Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/WtLifKkopuCKJMijfd68upNzLWk.roa
File:                     WtLifKkopuCKJMijfd68upNzLWk.roa (raw, json)
Hash identifier:          lnMBWOPofXmUokovUPZKLdiAjkUJOO1fAeQFAC0KM8M=
Subject key identifier:   5A:D2:E2:7C:A9:28:A6:E0:8A:24:C8:A3:7D:DE:BC:BA:93:73:2D:69
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC7955283606B9389D90C377A5C80201E
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/WtLifKkopuCKJMijfd68upNzLWk.roa
Signing time:             Tue 02 Jan 2024 00:31:41 +0000
ROA not before:           Tue 02 Jan 2024 00:31:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49948
IP address blocks:        86.104.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:52:83:60:6b:93:89:d9:0c:37:7a:5c:80:20:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ad2e27ca928a6e08a24c8a37ddebcba93732d69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b1:d1:b4:0f:37:f6:eb:5d:2a:5a:79:bf:9c:
                    f8:7e:96:1e:58:b8:05:ea:08:4b:01:54:9f:ce:de:
                    27:2b:5d:c8:9a:3f:6d:28:5a:56:9b:8f:8f:45:50:
                    6b:00:2c:a5:61:4e:4a:10:cf:96:4d:f2:08:d1:0c:
                    9e:55:46:63:d2:d5:85:b8:4b:74:09:7c:ca:c7:6e:
                    ce:04:0a:a5:0d:ad:a2:e9:22:a6:07:6f:87:bb:c0:
                    ab:3a:fc:09:ed:57:a4:ad:b7:0f:ac:56:0b:9d:f9:
                    2a:01:6f:75:b5:16:d4:b0:19:29:bb:2e:e4:2c:e7:
                    b6:75:8f:8d:77:64:a2:fc:a5:1b:d9:c9:15:62:c6:
                    24:5e:61:ea:f2:46:e0:cd:6c:12:92:6b:ef:fb:93:
                    c2:36:79:67:4a:92:77:6c:59:90:38:cf:1c:4b:84:
                    52:91:c7:2c:0b:f4:ca:53:a3:1e:97:a6:09:f7:78:
                    84:62:21:5c:b3:61:b8:44:3c:b5:09:6e:c9:b2:ba:
                    15:5a:8c:c7:e5:b0:2e:66:f5:55:c3:5f:85:f4:b1:
                    31:b1:6a:8e:b0:36:e6:36:28:38:bc:03:0c:0d:67:
                    a0:20:b4:97:dd:7b:d3:83:e0:cd:9e:f3:0f:7b:c8:
                    5f:8a:23:30:15:b0:37:b0:64:9d:85:96:43:e9:eb:
                    17:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:D2:E2:7C:A9:28:A6:E0:8A:24:C8:A3:7D:DE:BC:BA:93:73:2D:69
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/WtLifKkopuCKJMijfd68upNzLWk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.104.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:77:a5:4d:1a:12:05:ee:67:85:a7:b5:6b:08:17:aa:45:af:
         c1:c0:f7:76:c4:14:92:b6:54:ee:88:95:22:38:fe:5f:40:61:
         0e:14:07:83:dc:61:7a:bf:b1:0d:72:8e:4a:94:ad:11:5a:b6:
         db:fa:0d:16:69:9f:7a:1a:c9:f7:7a:66:7c:35:7a:6a:d1:ba:
         ee:3f:7f:0c:52:7a:93:d2:48:bf:d4:03:46:df:7b:63:72:8c:
         1b:96:f7:23:45:9c:bb:d1:52:82:b5:8f:30:e1:3d:26:50:7c:
         93:51:0a:98:4d:13:56:62:56:47:b7:ce:78:28:19:2b:65:8b:
         0f:e6:7a:03:8b:e0:85:fc:48:a0:48:20:dd:fe:aa:cd:1d:e7:
         e4:a0:44:10:85:57:90:55:70:5a:db:0f:62:02:24:75:7a:44:
         e7:88:8a:68:f8:74:2f:e6:86:e3:00:de:27:d0:29:1c:fa:af:
         f6:e4:ea:a4:03:0d:40:a2:e6:5a:f6:f8:3e:a4:27:7f:e6:53:
         3d:0e:c1:99:a0:a1:e1:1d:d8:e3:39:1c:fe:56:a6:eb:07:c2:
         98:b5:34:2d:30:a0:eb:7c:83:4a:ef:04:54:9f:63:38:c3:d0:
         c3:35:ee:51:f3:14:00:9d:41:25:17:64:81:94:b9:a2:dd:0e:
         05:ac:60:a6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlVKDYGuTidkMN3pcgCAeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWQyZTI3Y2E5MjhhNmUwOGEyNGM4YTM3ZGRlYmNiYTkzNzMyZDY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLHRtA839utdKlp5v5z4fpYeWLgF
6ghLAVSfzt4nK13Imj9tKFpWm4+PRVBrACylYU5KEM+WTfII0QyeVUZj0tWFuEt0
CXzKx27OBAqlDa2i6SKmB2+Hu8CrOvwJ7VekrbcPrFYLnfkqAW91tRbUsBkpuy7k
LOe2dY+Nd2Si/KUb2ckVYsYkXmHq8kbgzWwSkmvv+5PCNnlnSpJ3bFmQOM8cS4RS
kccsC/TKU6Mel6YJ93iEYiFcs2G4RDy1CW7JsroVWozH5bAuZvVVw1+F9LExsWqO
sDbmNig4vAMMDWegILSX3XvTg+DNnvMPe8hfiiMwFbA3sGSdhZZD6esXMQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFrS4nypKKbgiiTIo33evLqTcy1pMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL1d0TGlmS2tvcHVDS0pNaWpmZDY4dXBOekxXay5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABWaOYw
DQYJKoZIhvcNAQELBQADggEBAI93pU0aEgXuZ4WntWsIF6pFr8HA93bEFJK2VO6I
lSI4/l9AYQ4UB4PcYXq/sQ1yjkqUrRFattv6DRZpn3oayfd6Znw1emrRuu4/fwxS
epPSSL/UA0bfe2NyjBuW9yNFnLvRUoK1jzDhPSZQfJNRCphNE1ZiVke3zngoGStl
iw/megOL4IX8SKBIIN3+qs0d5+SgRBCFV5BVcFrbD2ICJHV6ROeIimj4dC/mhuMA
3ifQKRz6r/bk6qQDDUCi5lr2+D6kJ3/mUz0OwZmgoeEd2OM5HP5WpusHwpi1NC0w
oOt8g0rvBFSfYzjD0MM17lHzFACdQSUXZIGUuaLdDgWsYKY=
-----END CERTIFICATE-----