Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/849140-c853-48cd-9a84-b993168bc593/1/wnACGaMKOrsg5i1-6PAAx8VKQ0Y.roa
File:                     wnACGaMKOrsg5i1-6PAAx8VKQ0Y.roa (raw, json)
Hash identifier:          kxRyBHTXArEsk0qrBdKwIl2FB5x6O/p6TWut1bU4JRM=
Subject key identifier:   C2:70:02:19:A3:0A:3A:BB:20:E6:2D:7E:E8:F0:00:C7:C5:4A:43:46
Certificate issuer:       /CN=218b2c6a1a61a17bab7c032080aa3bf24478b6dd
Certificate serial:       019421442DB535D83B2CB1A8837BB1FBC515
Authority key identifier: 21:8B:2C:6A:1A:61:A1:7B:AB:7C:03:20:80:AA:3B:F2:44:78:B6:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYssahphoXurfAMggKo78kR4tt0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/849140-c853-48cd-9a84-b993168bc593/1/wnACGaMKOrsg5i1-6PAAx8VKQ0Y.roa
Signing time:             Wed 01 Jan 2025 09:48:23 +0000
ROA not before:           Wed 01 Jan 2025 09:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44719
IP address blocks:        195.42.116.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/849140-c853-48cd-9a84-b993168bc593/1/IYssahphoXurfAMggKo78kR4tt0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/849140-c853-48cd-9a84-b993168bc593/1/IYssahphoXurfAMggKo78kR4tt0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYssahphoXurfAMggKo78kR4tt0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:2d:b5:35:d8:3b:2c:b1:a8:83:7b:b1:fb:c5:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218b2c6a1a61a17bab7c032080aa3bf24478b6dd
        Validity
            Not Before: Jan  1 09:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c2700219a30a3abb20e62d7ee8f000c7c54a4346
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:36:c3:48:e6:64:af:15:92:7b:5a:33:f7:b3:
                    25:64:be:88:83:74:7f:2b:3f:57:96:2b:ff:f3:49:
                    69:d9:9a:9e:78:56:1d:18:c1:5b:9d:8e:0c:c4:db:
                    97:7c:c6:2a:ca:24:ac:a2:31:d6:c3:c1:05:36:66:
                    5f:68:4f:95:98:8b:31:6d:fc:07:8e:c1:63:58:6a:
                    4d:2e:a8:02:bb:4d:d0:fb:ce:79:36:60:b1:b9:a7:
                    d0:9a:aa:43:4c:31:3d:07:93:e9:67:33:a7:e9:31:
                    a1:d0:c9:84:ca:38:77:6d:75:8c:64:1e:45:ea:2c:
                    d4:df:f4:b3:04:25:72:74:10:d3:ba:0f:48:f4:7a:
                    38:bb:0e:a9:cb:d6:f4:7d:ac:15:b4:33:e6:db:b3:
                    51:80:00:ae:b2:5c:48:71:c6:ea:cd:44:6a:ed:b9:
                    32:8c:37:50:9e:fc:f9:44:dd:5f:19:c4:c5:70:1d:
                    10:ce:9f:e5:1c:75:e8:22:d5:4b:59:d9:a9:d6:b6:
                    6c:07:14:f2:17:73:a2:48:c6:a3:f6:cf:4e:57:f8:
                    39:3b:25:d6:3d:90:a1:a9:13:5a:c4:af:48:f5:03:
                    6a:6c:30:0f:93:3c:28:1f:c8:03:cd:39:99:11:e4:
                    e4:e6:ad:03:bb:f7:25:eb:de:94:ac:e6:f3:41:89:
                    b8:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:70:02:19:A3:0A:3A:BB:20:E6:2D:7E:E8:F0:00:C7:C5:4A:43:46
            X509v3 Authority Key Identifier:
                keyid:21:8B:2C:6A:1A:61:A1:7B:AB:7C:03:20:80:AA:3B:F2:44:78:B6:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYssahphoXurfAMggKo78kR4tt0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/849140-c853-48cd-9a84-b993168bc593/1/wnACGaMKOrsg5i1-6PAAx8VKQ0Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/849140-c853-48cd-9a84-b993168bc593/1/IYssahphoXurfAMggKo78kR4tt0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.42.116.0/23

    Signature Algorithm: sha256WithRSAEncryption
         62:4b:08:e2:3f:65:5f:fc:c2:d9:dd:59:80:3a:a9:2e:64:c5:
         51:be:73:39:9e:f1:af:58:ed:09:fc:6d:8d:c5:a0:7b:6a:02:
         50:c2:da:f9:9b:d5:5f:5a:7a:bc:3f:45:91:de:46:bb:eb:b8:
         b4:cc:1a:9c:03:ab:6e:4f:36:16:da:99:41:d1:fb:88:58:31:
         cf:3a:f0:87:5b:1a:a4:66:db:f4:fe:94:ef:ad:a9:17:b3:52:
         e2:66:b7:89:a2:b4:ba:e6:5c:af:4a:65:50:c8:36:5c:f2:9c:
         d7:8f:00:58:25:c8:06:54:9c:64:ed:88:e1:d8:11:f8:81:41:
         10:d1:87:d2:e7:d5:47:1c:73:24:df:eb:23:db:bc:46:bb:ea:
         f8:d3:36:d3:db:e9:22:b7:ae:50:99:fe:86:b7:35:c1:3a:de:
         b9:8b:1e:08:da:99:e0:72:2a:26:df:18:21:5e:b0:49:42:ce:
         9b:e8:a0:b4:0b:b4:ba:02:1c:17:c8:62:5c:01:78:61:59:c6:
         fb:66:32:3d:02:2b:18:7e:7b:a9:db:ce:25:25:40:b4:94:46:
         d6:7e:4a:ba:6b:5f:35:06:3b:86:30:a0:27:59:de:25:0e:9b:
         9b:61:a8:dd:a6:82:f2:92:7a:91:01:10:70:7b:13:91:51:43:
         5b:e4:d1:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRC21Ndg7LLGog3ux+8UVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxOGIyYzZhMWE2MWExN2JhYjdjMDMyMDgwYWEzYmYyNDQ3
OGI2ZGQwHhcNMjUwMTAxMDk0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjcwMDIxOWEzMGEzYWJiMjBlNjJkN2VlOGYwMDBjN2M1NGE0MzQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAozbDSOZkrxWSe1oz97MlZL6Ig3R/
Kz9Xliv/80lp2ZqeeFYdGMFbnY4MxNuXfMYqyiSsojHWw8EFNmZfaE+VmIsxbfwH
jsFjWGpNLqgCu03Q+855NmCxuafQmqpDTDE9B5PpZzOn6TGh0MmEyjh3bXWMZB5F
6izU3/SzBCVydBDTug9I9Ho4uw6py9b0fawVtDPm27NRgACuslxIccbqzURq7bky
jDdQnvz5RN1fGcTFcB0Qzp/lHHXoItVLWdmp1rZsBxTyF3OiSMaj9s9OV/g5OyXW
PZChqRNaxK9I9QNqbDAPkzwoH8gDzTmZEeTk5q0Du/cl696UrObzQYm45QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMJwAhmjCjq7IOYtfujwAMfFSkNGMB8GA1UdIwQY
MBaAFCGLLGoaYaF7q3wDIICqO/JEeLbdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVlzc2FocGhvWHVyZkFNZ2dLbzc4a1I0dHQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS84NDkxNDAtYzg1My00OGNkLTlhODQt
Yjk5MzE2OGJjNTkzLzEvd25BQ0dhTUtPcnNnNWkxLTZQQUF4OFZLUTBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS84NDkxNDAtYzg1My00OGNkLTlhODQtYjk5MzE2OGJjNTkz
LzEvSVlzc2FocGhvWHVyZkFNZ2dLbzc4a1I0dHQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwyp0MA0G
CSqGSIb3DQEBCwUAA4IBAQBiSwjiP2Vf/MLZ3VmAOqkuZMVRvnM5nvGvWO0J/G2N
xaB7agJQwtr5m9VfWnq8P0WR3ka767i0zBqcA6tuTzYW2plB0fuIWDHPOvCHWxqk
Ztv0/pTvrakXs1LiZreJorS65lyvSmVQyDZc8pzXjwBYJcgGVJxk7Yjh2BH4gUEQ
0YfS59VHHHMk3+sj27xGu+r40zbT2+kit65Qmf6GtzXBOt65ix4I2pngciom3xgh
XrBJQs6b6KC0C7S6AhwXyGJcAXhhWcb7ZjI9AisYfnup284lJUC0lEbWfkq6a181
BjuGMKAnWd4lDpubYajdpoLyknqRARBwexORUUNb5NGb
-----END CERTIFICATE-----