Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/wldA1jRG3ppj3toGi1j6yBhFjZw.roa
File:                     wldA1jRG3ppj3toGi1j6yBhFjZw.roa (raw, json)
Hash identifier:          6y1icrufF0Y2TL3Skx0x2Mmpr6Plt0eSPURMtDXux0s=
Subject key identifier:   C2:57:40:D6:34:46:DE:9A:63:DE:DA:06:8B:58:FA:C8:18:45:8D:9C
Certificate issuer:       /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial:       018CCA29D7ADFD3F81170031A6D7C9D26EF8
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/wldA1jRG3ppj3toGi1j6yBhFjZw.roa
Signing time:             Tue 02 Jan 2024 12:33:08 +0000
ROA not before:           Tue 02 Jan 2024 12:33:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216127
IP address blocks:        185.78.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:d7:ad:fd:3f:81:17:00:31:a6:d7:c9:d2:6e:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
        Validity
            Not Before: Jan  2 12:33:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c25740d63446de9a63deda068b58fac818458d9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ef:85:b3:6e:91:bc:91:bb:f2:2b:7d:b2:c8:
                    be:9a:d2:da:d9:25:06:90:ac:23:c5:05:38:48:e8:
                    02:5f:f7:eb:6c:ab:98:5a:68:8a:67:72:38:67:5a:
                    a7:d8:a3:2b:2e:57:c2:9c:e6:3f:a9:f3:98:83:87:
                    c3:0f:30:1a:cb:a8:36:c0:07:4e:aa:11:b0:26:f2:
                    96:26:88:7c:d5:d1:ae:1d:03:50:bb:2a:51:c8:66:
                    10:40:d2:68:de:0d:6a:d8:8e:ae:b8:6e:e0:89:a2:
                    fa:a8:60:b8:6e:e8:16:93:a6:1e:83:b9:60:81:92:
                    90:46:e7:f4:cc:07:be:ff:c6:93:79:8b:b0:98:13:
                    65:c7:49:6c:c3:4b:04:88:ec:b3:a5:a2:0a:b2:4c:
                    a3:2b:ab:1a:25:c9:87:d6:d3:4e:ab:f1:5f:63:ab:
                    71:46:36:5f:6d:f9:30:72:be:b8:ad:da:3c:a1:3d:
                    ee:7d:8e:31:9b:97:57:b8:69:36:cd:80:5e:19:4b:
                    fd:a0:fe:1b:b5:53:67:ee:f7:ca:93:e0:3a:d4:f5:
                    e2:ca:83:13:27:51:6b:59:cc:60:fb:a9:9b:3b:ad:
                    96:4b:c1:0a:81:c6:84:68:9d:0b:39:f0:8d:87:b3:
                    64:94:54:cd:58:3c:10:b9:fe:41:d7:1c:d4:b1:d3:
                    ce:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:57:40:D6:34:46:DE:9A:63:DE:DA:06:8B:58:FA:C8:18:45:8D:9C
            X509v3 Authority Key Identifier:
                keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/wldA1jRG3ppj3toGi1j6yBhFjZw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.78.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:f8:0a:7c:d1:0e:33:1f:22:15:ad:6a:5a:5e:09:1a:27:cc:
         d2:97:d1:10:71:ec:d6:1f:8b:3a:7c:e5:61:18:6b:90:35:16:
         c3:e6:a6:50:40:5d:b2:45:27:63:4a:78:ca:6a:f7:72:d4:a0:
         e9:32:fb:21:88:70:a6:d3:ac:12:b6:c2:4a:02:e3:b4:58:e8:
         cd:5b:31:d0:3a:af:bb:4f:06:ed:90:13:c6:ca:3c:88:c0:62:
         60:46:d6:57:be:e2:5a:e0:f0:b9:5c:93:3d:e4:d4:93:bf:f3:
         ba:c3:02:c1:b2:74:de:67:8c:0e:6d:9f:41:ef:4a:50:a8:db:
         3f:d8:40:5e:8e:97:b5:ba:6d:a2:66:2c:a3:e6:0f:ab:ce:7a:
         e6:45:b9:be:f9:5f:45:0b:e8:ba:2a:90:6f:fb:93:9e:41:5f:
         cd:57:a1:8d:72:8d:70:bc:99:1e:d6:07:4c:3f:f7:d6:73:0f:
         f8:f3:b9:92:63:06:38:e3:67:df:83:8f:c9:6e:e8:ed:2c:07:
         94:15:9c:91:d7:fa:6c:ab:ac:bc:88:cb:51:f9:fd:6e:bb:96:
         86:12:a2:03:c1:e7:a5:e7:02:d9:63:54:57:83:44:80:8c:20:
         72:d0:7c:5f:c5:0c:35:24:06:90:b6:7c:18:3f:94:b7:7d:85:
         55:93:81:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKdet/T+BFwAxptfJ0m74MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWUxNWMzM2RlMzU4OTM4ZDY5MDBhMWIzYzE0NDgwYTM4
OWU4NWIwHhcNMjQwMTAyMTIzMzA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjU3NDBkNjM0NDZkZTlhNjNkZWRhMDY4YjU4ZmFjODE4NDU4ZDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuO+Fs26RvJG78it9ssi+mtLa2SUG
kKwjxQU4SOgCX/frbKuYWmiKZ3I4Z1qn2KMrLlfCnOY/qfOYg4fDDzAay6g2wAdO
qhGwJvKWJoh81dGuHQNQuypRyGYQQNJo3g1q2I6uuG7giaL6qGC4bugWk6Yeg7lg
gZKQRuf0zAe+/8aTeYuwmBNlx0lsw0sEiOyzpaIKskyjK6saJcmH1tNOq/FfY6tx
RjZfbfkwcr64rdo8oT3ufY4xm5dXuGk2zYBeGUv9oP4btVNn7vfKk+A61PXiyoMT
J1FrWcxg+6mbO62WS8EKgcaEaJ0LOfCNh7NklFTNWDwQuf5B1xzUsdPOyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMJXQNY0Rt6aY97aBotY+sgYRY2cMB8GA1UdIwQY
MBaAFJruFcM941iTjWkAobPBRICjiehbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjIt
NmVlNTM0ZDkyZTUyLzEvd2xkQTFqUkczcHBqM3RvR2kxajZ5QmhGalp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjItNmVlNTM0ZDkyZTUy
LzEvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuU5MMA0G
CSqGSIb3DQEBCwUAA4IBAQAZ+Ap80Q4zHyIVrWpaXgkaJ8zSl9EQcezWH4s6fOVh
GGuQNRbD5qZQQF2yRSdjSnjKavdy1KDpMvshiHCm06wStsJKAuO0WOjNWzHQOq+7
TwbtkBPGyjyIwGJgRtZXvuJa4PC5XJM95NSTv/O6wwLBsnTeZ4wObZ9B70pQqNs/
2EBejpe1um2iZiyj5g+rznrmRbm++V9FC+i6KpBv+5OeQV/NV6GNco1wvJke1gdM
P/fWcw/487mSYwY442ffg4/JbujtLAeUFZyR1/psq6y8iMtR+f1uu5aGEqIDweel
5wLZY1RXg0SAjCBy0HxfxQw1JAaQtnwYP5S3fYVVk4FZ
-----END CERTIFICATE-----