Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/d8275e-c479-4ed8-beea-da89ed2eb55e/1/wriCDOf9Qt8kwRz89dVlXaavnhY.roa
File:                     wriCDOf9Qt8kwRz89dVlXaavnhY.roa (raw, json)
Hash identifier:          /Tq5d4rDDHnMFOFtxl4NUqsxKqw7wtc56fovn3G5mNA=
Subject key identifier:   C2:B8:82:0C:E7:FD:42:DF:24:C1:1C:FC:F5:D5:65:5D:A6:AF:9E:16
Certificate issuer:       /CN=af46fb8d41a47242ae3ee8ce1f0fa8ef811698b5
Certificate serial:       018CC6B90B9F97F6C2B1644CC111A724E94D
Authority key identifier: AF:46:FB:8D:41:A4:72:42:AE:3E:E8:CE:1F:0F:A8:EF:81:16:98:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r0b7jUGkckKuPujOHw-o74EWmLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/d8275e-c479-4ed8-beea-da89ed2eb55e/1/wriCDOf9Qt8kwRz89dVlXaavnhY.roa
Signing time:             Mon 01 Jan 2024 20:31:05 +0000
ROA not before:           Mon 01 Jan 2024 20:31:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209535
IP address blocks:        147.78.24.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/d8275e-c479-4ed8-beea-da89ed2eb55e/1/r0b7jUGkckKuPujOHw-o74EWmLU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/d8275e-c479-4ed8-beea-da89ed2eb55e/1/r0b7jUGkckKuPujOHw-o74EWmLU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r0b7jUGkckKuPujOHw-o74EWmLU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:0b:9f:97:f6:c2:b1:64:4c:c1:11:a7:24:e9:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af46fb8d41a47242ae3ee8ce1f0fa8ef811698b5
        Validity
            Not Before: Jan  1 20:31:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2b8820ce7fd42df24c11cfcf5d5655da6af9e16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:b3:08:ba:94:34:bb:0a:2c:18:1b:f5:74:0c:
                    d2:e9:bf:d5:01:36:c3:84:b9:24:9d:62:77:af:bb:
                    b1:93:f7:a4:75:73:b7:fc:87:1a:45:38:41:f8:26:
                    83:c4:d3:a3:dc:1d:08:2c:4f:b8:25:31:12:bf:3b:
                    00:3c:68:05:8a:69:e1:4e:4b:7a:fb:f3:bf:9c:1a:
                    30:8e:47:e9:4b:0c:3a:11:60:2f:bc:b8:c1:a1:3b:
                    6c:40:0f:0c:7e:47:e0:3f:e7:c6:3c:f2:50:37:47:
                    22:3f:df:71:53:7b:b5:8b:c0:2d:6a:ee:9a:ce:23:
                    45:1e:b5:e4:48:43:75:bb:c4:4a:b5:c2:a8:f9:42:
                    8d:c2:1c:eb:8b:47:f2:f1:c5:19:67:1a:b1:54:fe:
                    fe:5a:62:4b:bf:ee:87:d6:f6:25:d4:fc:34:5c:cb:
                    bf:33:c2:47:51:68:28:52:2b:02:be:1f:ed:d1:bc:
                    2c:de:eb:1d:36:b8:8f:bb:30:0b:75:34:ee:c6:9f:
                    0c:5f:b7:6b:07:01:26:65:3c:f5:3d:4d:78:a4:20:
                    6d:cb:4d:4f:7b:21:ef:84:74:e7:03:c6:e9:0b:ca:
                    16:89:67:c7:53:32:38:a1:2e:d5:17:5c:ec:8e:bf:
                    7a:96:c4:a1:c4:59:0d:4b:18:2f:e2:9b:05:e3:b7:
                    f7:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:B8:82:0C:E7:FD:42:DF:24:C1:1C:FC:F5:D5:65:5D:A6:AF:9E:16
            X509v3 Authority Key Identifier:
                keyid:AF:46:FB:8D:41:A4:72:42:AE:3E:E8:CE:1F:0F:A8:EF:81:16:98:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r0b7jUGkckKuPujOHw-o74EWmLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d8275e-c479-4ed8-beea-da89ed2eb55e/1/wriCDOf9Qt8kwRz89dVlXaavnhY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/d8275e-c479-4ed8-beea-da89ed2eb55e/1/r0b7jUGkckKuPujOHw-o74EWmLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         16:9f:24:3f:84:c5:ca:07:0e:4d:56:21:35:49:d8:d5:b4:85:
         10:eb:0c:30:c8:72:de:3c:b9:f4:2a:14:dd:d4:40:fb:1a:d8:
         76:b5:4e:73:fc:95:a8:ae:c3:e3:66:b4:fd:b1:69:ca:93:6b:
         30:ef:45:07:87:ef:28:d9:ae:ac:aa:a3:e5:8f:3a:52:41:dc:
         95:a3:cc:13:4d:e1:73:2c:22:c5:2a:aa:04:f3:f9:eb:84:70:
         b0:b4:6b:55:0e:ee:68:5c:8a:d7:4e:ad:0f:69:02:20:e6:34:
         ad:0a:9d:c9:35:23:1b:cf:3f:5e:12:e9:e4:aa:ed:5f:7c:ff:
         55:cc:7a:70:a7:2f:01:98:61:92:a0:b4:5d:56:6a:c7:f8:d6:
         44:fa:54:6b:fa:7f:0b:57:1d:b3:88:b5:07:c9:a0:0b:bf:a2:
         3c:02:20:5c:77:61:e4:3f:b9:0f:85:cb:06:e9:91:49:5a:f4:
         6b:0f:eb:1e:ef:0c:79:d8:0e:a7:fb:f8:b5:ba:76:76:c2:ed:
         d7:48:2b:68:f7:02:d7:a7:9a:74:45:02:1a:71:32:73:9d:aa:
         85:82:62:34:3e:ef:e4:5c:66:93:56:23:71:3b:19:b0:56:40:
         86:da:5d:1a:cf:1d:91:29:d6:a3:30:5b:01:8b:76:c1:ad:9e:
         60:a0:53:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuQufl/bCsWRMwRGnJOlNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNDZmYjhkNDFhNDcyNDJhZTNlZThjZTFmMGZhOGVmODEx
Njk4YjUwHhcNMjQwMTAxMjAzMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmI4ODIwY2U3ZmQ0MmRmMjRjMTFjZmNmNWQ1NjU1ZGE2YWY5ZTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoLMIupQ0uwosGBv1dAzS6b/VATbD
hLkknWJ3r7uxk/ekdXO3/IcaRThB+CaDxNOj3B0ILE+4JTESvzsAPGgFimnhTkt6
+/O/nBowjkfpSww6EWAvvLjBoTtsQA8MfkfgP+fGPPJQN0ciP99xU3u1i8Atau6a
ziNFHrXkSEN1u8RKtcKo+UKNwhzri0fy8cUZZxqxVP7+WmJLv+6H1vYl1Pw0XMu/
M8JHUWgoUisCvh/t0bws3usdNriPuzALdTTuxp8MX7drBwEmZTz1PU14pCBty01P
eyHvhHTnA8bpC8oWiWfHUzI4oS7VF1zsjr96lsShxFkNSxgv4psF47f3vQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMK4ggzn/ULfJMEc/PXVZV2mr54WMB8GA1UdIwQY
MBaAFK9G+41BpHJCrj7ozh8PqO+BFpi1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjBiN2pVR2tja0t1UHVqT0h3LW83NEVXbUxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9kODI3NWUtYzQ3OS00ZWQ4LWJlZWEt
ZGE4OWVkMmViNTVlLzEvd3JpQ0RPZjlRdDhrd1J6ODlkVmxYYWF2bmhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9kODI3NWUtYzQ3OS00ZWQ4LWJlZWEtZGE4OWVkMmViNTVl
LzEvcjBiN2pVR2tja0t1UHVqT0h3LW83NEVXbUxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCk04YMA0G
CSqGSIb3DQEBCwUAA4IBAQAWnyQ/hMXKBw5NViE1SdjVtIUQ6wwwyHLePLn0KhTd
1ED7Gth2tU5z/JWorsPjZrT9sWnKk2sw70UHh+8o2a6sqqPljzpSQdyVo8wTTeFz
LCLFKqoE8/nrhHCwtGtVDu5oXIrXTq0PaQIg5jStCp3JNSMbzz9eEunkqu1ffP9V
zHpwpy8BmGGSoLRdVmrH+NZE+lRr+n8LVx2ziLUHyaALv6I8AiBcd2HkP7kPhcsG
6ZFJWvRrD+se7wx52A6n+/i1unZ2wu3XSCto9wLXp5p0RQIacTJznaqFgmI0Pu/k
XGaTViNxOxmwVkCG2l0azx2RKdajMFsBi3bBrZ5goFMp
-----END CERTIFICATE-----