Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/fe4b06-fc2e-4bcb-877e-af1ef1d7afb8/1/wbQaQOSUnJo2nhzZBIb9qZ_xx0s.roa
File:                     wbQaQOSUnJo2nhzZBIb9qZ_xx0s.roa (raw, json)
Hash identifier:          zDSQZgcA+1AP2GzupqJG5UMSDFHpNW2cvIDry9aFato=
Subject key identifier:   C1:B4:1A:40:E4:94:9C:9A:36:9E:1C:D9:04:86:FD:A9:9F:F1:C7:4B
Certificate issuer:       /CN=b35002ba088d5bd09c1553dced5b0bf3907ff736
Certificate serial:       018CC5DD205733C60864055E20EF86C1305D
Authority key identifier: B3:50:02:BA:08:8D:5B:D0:9C:15:53:DC:ED:5B:0B:F3:90:7F:F7:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s1ACugiNW9CcFVPc7VsL85B_9zY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/fe4b06-fc2e-4bcb-877e-af1ef1d7afb8/1/wbQaQOSUnJo2nhzZBIb9qZ_xx0s.roa
Signing time:             Mon 01 Jan 2024 16:30:52 +0000
ROA not before:           Mon 01 Jan 2024 16:30:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199152
IP address blocks:        94.247.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/fe4b06-fc2e-4bcb-877e-af1ef1d7afb8/1/s1ACugiNW9CcFVPc7VsL85B_9zY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/fe4b06-fc2e-4bcb-877e-af1ef1d7afb8/1/s1ACugiNW9CcFVPc7VsL85B_9zY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s1ACugiNW9CcFVPc7VsL85B_9zY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 11:16:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:20:57:33:c6:08:64:05:5e:20:ef:86:c1:30:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b35002ba088d5bd09c1553dced5b0bf3907ff736
        Validity
            Not Before: Jan  1 16:30:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1b41a40e4949c9a369e1cd90486fda99ff1c74b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:a8:2d:c6:a1:44:ac:55:49:3e:c6:6a:9d:63:
                    cc:d1:1f:19:80:1b:88:05:42:ef:16:eb:86:87:af:
                    a1:c9:d6:73:fe:bd:de:ac:ba:f9:ad:5c:62:47:55:
                    a4:f5:8e:02:49:c8:fd:fd:3b:52:24:00:c9:d0:28:
                    78:d0:a3:f0:b6:c1:00:ea:a1:bb:3a:aa:75:9a:6a:
                    89:24:bf:11:61:03:b2:73:eb:e5:2f:80:12:aa:e7:
                    99:42:1f:bb:d6:29:20:ed:07:d8:a1:d9:05:1c:67:
                    74:40:97:68:1d:35:c4:92:f6:31:bf:e5:1f:c0:02:
                    b3:71:31:13:5b:8b:12:98:66:4f:37:3d:7f:fa:e3:
                    00:d1:ec:73:f7:d6:da:bd:63:7b:75:5b:a7:d8:68:
                    33:6a:af:a5:e6:53:5c:84:0f:6b:20:7b:a1:e7:05:
                    47:25:93:e6:db:12:ed:37:fc:cd:d3:0a:5c:16:0b:
                    58:35:a2:c7:76:b4:75:68:c9:5b:5a:26:81:3f:fc:
                    9d:cf:c8:9a:62:6d:38:2b:97:9e:43:a9:d6:e0:35:
                    88:8a:0f:94:29:e4:cc:2f:9c:66:51:2b:14:96:e7:
                    75:5b:3b:6d:f1:fb:4a:70:3d:26:5d:99:42:7d:41:
                    35:29:16:63:08:88:d8:df:e4:b9:95:1e:77:ca:fb:
                    67:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:B4:1A:40:E4:94:9C:9A:36:9E:1C:D9:04:86:FD:A9:9F:F1:C7:4B
            X509v3 Authority Key Identifier:
                keyid:B3:50:02:BA:08:8D:5B:D0:9C:15:53:DC:ED:5B:0B:F3:90:7F:F7:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s1ACugiNW9CcFVPc7VsL85B_9zY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/fe4b06-fc2e-4bcb-877e-af1ef1d7afb8/1/wbQaQOSUnJo2nhzZBIb9qZ_xx0s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/fe4b06-fc2e-4bcb-877e-af1ef1d7afb8/1/s1ACugiNW9CcFVPc7VsL85B_9zY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.247.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:a6:2b:4b:29:8f:41:93:39:2e:4a:49:fd:c8:24:e0:aa:49:
         f0:fa:e6:54:ec:49:32:11:00:25:f3:ed:6f:c9:a1:86:b8:ac:
         f5:24:02:58:e3:bd:f5:8a:62:a8:fc:ae:e9:5f:5a:18:c3:69:
         86:95:52:eb:48:9d:df:90:2c:de:58:7d:0f:e9:85:0f:f4:37:
         f2:7b:f7:90:1d:7d:6c:57:f0:ec:af:b2:cb:fa:db:23:2a:34:
         06:ee:33:95:f4:50:b9:a8:44:4e:ce:af:cc:74:92:56:28:c0:
         97:0e:df:ce:f1:16:d8:f9:c9:5f:a2:16:37:1f:a5:71:f7:af:
         f0:fa:40:e3:ba:22:fb:d5:ea:3d:8b:c1:0c:da:f7:c9:88:6e:
         eb:b9:d9:18:14:68:be:4e:56:75:cb:8c:07:ab:5c:08:d7:e1:
         cc:04:db:32:3f:8c:9a:b3:e4:1c:31:13:18:c9:35:27:60:7b:
         ec:9c:d4:10:35:2d:0b:79:e3:a5:69:8e:df:87:0a:a4:97:51:
         92:5d:d1:bd:41:28:5a:d0:bf:f1:ee:77:6a:1b:72:5e:74:a3:
         1c:b2:2a:dd:f2:d0:87:5e:97:7f:34:77:87:c1:4e:7e:ca:61:
         23:fa:ee:a4:47:18:2f:e5:0a:37:54:df:5c:aa:8a:0b:e2:f1:
         ec:52:84:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3SBXM8YIZAVeIO+GwTBdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzNTAwMmJhMDg4ZDViZDA5YzE1NTNkY2VkNWIwYmYzOTA3
ZmY3MzYwHhcNMjQwMTAxMTYzMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWI0MWE0MGU0OTQ5YzlhMzY5ZTFjZDkwNDg2ZmRhOTlmZjFjNzRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsqgtxqFErFVJPsZqnWPM0R8ZgBuI
BULvFuuGh6+hydZz/r3erLr5rVxiR1Wk9Y4CScj9/TtSJADJ0Ch40KPwtsEA6qG7
Oqp1mmqJJL8RYQOyc+vlL4ASqueZQh+71ikg7QfYodkFHGd0QJdoHTXEkvYxv+Uf
wAKzcTETW4sSmGZPNz1/+uMA0exz99bavWN7dVun2Ggzaq+l5lNchA9rIHuh5wVH
JZPm2xLtN/zN0wpcFgtYNaLHdrR1aMlbWiaBP/ydz8iaYm04K5eeQ6nW4DWIig+U
KeTML5xmUSsUlud1Wztt8ftKcD0mXZlCfUE1KRZjCIjY3+S5lR53yvtnkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMG0GkDklJyaNp4c2QSG/amf8cdLMB8GA1UdIwQY
MBaAFLNQAroIjVvQnBVT3O1bC/OQf/c2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczFBQ3VnaU5XOUNjRlZQYzdWc0w4NUJfOXpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9mZTRiMDYtZmMyZS00YmNiLTg3N2Ut
YWYxZWYxZDdhZmI4LzEvd2JRYVFPU1VuSm8ybmh6WkJJYjlxWl94eDBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9mZTRiMDYtZmMyZS00YmNiLTg3N2UtYWYxZWYxZDdhZmI4
LzEvczFBQ3VnaU5XOUNjRlZQYzdWc0w4NUJfOXpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXveJMA0G
CSqGSIb3DQEBCwUAA4IBAQB3pitLKY9BkzkuSkn9yCTgqknw+uZU7EkyEQAl8+1v
yaGGuKz1JAJY4731imKo/K7pX1oYw2mGlVLrSJ3fkCzeWH0P6YUP9Dfye/eQHX1s
V/Dsr7LL+tsjKjQG7jOV9FC5qEROzq/MdJJWKMCXDt/O8RbY+clfohY3H6Vx96/w
+kDjuiL71eo9i8EM2vfJiG7rudkYFGi+TlZ1y4wHq1wI1+HMBNsyP4yas+QcMRMY
yTUnYHvsnNQQNS0LeeOlaY7fhwqkl1GSXdG9QSha0L/x7ndqG3JedKMcsird8tCH
Xpd/NHeHwU5+ymEj+u6kRxgv5Qo3VN9cqooL4vHsUoSX
-----END CERTIFICATE-----