Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/e61caa-2500-4388-a9fa-7324913975d5/1/wQECGvodQhd6AtLnEnXLIcU8uik.roa
File:                     wQECGvodQhd6AtLnEnXLIcU8uik.roa (raw, json)
Hash identifier:          9RyRUbOLM3P3L65TEmYvs7PJYRkQXDrQ+QWPPA4P1gg=
Subject key identifier:   C1:01:02:1A:FA:1D:42:17:7A:02:D2:E7:12:75:CB:21:C5:3C:BA:29
Certificate issuer:       /CN=3ee6cecffd9b8bba18d474e7b3993e0a1d14dbb3
Certificate serial:       018F1A13F701FA91D284914350DEC7D0E90B
Authority key identifier: 3E:E6:CE:CF:FD:9B:8B:BA:18:D4:74:E7:B3:99:3E:0A:1D:14:DB:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PubOz_2bi7oY1HTns5k-Ch0U27M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/e61caa-2500-4388-a9fa-7324913975d5/1/wQECGvodQhd6AtLnEnXLIcU8uik.roa
Signing time:             Fri 26 Apr 2024 11:04:26 +0000
ROA not before:           Fri 26 Apr 2024 11:04:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8434
IP address blocks:        194.246.8.0/23 maxlen: 23
                          194.246.14.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/e61caa-2500-4388-a9fa-7324913975d5/1/PubOz_2bi7oY1HTns5k-Ch0U27M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/e61caa-2500-4388-a9fa-7324913975d5/1/PubOz_2bi7oY1HTns5k-Ch0U27M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PubOz_2bi7oY1HTns5k-Ch0U27M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:1a:13:f7:01:fa:91:d2:84:91:43:50:de:c7:d0:e9:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ee6cecffd9b8bba18d474e7b3993e0a1d14dbb3
        Validity
            Not Before: Apr 26 11:04:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c101021afa1d42177a02d2e71275cb21c53cba29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:0f:66:9b:3d:30:90:81:d5:11:3c:68:57:c2:
                    02:c3:e1:9d:8b:6e:b6:b2:c3:f8:2a:29:59:db:6e:
                    3b:08:7c:f6:ed:ac:73:67:f7:a9:8f:dc:42:8c:b8:
                    bb:f3:fe:54:eb:e1:17:39:17:20:33:be:19:f9:b4:
                    6a:dc:0b:b7:29:dd:20:78:3c:6b:fb:74:a3:f1:f9:
                    e4:af:36:c7:92:c1:c0:b8:cc:e4:bb:33:74:47:3e:
                    64:7c:8a:1a:78:86:85:ad:39:84:5f:26:b8:2f:ea:
                    4a:be:5d:84:9d:f4:84:9f:4b:d0:29:65:23:84:f4:
                    c8:57:ce:bd:e3:ae:d4:0d:de:08:9c:d5:5d:2b:64:
                    dc:f6:04:eb:32:26:91:87:ec:2b:68:f2:51:9c:9d:
                    2d:9f:36:73:74:39:bc:35:d7:c9:a3:57:7a:74:2a:
                    a0:98:8c:af:01:3e:b7:90:1b:43:46:d6:06:6c:f9:
                    cb:fd:b8:a2:bb:ec:aa:96:74:b8:00:20:41:1d:63:
                    56:3a:5b:47:d6:f2:8c:1e:c9:cf:e4:9d:c8:cd:17:
                    66:ff:c7:24:42:1f:a9:27:35:a4:8c:c6:35:29:99:
                    ff:ba:1f:b8:32:73:30:fd:bb:91:35:a3:a9:91:6d:
                    2f:7b:75:ba:20:25:c8:b9:ae:16:5f:c7:fd:7f:90:
                    8e:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:01:02:1A:FA:1D:42:17:7A:02:D2:E7:12:75:CB:21:C5:3C:BA:29
            X509v3 Authority Key Identifier:
                keyid:3E:E6:CE:CF:FD:9B:8B:BA:18:D4:74:E7:B3:99:3E:0A:1D:14:DB:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PubOz_2bi7oY1HTns5k-Ch0U27M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/e61caa-2500-4388-a9fa-7324913975d5/1/wQECGvodQhd6AtLnEnXLIcU8uik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/e61caa-2500-4388-a9fa-7324913975d5/1/PubOz_2bi7oY1HTns5k-Ch0U27M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.246.8.0/23
                  194.246.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         d7:a0:04:0a:37:d6:67:6c:ca:48:07:d8:d6:21:31:90:1d:11:
         fe:0b:35:03:47:1c:05:2c:e2:d5:b1:db:b4:8f:8d:78:c6:cf:
         95:4f:01:b5:65:0d:11:a5:c4:4d:ee:73:ca:2d:e9:b8:f5:f6:
         96:c7:09:e5:30:a1:7b:09:71:a8:f2:4c:e3:1f:90:2d:f7:07:
         2a:44:3f:67:40:58:52:aa:44:3a:d9:0a:3b:83:bc:0a:a1:5e:
         e8:42:96:7f:c3:0d:a2:80:c6:10:36:b1:de:cc:08:22:4e:26:
         59:90:ef:c7:f4:23:e5:d6:96:cd:52:a4:9d:db:2e:2e:29:ca:
         c1:3b:54:79:6f:a0:6b:95:a2:d2:c0:aa:18:da:2a:fa:01:a5:
         eb:93:4f:4f:37:6b:5c:ce:fa:c1:e0:0e:25:9d:1b:ec:82:8e:
         e2:23:40:1f:9a:e1:34:97:e2:3d:a4:7f:d4:b3:da:7e:e6:0f:
         cd:16:47:77:67:79:97:a9:cb:f6:74:1d:09:70:25:69:1b:bc:
         d0:13:83:23:96:c0:6c:82:6c:12:ee:61:03:d3:13:5f:ce:23:
         f8:c4:13:b8:61:41:19:0e:d7:7d:16:f0:79:0e:ce:6d:c2:1b:
         c8:e4:19:1a:74:d1:ab:db:8c:e3:56:49:cf:ca:8f:a5:bf:1d:
         1e:4c:d7:21
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY8aE/cB+pHShJFDUN7H0OkLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlZTZjZWNmZmQ5YjhiYmExOGQ0NzRlN2IzOTkzZTBhMWQx
NGRiYjMwHhcNMjQwNDI2MTEwNDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTAxMDIxYWZhMWQ0MjE3N2EwMmQyZTcxMjc1Y2IyMWM1M2NiYTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsw9mmz0wkIHVETxoV8ICw+Gdi262
ssP4KilZ2247CHz27axzZ/epj9xCjLi78/5U6+EXORcgM74Z+bRq3Au3Kd0geDxr
+3Sj8fnkrzbHksHAuMzkuzN0Rz5kfIoaeIaFrTmEXya4L+pKvl2EnfSEn0vQKWUj
hPTIV869467UDd4InNVdK2Tc9gTrMiaRh+wraPJRnJ0tnzZzdDm8NdfJo1d6dCqg
mIyvAT63kBtDRtYGbPnL/biiu+yqlnS4ACBBHWNWOltH1vKMHsnP5J3IzRdm/8ck
Qh+pJzWkjMY1KZn/uh+4MnMw/buRNaOpkW0ve3W6ICXIua4WX8f9f5COxwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMEBAhr6HUIXegLS5xJ1yyHFPLopMB8GA1UdIwQY
MBaAFD7mzs/9m4u6GNR057OZPgodFNuzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHViT3pfMmJpN29ZMUhUbnM1ay1DaDBVMjdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS9lNjFjYWEtMjUwMC00Mzg4LWE5ZmEt
NzMyNDkxMzk3NWQ1LzEvd1FFQ0d2b2RRaGQ2QXRMbkVuWExJY1U4dWlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS9lNjFjYWEtMjUwMC00Mzg4LWE5ZmEtNzMyNDkxMzk3NWQ1
LzEvUHViT3pfMmJpN29ZMUhUbnM1ay1DaDBVMjdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwvYIAwQB
wvYOMA0GCSqGSIb3DQEBCwUAA4IBAQDXoAQKN9ZnbMpIB9jWITGQHRH+CzUDRxwF
LOLVsdu0j414xs+VTwG1ZQ0RpcRN7nPKLem49faWxwnlMKF7CXGo8kzjH5At9wcq
RD9nQFhSqkQ62Qo7g7wKoV7oQpZ/ww2igMYQNrHezAgiTiZZkO/H9CPl1pbNUqSd
2y4uKcrBO1R5b6BrlaLSwKoY2ir6AaXrk09PN2tczvrB4A4lnRvsgo7iI0AfmuE0
l+I9pH/Us9p+5g/NFkd3Z3mXqcv2dB0JcCVpG7zQE4MjlsBsgmwS7mED0xNfziP4
xBO4YUEZDtd9FvB5Ds5twhvI5BkadNGr24zjVknPyo+lvx0eTNch
-----END CERTIFICATE-----