Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/rNZ9tD7FSHMlCDsqnMvZoP06E4I.roa
File:                     rNZ9tD7FSHMlCDsqnMvZoP06E4I.roa (raw, json)
Hash identifier:          oZRYjmCnv3wK7aPKAQAchhhc1l+mLAToE9iDGMx7mME=
Subject key identifier:   AC:D6:7D:B4:3E:C5:48:73:25:08:3B:2A:9C:CB:D9:A0:FD:3A:13:82
Certificate issuer:       /CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
Certificate serial:       018DB7956F287FE7CAF4C58216DA1B6CADD4
Authority key identifier: C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/rNZ9tD7FSHMlCDsqnMvZoP06E4I.roa
Signing time:             Sat 17 Feb 2024 15:00:40 +0000
ROA not before:           Sat 17 Feb 2024 15:00:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52025
IP address blocks:        185.121.24.0/23 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:b7:95:6f:28:7f:e7:ca:f4:c5:82:16:da:1b:6c:ad:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
        Validity
            Not Before: Feb 17 15:00:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=acd67db43ec5487325083b2a9ccbd9a0fd3a1382
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:c8:82:7d:99:23:e9:81:51:01:1a:e5:c4:fb:
                    30:ec:7c:e6:79:3f:5f:33:99:1b:50:99:8c:31:68:
                    1f:90:65:04:9e:4c:44:bc:96:52:18:89:2f:07:79:
                    e8:22:e1:84:1f:c8:4c:8d:96:2f:10:7c:e4:51:95:
                    9a:f4:0d:00:62:7f:a8:99:6c:20:da:91:17:a4:c9:
                    60:fa:e3:bb:db:fa:a1:ec:01:e3:a4:a0:83:6c:66:
                    a9:a1:e4:bc:8a:c2:76:95:6a:ce:39:6b:37:81:e5:
                    a2:f5:b1:17:4a:d5:07:a2:fa:e4:7e:e0:da:3d:a3:
                    5b:28:76:86:43:83:11:a5:da:c4:f7:32:44:54:6c:
                    c9:00:9b:ab:89:a7:80:a2:58:af:b5:12:b3:fc:41:
                    cd:99:86:8f:e3:5e:42:af:2a:b0:54:4f:1c:2a:a5:
                    5f:27:85:a5:51:91:c0:c5:e3:30:5a:9e:76:37:14:
                    c3:0a:2f:b0:31:68:d2:a6:74:6d:26:7e:e0:71:ff:
                    17:6e:a7:e0:43:c8:f1:1a:5d:80:24:1d:ac:ae:08:
                    9d:ff:b3:f4:6a:ad:74:8b:0a:b7:d9:2d:8e:4f:74:
                    17:83:61:38:4e:d3:18:87:82:0f:9c:e9:70:e2:87:
                    f6:52:7c:94:de:38:71:71:75:9d:cd:3f:09:cf:2b:
                    02:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:D6:7D:B4:3E:C5:48:73:25:08:3B:2A:9C:CB:D9:A0:FD:3A:13:82
            X509v3 Authority Key Identifier:
                keyid:C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/rNZ9tD7FSHMlCDsqnMvZoP06E4I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.121.24.0/23

    Signature Algorithm: sha256WithRSAEncryption
         75:b2:0d:9d:66:ce:33:d8:f6:55:ff:a6:de:3e:f2:8b:42:d5:
         ca:19:c9:72:71:d1:ca:db:7a:ec:b5:dd:2f:c4:88:94:97:ec:
         f9:42:79:70:8b:9c:04:61:c0:92:65:e6:80:f3:d4:0c:73:fd:
         da:19:79:2b:73:00:e0:28:42:a1:46:82:a3:ae:c7:86:06:4b:
         bf:f9:a2:53:2a:d6:c9:c8:83:6a:d4:c9:1f:49:33:a8:56:50:
         0a:04:04:08:0e:6f:a1:3f:a0:74:12:9c:83:31:3a:a8:f1:77:
         e2:08:52:3e:77:e8:42:7d:92:5a:14:19:a2:7a:4f:43:db:e0:
         ff:fe:3e:c2:fc:35:21:9d:45:ad:a4:0f:75:85:db:fa:0c:7c:
         15:44:be:04:44:ba:e7:d5:36:d5:d2:e6:a2:51:22:2a:26:de:
         14:2a:34:f4:37:53:16:2e:d8:4d:fc:28:a6:3a:8c:82:dc:b4:
         99:b2:29:28:42:b0:5d:9f:63:ea:33:38:23:1a:2e:a6:7e:49:
         72:2f:d3:06:9f:da:20:e0:d3:a1:ca:ca:73:b4:bd:4c:34:7f:
         00:03:32:4b:01:5c:81:2c:88:fe:32:02:8a:82:49:cc:fe:66:
         54:f8:9d:ed:ff:6e:fa:ae:de:5f:f4:17:5b:08:94:87:2b:2f:
         b5:ca:71:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY23lW8of+fK9MWCFtobbK3UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMjgzNDhlOTA1NDk3M2Q3YTVmODE5M2JkNGU1YzQ0ZjY3
Mzk5ZTEwHhcNMjQwMjE3MTUwMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2Q2N2RiNDNlYzU0ODczMjUwODNiMmE5Y2NiZDlhMGZkM2ExMzgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiMiCfZkj6YFRARrlxPsw7HzmeT9f
M5kbUJmMMWgfkGUEnkxEvJZSGIkvB3noIuGEH8hMjZYvEHzkUZWa9A0AYn+omWwg
2pEXpMlg+uO72/qh7AHjpKCDbGapoeS8isJ2lWrOOWs3geWi9bEXStUHovrkfuDa
PaNbKHaGQ4MRpdrE9zJEVGzJAJuriaeAolivtRKz/EHNmYaP415CryqwVE8cKqVf
J4WlUZHAxeMwWp52NxTDCi+wMWjSpnRtJn7gcf8XbqfgQ8jxGl2AJB2srgid/7P0
aq10iwq32S2OT3QXg2E4TtMYh4IPnOlw4of2UnyU3jhxcXWdzT8JzysCHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKzWfbQ+xUhzJQg7KpzL2aD9OhOCMB8GA1UdIwQY
MBaAFMIoNI6QVJc9el+Bk71OXET2c5nhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMt
ZTg4ZmZmODJkNTUzLzEvck5aOXREN0ZTSE1sQ0RzcW5NdlpvUDA2RTRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMtZTg4ZmZmODJkNTUz
LzEvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuXkYMA0G
CSqGSIb3DQEBCwUAA4IBAQB1sg2dZs4z2PZV/6bePvKLQtXKGclycdHK23rstd0v
xIiUl+z5Qnlwi5wEYcCSZeaA89QMc/3aGXkrcwDgKEKhRoKjrseGBku/+aJTKtbJ
yINq1MkfSTOoVlAKBAQIDm+hP6B0EpyDMTqo8XfiCFI+d+hCfZJaFBmiek9D2+D/
/j7C/DUhnUWtpA91hdv6DHwVRL4ERLrn1TbV0uaiUSIqJt4UKjT0N1MWLthN/Cim
OoyC3LSZsikoQrBdn2PqMzgjGi6mfklyL9MGn9og4NOhyspztL1MNH8AAzJLAVyB
LIj+MgKKgknM/mZU+J3t/276rt5f9BdbCJSHKy+1ynH9
-----END CERTIFICATE-----