Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/ac689b-0e36-49fd-8f9c-ded720142744/1/WBLOgPFmuuPSrIQAQV521fc7NF0.roa
File:                     WBLOgPFmuuPSrIQAQV521fc7NF0.roa (raw, json)
Hash identifier:          AqdkVLv7WII2/IKBw9SNbpK0LQygws8bX/V53gFJEHc=
Subject key identifier:   58:12:CE:80:F1:66:BA:E3:D2:AC:84:00:41:5E:76:D5:F7:3B:34:5D
Certificate issuer:       /CN=826be1fb71af48d6b318510aa8bdf9a815f33db8
Certificate serial:       018CC64B1C80938D0F03F19B205328E5E370
Authority key identifier: 82:6B:E1:FB:71:AF:48:D6:B3:18:51:0A:A8:BD:F9:A8:15:F3:3D:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gmvh-3GvSNazGFEKqL35qBXzPbg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/ac689b-0e36-49fd-8f9c-ded720142744/1/WBLOgPFmuuPSrIQAQV521fc7NF0.roa
Signing time:             Mon 01 Jan 2024 18:30:59 +0000
ROA not before:           Mon 01 Jan 2024 18:30:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62563
IP address blocks:        192.166.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/ac689b-0e36-49fd-8f9c-ded720142744/1/gmvh-3GvSNazGFEKqL35qBXzPbg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/ac689b-0e36-49fd-8f9c-ded720142744/1/gmvh-3GvSNazGFEKqL35qBXzPbg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gmvh-3GvSNazGFEKqL35qBXzPbg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 14:15:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:1c:80:93:8d:0f:03:f1:9b:20:53:28:e5:e3:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=826be1fb71af48d6b318510aa8bdf9a815f33db8
        Validity
            Not Before: Jan  1 18:30:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5812ce80f166bae3d2ac8400415e76d5f73b345d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:af:2f:63:fb:d2:de:20:6a:2a:5d:40:8d:0e:
                    d2:eb:f9:c8:5b:b2:d0:a0:9c:1a:38:12:30:46:91:
                    b1:b2:fc:63:3f:82:55:c6:18:14:26:9d:75:3f:5d:
                    a7:9c:88:7d:b3:b8:17:38:0f:60:6d:ac:be:b5:66:
                    89:b6:60:1d:f6:0b:c2:b2:da:0c:87:4f:57:32:96:
                    ff:84:e0:ae:b6:5c:22:1c:47:3e:4a:bc:aa:56:5f:
                    4a:28:14:71:8d:bf:63:fa:4e:ba:4c:66:60:cf:aa:
                    9b:4e:70:3d:7c:25:2b:43:6f:3b:18:2e:b5:55:85:
                    45:9b:c9:3a:3e:06:6c:40:17:f3:0e:1b:18:40:a4:
                    36:75:78:6c:99:f5:47:8f:b9:9f:d5:a8:cb:7a:d0:
                    30:12:8c:dd:cc:8d:fb:18:22:a9:e5:50:9c:9b:22:
                    ef:a9:27:a9:e0:68:7f:59:6b:0f:e9:23:ee:22:c9:
                    cf:4c:f9:77:a2:e6:5e:12:d1:3e:fc:1f:88:63:ef:
                    89:cb:0c:90:60:f8:36:73:4a:e7:80:5f:d7:f4:48:
                    07:ad:eb:89:4e:98:8c:98:65:1f:e8:cf:38:d7:ab:
                    df:8b:92:ba:bb:4b:d9:72:44:3f:7d:22:b6:49:5c:
                    dc:6c:ab:e7:fa:63:89:54:2a:a7:04:ed:fb:a5:78:
                    13:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:12:CE:80:F1:66:BA:E3:D2:AC:84:00:41:5E:76:D5:F7:3B:34:5D
            X509v3 Authority Key Identifier:
                keyid:82:6B:E1:FB:71:AF:48:D6:B3:18:51:0A:A8:BD:F9:A8:15:F3:3D:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmvh-3GvSNazGFEKqL35qBXzPbg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/ac689b-0e36-49fd-8f9c-ded720142744/1/WBLOgPFmuuPSrIQAQV521fc7NF0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/ac689b-0e36-49fd-8f9c-ded720142744/1/gmvh-3GvSNazGFEKqL35qBXzPbg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.166.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c5:2e:c1:c3:7a:0f:6a:40:0d:f2:24:2e:94:4f:67:4d:f0:ea:
         60:03:ca:14:45:84:e0:88:ca:11:d6:31:6a:2a:5d:7b:0f:e4:
         f5:cf:be:4d:91:d8:dd:be:49:98:cb:5a:78:47:82:e7:a9:86:
         ce:35:4f:fd:ae:4b:6b:dc:9c:b2:0d:55:c2:bd:5e:72:51:7b:
         81:ba:a3:7f:53:1a:15:50:81:19:1f:39:dd:eb:ac:8e:34:21:
         62:08:f3:76:36:83:c0:cf:d5:13:26:e6:a3:b6:0b:3c:ca:3e:
         f6:6b:d5:c1:d1:5f:fb:11:64:b1:c7:aa:9f:be:06:a9:07:ab:
         ca:43:d7:7c:94:e2:84:50:cd:5b:49:bd:a5:3c:30:bd:67:79:
         ea:3e:1c:b5:69:e0:3f:6e:4b:59:90:5d:54:a6:20:35:ea:ac:
         aa:c2:09:8f:a2:c8:6e:8d:e3:67:d9:8b:96:ef:3c:02:fd:cc:
         2d:4b:a3:f9:ef:54:3f:cf:05:10:88:f9:55:f7:98:63:c5:3f:
         0a:4a:57:86:8c:6d:1b:4e:97:96:9a:21:b6:0a:6b:8b:8d:8e:
         b6:46:2a:52:e8:19:bb:b9:3a:fb:05:97:b8:d9:76:03:72:0d:
         2f:5b:86:8b:c3:d8:2b:0c:11:b8:ed:6f:08:fa:d6:cb:65:3a:
         e4:94:92:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSxyAk40PA/GbIFMo5eNwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNmJlMWZiNzFhZjQ4ZDZiMzE4NTEwYWE4YmRmOWE4MTVm
MzNkYjgwHhcNMjQwMTAxMTgzMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODEyY2U4MGYxNjZiYWUzZDJhYzg0MDA0MTVlNzZkNWY3M2IzNDVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj68vY/vS3iBqKl1AjQ7S6/nIW7LQ
oJwaOBIwRpGxsvxjP4JVxhgUJp11P12nnIh9s7gXOA9gbay+tWaJtmAd9gvCstoM
h09XMpb/hOCutlwiHEc+SryqVl9KKBRxjb9j+k66TGZgz6qbTnA9fCUrQ287GC61
VYVFm8k6PgZsQBfzDhsYQKQ2dXhsmfVHj7mf1ajLetAwEozdzI37GCKp5VCcmyLv
qSep4Gh/WWsP6SPuIsnPTPl3ouZeEtE+/B+IY++JywyQYPg2c0rngF/X9EgHreuJ
TpiMmGUf6M8416vfi5K6u0vZckQ/fSK2SVzcbKvn+mOJVCqnBO37pXgTaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFgSzoDxZrrj0qyEAEFedtX3OzRdMB8GA1UdIwQY
MBaAFIJr4ftxr0jWsxhRCqi9+agV8z24MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ212aC0zR3ZTTmF6R0ZFS3FMMzVxQlh6UGJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy9hYzY4OWItMGUzNi00OWZkLThmOWMt
ZGVkNzIwMTQyNzQ0LzEvV0JMT2dQRm11dVBTcklRQVFWNTIxZmM3TkYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy9hYzY4OWItMGUzNi00OWZkLThmOWMtZGVkNzIwMTQyNzQ0
LzEvZ212aC0zR3ZTTmF6R0ZFS3FMMzVxQlh6UGJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwKbiMA0G
CSqGSIb3DQEBCwUAA4IBAQDFLsHDeg9qQA3yJC6UT2dN8OpgA8oURYTgiMoR1jFq
Kl17D+T1z75NkdjdvkmYy1p4R4LnqYbONU/9rktr3JyyDVXCvV5yUXuBuqN/UxoV
UIEZHznd66yONCFiCPN2NoPAz9UTJuajtgs8yj72a9XB0V/7EWSxx6qfvgapB6vK
Q9d8lOKEUM1bSb2lPDC9Z3nqPhy1aeA/bktZkF1UpiA16qyqwgmPoshujeNn2YuW
7zwC/cwtS6P571Q/zwUQiPlV95hjxT8KSleGjG0bTpeWmiG2CmuLjY62RipS6Bm7
uTr7BZe42XYDcg0vW4aLw9grDBG47W8I+tbLZTrklJKZ
-----END CERTIFICATE-----