Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/7159eb-dd37-44ad-83e2-b26412aeb3ae/1/woll1LdC1s-faflfJIcHZ69z15M.roa
File:                     woll1LdC1s-faflfJIcHZ69z15M.roa (raw, json)
Hash identifier:          Ls0iYMlhF+C7UCzkrAcWWZ2SawCOSjkknxvNvLKuPq8=
Subject key identifier:   C2:89:65:D4:B7:42:D6:CF:9F:69:F9:5F:24:87:07:67:AF:73:D7:93
Certificate issuer:       /CN=33d2d885477d0280264e458eb071f45d91691520
Certificate serial:       018CC49330E7981964387BF46465055AE1E9
Authority key identifier: 33:D2:D8:85:47:7D:02:80:26:4E:45:8E:B0:71:F4:5D:91:69:15:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M9LYhUd9AoAmTkWOsHH0XZFpFSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/7159eb-dd37-44ad-83e2-b26412aeb3ae/1/woll1LdC1s-faflfJIcHZ69z15M.roa
Signing time:             Mon 01 Jan 2024 10:30:29 +0000
ROA not before:           Mon 01 Jan 2024 10:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9063
IP address blocks:        185.13.28.0/22 maxlen: 22
                          2a03:9b40::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/7159eb-dd37-44ad-83e2-b26412aeb3ae/1/M9LYhUd9AoAmTkWOsHH0XZFpFSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/7159eb-dd37-44ad-83e2-b26412aeb3ae/1/M9LYhUd9AoAmTkWOsHH0XZFpFSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M9LYhUd9AoAmTkWOsHH0XZFpFSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:30:e7:98:19:64:38:7b:f4:64:65:05:5a:e1:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33d2d885477d0280264e458eb071f45d91691520
        Validity
            Not Before: Jan  1 10:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c28965d4b742d6cf9f69f95f24870767af73d793
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ac:cd:d4:92:07:cd:fa:a0:a9:0c:cc:9e:33:
                    90:55:e4:dc:97:7f:b7:f3:f6:fc:65:b0:0e:f0:7c:
                    5e:71:06:3c:83:34:fd:af:ef:e8:47:34:40:67:b4:
                    a9:7d:96:96:89:57:b3:ca:e0:c6:bf:fb:14:52:d5:
                    f3:98:f5:a2:11:71:d7:32:be:4a:f4:18:2a:bd:32:
                    22:f1:9c:d1:62:37:ce:75:a1:d8:d6:97:71:d6:e1:
                    a6:d4:c1:36:d6:05:fc:70:46:9c:5e:82:dc:46:a6:
                    1a:9e:44:ce:ce:2c:b6:02:d5:d1:b5:f6:77:26:e8:
                    f6:f7:2d:7e:0b:fb:96:cd:85:e1:4e:bd:9c:8e:88:
                    10:45:00:ca:87:88:d8:65:58:e3:62:f5:ea:29:cd:
                    f4:c4:30:c2:87:0f:60:82:55:e8:f4:b1:2a:40:6a:
                    e3:87:f0:27:8f:46:47:d3:4b:a4:fb:29:9e:65:80:
                    44:6a:be:ce:67:2a:df:5b:2e:c2:66:4e:fa:42:6c:
                    97:6e:18:95:fc:98:87:66:d9:8e:ed:ab:d0:1a:ba:
                    20:16:0d:db:60:2e:6a:76:4a:57:15:15:25:e0:50:
                    f7:7d:9c:3d:81:ca:ce:b2:51:1f:a7:ae:47:45:52:
                    1c:30:89:68:e6:f9:17:f8:77:d5:2a:6d:23:be:d9:
                    bc:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:89:65:D4:B7:42:D6:CF:9F:69:F9:5F:24:87:07:67:AF:73:D7:93
            X509v3 Authority Key Identifier:
                keyid:33:D2:D8:85:47:7D:02:80:26:4E:45:8E:B0:71:F4:5D:91:69:15:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M9LYhUd9AoAmTkWOsHH0XZFpFSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/7159eb-dd37-44ad-83e2-b26412aeb3ae/1/woll1LdC1s-faflfJIcHZ69z15M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/7159eb-dd37-44ad-83e2-b26412aeb3ae/1/M9LYhUd9AoAmTkWOsHH0XZFpFSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.13.28.0/22
                IPv6:
                  2a03:9b40::/32

    Signature Algorithm: sha256WithRSAEncryption
         85:6f:fe:03:f8:01:a4:71:80:52:1f:b4:4f:50:2e:87:3b:2b:
         1b:e7:7b:b2:c2:41:fe:b4:58:73:a7:c4:db:f5:41:3a:71:05:
         87:8f:d8:0a:c4:74:66:b1:00:b5:5f:df:25:b6:34:93:56:ab:
         fe:80:fb:5c:14:9f:a2:44:b2:91:bd:46:36:03:31:99:32:d4:
         46:36:1f:a8:a3:54:b9:b5:70:4b:8a:b0:87:e9:ee:e3:ba:7b:
         91:df:d2:61:c1:3c:8f:2a:ea:a0:35:18:e2:3f:42:a8:89:f1:
         17:81:73:63:bc:b4:49:b5:6c:6c:42:64:44:19:b6:29:73:cc:
         62:cc:1e:6d:09:f6:a3:35:4a:fd:38:6a:23:22:ca:83:46:a5:
         8e:66:f9:05:0b:8c:de:02:58:33:31:07:11:68:87:b5:8f:fe:
         50:1f:08:e5:04:da:90:78:f9:f7:af:36:da:64:a2:24:26:23:
         87:b2:7c:cf:3b:55:76:aa:fa:94:92:c8:25:94:77:f7:98:13:
         83:a8:b4:64:e8:47:35:aa:22:09:ab:43:b1:4b:a8:a4:5c:21:
         28:41:d9:f7:c8:c7:65:20:57:07:19:d9:22:e6:25:2a:ec:26:
         4f:26:b9:93:50:69:9f:68:27:43:0d:1d:2f:06:42:c4:07:04:
         4d:c0:69:97
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEkzDnmBlkOHv0ZGUFWuHpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzZDJkODg1NDc3ZDAyODAyNjRlNDU4ZWIwNzFmNDVkOTE2
OTE1MjAwHhcNMjQwMTAxMTAzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjg5NjVkNGI3NDJkNmNmOWY2OWY5NWYyNDg3MDc2N2FmNzNkNzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt6zN1JIHzfqgqQzMnjOQVeTcl3+3
8/b8ZbAO8HxecQY8gzT9r+/oRzRAZ7SpfZaWiVezyuDGv/sUUtXzmPWiEXHXMr5K
9BgqvTIi8ZzRYjfOdaHY1pdx1uGm1ME21gX8cEacXoLcRqYankTOziy2AtXRtfZ3
Juj29y1+C/uWzYXhTr2cjogQRQDKh4jYZVjjYvXqKc30xDDChw9gglXo9LEqQGrj
h/Anj0ZH00uk+ymeZYBEar7OZyrfWy7CZk76QmyXbhiV/JiHZtmO7avQGrogFg3b
YC5qdkpXFRUl4FD3fZw9gcrOslEfp65HRVIcMIlo5vkX+HfVKm0jvtm8nwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMKJZdS3QtbPn2n5XySHB2evc9eTMB8GA1UdIwQY
MBaAFDPS2IVHfQKAJk5FjrBx9F2RaRUgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTlMWWhVZDlBb0FtVGtXT3NISDBYWkZwRlNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS83MTU5ZWItZGQzNy00NGFkLTgzZTIt
YjI2NDEyYWViM2FlLzEvd29sbDFMZEMxcy1mYWZsZkpJY0haNjl6MTVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS83MTU5ZWItZGQzNy00NGFkLTgzZTItYjI2NDEyYWViM2Fl
LzEvTTlMWWhVZDlBb0FtVGtXT3NISDBYWkZwRlNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuQ0cMA0E
AgACMAcDBQAqA5tAMA0GCSqGSIb3DQEBCwUAA4IBAQCFb/4D+AGkcYBSH7RPUC6H
Oysb53uywkH+tFhzp8Tb9UE6cQWHj9gKxHRmsQC1X98ltjSTVqv+gPtcFJ+iRLKR
vUY2AzGZMtRGNh+oo1S5tXBLirCH6e7junuR39JhwTyPKuqgNRjiP0KoifEXgXNj
vLRJtWxsQmREGbYpc8xizB5tCfajNUr9OGojIsqDRqWOZvkFC4zeAlgzMQcRaIe1
j/5QHwjlBNqQePn3rzbaZKIkJiOHsnzPO1V2qvqUksgllHf3mBODqLRk6Ec1qiIJ
q0OxS6ikXCEoQdn3yMdlIFcHGdki5iUq7CZPJrmTUGmfaCdDDR0vBkLEBwRNwGmX
-----END CERTIFICATE-----