Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/WyrMHvgkjxHcG_3KlZNl_Bk34UQ.roa
File:                     WyrMHvgkjxHcG_3KlZNl_Bk34UQ.roa (raw, json)
Hash identifier:          09tPIh7aGXOiVMaoKSV9vNsqeEHfJyHN6jaLZ7jxKIk=
Subject key identifier:   5B:2A:CC:1E:F8:24:8F:11:DC:1B:FD:CA:95:93:65:FC:19:37:E1:44
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC79547F606A6E7BAEAB4A7C90FB2C53F
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/WyrMHvgkjxHcG_3KlZNl_Bk34UQ.roa
Signing time:             Tue 02 Jan 2024 00:31:38 +0000
ROA not before:           Tue 02 Jan 2024 00:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35775
IP address blocks:        94.176.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:47:f6:06:a6:e7:ba:ea:b4:a7:c9:0f:b2:c5:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b2acc1ef8248f11dc1bfdca959365fc1937e144
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:0a:dc:ce:a9:d4:ba:85:dc:ac:56:e5:55:65:
                    3e:55:e4:8b:9d:13:0c:39:28:b1:42:ca:02:44:dd:
                    01:e5:2d:5d:b5:28:f0:80:8f:bf:de:f0:28:9c:bc:
                    ea:ef:9c:f3:a9:6b:97:b1:73:05:1e:13:f6:bf:19:
                    4d:9b:49:98:f8:47:be:db:13:45:26:c3:4b:70:e2:
                    2c:ec:73:f6:ce:c6:d2:71:1d:32:57:35:ba:4c:df:
                    21:4a:86:1a:d1:a0:fa:30:89:41:19:16:98:cd:65:
                    47:de:ae:6a:d3:36:62:b8:94:f8:7e:74:5f:1c:66:
                    02:9e:34:87:7a:8a:54:da:57:e4:9e:d5:e7:75:42:
                    b6:f0:fa:11:e4:51:19:dd:a7:be:81:2e:7e:d2:a4:
                    7a:fb:27:94:99:be:0e:5e:0c:36:4c:e8:cc:1a:21:
                    52:cf:c3:d1:ed:9f:ef:74:e8:c3:60:a1:6c:10:c5:
                    9c:b5:48:75:42:d2:5e:85:e1:29:19:1e:0c:cf:c2:
                    3c:04:6b:33:73:c7:c3:a9:12:29:db:e6:01:d4:7a:
                    85:7c:35:8e:38:de:00:97:1a:58:24:f6:10:b6:e5:
                    06:ab:77:50:ef:7f:bc:a1:4d:d6:a8:30:1f:45:9e:
                    8d:36:90:1f:7e:64:83:0f:11:16:d3:b9:b8:a1:7e:
                    29:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:2A:CC:1E:F8:24:8F:11:DC:1B:FD:CA:95:93:65:FC:19:37:E1:44
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/WyrMHvgkjxHcG_3KlZNl_Bk34UQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.176.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:82:a8:6a:ae:01:b4:31:b9:97:a3:99:e9:8f:96:82:b9:8d:
         4e:d6:70:04:fc:fc:1b:35:18:42:93:25:71:86:02:80:8a:36:
         05:dc:24:47:32:17:89:e9:29:91:55:73:e6:4e:e3:47:ca:d9:
         cd:e1:eb:1a:ff:99:26:a5:a7:49:df:df:5c:14:fd:c7:8f:f8:
         b0:0f:9d:34:b6:45:e9:ee:88:96:5c:66:c7:00:0e:5a:75:2f:
         4d:b2:76:21:4d:fc:cd:8d:df:a4:4e:d5:5f:3c:19:af:25:fd:
         df:ea:04:67:9f:7a:d1:2e:28:86:71:b2:4b:8e:68:f5:6a:b5:
         f0:0c:2d:b8:27:2d:f2:96:7a:ec:7f:51:81:4f:ce:86:7c:c8:
         63:5c:ac:69:88:f2:c0:b8:4a:87:e0:99:d7:18:4f:ff:22:51:
         9e:20:d8:b9:f6:a3:02:f7:bd:86:bb:26:ef:90:c7:16:e3:6a:
         3c:b8:b2:96:85:32:75:ba:64:8c:85:fe:78:35:e1:c9:00:a4:
         c2:6a:a4:b1:bb:47:77:4b:82:be:4d:cd:9a:1c:9b:7f:42:4c:
         ec:05:a9:a8:47:69:47:04:54:14:0f:bb:70:8d:48:f1:dc:f6:
         5a:a6:f8:f3:15:08:f0:aa:11:9e:1a:91:93:5d:d3:8d:c6:ed:
         88:e4:8a:96
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlUf2Bqbnuuq0p8kPssU/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjJhY2MxZWY4MjQ4ZjExZGMxYmZkY2E5NTkzNjVmYzE5MzdlMTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArgrczqnUuoXcrFblVWU+VeSLnRMM
OSixQsoCRN0B5S1dtSjwgI+/3vAonLzq75zzqWuXsXMFHhP2vxlNm0mY+Ee+2xNF
JsNLcOIs7HP2zsbScR0yVzW6TN8hSoYa0aD6MIlBGRaYzWVH3q5q0zZiuJT4fnRf
HGYCnjSHeopU2lfkntXndUK28PoR5FEZ3ae+gS5+0qR6+yeUmb4OXgw2TOjMGiFS
z8PR7Z/vdOjDYKFsEMWctUh1QtJeheEpGR4Mz8I8BGszc8fDqRIp2+YB1HqFfDWO
ON4AlxpYJPYQtuUGq3dQ73+8oU3WqDAfRZ6NNpAffmSDDxEW07m4oX4p7QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFsqzB74JI8R3Bv9ypWTZfwZN+FEMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL1d5ck1IdmdranhIY0dfM0tsWk5sX0JrMzRVUS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABesIYw
DQYJKoZIhvcNAQELBQADggEBAASCqGquAbQxuZejmemPloK5jU7WcAT8/Bs1GEKT
JXGGAoCKNgXcJEcyF4npKZFVc+ZO40fK2c3h6xr/mSalp0nf31wU/ceP+LAPnTS2
RenuiJZcZscADlp1L02ydiFN/M2N36RO1V88Ga8l/d/qBGefetEuKIZxskuOaPVq
tfAMLbgnLfKWeux/UYFPzoZ8yGNcrGmI8sC4SofgmdcYT/8iUZ4g2Ln2owL3vYa7
Ju+Qxxbjajy4spaFMnW6ZIyF/ng14ckApMJqpLG7R3dLgr5NzZocm39CTOwFqahH
aUcEVBQPu3CNSPHc9lqm+PMVCPCqEZ4akZNd043G7YjkipY=
-----END CERTIFICATE-----