Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/08d1cc-6373-4840-b48f-0aa08edb9063/1/wn8L1S1HX-xHEO14CzAumz-jwFE.roa
File:                     wn8L1S1HX-xHEO14CzAumz-jwFE.roa (raw, json)
Hash identifier:          rqarK7Jil1QZgVp4Fu9aGEFeh6z4CFqMV4d+BbEedts=
Subject key identifier:   C2:7F:0B:D5:2D:47:5F:EC:47:10:ED:78:0B:30:2E:9B:3F:A3:C0:51
Certificate issuer:       /CN=59d76af9091da1581bba5ec13e5dbdb7362d9d0f
Certificate serial:       018CC425272C8F90632AD5C77FF86E30B4AC
Authority key identifier: 59:D7:6A:F9:09:1D:A1:58:1B:BA:5E:C1:3E:5D:BD:B7:36:2D:9D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wddq-QkdoVgbul7BPl29tzYtnQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/08d1cc-6373-4840-b48f-0aa08edb9063/1/wn8L1S1HX-xHEO14CzAumz-jwFE.roa
Signing time:             Mon 01 Jan 2024 08:30:18 +0000
ROA not before:           Mon 01 Jan 2024 08:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213150
IP address blocks:        185.216.11.0/24 maxlen: 24
                          2a07:e940::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/08d1cc-6373-4840-b48f-0aa08edb9063/1/Wddq-QkdoVgbul7BPl29tzYtnQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/08d1cc-6373-4840-b48f-0aa08edb9063/1/Wddq-QkdoVgbul7BPl29tzYtnQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wddq-QkdoVgbul7BPl29tzYtnQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:27:2c:8f:90:63:2a:d5:c7:7f:f8:6e:30:b4:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=59d76af9091da1581bba5ec13e5dbdb7362d9d0f
        Validity
            Not Before: Jan  1 08:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c27f0bd52d475fec4710ed780b302e9b3fa3c051
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:93:c2:75:27:df:26:eb:e8:7b:67:b2:f4:51:
                    40:53:d3:1a:01:15:fd:cd:ec:ea:3e:4a:4a:41:a6:
                    fc:29:26:c6:e6:f1:82:d1:f0:00:22:c8:ed:c0:6e:
                    e3:43:a6:1b:bd:cd:20:a4:79:b6:0a:8a:f0:29:79:
                    c9:0d:67:fc:a0:b7:c4:6a:24:58:5e:f4:2d:a4:f1:
                    c1:ed:fb:0f:7f:5d:61:ff:59:ae:1a:f1:69:f2:d1:
                    c5:bf:a2:a5:f2:ec:50:5d:12:c2:b6:2c:4b:f8:8f:
                    3f:c6:d8:6a:78:ee:a4:f4:b6:c4:d9:44:cd:c3:44:
                    80:60:4d:35:6a:06:d2:14:bb:5e:9b:9c:66:f4:ae:
                    a3:a5:84:50:b8:f4:2c:90:c8:c8:bb:b0:24:32:65:
                    d3:de:dc:f7:6c:7a:c8:1a:b8:cf:1d:2f:42:b3:d2:
                    ff:1f:1a:99:f9:26:a2:bc:d7:f5:be:92:e1:48:a5:
                    b6:6a:7f:5d:12:80:9e:d8:4e:20:8a:39:2c:5b:e5:
                    d0:05:ab:58:0d:47:d2:5b:cf:80:9a:46:d9:b0:3c:
                    6e:2b:9d:a2:de:3b:4f:21:ff:93:78:d3:52:f6:2e:
                    f3:ff:28:1d:36:36:8b:57:0e:39:99:28:65:03:30:
                    5b:96:6e:35:c0:f8:a0:b6:46:31:b1:b7:e6:ed:8c:
                    58:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:7F:0B:D5:2D:47:5F:EC:47:10:ED:78:0B:30:2E:9B:3F:A3:C0:51
            X509v3 Authority Key Identifier:
                keyid:59:D7:6A:F9:09:1D:A1:58:1B:BA:5E:C1:3E:5D:BD:B7:36:2D:9D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wddq-QkdoVgbul7BPl29tzYtnQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/08d1cc-6373-4840-b48f-0aa08edb9063/1/wn8L1S1HX-xHEO14CzAumz-jwFE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/08d1cc-6373-4840-b48f-0aa08edb9063/1/Wddq-QkdoVgbul7BPl29tzYtnQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.216.11.0/24
                IPv6:
                  2a07:e940::/29

    Signature Algorithm: sha256WithRSAEncryption
         60:4a:28:bd:27:0a:77:22:f3:25:2c:7a:31:38:46:11:0d:27:
         a9:4a:ea:1f:ab:2c:f5:25:a0:c9:c9:af:97:cd:6e:d8:3f:b3:
         72:38:b3:26:22:c7:d3:15:c4:a7:82:06:bd:36:cf:83:e5:ff:
         dc:3e:97:07:cc:29:25:3d:96:6d:17:f7:c2:fc:4a:44:96:cc:
         b9:55:b2:37:7c:40:2b:ad:6d:e4:83:2b:ac:94:df:e2:ec:a1:
         62:61:73:64:85:83:00:14:83:74:f8:00:c5:81:1b:87:22:bf:
         b5:56:ac:cd:a0:93:45:e0:f1:9b:08:5c:18:66:9f:2b:61:54:
         2a:b0:06:d7:de:af:b5:20:5f:23:69:ac:1c:44:d7:5c:12:b3:
         2f:26:c0:14:2e:08:9c:c3:e9:b5:b7:f4:49:ee:6c:0f:6d:70:
         77:73:4c:aa:3a:2b:91:68:e5:cf:ad:3a:f8:6f:39:18:7c:4b:
         3e:8c:80:bc:b7:f6:be:2c:fe:2c:9f:99:68:17:9d:e3:a1:9a:
         7b:b7:a8:ba:46:44:8a:a5:44:32:03:6e:8b:3f:c2:7f:3e:b2:
         ee:2b:ae:70:63:7b:13:04:ea:aa:00:30:98:e3:1e:68:c8:71:
         df:33:14:4f:80:e5:55:e4:b1:86:85:0f:3c:3c:60:97:85:3b:
         5f:38:b5:52
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJScsj5BjKtXHf/huMLSsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5ZDc2YWY5MDkxZGExNTgxYmJhNWVjMTNlNWRiZGI3MzYy
ZDlkMGYwHhcNMjQwMTAxMDgzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjdmMGJkNTJkNDc1ZmVjNDcxMGVkNzgwYjMwMmU5YjNmYTNjMDUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgZPCdSffJuvoe2ey9FFAU9MaARX9
zezqPkpKQab8KSbG5vGC0fAAIsjtwG7jQ6Ybvc0gpHm2CorwKXnJDWf8oLfEaiRY
XvQtpPHB7fsPf11h/1muGvFp8tHFv6Kl8uxQXRLCtixL+I8/xthqeO6k9LbE2UTN
w0SAYE01agbSFLtem5xm9K6jpYRQuPQskMjIu7AkMmXT3tz3bHrIGrjPHS9Cs9L/
HxqZ+SaivNf1vpLhSKW2an9dEoCe2E4gijksW+XQBatYDUfSW8+AmkbZsDxuK52i
3jtPIf+TeNNS9i7z/ygdNjaLVw45mShlAzBblm41wPigtkYxsbfm7YxYMwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMJ/C9UtR1/sRxDteAswLps/o8BRMB8GA1UdIwQY
MBaAFFnXavkJHaFYG7pewT5dvbc2LZ0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2RkcS1Ra2RvVmdidWw3QlBsMjl0ell0blE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8wOGQxY2MtNjM3My00ODQwLWI0OGYt
MGFhMDhlZGI5MDYzLzEvd244TDFTMUhYLXhIRU8xNEN6QXVtei1qd0ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8wOGQxY2MtNjM3My00ODQwLWI0OGYtMGFhMDhlZGI5MDYz
LzEvV2RkcS1Ra2RvVmdidWw3QlBsMjl0ell0blE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAudgLMA0E
AgACMAcDBQMqB+lAMA0GCSqGSIb3DQEBCwUAA4IBAQBgSii9Jwp3IvMlLHoxOEYR
DSepSuofqyz1JaDJya+XzW7YP7NyOLMmIsfTFcSngga9Ns+D5f/cPpcHzCklPZZt
F/fC/EpElsy5VbI3fEArrW3kgyuslN/i7KFiYXNkhYMAFIN0+ADFgRuHIr+1VqzN
oJNF4PGbCFwYZp8rYVQqsAbX3q+1IF8jaawcRNdcErMvJsAULgicw+m1t/RJ7mwP
bXB3c0yqOiuRaOXPrTr4bzkYfEs+jIC8t/a+LP4sn5loF53joZp7t6i6RkSKpUQy
A26LP8J/PrLuK65wY3sTBOqqADCY4x5oyHHfMxRPgOVV5LGGhQ88PGCXhTtfOLVS
-----END CERTIFICATE-----