Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/RWH6AKApyyUg0MDBNbM36IDYOUM.roa
File:                     RWH6AKApyyUg0MDBNbM36IDYOUM.roa (raw, json)
Hash identifier:          ZuoODxTCHvu1KAkYQf6lWcYzm6xXVHKK/CIIt+8Awck=
Subject key identifier:   45:61:FA:00:A0:29:CB:25:20:D0:C0:C1:35:B3:37:E8:80:D8:39:43
Certificate issuer:       /CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
Certificate serial:       018CC56E8688F013E091D7FA5AF4A30E35F3
Authority key identifier: 1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/RWH6AKApyyUg0MDBNbM36IDYOUM.roa
Signing time:             Mon 01 Jan 2024 14:30:04 +0000
ROA not before:           Mon 01 Jan 2024 14:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14969
IP address blocks:        84.207.206.0/24 maxlen: 24
                          83.126.61.0/24 maxlen: 24
                          84.207.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:86:88:f0:13:e0:91:d7:fa:5a:f4:a3:0e:35:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
        Validity
            Not Before: Jan  1 14:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4561fa00a029cb2520d0c0c135b337e880d83943
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:8a:f1:17:8f:a1:c7:72:4d:dc:db:f3:63:3f:
                    50:a8:23:af:2c:bd:35:35:dc:2d:f6:b3:df:54:07:
                    d7:2b:56:59:18:52:14:fa:dd:64:17:13:f0:a2:20:
                    07:f5:bb:eb:2f:37:6f:50:f0:93:09:f9:ed:88:9c:
                    bd:aa:40:7a:22:71:c5:b9:3d:88:f8:de:5c:1a:20:
                    c3:34:e1:8c:0c:4e:77:a1:e4:0a:f5:eb:68:fe:e6:
                    30:9e:c0:fe:3f:90:6f:5c:2b:e9:23:73:e9:97:05:
                    b2:b2:70:91:d0:3f:cf:d7:af:12:ca:92:0e:89:50:
                    32:8a:d1:42:2c:a4:9b:71:90:a5:fc:06:b2:c0:05:
                    ba:4f:e0:57:4e:8e:59:6f:aa:21:77:11:e8:74:ce:
                    78:4f:ae:7a:8d:26:3a:24:4c:b5:60:b9:a1:63:17:
                    19:57:c6:b5:b1:cd:58:22:52:6a:cf:5e:27:ff:e9:
                    d8:9a:2f:b0:41:d3:9b:14:17:1b:46:d3:f7:b4:aa:
                    f5:9f:10:b8:89:d6:67:5b:62:46:36:32:b8:56:ad:
                    20:6c:ed:c2:9e:ec:74:51:4e:7f:a6:67:b1:14:f8:
                    6c:d6:05:d2:a6:1a:05:22:86:4e:e8:75:60:1f:bf:
                    ee:f1:77:bb:69:a4:01:f7:7f:51:5b:99:36:8c:6d:
                    d1:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:61:FA:00:A0:29:CB:25:20:D0:C0:C1:35:B3:37:E8:80:D8:39:43
            X509v3 Authority Key Identifier:
                keyid:1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/RWH6AKApyyUg0MDBNbM36IDYOUM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.126.61.0/24
                  84.207.206.0/24
                  84.207.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:c2:9b:08:31:b5:16:83:71:08:54:cc:92:a3:16:dc:52:b6:
         27:dd:d7:a9:76:b8:7b:01:f5:be:17:f3:ca:b0:80:a7:23:a5:
         91:d0:8b:83:87:c0:b9:a5:29:7c:ae:18:8b:47:9f:72:6d:c1:
         5c:a7:1b:4f:c5:f6:9a:55:29:75:89:bd:cd:22:cc:34:1d:cd:
         a7:e5:b7:33:9e:39:1f:c1:17:3c:b0:46:17:88:8b:c9:e6:dd:
         e7:25:b7:8f:22:30:a2:1d:24:bc:d1:46:b8:88:5b:06:2f:78:
         4c:14:81:d8:2a:0e:67:9f:fa:05:13:a9:86:c4:e7:a6:ff:c5:
         1e:34:46:d5:8f:81:6c:36:ad:b8:cd:03:ab:4a:b0:06:04:c2:
         1b:58:81:0d:99:5e:dd:69:0f:02:05:7b:57:73:22:d5:59:b0:
         42:d9:9e:2b:f8:c4:1c:31:64:72:2a:ce:6d:49:5c:96:88:24:
         db:a3:fc:f3:ff:88:1a:09:46:3d:7f:b7:46:5e:f3:b7:a1:1e:
         b7:1b:54:2f:58:25:63:6d:b9:8b:f2:7d:d5:bf:34:0a:cc:08:
         40:5a:ae:d4:30:8e:00:f4:57:12:c1:8c:0e:fc:b5:20:cc:b9:
         ac:16:33:40:52:e3:a6:bf:a2:49:30:ad:18:44:5a:57:24:f1:
         31:73:19:55
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzFboaI8BPgkdf6WvSjDjXzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmZTkwZmRlOTc4NGE5MWQ5M2E3YTJhZjU5ZDRkMDQzZjEx
NzFmYmEwHhcNMjQwMTAxMTQzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTYxZmEwMGEwMjljYjI1MjBkMGMwYzEzNWIzMzdlODgwZDgzOTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjorxF4+hx3JN3NvzYz9QqCOvLL01
Ndwt9rPfVAfXK1ZZGFIU+t1kFxPwoiAH9bvrLzdvUPCTCfntiJy9qkB6InHFuT2I
+N5cGiDDNOGMDE53oeQK9eto/uYwnsD+P5BvXCvpI3PplwWysnCR0D/P168SypIO
iVAyitFCLKSbcZCl/AaywAW6T+BXTo5Zb6ohdxHodM54T656jSY6JEy1YLmhYxcZ
V8a1sc1YIlJqz14n/+nYmi+wQdObFBcbRtP3tKr1nxC4idZnW2JGNjK4Vq0gbO3C
nux0UU5/pmexFPhs1gXSphoFIoZO6HVgH7/u8Xe7aaQB939RW5k2jG3ROwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEVh+gCgKcslINDAwTWzN+iA2DlDMB8GA1UdIwQY
MBaAFB/pD96XhKkdk6eir1nU0EPxFx+6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQt
MjM3NzJlN2Y5MmUzLzEvUldINkFLQXB5eVVnME1EQk5iTTM2SURZT1VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQtMjM3NzJlN2Y5MmUz
LzEvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAU349AwQA
VM/OAwQAVM/qMA0GCSqGSIb3DQEBCwUAA4IBAQAOwpsIMbUWg3EIVMySoxbcUrYn
3depdrh7AfW+F/PKsICnI6WR0IuDh8C5pSl8rhiLR59ybcFcpxtPxfaaVSl1ib3N
Isw0Hc2n5bcznjkfwRc8sEYXiIvJ5t3nJbePIjCiHSS80Ua4iFsGL3hMFIHYKg5n
n/oFE6mGxOem/8UeNEbVj4FsNq24zQOrSrAGBMIbWIENmV7daQ8CBXtXcyLVWbBC
2Z4r+MQcMWRyKs5tSVyWiCTbo/zz/4gaCUY9f7dGXvO3oR63G1QvWCVjbbmL8n3V
vzQKzAhAWq7UMI4A9FcSwYwO/LUgzLmsFjNAUuOmv6JJMK0YRFpXJPExcxlV
-----END CERTIFICATE-----