Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/39c622-4867-4fb3-8ef7-5d27f9dbed66/1/Wjf_cJN6Yl4ieoCGXHUpdIaZSO8.roa
File:                     Wjf_cJN6Yl4ieoCGXHUpdIaZSO8.roa (raw, json)
Hash identifier:          tS0wE/OpQQbK+mnzzdqpt3VG2Vrwkb1JuUA5FS7EyP8=
Subject key identifier:   5A:37:FF:70:93:7A:62:5E:22:7A:80:86:5C:75:29:74:86:99:48:EF
Certificate issuer:       /CN=facf5e1e9288860780d12e34a4ad3b40d98483fc
Certificate serial:       018CC3B72144328991E4BA6E9BA75A2D217C
Authority key identifier: FA:CF:5E:1E:92:88:86:07:80:D1:2E:34:A4:AD:3B:40:D9:84:83:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-s9eHpKIhgeA0S40pK07QNmEg_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/39c622-4867-4fb3-8ef7-5d27f9dbed66/1/Wjf_cJN6Yl4ieoCGXHUpdIaZSO8.roa
Signing time:             Mon 01 Jan 2024 06:30:07 +0000
ROA not before:           Mon 01 Jan 2024 06:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60894
IP address blocks:        203.34.219.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/39c622-4867-4fb3-8ef7-5d27f9dbed66/1/1-s9eHpKIhgeA0S40pK07QNmEg_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/39c622-4867-4fb3-8ef7-5d27f9dbed66/1/1-s9eHpKIhgeA0S40pK07QNmEg_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-s9eHpKIhgeA0S40pK07QNmEg_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:21:44:32:89:91:e4:ba:6e:9b:a7:5a:2d:21:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=facf5e1e9288860780d12e34a4ad3b40d98483fc
        Validity
            Not Before: Jan  1 06:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a37ff70937a625e227a80865c752974869948ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:aa:c1:bb:00:af:53:09:62:d8:7e:9e:cf:17:
                    b5:87:9e:fe:eb:8a:92:19:3e:9d:7d:8c:3a:05:b8:
                    ee:cd:0c:3b:6d:5c:af:2f:6d:77:24:d3:d1:6c:00:
                    96:22:cc:c2:3a:20:b0:e4:3a:75:28:ce:4d:fc:91:
                    96:86:3b:96:af:93:58:ed:28:27:21:54:90:69:94:
                    e0:51:0b:00:f3:0c:25:51:ab:c9:4d:b0:c9:88:a2:
                    8f:90:4d:c0:b2:f7:cf:7d:c7:f4:9c:4c:f2:b2:1f:
                    86:de:7a:95:10:cf:28:b4:71:04:7c:f4:9a:54:5c:
                    4b:65:41:11:54:83:f1:f4:1f:4b:b5:98:a6:e6:7e:
                    bf:bf:6b:64:47:4c:dd:eb:8b:36:ff:37:d5:7a:59:
                    9d:64:87:82:79:c8:60:ff:0d:82:c1:1e:76:e3:23:
                    e5:48:c1:de:7c:ae:73:52:f5:2e:84:91:4d:c6:84:
                    1a:9a:e0:f6:ad:68:fe:ee:f4:37:30:cd:ef:7e:00:
                    21:64:94:fb:c9:78:92:88:c1:11:2d:2a:3f:d2:e3:
                    23:2f:ea:5f:b5:32:54:42:07:3e:3b:b1:2d:83:91:
                    37:5d:ad:fb:91:1a:e7:23:b2:28:9d:34:b6:1f:c0:
                    3b:84:3a:96:b6:32:6c:19:63:80:a5:61:85:6c:72:
                    76:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:37:FF:70:93:7A:62:5E:22:7A:80:86:5C:75:29:74:86:99:48:EF
            X509v3 Authority Key Identifier:
                keyid:FA:CF:5E:1E:92:88:86:07:80:D1:2E:34:A4:AD:3B:40:D9:84:83:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-s9eHpKIhgeA0S40pK07QNmEg_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/39c622-4867-4fb3-8ef7-5d27f9dbed66/1/Wjf_cJN6Yl4ieoCGXHUpdIaZSO8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/39c622-4867-4fb3-8ef7-5d27f9dbed66/1/1-s9eHpKIhgeA0S40pK07QNmEg_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.34.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:26:1c:cb:48:a7:18:4e:16:be:ff:1a:bc:76:c9:49:ee:20:
         51:26:f2:5f:ed:74:ba:b2:60:b4:97:d2:0b:3d:cf:dc:ba:b6:
         22:79:ae:f0:e4:a1:bf:de:54:57:37:dd:e5:5b:b0:59:33:78:
         35:48:c6:82:1f:da:c7:67:6f:0f:60:35:3a:2f:a3:f2:6b:b6:
         bf:76:eb:d1:ae:b2:f8:9a:7d:02:17:a2:d5:c8:55:bc:52:4e:
         5a:f9:fa:ec:01:0d:48:46:cd:20:4d:c3:c0:f7:98:95:9c:0d:
         b9:5a:8f:02:6d:51:da:05:79:60:2d:ca:4a:3f:f1:d2:05:89:
         07:b5:80:c2:f1:1b:b6:cb:e7:c9:88:fd:a0:75:c8:13:21:4f:
         0e:77:1b:fd:63:1d:53:ae:a7:cb:64:1f:07:c9:28:36:9b:a0:
         2d:26:14:fb:ad:10:b9:56:a4:96:6f:df:53:17:d6:66:1d:c4:
         eb:b4:6c:a2:59:f7:74:9c:e3:4c:34:b1:61:51:56:fd:f8:20:
         07:42:92:df:8c:e9:71:ed:ca:c0:59:9c:a5:8a:dc:f2:e4:01:
         42:55:dd:3c:d8:6e:5f:ee:e4:7e:37:98:fe:43:83:87:ef:f7:
         da:88:7f:0a:d1:50:d9:cc:4d:c7:5e:ce:67:9c:a2:21:12:56:
         f7:1a:e7:01
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzDtyFEMomR5Lpum6daLSF8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhY2Y1ZTFlOTI4ODg2MDc4MGQxMmUzNGE0YWQzYjQwZDk4
NDgzZmMwHhcNMjQwMTAxMDYzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTM3ZmY3MDkzN2E2MjVlMjI3YTgwODY1Yzc1Mjk3NDg2OTk0OGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6rBuwCvUwli2H6ezxe1h57+64qS
GT6dfYw6BbjuzQw7bVyvL213JNPRbACWIszCOiCw5Dp1KM5N/JGWhjuWr5NY7Sgn
IVSQaZTgUQsA8wwlUavJTbDJiKKPkE3AsvfPfcf0nEzysh+G3nqVEM8otHEEfPSa
VFxLZUERVIPx9B9LtZim5n6/v2tkR0zd64s2/zfVelmdZIeCechg/w2CwR524yPl
SMHefK5zUvUuhJFNxoQamuD2rWj+7vQ3MM3vfgAhZJT7yXiSiMERLSo/0uMjL+pf
tTJUQgc+O7Etg5E3Xa37kRrnI7IonTS2H8A7hDqWtjJsGWOApWGFbHJ2oQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFo3/3CTemJeInqAhlx1KXSGmUjvMB8GA1UdIwQY
MBaAFPrPXh6SiIYHgNEuNKStO0DZhIP8MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1zOWVIcEtJaGdlQTBTNDBwSzA3UU5tRWdfdy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjcvMzljNjIyLTQ4NjctNGZiMy04ZWY3
LTVkMjdmOWRiZWQ2Ni8xL1dqZl9jSk42WWw0aWVvQ0dYSFVwZElhWlNPOC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjcvMzljNjIyLTQ4NjctNGZiMy04ZWY3LTVkMjdmOWRiZWQ2
Ni8xLzEtczllSHBLSWhnZUEwUzQwcEswN1FObUVnX3cuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADLItsw
DQYJKoZIhvcNAQELBQADggEBABEmHMtIpxhOFr7/Grx2yUnuIFEm8l/tdLqyYLSX
0gs9z9y6tiJ5rvDkob/eVFc33eVbsFkzeDVIxoIf2sdnbw9gNTovo/Jrtr9269Gu
sviafQIXotXIVbxSTlr5+uwBDUhGzSBNw8D3mJWcDblajwJtUdoFeWAtyko/8dIF
iQe1gMLxG7bL58mI/aB1yBMhTw53G/1jHVOup8tkHwfJKDaboC0mFPutELlWpJZv
31MX1mYdxOu0bKJZ93Sc40w0sWFRVv34IAdCkt+M6XHtysBZnKWK3PLkAUJV3TzY
bl/u5H43mP5Dg4fv99qIfwrRUNnMTcdezmecoiESVvca5wE=
-----END CERTIFICATE-----