Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/wdokWymoRIFQmiXeZy42Kg3oJOI.roa
File:                     wdokWymoRIFQmiXeZy42Kg3oJOI.roa (raw, json)
Hash identifier:          B19sT5zsy28noDJWiHoxrOvREG0dUEcbLM5sqfxBtLM=
Subject key identifier:   C1:DA:24:5B:29:A8:44:81:50:9A:25:DE:67:2E:36:2A:0D:E8:24:E2
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       018E9F31AF948FAB8E755F66914FA135FDF4
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/wdokWymoRIFQmiXeZy42Kg3oJOI.roa
Signing time:             Tue 02 Apr 2024 14:23:37 +0000
ROA not before:           Tue 02 Apr 2024 14:23:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59729
IP address blocks:        212.18.120.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:9f:31:af:94:8f:ab:8e:75:5f:66:91:4f:a1:35:fd:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Apr  2 14:23:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1da245b29a84481509a25de672e362a0de824e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:09:cf:3b:14:52:3d:a4:30:40:d3:73:4a:5b:
                    31:b9:27:18:31:5e:aa:42:09:66:76:7b:28:04:0b:
                    b3:8b:ac:59:59:9e:13:81:66:6f:16:18:22:c0:b0:
                    c7:fb:17:27:5a:99:40:43:c6:d6:b1:c6:0f:59:fe:
                    df:03:a3:4f:d2:a4:b9:7a:fe:4a:6d:48:a0:c3:6a:
                    ee:e4:65:c8:c2:07:89:b3:e1:60:50:e2:f2:93:d0:
                    3d:54:7e:f7:94:bc:7a:6f:1a:a0:dd:0b:2e:a0:cd:
                    16:07:bc:ca:05:45:c8:49:92:c2:f1:a9:2d:9d:36:
                    f0:37:70:a5:aa:32:16:2e:d1:23:5e:07:74:9b:96:
                    29:49:f3:c5:e5:58:35:8b:f8:30:c3:fa:5c:f9:9d:
                    f7:a5:5c:54:1a:54:b1:d2:bc:36:06:30:f1:3b:5f:
                    ad:dd:de:98:ce:01:3b:00:df:b4:04:49:93:de:05:
                    84:68:8d:23:e9:60:8a:46:e3:e5:4d:fc:5a:5d:2e:
                    e6:a1:7c:68:cf:95:ff:61:de:1b:c9:c1:20:0f:fb:
                    6e:1a:b1:88:cf:ac:f2:e8:e9:d6:cb:8b:a6:6d:27:
                    17:22:12:e1:da:b3:22:75:23:8c:54:d1:c0:26:73:
                    df:06:27:9d:4b:e8:fd:52:a8:ce:be:07:11:0e:19:
                    bf:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:DA:24:5B:29:A8:44:81:50:9A:25:DE:67:2E:36:2A:0D:E8:24:E2
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/wdokWymoRIFQmiXeZy42Kg3oJOI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.18.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:6f:f8:36:a0:60:96:f3:e3:5e:24:04:ac:6f:e4:7f:f8:18:
         1b:be:18:0c:7d:4e:5f:9a:da:39:80:67:4f:88:5f:c8:e6:aa:
         25:bf:7b:2f:29:5b:e5:6c:a2:3e:23:53:c0:c7:64:be:2f:24:
         9d:31:a1:e1:32:e3:20:21:99:51:8b:0c:97:b0:db:02:4d:f3:
         48:4f:0a:ac:1a:6e:42:f5:e8:95:64:15:04:84:95:b9:52:08:
         a0:87:35:96:eb:8a:bc:4e:c8:34:5d:7d:96:b2:e4:90:73:cc:
         85:45:2c:e8:1a:18:48:43:38:79:72:7f:24:0e:03:ce:05:33:
         3e:4a:b8:a9:80:7a:ca:34:68:f8:b8:bd:5f:99:19:b4:e8:4e:
         f7:95:03:11:49:a4:82:2a:9a:53:f6:22:8b:4b:9e:0a:c5:3e:
         7f:9d:9f:b9:d7:c4:82:d1:fd:6e:38:bd:ca:c9:a2:f4:32:83:
         61:6d:ca:cf:8c:ec:59:50:6e:6c:ed:bb:bd:40:24:65:da:06:
         5e:56:8e:bb:80:e1:00:84:96:59:0e:c3:95:bd:01:06:fa:e4:
         ff:1a:a4:81:e3:10:35:c3:47:ff:ff:fc:af:2b:76:49:0d:b3:
         65:b3:b6:e4:cc:8a:d6:04:d9:69:cc:72:ed:20:92:7f:11:13:
         cd:62:1b:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6fMa+Uj6uOdV9mkU+hNf30MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjQwNDAyMTQyMzM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWRhMjQ1YjI5YTg0NDgxNTA5YTI1ZGU2NzJlMzYyYTBkZTgyNGUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3wnPOxRSPaQwQNNzSlsxuScYMV6q
QglmdnsoBAuzi6xZWZ4TgWZvFhgiwLDH+xcnWplAQ8bWscYPWf7fA6NP0qS5ev5K
bUigw2ru5GXIwgeJs+FgUOLyk9A9VH73lLx6bxqg3QsuoM0WB7zKBUXISZLC8akt
nTbwN3ClqjIWLtEjXgd0m5YpSfPF5Vg1i/gww/pc+Z33pVxUGlSx0rw2BjDxO1+t
3d6YzgE7AN+0BEmT3gWEaI0j6WCKRuPlTfxaXS7moXxoz5X/Yd4bycEgD/tuGrGI
z6zy6OnWy4umbScXIhLh2rMidSOMVNHAJnPfBiedS+j9UqjOvgcRDhm/NwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMHaJFspqESBUJol3mcuNioN6CTiMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvd2Rva1d5bW9SSUZRbWlYZVp5NDJLZzNvSk9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BJ4MA0G
CSqGSIb3DQEBCwUAA4IBAQBhb/g2oGCW8+NeJASsb+R/+BgbvhgMfU5fmto5gGdP
iF/I5qolv3svKVvlbKI+I1PAx2S+LySdMaHhMuMgIZlRiwyXsNsCTfNITwqsGm5C
9eiVZBUEhJW5UgighzWW64q8Tsg0XX2WsuSQc8yFRSzoGhhIQzh5cn8kDgPOBTM+
SripgHrKNGj4uL1fmRm06E73lQMRSaSCKppT9iKLS54KxT5/nZ+518SC0f1uOL3K
yaL0MoNhbcrPjOxZUG5s7bu9QCRl2gZeVo67gOEAhJZZDsOVvQEG+uT/GqSB4xA1
w0f///yvK3ZJDbNls7bkzIrWBNlpzHLtIJJ/ERPNYhsd
-----END CERTIFICATE-----