Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/wa3eLzPqUQDIi-E3aHbRsf0y0QA.roa
File:                     wa3eLzPqUQDIi-E3aHbRsf0y0QA.roa (raw, json)
Hash identifier:          ASuJ37RD3SiIiXzrLDRI2nNd5vtJpmrgHRmADFq/oME=
Subject key identifier:   C1:AD:DE:2F:33:EA:51:00:C8:8B:E1:37:68:76:D1:B1:FD:32:D1:00
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       018CC64ADD732547D99279AAF88CD61DBD05
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/wa3eLzPqUQDIi-E3aHbRsf0y0QA.roa
Signing time:             Mon 01 Jan 2024 18:30:44 +0000
ROA not before:           Mon 01 Jan 2024 18:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212496
IP address blocks:        95.164.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:dd:73:25:47:d9:92:79:aa:f8:8c:d6:1d:bd:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Jan  1 18:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1adde2f33ea5100c88be1376876d1b1fd32d100
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:51:16:d1:cd:cb:a9:ac:43:ba:d2:b1:41:9b:
                    ea:c2:5c:ae:e1:0d:7f:94:c5:15:6b:5b:40:29:e8:
                    56:7f:85:48:d0:8f:bc:9c:c4:6c:4a:ff:a5:28:b4:
                    42:e4:c5:7d:fd:45:3f:00:29:2f:5d:7e:39:b9:35:
                    36:ff:8d:c6:af:17:4f:22:e4:c3:ff:6d:c6:95:1a:
                    89:2d:af:57:9c:99:7a:96:61:a7:0a:b0:a9:e8:2e:
                    e2:5d:f3:1c:a3:70:a3:cd:e5:68:62:d0:7d:a7:52:
                    18:09:9d:ed:61:58:61:01:8b:57:db:44:3a:8e:ab:
                    18:ce:e1:d1:39:8f:84:d7:e0:19:ef:5c:99:c8:55:
                    c2:33:03:0b:22:f8:bb:a0:aa:c4:3a:26:0b:40:d4:
                    b8:37:af:84:99:87:7c:6b:22:95:eb:27:2b:de:e7:
                    9a:58:e5:14:7b:5a:a7:64:00:28:5b:dd:43:5e:d9:
                    8b:82:be:df:80:31:da:a3:3d:ce:fa:1f:66:61:5a:
                    bd:66:c7:e7:8e:10:38:9d:c1:eb:f1:7f:69:85:e9:
                    3c:3c:5c:39:58:56:d8:fd:ff:e8:13:0b:69:b4:63:
                    60:cf:9f:c0:f9:32:03:1a:10:9e:b6:00:ea:d3:28:
                    05:73:22:35:16:90:58:6f:61:7d:41:60:b5:f9:3d:
                    b5:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:AD:DE:2F:33:EA:51:00:C8:8B:E1:37:68:76:D1:B1:FD:32:D1:00
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/wa3eLzPqUQDIi-E3aHbRsf0y0QA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.164.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:93:0b:a8:e4:a6:f2:cb:14:9a:a7:07:58:9e:f7:e8:a0:4f:
         55:f9:de:10:4a:93:4e:41:01:dd:07:3b:04:cb:44:1e:fb:5c:
         4c:88:9e:69:d4:0c:01:02:3d:f2:81:40:92:e4:ee:00:f5:c1:
         b9:47:5c:c1:fd:62:7d:b0:2b:0b:0d:da:5b:7c:07:69:b3:3f:
         e5:fb:8a:bb:09:52:d3:40:e7:70:f2:31:2f:e5:01:e5:c9:02:
         81:91:93:b1:57:cb:8b:b1:b0:8b:b6:44:68:a3:12:00:77:6d:
         22:8a:e6:b2:a4:30:2b:2e:c3:c3:73:1f:f6:23:49:96:fb:b1:
         42:80:de:db:94:95:49:5b:ea:c5:d4:12:b0:f8:82:27:83:e0:
         46:41:23:73:41:cb:f8:e3:13:c8:f0:46:c9:28:50:81:a4:cc:
         18:69:8a:18:36:09:32:cd:be:f9:c3:1c:d9:ef:7f:53:57:22:
         52:bc:97:f2:32:70:c6:a5:0b:18:a8:81:dc:17:42:47:25:a7:
         e6:78:c6:66:a0:3a:5d:cb:0d:26:57:41:9c:dd:22:55:ef:f9:
         95:38:e0:38:d0:f3:2e:c5:7c:25:42:cc:e6:d0:6c:73:87:91:
         8a:73:cb:56:fe:07:eb:29:cd:11:07:8e:4b:38:a0:2b:c2:8f:
         4b:72:02:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSt1zJUfZknmq+IzWHb0FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjQwMTAxMTgzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWFkZGUyZjMzZWE1MTAwYzg4YmUxMzc2ODc2ZDFiMWZkMzJkMTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAglEW0c3LqaxDutKxQZvqwlyu4Q1/
lMUVa1tAKehWf4VI0I+8nMRsSv+lKLRC5MV9/UU/ACkvXX45uTU2/43GrxdPIuTD
/23GlRqJLa9XnJl6lmGnCrCp6C7iXfMco3CjzeVoYtB9p1IYCZ3tYVhhAYtX20Q6
jqsYzuHROY+E1+AZ71yZyFXCMwMLIvi7oKrEOiYLQNS4N6+EmYd8ayKV6ycr3uea
WOUUe1qnZAAoW91DXtmLgr7fgDHaoz3O+h9mYVq9ZsfnjhA4ncHr8X9phek8PFw5
WFbY/f/oEwtptGNgz5/A+TIDGhCetgDq0ygFcyI1FpBYb2F9QWC1+T21ZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMGt3i8z6lEAyIvhN2h20bH9MtEAMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvd2EzZUx6UHFVUURJaS1FM2FIYlJzZjB5MFFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX6RbMA0G
CSqGSIb3DQEBCwUAA4IBAQAekwuo5KbyyxSapwdYnvfooE9V+d4QSpNOQQHdBzsE
y0Qe+1xMiJ5p1AwBAj3ygUCS5O4A9cG5R1zB/WJ9sCsLDdpbfAdpsz/l+4q7CVLT
QOdw8jEv5QHlyQKBkZOxV8uLsbCLtkRooxIAd20iiuaypDArLsPDcx/2I0mW+7FC
gN7blJVJW+rF1BKw+IIng+BGQSNzQcv44xPI8EbJKFCBpMwYaYoYNgkyzb75wxzZ
739TVyJSvJfyMnDGpQsYqIHcF0JHJafmeMZmoDpdyw0mV0Gc3SJV7/mVOOA40PMu
xXwlQszm0Gxzh5GKc8tW/gfrKc0RB45LOKArwo9LcgL1
-----END CERTIFICATE-----