Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/wuGdO7BU4UEqyUjo_P_TCWkVnzg.roa
File:                     wuGdO7BU4UEqyUjo_P_TCWkVnzg.roa (raw, json)
Hash identifier:          HcG6i3VCdiwekHW/1MxapBFX646SfRLhsIrHsRfp4iY=
Subject key identifier:   C2:E1:9D:3B:B0:54:E1:41:2A:C9:48:E8:FC:FF:D3:09:69:15:9F:38
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       018CC49341E7AA9500EBE1C870779B37870A
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/wuGdO7BU4UEqyUjo_P_TCWkVnzg.roa
Signing time:             Mon 01 Jan 2024 10:30:34 +0000
ROA not before:           Mon 01 Jan 2024 10:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216070
IP address blocks:        176.126.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 18:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:41:e7:aa:95:00:eb:e1:c8:70:77:9b:37:87:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan  1 10:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2e19d3bb054e1412ac948e8fcffd30969159f38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:57:89:fd:c1:19:b9:f7:60:45:bd:a9:05:5a:
                    1a:29:d7:9b:33:94:9e:c4:89:24:a5:d5:4a:b0:22:
                    26:00:6d:a1:83:58:0b:e8:37:e5:7f:c7:b9:0a:8c:
                    78:f2:13:2e:63:22:2c:cd:53:27:b7:f1:9f:7e:ed:
                    0b:a8:82:70:df:96:40:09:37:fa:85:1e:e1:77:f4:
                    1d:58:49:5b:c6:e1:ca:72:2f:f1:58:b1:e6:34:2b:
                    8c:75:7b:b5:d5:8b:0e:e4:7a:75:2f:af:72:00:fa:
                    85:a9:7a:28:9f:b1:34:07:a1:c4:8e:64:2b:10:5c:
                    d3:5c:d9:75:cd:34:30:ce:7a:2f:f9:f2:ba:5b:71:
                    ad:32:0c:b8:a5:b2:66:a3:0c:c6:ee:8e:72:90:cf:
                    8a:9a:e4:61:ac:e6:7a:47:6f:44:6d:e2:db:c0:9b:
                    9a:3b:98:a3:0a:96:95:44:58:55:17:22:61:86:2f:
                    3f:d9:8b:4f:67:1a:e8:3f:7b:39:4a:8a:34:cc:e2:
                    0c:a7:d7:99:05:65:eb:64:4a:dd:ea:c5:da:7b:f4:
                    ca:7c:2e:01:58:dc:8e:8c:33:be:ec:71:05:e5:07:
                    64:a3:1a:72:4a:bc:17:28:2c:6a:ce:e7:a8:c7:b9:
                    86:26:dd:0e:93:25:64:40:54:56:7f:4a:6e:0d:26:
                    5f:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:E1:9D:3B:B0:54:E1:41:2A:C9:48:E8:FC:FF:D3:09:69:15:9F:38
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/wuGdO7BU4UEqyUjo_P_TCWkVnzg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.126.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:bd:c9:4a:cc:01:b8:4b:ba:5f:d5:ee:91:6f:50:88:2f:25:
         87:c2:c6:81:e1:8e:88:2a:32:b3:c0:a5:c2:8a:7b:f8:4f:9a:
         92:39:93:4e:c4:45:b1:92:15:dc:74:7f:49:d8:e6:98:be:a5:
         6e:f0:df:d2:9a:c5:7c:f7:2e:03:5d:77:00:40:63:28:ee:99:
         7f:af:eb:a2:a8:d6:a1:0c:e4:48:fa:a8:2c:32:41:56:fe:f1:
         eb:0f:b0:f0:53:37:42:16:db:8d:c2:fb:d9:42:8e:25:3a:1a:
         18:98:bf:6d:6f:98:99:c5:51:81:04:30:7b:e3:47:68:9e:b5:
         bf:3a:5a:3d:9b:9d:95:f0:5d:0d:47:b8:42:fa:55:4c:8c:db:
         18:00:91:4b:86:d6:20:76:e2:e8:7b:7c:15:dd:d7:b1:ae:b6:
         a9:52:bc:16:37:fd:bc:18:28:db:d5:b4:f8:e3:f3:d3:97:a3:
         74:5c:47:67:9a:6d:3d:a4:4d:b3:00:d1:67:a6:af:7e:26:bd:
         3f:7f:84:c6:94:53:2b:d7:95:f1:2c:80:00:cb:11:b1:d7:cc:
         67:be:5d:ba:6c:29:42:2f:30:ac:f4:f4:0c:00:34:40:ca:78:
         a4:c9:70:1c:49:2e:94:16:53:d0:7a:0f:ef:af:19:86:21:c2:
         d9:bd:9e:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk0HnqpUA6+HIcHebN4cKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjQwMTAxMTAzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmUxOWQzYmIwNTRlMTQxMmFjOTQ4ZThmY2ZmZDMwOTY5MTU5ZjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAileJ/cEZufdgRb2pBVoaKdebM5Se
xIkkpdVKsCImAG2hg1gL6Dflf8e5Cox48hMuYyIszVMnt/Gffu0LqIJw35ZACTf6
hR7hd/QdWElbxuHKci/xWLHmNCuMdXu11YsO5Hp1L69yAPqFqXoon7E0B6HEjmQr
EFzTXNl1zTQwznov+fK6W3GtMgy4pbJmowzG7o5ykM+KmuRhrOZ6R29EbeLbwJua
O5ijCpaVRFhVFyJhhi8/2YtPZxroP3s5Soo0zOIMp9eZBWXrZErd6sXae/TKfC4B
WNyOjDO+7HEF5QdkoxpySrwXKCxqzueox7mGJt0OkyVkQFRWf0puDSZftQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMLhnTuwVOFBKslI6Pz/0wlpFZ84MB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvd3VHZE83QlU0VUVxeVVqb19QX1RDV2tWbnpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsH6uMA0G
CSqGSIb3DQEBCwUAA4IBAQCHvclKzAG4S7pf1e6Rb1CILyWHwsaB4Y6IKjKzwKXC
inv4T5qSOZNOxEWxkhXcdH9J2OaYvqVu8N/SmsV89y4DXXcAQGMo7pl/r+uiqNah
DORI+qgsMkFW/vHrD7DwUzdCFtuNwvvZQo4lOhoYmL9tb5iZxVGBBDB740donrW/
Olo9m52V8F0NR7hC+lVMjNsYAJFLhtYgduLoe3wV3dexrrapUrwWN/28GCjb1bT4
4/PTl6N0XEdnmm09pE2zANFnpq9+Jr0/f4TGlFMr15XxLIAAyxGx18xnvl26bClC
LzCs9PQMADRAynikyXAcSS6UFlPQeg/vrxmGIcLZvZ42
-----END CERTIFICATE-----