwHz02D2HVI8hUJ0UMXkWqSBFa/b0xyVI2s+xOqS+bYKb3m
8r8XiRCqycSafPk+92FwiwY/ewX0CiVh+wvZkUQWV7qOlfyHMxgrY/9Vuu8Cywyn
+7yQtgCCwk8IL3TbJk7sKXwy2pvDyyvYgihCsXkDs1xqHjA=
-----END CERTIFICATE-----