Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/376853-2abf-4232-91ff-09a5e8d960dd/1/wKUiMDy1TPxX1OLiMUbH1VyCqPs.roa
File:                     wKUiMDy1TPxX1OLiMUbH1VyCqPs.roa (raw, json)
Hash identifier:          LqWb7VNkxkdC2K6l2hNRB1f3OO7pjwVuJSjlPUuf7tY=
Subject key identifier:   C0:A5:22:30:3C:B5:4C:FC:57:D4:E2:E2:31:46:C7:D5:5C:82:A8:FB
Certificate issuer:       /CN=ebdb225471f2d6e41060b34185725485481014b8
Certificate serial:       018CC9BCFAB7EC3A412F475D09982781C547
Authority key identifier: EB:DB:22:54:71:F2:D6:E4:10:60:B3:41:85:72:54:85:48:10:14:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/69siVHHy1uQQYLNBhXJUhUgQFLg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/376853-2abf-4232-91ff-09a5e8d960dd/1/wKUiMDy1TPxX1OLiMUbH1VyCqPs.roa
Signing time:             Tue 02 Jan 2024 10:34:14 +0000
ROA not before:           Tue 02 Jan 2024 10:34:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208045
IP address blocks:        151.249.126.0/24 maxlen: 24
                          2a01:5b40:ac3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/376853-2abf-4232-91ff-09a5e8d960dd/1/69siVHHy1uQQYLNBhXJUhUgQFLg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/376853-2abf-4232-91ff-09a5e8d960dd/1/69siVHHy1uQQYLNBhXJUhUgQFLg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/69siVHHy1uQQYLNBhXJUhUgQFLg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 13:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:fa:b7:ec:3a:41:2f:47:5d:09:98:27:81:c5:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebdb225471f2d6e41060b34185725485481014b8
        Validity
            Not Before: Jan  2 10:34:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c0a522303cb54cfc57d4e2e23146c7d55c82a8fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:e1:58:e0:6e:33:9f:2a:f9:b9:e1:69:2b:28:
                    3a:67:6f:7c:22:19:85:b6:2c:85:7a:76:cb:79:38:
                    6d:51:d2:13:0f:8e:83:1a:10:9b:7a:70:d5:c9:90:
                    02:8a:f1:5e:cb:0f:fa:19:19:2b:27:99:8a:29:11:
                    14:f0:81:b3:39:e2:47:26:00:4c:ab:4a:0e:3d:db:
                    dc:ce:13:d8:aa:2a:07:53:96:8d:98:77:00:46:6d:
                    aa:eb:96:a1:d7:45:4c:a7:25:ac:62:25:bd:f9:ba:
                    30:61:dd:30:5f:57:9b:90:7f:a3:56:5d:2d:68:b7:
                    da:42:23:8e:b0:84:5d:4f:c9:b9:75:2e:ec:3d:00:
                    f4:d2:85:b2:a0:be:a6:b9:4b:92:e5:d2:5c:3a:b6:
                    93:9c:99:42:80:fe:53:45:dd:3c:49:b0:ef:33:fa:
                    71:7c:c3:a1:29:70:62:6a:fc:da:05:b5:f1:df:c4:
                    18:9a:00:58:0c:83:7d:b1:97:07:6f:ef:cd:cc:33:
                    72:d0:fa:e7:3f:3f:8e:1e:89:96:44:9b:cf:93:a8:
                    d0:47:6e:9a:f5:44:d9:8a:24:67:b1:df:97:39:a8:
                    3f:c6:2b:3e:9a:26:96:54:36:ad:82:43:8f:72:e7:
                    95:d5:2d:af:23:93:c9:35:43:d3:f8:89:4d:80:db:
                    6e:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:A5:22:30:3C:B5:4C:FC:57:D4:E2:E2:31:46:C7:D5:5C:82:A8:FB
            X509v3 Authority Key Identifier:
                keyid:EB:DB:22:54:71:F2:D6:E4:10:60:B3:41:85:72:54:85:48:10:14:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/69siVHHy1uQQYLNBhXJUhUgQFLg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/376853-2abf-4232-91ff-09a5e8d960dd/1/wKUiMDy1TPxX1OLiMUbH1VyCqPs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/376853-2abf-4232-91ff-09a5e8d960dd/1/69siVHHy1uQQYLNBhXJUhUgQFLg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.249.126.0/24
                IPv6:
                  2a01:5b40:ac3::/48

    Signature Algorithm: sha256WithRSAEncryption
         2f:72:00:1d:86:7d:4c:77:30:7c:7b:3e:55:69:c3:47:15:22:
         c3:ce:6d:ff:08:9e:96:81:02:98:5a:d9:b3:7d:d8:2e:d7:47:
         d4:e2:1f:29:e3:c6:18:49:c7:b3:ac:db:60:10:60:d6:b0:73:
         37:7b:72:7d:77:78:64:6a:f6:7e:99:d9:ab:1d:5c:35:1e:78:
         cd:42:a2:ce:de:ab:19:fa:2b:30:4d:88:02:d6:48:f2:f2:3e:
         2c:31:e8:22:e4:44:ed:68:20:af:af:42:6d:40:f0:02:7c:98:
         7d:67:ad:02:cb:fc:cc:04:98:3c:45:87:00:c1:e6:02:c3:f0:
         e5:49:08:10:23:51:0c:c0:86:64:42:3e:ab:8e:dc:3b:c7:53:
         27:54:70:f2:a8:8b:5b:dd:33:8d:b2:8f:c0:e6:09:fc:7b:a1:
         2a:d1:bd:9c:8f:5c:8b:6f:0c:8a:ed:5a:fd:9c:c7:89:20:85:
         df:29:94:48:72:82:2f:9c:d4:9f:5c:b7:ee:3b:7a:d8:2c:ae:
         bb:e3:25:6e:b1:57:f6:9e:69:dd:70:97:47:40:2f:ae:b5:34:
         34:5f:19:ae:12:2f:5c:c1:01:24:7b:82:43:91:1f:48:24:e7:
         05:f0:e7:db:08:87:d5:22:52:1a:53:b8:78:c7:ff:66:15:c8:
         97:d4:01:46
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJvPq37DpBL0ddCZgngcVHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZGIyMjU0NzFmMmQ2ZTQxMDYwYjM0MTg1NzI1NDg1NDgx
MDE0YjgwHhcNMjQwMTAyMTAzNDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGE1MjIzMDNjYjU0Y2ZjNTdkNGUyZTIzMTQ2YzdkNTVjODJhOGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOFY4G4znyr5ueFpKyg6Z298IhmF
tiyFenbLeThtUdITD46DGhCbenDVyZACivFeyw/6GRkrJ5mKKREU8IGzOeJHJgBM
q0oOPdvczhPYqioHU5aNmHcARm2q65ah10VMpyWsYiW9+bowYd0wX1ebkH+jVl0t
aLfaQiOOsIRdT8m5dS7sPQD00oWyoL6muUuS5dJcOraTnJlCgP5TRd08SbDvM/px
fMOhKXBiavzaBbXx38QYmgBYDIN9sZcHb+/NzDNy0PrnPz+OHomWRJvPk6jQR26a
9UTZiiRnsd+XOag/xis+miaWVDatgkOPcueV1S2vI5PJNUPT+IlNgNtuXwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMClIjA8tUz8V9Ti4jFGx9Vcgqj7MB8GA1UdIwQY
MBaAFOvbIlRx8tbkEGCzQYVyVIVIEBS4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjlzaVZISHkxdVFRWUxOQmhYSlVoVWdRRkxnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8zNzY4NTMtMmFiZi00MjMyLTkxZmYt
MDlhNWU4ZDk2MGRkLzEvd0tVaU1EeTFUUHhYMU9MaU1VYkgxVnlDcVBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8zNzY4NTMtMmFiZi00MjMyLTkxZmYtMDlhNWU4ZDk2MGRk
LzEvNjlzaVZISHkxdVFRWUxOQmhYSlVoVWdRRkxnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAl/l+MA8E
AgACMAkDBwAqAVtACsMwDQYJKoZIhvcNAQELBQADggEBAC9yAB2GfUx3MHx7PlVp
w0cVIsPObf8InpaBApha2bN92C7XR9TiHynjxhhJx7Os22AQYNawczd7cn13eGRq
9n6Z2asdXDUeeM1Cos7eqxn6KzBNiALWSPLyPiwx6CLkRO1oIK+vQm1A8AJ8mH1n
rQLL/MwEmDxFhwDB5gLD8OVJCBAjUQzAhmRCPquO3DvHUydUcPKoi1vdM42yj8Dm
Cfx7oSrRvZyPXItvDIrtWv2cx4kghd8plEhygi+c1J9ct+47etgsrrvjJW6xV/ae
ad1wl0dAL661NDRfGa4SL1zBASR7gkORH0gk5wXw59sIh9UiUhpTuHjH/2YVyJfU
AUY=
-----END CERTIFICATE-----