Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/9dcc25-5b0a-4c3e-9149-5a8230e7643a/1/WlJroNaZJioA2oIouqos2zM1UrU.roa
File:                     WlJroNaZJioA2oIouqos2zM1UrU.roa (raw, json)
Hash identifier:          4xFOWnLD5opWfW6WyF3V8GpscNZw7gScNfX4Gvf2VKw=
Subject key identifier:   5A:52:6B:A0:D6:99:26:2A:00:DA:82:28:BA:AA:2C:DB:33:35:52:B5
Certificate issuer:       /CN=1502af713e36e52c71866c8a9ebdacf3d8629b68
Certificate serial:       018CC6B91619CDCB81D71621616CB05C95CF
Authority key identifier: 15:02:AF:71:3E:36:E5:2C:71:86:6C:8A:9E:BD:AC:F3:D8:62:9B:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FQKvcT425SxxhmyKnr2s89him2g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/9dcc25-5b0a-4c3e-9149-5a8230e7643a/1/WlJroNaZJioA2oIouqos2zM1UrU.roa
Signing time:             Mon 01 Jan 2024 20:31:07 +0000
ROA not before:           Mon 01 Jan 2024 20:31:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29208
IP address blocks:        193.84.68.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/9dcc25-5b0a-4c3e-9149-5a8230e7643a/1/FQKvcT425SxxhmyKnr2s89him2g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/9dcc25-5b0a-4c3e-9149-5a8230e7643a/1/FQKvcT425SxxhmyKnr2s89him2g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FQKvcT425SxxhmyKnr2s89him2g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 19:02:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:16:19:cd:cb:81:d7:16:21:61:6c:b0:5c:95:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1502af713e36e52c71866c8a9ebdacf3d8629b68
        Validity
            Not Before: Jan  1 20:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a526ba0d699262a00da8228baaa2cdb333552b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:84:e5:9a:d6:d4:62:e5:9f:e3:ec:16:63:55:
                    95:c5:6a:8b:dd:a5:fe:9d:2d:9a:4b:d9:32:9f:28:
                    42:a4:95:3c:25:0f:04:9b:36:ba:ef:04:37:85:c6:
                    56:ea:30:de:22:df:85:2c:d9:99:89:9f:33:3b:43:
                    f3:78:b5:bf:49:2f:c2:1f:17:a2:98:c7:5a:80:10:
                    1a:e0:4a:1b:ba:66:4e:7a:db:13:58:10:ac:42:cc:
                    4c:41:46:2a:c9:54:90:4f:13:3b:7f:a2:00:d4:8f:
                    ab:ff:7e:91:b8:22:a3:2a:25:fa:7c:57:e2:52:2d:
                    13:a6:88:62:2a:d0:5b:44:cb:1b:1c:6b:ec:00:ca:
                    86:d4:93:d1:3d:4f:fd:b5:0b:ae:18:ce:a5:af:0b:
                    c6:79:4d:67:b5:cf:e3:cd:42:ce:0b:86:d2:f5:90:
                    1a:10:20:55:86:d0:a8:4f:1b:29:cb:80:8c:94:02:
                    cc:c1:5f:d7:4d:9b:9b:fc:dd:85:46:a9:15:5c:3a:
                    1d:8a:b4:5e:d6:ce:66:c2:39:f9:20:a2:10:d0:e7:
                    d4:24:ed:7f:a0:2f:1a:ea:e6:ba:73:72:86:50:18:
                    7b:3c:b7:bc:77:ec:7b:9a:91:a2:bc:d8:62:36:d5:
                    45:15:cc:49:9e:46:8a:6e:a8:c7:10:21:0c:b4:c4:
                    fb:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:52:6B:A0:D6:99:26:2A:00:DA:82:28:BA:AA:2C:DB:33:35:52:B5
            X509v3 Authority Key Identifier:
                keyid:15:02:AF:71:3E:36:E5:2C:71:86:6C:8A:9E:BD:AC:F3:D8:62:9B:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FQKvcT425SxxhmyKnr2s89him2g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/9dcc25-5b0a-4c3e-9149-5a8230e7643a/1/WlJroNaZJioA2oIouqos2zM1UrU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/9dcc25-5b0a-4c3e-9149-5a8230e7643a/1/FQKvcT425SxxhmyKnr2s89him2g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.84.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:2c:9f:6f:42:48:9f:e3:67:94:a0:af:a0:57:15:e2:59:b4:
         b7:d1:5a:17:1f:fa:c5:88:9d:62:8e:2d:ae:db:bd:89:ff:91:
         bc:c5:e4:66:8a:c1:46:44:fd:27:9f:2f:79:97:cc:2e:b4:36:
         43:68:92:d7:4a:35:59:42:dd:ed:04:5d:2b:d5:16:92:c4:d2:
         5e:58:5f:17:23:18:11:89:fd:8d:3d:53:64:79:f6:11:eb:c3:
         75:76:b6:c7:95:8d:a8:00:1b:f4:7b:5e:1b:0e:f1:d7:d9:32:
         de:bc:8f:0b:cb:29:eb:5a:76:a5:9f:6e:8a:10:db:96:41:fd:
         8d:a4:96:89:53:c1:9e:fd:73:66:7f:5b:0b:21:c8:8a:3f:f2:
         08:5a:9d:44:1e:a1:43:a2:39:3f:1d:02:1c:2c:37:35:5a:f8:
         d0:f5:a7:c3:a2:57:4c:26:c5:05:04:90:9b:b7:f7:5c:60:a1:
         cb:b8:b9:73:3c:82:9f:e6:f3:f4:56:3f:9f:56:73:a6:de:b3:
         fc:6d:ab:ea:e5:32:73:5a:4f:f3:f2:14:35:32:07:33:94:b9:
         bb:78:a0:4c:26:39:33:b3:91:97:cb:4f:8c:d4:09:1e:e3:89:
         8e:eb:58:b1:5f:1f:0e:e4:f6:3e:ee:cb:dc:bc:89:e7:ff:ca:
         83:42:89:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuRYZzcuB1xYhYWywXJXPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1MDJhZjcxM2UzNmU1MmM3MTg2NmM4YTllYmRhY2YzZDg2
MjliNjgwHhcNMjQwMTAxMjAzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTUyNmJhMGQ2OTkyNjJhMDBkYTgyMjhiYWFhMmNkYjMzMzU1MmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy4TlmtbUYuWf4+wWY1WVxWqL3aX+
nS2aS9kynyhCpJU8JQ8Emza67wQ3hcZW6jDeIt+FLNmZiZ8zO0PzeLW/SS/CHxei
mMdagBAa4EobumZOetsTWBCsQsxMQUYqyVSQTxM7f6IA1I+r/36RuCKjKiX6fFfi
Ui0TpohiKtBbRMsbHGvsAMqG1JPRPU/9tQuuGM6lrwvGeU1ntc/jzULOC4bS9ZAa
ECBVhtCoTxspy4CMlALMwV/XTZub/N2FRqkVXDodirRe1s5mwjn5IKIQ0OfUJO1/
oC8a6ua6c3KGUBh7PLe8d+x7mpGivNhiNtVFFcxJnkaKbqjHECEMtMT7QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFpSa6DWmSYqANqCKLqqLNszNVK1MB8GA1UdIwQY
MBaAFBUCr3E+NuUscYZsip69rPPYYptoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlFLdmNUNDI1U3h4aG15S25yMnM4OWhpbTJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS85ZGNjMjUtNWIwYS00YzNlLTkxNDkt
NWE4MjMwZTc2NDNhLzEvV2xKcm9OYVpKaW9BMm9Jb3Vxb3Myek0xVXJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS85ZGNjMjUtNWIwYS00YzNlLTkxNDktNWE4MjMwZTc2NDNh
LzEvRlFLdmNUNDI1U3h4aG15S25yMnM4OWhpbTJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwVREMA0G
CSqGSIb3DQEBCwUAA4IBAQA6LJ9vQkif42eUoK+gVxXiWbS30VoXH/rFiJ1iji2u
272J/5G8xeRmisFGRP0nny95l8wutDZDaJLXSjVZQt3tBF0r1RaSxNJeWF8XIxgR
if2NPVNkefYR68N1drbHlY2oABv0e14bDvHX2TLevI8LyynrWnaln26KENuWQf2N
pJaJU8Ge/XNmf1sLIciKP/IIWp1EHqFDojk/HQIcLDc1WvjQ9afDoldMJsUFBJCb
t/dcYKHLuLlzPIKf5vP0Vj+fVnOm3rP8bavq5TJzWk/z8hQ1MgczlLm7eKBMJjkz
s5GXy0+M1Ake44mO61ixXx8O5PY+7svcvInn/8qDQokx
-----END CERTIFICATE-----