Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/wv-lmmXFp7VOmJY6ALdcHdYbRzQ.roa
File:                     wv-lmmXFp7VOmJY6ALdcHdYbRzQ.roa (raw, json)
Hash identifier:          i0kEaVpAsqL2i3UqJrHqN946cklrKqiAgnL1f2mTpag=
Subject key identifier:   C2:FF:A5:9A:65:C5:A7:B5:4E:98:96:3A:00:B7:5C:1D:D6:1B:47:34
Certificate issuer:       /CN=117f9d55826b42486dfc84d35c1a63a5ce87507c
Certificate serial:       0191A2EDDA88EA4E922E229BD904A50A29ED
Authority key identifier: 11:7F:9D:55:82:6B:42:48:6D:FC:84:D3:5C:1A:63:A5:CE:87:50:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EX-dVYJrQkht_ITTXBpjpc6HUHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/wv-lmmXFp7VOmJY6ALdcHdYbRzQ.roa
Signing time:             Fri 30 Aug 2024 10:56:22 +0000
ROA not before:           Fri 30 Aug 2024 10:56:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20853
IP address blocks:        178.236.246.0/24 maxlen: 24
                          178.236.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/EX-dVYJrQkht_ITTXBpjpc6HUHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/EX-dVYJrQkht_ITTXBpjpc6HUHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EX-dVYJrQkht_ITTXBpjpc6HUHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:a2:ed:da:88:ea:4e:92:2e:22:9b:d9:04:a5:0a:29:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=117f9d55826b42486dfc84d35c1a63a5ce87507c
        Validity
            Not Before: Aug 30 10:56:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2ffa59a65c5a7b54e98963a00b75c1dd61b4734
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:7b:20:e9:e6:94:04:9f:e1:86:a2:9c:99:97:
                    67:ca:af:40:db:7d:a0:6c:d6:15:d3:ba:3c:9f:0f:
                    fa:4e:ca:66:7f:a6:2d:53:2b:aa:bd:fc:47:5c:79:
                    8a:22:9a:79:45:32:ee:41:58:32:33:d7:35:f1:6a:
                    5e:d1:9d:8f:25:ee:62:fa:5d:24:08:11:b8:80:fc:
                    b7:38:9b:43:75:89:b0:f2:fa:87:8b:b5:3c:6b:19:
                    e7:d5:57:ab:39:ab:67:2c:c4:89:e5:0b:83:13:e8:
                    1c:90:69:33:b0:59:a2:67:30:53:45:76:e5:aa:61:
                    f4:94:da:c5:34:e2:15:d9:3d:ac:03:9a:b1:42:b9:
                    ac:6f:9c:99:24:80:3f:63:d4:80:d7:97:72:88:44:
                    8d:f1:b9:8d:3f:58:d4:f8:7b:43:9c:38:5a:e4:f0:
                    9c:55:d6:59:d5:eb:2e:95:fe:57:2b:00:0b:ca:3b:
                    58:23:0c:5a:af:5e:5d:a8:32:ca:3b:db:39:7c:75:
                    80:62:6c:6b:d8:0f:11:39:2d:ad:f8:89:b3:bc:37:
                    ae:2d:8f:6b:c7:39:b8:fe:0c:dd:27:d8:02:e1:3e:
                    41:09:14:15:14:74:1e:e0:dd:5f:bc:f6:67:c6:48:
                    c4:f9:38:f0:ec:fa:ed:7d:ca:7e:5b:e7:23:52:f3:
                    5f:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:FF:A5:9A:65:C5:A7:B5:4E:98:96:3A:00:B7:5C:1D:D6:1B:47:34
            X509v3 Authority Key Identifier:
                keyid:11:7F:9D:55:82:6B:42:48:6D:FC:84:D3:5C:1A:63:A5:CE:87:50:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EX-dVYJrQkht_ITTXBpjpc6HUHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/wv-lmmXFp7VOmJY6ALdcHdYbRzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/EX-dVYJrQkht_ITTXBpjpc6HUHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.236.246.0/23

    Signature Algorithm: sha256WithRSAEncryption
         45:e3:3a:53:f4:0c:f6:65:a2:94:fb:ce:3c:c8:fc:e4:1c:3d:
         53:af:36:3b:a4:aa:d1:fe:69:11:ba:67:52:7d:14:1b:fa:0a:
         93:a4:1a:9d:92:59:0c:f8:d9:92:3f:2a:02:7b:9f:28:4b:3a:
         5b:83:bf:a3:4b:f4:dc:fa:17:5b:9e:4b:de:c3:b9:7f:7b:85:
         d8:f6:72:3c:95:9c:a0:91:3e:5a:91:67:c5:61:45:18:b9:c1:
         8d:63:8b:38:2d:63:20:16:cf:84:68:df:81:35:29:f5:c4:00:
         92:ef:9c:f3:15:09:b7:88:b1:42:c0:e8:85:dc:74:16:5d:20:
         1d:aa:c3:78:5a:f2:df:6a:8f:d3:b4:01:de:e8:38:49:7b:6f:
         3e:0b:05:54:0d:99:c6:2d:63:5e:44:80:29:1b:d0:ee:01:c3:
         ac:a3:41:2b:ea:3f:dc:d8:51:a8:6f:cd:20:3a:c5:f3:93:40:
         56:74:e5:08:b9:60:f0:86:48:5b:66:7e:f2:92:59:ca:75:72:
         7a:20:c1:b9:33:23:40:ef:af:f5:25:c7:77:2c:65:81:dc:36:
         d6:93:b8:2f:d8:86:10:ff:48:f9:9c:72:d0:69:30:64:0c:e7:
         a4:58:39:11:78:6a:29:71:2a:20:57:8d:ed:89:0d:eb:f8:8a:
         16:a0:8f:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGi7dqI6k6SLiKb2QSlCintMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExN2Y5ZDU1ODI2YjQyNDg2ZGZjODRkMzVjMWE2M2E1Y2U4
NzUwN2MwHhcNMjQwODMwMTA1NjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmZmYTU5YTY1YzVhN2I1NGU5ODk2M2EwMGI3NWMxZGQ2MWI0NzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3sg6eaUBJ/hhqKcmZdnyq9A232g
bNYV07o8nw/6Tspmf6YtUyuqvfxHXHmKIpp5RTLuQVgyM9c18Wpe0Z2PJe5i+l0k
CBG4gPy3OJtDdYmw8vqHi7U8axnn1VerOatnLMSJ5QuDE+gckGkzsFmiZzBTRXbl
qmH0lNrFNOIV2T2sA5qxQrmsb5yZJIA/Y9SA15dyiESN8bmNP1jU+HtDnDha5PCc
VdZZ1esulf5XKwALyjtYIwxar15dqDLKO9s5fHWAYmxr2A8ROS2t+ImzvDeuLY9r
xzm4/gzdJ9gC4T5BCRQVFHQe4N1fvPZnxkjE+Tjw7Prtfcp+W+cjUvNfDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFML/pZplxae1TpiWOgC3XB3WG0c0MB8GA1UdIwQY
MBaAFBF/nVWCa0JIbfyE01waY6XOh1B8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVgtZFZZSnJRa2h0X0lUVFhCcGpwYzZIVUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9lYWZjNDEtYzM1OC00YjUxLTliMWMt
M2ZiYmJhOTI0OWNkLzEvd3YtbG1tWEZwN1ZPbUpZNkFMZGNIZFliUnpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9lYWZjNDEtYzM1OC00YjUxLTliMWMtM2ZiYmJhOTI0OWNk
LzEvRVgtZFZZSnJRa2h0X0lUVFhCcGpwYzZIVUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsuz2MA0G
CSqGSIb3DQEBCwUAA4IBAQBF4zpT9Az2ZaKU+848yPzkHD1TrzY7pKrR/mkRumdS
fRQb+gqTpBqdklkM+NmSPyoCe58oSzpbg7+jS/Tc+hdbnkvew7l/e4XY9nI8lZyg
kT5akWfFYUUYucGNY4s4LWMgFs+EaN+BNSn1xACS75zzFQm3iLFCwOiF3HQWXSAd
qsN4WvLfao/TtAHe6DhJe28+CwVUDZnGLWNeRIApG9DuAcOso0Er6j/c2FGob80g
OsXzk0BWdOUIuWDwhkhbZn7yklnKdXJ6IMG5MyNA76/1Jcd3LGWB3DbWk7gv2IYQ
/0j5nHLQaTBkDOekWDkReGopcSogV43tiQ3r+IoWoI8o
-----END CERTIFICATE-----