Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/680324-ee1f-40f2-88df-196931962d3c/1/WxlDWzOy4Fv4iKcjVJUKNbFCXDU.roa
File:                     WxlDWzOy4Fv4iKcjVJUKNbFCXDU.roa (raw, json)
Hash identifier:          3536b2nemRCGC9lKmJOL46IS+goTdyKnxVd8h8e27ic=
Subject key identifier:   5B:19:43:5B:33:B2:E0:5B:F8:88:A7:23:54:95:0A:35:B1:42:5C:35
Certificate issuer:       /CN=7f7734dfea120657412ea867ddbc7b84d132bf78
Certificate serial:       018CC5DC2EEB77B2973241B041F40B55417E
Authority key identifier: 7F:77:34:DF:EA:12:06:57:41:2E:A8:67:DD:BC:7B:84:D1:32:BF:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f3c03-oSBldBLqhn3bx7hNEyv3g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/680324-ee1f-40f2-88df-196931962d3c/1/WxlDWzOy4Fv4iKcjVJUKNbFCXDU.roa
Signing time:             Mon 01 Jan 2024 16:29:50 +0000
ROA not before:           Mon 01 Jan 2024 16:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     136744
IP address blocks:        212.23.208.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/680324-ee1f-40f2-88df-196931962d3c/1/f3c03-oSBldBLqhn3bx7hNEyv3g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/680324-ee1f-40f2-88df-196931962d3c/1/f3c03-oSBldBLqhn3bx7hNEyv3g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f3c03-oSBldBLqhn3bx7hNEyv3g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 13:01:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:2e:eb:77:b2:97:32:41:b0:41:f4:0b:55:41:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f7734dfea120657412ea867ddbc7b84d132bf78
        Validity
            Not Before: Jan  1 16:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b19435b33b2e05bf888a72354950a35b1425c35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:51:4f:09:60:ba:f1:e9:dc:66:00:38:30:ad:
                    1f:f5:c6:82:dd:83:9d:80:ad:56:9c:3a:82:18:46:
                    35:f1:c2:db:d7:d5:be:52:b8:88:4c:42:ac:31:b2:
                    26:74:51:43:79:a4:18:a4:b7:f8:da:9f:4d:d9:e3:
                    2c:14:5a:50:af:b0:c5:20:a6:37:9c:97:4b:86:1d:
                    cc:b5:78:af:a6:e3:37:c9:55:a1:ab:f8:82:95:13:
                    32:f7:f2:ad:7d:7a:8c:ca:2b:7f:48:6c:1d:25:c2:
                    85:b7:6f:1e:f5:71:61:fb:ed:14:92:ee:a3:f2:4a:
                    03:c9:85:bb:6d:16:7c:00:d9:4b:0b:39:46:3f:ee:
                    ec:31:a7:37:60:4b:38:ce:1d:af:12:72:e6:d1:e1:
                    61:29:ca:70:89:54:3d:35:c7:d0:bc:5b:26:53:c4:
                    1d:5e:1b:43:c8:a9:44:86:7a:51:d4:17:46:8a:27:
                    e3:33:76:42:da:f4:cb:e7:90:87:d0:fc:43:64:72:
                    21:d0:56:87:ca:68:d7:a8:26:5c:7d:10:74:70:8b:
                    66:68:2f:51:31:09:d1:d6:16:80:b2:a0:ec:33:42:
                    d0:8f:c5:3e:57:82:fd:40:4b:5c:b6:f6:e9:56:ab:
                    fd:64:30:ca:d4:1f:dd:67:84:e7:41:41:7a:43:be:
                    03:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:19:43:5B:33:B2:E0:5B:F8:88:A7:23:54:95:0A:35:B1:42:5C:35
            X509v3 Authority Key Identifier:
                keyid:7F:77:34:DF:EA:12:06:57:41:2E:A8:67:DD:BC:7B:84:D1:32:BF:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3c03-oSBldBLqhn3bx7hNEyv3g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/680324-ee1f-40f2-88df-196931962d3c/1/WxlDWzOy4Fv4iKcjVJUKNbFCXDU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/680324-ee1f-40f2-88df-196931962d3c/1/f3c03-oSBldBLqhn3bx7hNEyv3g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.23.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:2b:b4:17:c0:8c:8d:47:de:d5:09:41:97:50:3b:89:40:81:
         c9:e5:6a:0b:32:8f:5c:f9:d7:cd:16:98:1b:58:60:01:05:50:
         92:98:ce:c8:a7:45:d1:5f:10:24:b1:76:cb:56:24:12:2b:aa:
         65:3c:01:07:6b:a4:cf:b7:fd:31:58:3a:d7:8b:ce:5e:d8:3c:
         4e:2f:56:9d:ed:f7:1e:c6:9d:94:ab:0f:aa:16:62:28:0d:e1:
         5b:aa:07:0b:ff:f0:a1:d1:8d:10:da:96:e2:ca:1d:2e:b0:70:
         c6:9d:d4:99:86:5d:20:7c:dd:cc:38:07:5e:a9:5f:e3:8e:2f:
         c3:33:d6:ad:e3:0c:4e:db:99:40:4b:9c:26:3d:82:eb:b3:0f:
         f3:59:0f:df:65:23:6c:14:04:5a:11:8d:85:b4:2b:d8:fe:42:
         97:07:aa:a2:17:25:90:32:92:1b:2e:37:b3:59:6f:63:e3:8b:
         b0:72:ec:7e:22:fd:2e:e9:b2:53:b2:84:aa:eb:27:f1:4a:56:
         4b:2e:83:fc:0b:57:a2:65:9d:0e:67:a3:76:88:20:16:75:68:
         c2:d6:de:a8:2a:7a:10:ea:8f:cd:fb:fa:9a:d0:75:46:6f:91:
         17:b8:b7:11:c5:6f:d6:9c:02:4d:96:d2:09:29:a4:84:18:12:
         25:51:d4:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3C7rd7KXMkGwQfQLVUF+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmNzczNGRmZWExMjA2NTc0MTJlYTg2N2RkYmM3Yjg0ZDEz
MmJmNzgwHhcNMjQwMTAxMTYyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjE5NDM1YjMzYjJlMDViZjg4OGE3MjM1NDk1MGEzNWIxNDI1YzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFFPCWC68encZgA4MK0f9caC3YOd
gK1WnDqCGEY18cLb19W+UriITEKsMbImdFFDeaQYpLf42p9N2eMsFFpQr7DFIKY3
nJdLhh3MtXivpuM3yVWhq/iClRMy9/KtfXqMyit/SGwdJcKFt28e9XFh++0Uku6j
8koDyYW7bRZ8ANlLCzlGP+7sMac3YEs4zh2vEnLm0eFhKcpwiVQ9NcfQvFsmU8Qd
XhtDyKlEhnpR1BdGiifjM3ZC2vTL55CH0PxDZHIh0FaHymjXqCZcfRB0cItmaC9R
MQnR1haAsqDsM0LQj8U+V4L9QEtctvbpVqv9ZDDK1B/dZ4TnQUF6Q74DIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFsZQ1szsuBb+IinI1SVCjWxQlw1MB8GA1UdIwQY
MBaAFH93NN/qEgZXQS6oZ928e4TRMr94MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjNjMDMtb1NCbGRCTHFobjNieDdoTkV5djNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS82ODAzMjQtZWUxZi00MGYyLTg4ZGYt
MTk2OTMxOTYyZDNjLzEvV3hsRFd6T3k0RnY0aUtjalZKVUtOYkZDWERVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS82ODAzMjQtZWUxZi00MGYyLTg4ZGYtMTk2OTMxOTYyZDNj
LzEvZjNjMDMtb1NCbGRCTHFobjNieDdoTkV5djNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BfQMA0G
CSqGSIb3DQEBCwUAA4IBAQBsK7QXwIyNR97VCUGXUDuJQIHJ5WoLMo9c+dfNFpgb
WGABBVCSmM7Ip0XRXxAksXbLViQSK6plPAEHa6TPt/0xWDrXi85e2DxOL1ad7fce
xp2Uqw+qFmIoDeFbqgcL//Ch0Y0Q2pbiyh0usHDGndSZhl0gfN3MOAdeqV/jji/D
M9at4wxO25lAS5wmPYLrsw/zWQ/fZSNsFARaEY2FtCvY/kKXB6qiFyWQMpIbLjez
WW9j44uwcux+Iv0u6bJTsoSq6yfxSlZLLoP8C1eiZZ0OZ6N2iCAWdWjC1t6oKnoQ
6o/N+/qa0HVGb5EXuLcRxW/WnAJNltIJKaSEGBIlUdR1
-----END CERTIFICATE-----