Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/1-whjs_Qr_lp5fxD7iLN1NB8Okik.roa
File:                     1-whjs_Qr_lp5fxD7iLN1NB8Okik.roa (raw, json)
Hash identifier:          URZgOJsR9YJuv8EGRKftZS8DcEouhkollpOCV7e0rT0=
Subject key identifier:   FB:08:63:B3:F4:2B:FE:5A:79:7F:10:FB:88:B3:75:34:1F:0E:92:29
Certificate issuer:       /CN=bc3a252a8fcca0361da234a4f3ddb957789d0e55
Certificate serial:       018EC3DAAF3E1EF3BF4555F188F5A40D1E8D
Authority key identifier: BC:3A:25:2A:8F:CC:A0:36:1D:A2:34:A4:F3:DD:B9:57:78:9D:0E:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vDolKo_MoDYdojSk8925V3idDlU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/1-whjs_Qr_lp5fxD7iLN1NB8Okik.roa
Signing time:             Tue 09 Apr 2024 17:14:32 +0000
ROA not before:           Tue 09 Apr 2024 17:14:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        212.96.150.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/vDolKo_MoDYdojSk8925V3idDlU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/vDolKo_MoDYdojSk8925V3idDlU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vDolKo_MoDYdojSk8925V3idDlU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c3:da:af:3e:1e:f3:bf:45:55:f1:88:f5:a4:0d:1e:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc3a252a8fcca0361da234a4f3ddb957789d0e55
        Validity
            Not Before: Apr  9 17:14:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb0863b3f42bfe5a797f10fb88b375341f0e9229
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:0f:dd:62:68:18:74:fd:55:0a:d9:66:93:54:
                    da:ff:ca:43:9f:10:76:b7:da:af:23:17:34:e6:83:
                    60:2e:ba:9c:11:d1:9b:18:67:15:26:d4:91:f7:b9:
                    1d:de:c9:7e:af:0f:55:4d:9e:e3:6f:f8:28:52:30:
                    62:7e:56:ea:2e:ea:5b:c3:55:66:b5:05:34:8a:52:
                    c0:38:51:48:f4:b8:2f:4f:2c:ae:f7:14:a5:43:ac:
                    48:c1:41:79:16:65:aa:bb:ac:f8:75:24:ae:d7:9b:
                    27:89:4f:31:5e:d4:c7:f1:7d:d3:c0:27:55:44:9c:
                    01:9a:ce:0f:f6:47:60:f7:f0:31:71:8f:9d:9d:2a:
                    dd:a7:ed:c1:1b:37:75:b9:be:88:31:fe:a5:3d:5e:
                    85:f3:64:a3:76:91:6d:76:d0:3a:7c:a2:1b:ea:8f:
                    f2:63:4f:1b:76:f9:50:5c:18:66:ef:c9:1f:0a:1c:
                    ad:b9:ca:86:74:5f:8a:fe:17:0d:90:07:50:b9:f9:
                    6c:83:0c:bf:d9:78:84:b1:3d:e9:de:39:cb:14:86:
                    56:bb:51:21:5b:2a:b5:05:e6:3b:08:5a:1e:ec:af:
                    96:ad:41:84:ae:ee:52:a1:bf:06:7d:30:f6:71:2f:
                    7d:f8:64:08:47:e7:f7:bd:97:3a:82:c8:2f:6b:50:
                    82:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:08:63:B3:F4:2B:FE:5A:79:7F:10:FB:88:B3:75:34:1F:0E:92:29
            X509v3 Authority Key Identifier:
                keyid:BC:3A:25:2A:8F:CC:A0:36:1D:A2:34:A4:F3:DD:B9:57:78:9D:0E:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vDolKo_MoDYdojSk8925V3idDlU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/1-whjs_Qr_lp5fxD7iLN1NB8Okik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/vDolKo_MoDYdojSk8925V3idDlU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.96.150.0/23

    Signature Algorithm: sha256WithRSAEncryption
         be:73:52:59:fc:1f:6c:d5:2d:f6:0c:c0:33:90:e8:41:53:45:
         07:4d:a5:bf:f9:5f:56:79:ca:2a:c1:7f:ee:d4:23:dc:37:c6:
         d3:e9:7c:c9:29:52:49:c2:ac:8e:cd:55:06:01:73:2f:99:10:
         d9:df:e0:3a:66:59:f1:fa:68:31:9a:65:99:07:02:f6:35:f8:
         6e:3b:e1:6f:23:8d:b8:b7:1f:78:ab:cb:d6:96:c3:6c:aa:e1:
         84:80:af:80:ee:af:07:48:b5:db:a6:da:fd:ad:eb:f5:15:44:
         d6:28:e1:f0:33:62:2d:a5:e7:df:55:c3:64:ea:26:10:a9:b2:
         77:de:06:97:c6:1c:e2:65:b8:e3:f1:c4:67:b5:90:1f:07:ad:
         46:0b:ef:6e:d1:0e:1d:9d:3b:aa:9c:24:c2:6e:7f:44:56:16:
         34:94:92:c7:68:03:0d:6d:3f:cc:f9:4d:61:1e:f6:ac:ba:86:
         ba:f5:a6:a1:a6:2b:62:b2:34:08:64:a1:4b:7d:ac:6d:09:19:
         8a:da:8e:8c:99:b6:53:3e:17:d4:10:aa:f5:8a:b2:04:dd:2f:
         69:57:7b:c2:fb:54:e2:31:42:7a:bd:c6:24:3a:7b:b2:90:4b:
         07:26:4c:85:0a:79:6d:46:3a:de:b5:21:71:5c:27:41:51:a1:
         39:23:10:bd
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY7D2q8+HvO/RVXxiPWkDR6NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjM2EyNTJhOGZjY2EwMzYxZGEyMzRhNGYzZGRiOTU3Nzg5
ZDBlNTUwHhcNMjQwNDA5MTcxNDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjA4NjNiM2Y0MmJmZTVhNzk3ZjEwZmI4OGIzNzUzNDFmMGU5MjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkg/dYmgYdP1VCtlmk1Ta/8pDnxB2
t9qvIxc05oNgLrqcEdGbGGcVJtSR97kd3sl+rw9VTZ7jb/goUjBiflbqLupbw1Vm
tQU0ilLAOFFI9LgvTyyu9xSlQ6xIwUF5FmWqu6z4dSSu15sniU8xXtTH8X3TwCdV
RJwBms4P9kdg9/AxcY+dnSrdp+3BGzd1ub6IMf6lPV6F82SjdpFtdtA6fKIb6o/y
Y08bdvlQXBhm78kfChytucqGdF+K/hcNkAdQuflsgwy/2XiEsT3p3jnLFIZWu1Eh
Wyq1BeY7CFoe7K+WrUGEru5Sob8GfTD2cS99+GQIR+f3vZc6gsgva1CCbwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPsIY7P0K/5aeX8Q+4izdTQfDpIpMB8GA1UdIwQY
MBaAFLw6JSqPzKA2HaI0pPPduVd4nQ5VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkRvbEtvX01vRFlkb2pTazg5MjVWM2lkRGxVLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8zMjRmMDUtOWEwNy00NGNiLTg3MDkt
MGExOTUxOGY3MzU4LzEvMS13aGpzX1FyX2xwNWZ4RDdpTE4xTkI4T2tpay5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOWIvMzI0ZjA1LTlhMDctNDRjYi04NzA5LTBhMTk1MThmNzM1
OC8xL3ZEb2xLb19Nb0RZZG9qU2s4OTI1VjNpZERsVS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAdRgljAN
BgkqhkiG9w0BAQsFAAOCAQEAvnNSWfwfbNUt9gzAM5DoQVNFB02lv/lfVnnKKsF/
7tQj3DfG0+l8ySlSScKsjs1VBgFzL5kQ2d/gOmZZ8fpoMZplmQcC9jX4bjvhbyON
uLcfeKvL1pbDbKrhhICvgO6vB0i126ba/a3r9RVE1ijh8DNiLaXn31XDZOomEKmy
d94Gl8Yc4mW44/HEZ7WQHwetRgvvbtEOHZ07qpwkwm5/RFYWNJSSx2gDDW0/zPlN
YR72rLqGuvWmoaYrYrI0CGShS32sbQkZitqOjJm2Uz4X1BCq9YqyBN0vaVd7wvtU
4jFCer3GJDp7spBLByZMhQp5bUY63rUhcVwnQVGhOSMQvQ==
-----END CERTIFICATE-----