Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/WDRgaXraNLPCTF0ZVVH9dIwXnTw.roa
File:                     WDRgaXraNLPCTF0ZVVH9dIwXnTw.roa (raw, json)
Hash identifier:          zP88fNd0MPvNOjk+DkkqR5MQiY1IeV01QsEoYaMCOz8=
Subject key identifier:   58:34:60:69:7A:DA:34:B3:C2:4C:5D:19:55:51:FD:74:8C:17:9D:3C
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       018CC794184C998D5803A05CB18CAB905B06
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/WDRgaXraNLPCTF0ZVVH9dIwXnTw.roa
Signing time:             Tue 02 Jan 2024 00:30:20 +0000
ROA not before:           Tue 02 Jan 2024 00:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48780
IP address blocks:        95.182.112.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:18:4c:99:8d:58:03:a0:5c:b1:8c:ab:90:5b:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  2 00:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=583460697ada34b3c24c5d195551fd748c179d3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:76:de:a1:bf:1d:0b:d0:03:47:4f:7e:06:92:
                    0b:6a:c9:7e:ff:fd:a8:d2:97:09:7e:f9:38:48:aa:
                    b1:d1:25:db:b8:a0:05:16:39:06:48:25:f2:ff:8a:
                    41:50:c7:09:b6:31:c1:4b:b4:9a:3c:91:b7:0d:31:
                    a8:14:b9:a4:89:db:18:cd:14:d1:c3:ac:21:21:be:
                    93:2a:2b:dc:ed:e4:ea:3d:90:94:a7:5c:24:3b:cf:
                    ed:5b:2d:19:07:ec:15:01:f3:67:d0:c4:02:22:23:
                    e6:4e:e1:f4:4e:2c:54:ad:a0:e9:13:65:6d:e0:d5:
                    64:a4:0b:00:e9:d4:ac:e0:fc:a7:23:4d:92:5f:bc:
                    60:e9:ca:c5:99:07:5c:42:60:98:f4:53:d1:eb:75:
                    27:d0:f0:c3:bc:af:96:db:f8:b2:ae:71:cc:7a:c8:
                    3d:2e:51:f3:5e:4e:b3:45:79:b1:d4:7e:77:9c:78:
                    a9:df:b4:08:bf:f0:aa:3c:29:20:67:57:34:9e:39:
                    46:9e:73:f1:20:c4:a2:70:d1:3a:13:14:7d:91:c1:
                    b8:6f:7c:b4:68:02:41:5d:86:31:92:12:26:23:76:
                    ba:c4:69:09:44:5c:65:0a:a1:9b:65:d5:c1:dd:dc:
                    ed:2d:a0:48:30:1a:2b:5b:0b:0e:04:d8:14:a8:8b:
                    93:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:34:60:69:7A:DA:34:B3:C2:4C:5D:19:55:51:FD:74:8C:17:9D:3C
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/WDRgaXraNLPCTF0ZVVH9dIwXnTw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.182.112.0/21

    Signature Algorithm: sha256WithRSAEncryption
         5d:88:63:3b:c1:45:c3:c2:eb:d9:d5:c1:f7:f2:42:70:82:84:
         1d:72:08:62:cf:3b:47:e9:0d:59:e4:7b:98:cf:8c:af:ac:5c:
         28:67:47:93:84:48:72:62:a2:a9:7a:24:5f:75:8f:af:28:a6:
         55:fc:4b:03:fe:e0:43:06:9c:fa:dd:50:8c:4a:ce:2c:2f:1c:
         e2:b9:9c:4e:7c:50:89:2d:0a:ef:d3:6e:f7:90:5f:41:e0:88:
         e5:7a:39:07:40:a6:e6:9b:4d:25:99:58:72:50:0c:1e:9c:aa:
         d2:05:a8:a7:8b:3c:6c:41:a4:58:8b:b1:86:d4:eb:56:70:c6:
         b5:a5:ba:22:14:eb:0b:b5:3c:e5:7d:89:1a:89:3e:88:67:04:
         1c:f2:31:db:4a:5c:3e:6a:3c:65:5d:9b:49:00:a0:1d:54:6d:
         10:02:8c:c6:83:a9:3d:95:9e:7d:b0:18:c2:38:d1:19:59:db:
         35:fd:e2:04:ea:76:dc:bd:74:7b:e5:c1:10:e7:d6:49:53:58:
         aa:44:46:fe:0a:52:ef:a3:b8:0d:4a:7d:7a:9d:56:c0:9c:ad:
         a4:87:2a:43:eb:55:2e:3d:aa:24:51:2b:3e:1d:fe:b4:78:bb:
         e0:d7:82:be:ed:36:89:fc:7d:42:3b:51:76:2e:84:bf:18:2e:
         19:81:51:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlBhMmY1YA6BcsYyrkFsGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjQwMTAyMDAzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODM0NjA2OTdhZGEzNGIzYzI0YzVkMTk1NTUxZmQ3NDhjMTc5ZDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAinbeob8dC9ADR09+BpILasl+//2o
0pcJfvk4SKqx0SXbuKAFFjkGSCXy/4pBUMcJtjHBS7SaPJG3DTGoFLmkidsYzRTR
w6whIb6TKivc7eTqPZCUp1wkO8/tWy0ZB+wVAfNn0MQCIiPmTuH0TixUraDpE2Vt
4NVkpAsA6dSs4PynI02SX7xg6crFmQdcQmCY9FPR63Un0PDDvK+W2/iyrnHMesg9
LlHzXk6zRXmx1H53nHip37QIv/CqPCkgZ1c0njlGnnPxIMSicNE6ExR9kcG4b3y0
aAJBXYYxkhImI3a6xGkJRFxlCqGbZdXB3dztLaBIMBorWwsOBNgUqIuTXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFg0YGl62jSzwkxdGVVR/XSMF508MB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvV0RSZ2FYcmFOTFBDVEYwWlZWSDlkSXdYblR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDX7ZwMA0G
CSqGSIb3DQEBCwUAA4IBAQBdiGM7wUXDwuvZ1cH38kJwgoQdcghizztH6Q1Z5HuY
z4yvrFwoZ0eThEhyYqKpeiRfdY+vKKZV/EsD/uBDBpz63VCMSs4sLxziuZxOfFCJ
LQrv0273kF9B4IjlejkHQKbmm00lmVhyUAwenKrSBainizxsQaRYi7GG1OtWcMa1
pboiFOsLtTzlfYkaiT6IZwQc8jHbSlw+ajxlXZtJAKAdVG0QAozGg6k9lZ59sBjC
ONEZWds1/eIE6nbcvXR75cEQ59ZJU1iqREb+ClLvo7gNSn16nVbAnK2khypD61Uu
PaokUSs+Hf60eLvg14K+7TaJ/H1CO1F2LoS/GC4ZgVHi
-----END CERTIFICATE-----