Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/wkwsgzJc2eo9ng8QQ8kvMc3qjbc.roa
File:                     wkwsgzJc2eo9ng8QQ8kvMc3qjbc.roa (raw, json)
Hash identifier:          +iuoTytPo6r5GmeijHeI4hmWR8iJmhnqPLAkE9k79sI=
Subject key identifier:   C2:4C:2C:83:32:5C:D9:EA:3D:9E:0F:10:43:C9:2F:31:CD:EA:8D:B7
Certificate issuer:       /CN=d0aa4a1a7a3ad23faae2aeae9fa6194f02128129
Certificate serial:       01944AC878C2BEC97D7B23C6A2553133228D
Authority key identifier: D0:AA:4A:1A:7A:3A:D2:3F:AA:E2:AE:AE:9F:A6:19:4F:02:12:81:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0KpKGno60j-q4q6un6YZTwISgSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/wkwsgzJc2eo9ng8QQ8kvMc3qjbc.roa
Signing time:             Thu 09 Jan 2025 11:17:19 +0000
ROA not before:           Thu 09 Jan 2025 11:17:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12888
IP address blocks:        195.27.162.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/0KpKGno60j-q4q6un6YZTwISgSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/0KpKGno60j-q4q6un6YZTwISgSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0KpKGno60j-q4q6un6YZTwISgSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4a:c8:78:c2:be:c9:7d:7b:23:c6:a2:55:31:33:22:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0aa4a1a7a3ad23faae2aeae9fa6194f02128129
        Validity
            Not Before: Jan  9 11:17:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c24c2c83325cd9ea3d9e0f1043c92f31cdea8db7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:01:84:1a:dc:50:b6:bc:96:5c:da:32:c1:fa:
                    44:72:9c:67:47:4e:cd:3d:27:73:48:0d:10:3c:82:
                    e4:e1:e2:6c:00:41:d6:65:d3:5f:d0:ee:0c:6a:d7:
                    80:c0:bb:75:8f:c6:93:a6:fc:6b:98:89:2a:e3:10:
                    5d:4d:b7:e5:b8:54:43:98:27:3e:5b:95:ad:93:d4:
                    77:eb:7b:4b:2a:8f:2f:5b:a3:63:67:62:37:6a:96:
                    55:80:b5:74:fe:a5:03:f9:c9:81:18:91:de:7f:a4:
                    f4:08:b3:c8:86:e1:f4:fb:87:6e:6c:e9:40:1f:06:
                    1a:93:79:d8:63:5b:27:35:4e:57:3d:f5:6a:94:a2:
                    ed:ef:1b:b7:37:15:0e:9a:4c:63:84:7d:59:75:75:
                    57:0f:6a:bd:43:27:18:b9:4e:99:f8:f2:5c:00:5d:
                    bd:e0:84:eb:e0:e9:87:77:06:49:cf:d2:bf:02:f8:
                    c5:6d:ee:f9:af:63:be:6b:b8:25:80:08:e8:23:1a:
                    f0:86:13:ab:86:b5:95:fb:8d:e6:e8:aa:a9:44:5d:
                    a6:17:bf:90:d4:45:07:2d:54:a2:47:55:96:57:e9:
                    53:5c:4d:a8:64:77:ff:2b:62:5c:f1:79:ef:93:94:
                    02:fb:c7:37:f7:f7:e2:72:a9:f1:8c:6c:2b:80:d6:
                    9f:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:4C:2C:83:32:5C:D9:EA:3D:9E:0F:10:43:C9:2F:31:CD:EA:8D:B7
            X509v3 Authority Key Identifier:
                keyid:D0:AA:4A:1A:7A:3A:D2:3F:AA:E2:AE:AE:9F:A6:19:4F:02:12:81:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0KpKGno60j-q4q6un6YZTwISgSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/wkwsgzJc2eo9ng8QQ8kvMc3qjbc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/0KpKGno60j-q4q6un6YZTwISgSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.27.162.0/23

    Signature Algorithm: sha256WithRSAEncryption
         12:92:7f:04:0a:15:49:40:b4:ca:40:45:af:57:2b:45:dc:8d:
         e5:db:da:b0:b8:82:2a:be:88:e8:34:65:a8:93:4f:ce:b6:6c:
         d9:63:9d:2f:e7:42:ac:94:13:fb:bf:3d:d7:96:c5:e9:b9:0e:
         7e:d7:e2:c0:45:87:c1:93:1a:00:b5:d9:02:00:5b:db:89:b3:
         8e:05:67:8d:07:aa:a0:e7:4a:86:44:63:1d:a4:03:bc:d3:6a:
         3a:43:d4:ab:b2:8e:d7:1d:56:20:ff:e0:84:4f:f1:ef:e7:42:
         58:5e:a5:60:78:43:0e:37:5d:f4:4d:dd:fc:9b:c9:8f:2e:a2:
         03:6b:57:d8:ec:39:a9:c5:8b:c7:54:50:60:c2:e7:ec:6c:fe:
         83:d6:67:0b:5e:f5:d6:17:76:9a:c3:37:f6:36:d0:21:16:c6:
         a2:b7:8b:e4:22:2a:d5:fa:7c:ab:89:a1:09:e1:f3:d4:35:fa:
         2c:5c:fd:eb:e5:a7:86:d1:8d:57:2e:ef:13:c6:f7:2d:16:aa:
         a0:3b:33:ae:0a:66:6f:8a:47:03:70:a5:4a:d5:8c:be:76:3c:
         f1:38:f6:43:be:f0:75:fb:a6:c5:d3:b8:38:04:05:05:fe:49:
         ce:1f:3f:9a:36:27:c4:6f:91:a2:99:12:77:39:e9:96:3b:8e:
         b7:58:c6:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRKyHjCvsl9eyPGolUxMyKNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwYWE0YTFhN2EzYWQyM2ZhYWUyYWVhZTlmYTYxOTRmMDIx
MjgxMjkwHhcNMjUwMTA5MTExNzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjRjMmM4MzMyNWNkOWVhM2Q5ZTBmMTA0M2M5MmYzMWNkZWE4ZGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQGEGtxQtryWXNoywfpEcpxnR07N
PSdzSA0QPILk4eJsAEHWZdNf0O4MateAwLt1j8aTpvxrmIkq4xBdTbfluFRDmCc+
W5Wtk9R363tLKo8vW6NjZ2I3apZVgLV0/qUD+cmBGJHef6T0CLPIhuH0+4dubOlA
HwYak3nYY1snNU5XPfVqlKLt7xu3NxUOmkxjhH1ZdXVXD2q9QycYuU6Z+PJcAF29
4ITr4OmHdwZJz9K/AvjFbe75r2O+a7glgAjoIxrwhhOrhrWV+43m6KqpRF2mF7+Q
1EUHLVSiR1WWV+lTXE2oZHf/K2Jc8Xnvk5QC+8c39/ficqnxjGwrgNaf+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMJMLIMyXNnqPZ4PEEPJLzHN6o23MB8GA1UdIwQY
MBaAFNCqShp6OtI/quKurp+mGU8CEoEpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEtwS0dubzYwai1xNHE2dW42WVpUd0lTZ1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS83NjU1NmUtYTFkOC00ZTBhLTg0Njgt
MjIxNGYxOGViMzI5LzEvd2t3c2d6SmMyZW85bmc4UVE4a3ZNYzNxamJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS83NjU1NmUtYTFkOC00ZTBhLTg0NjgtMjIxNGYxOGViMzI5
LzEvMEtwS0dubzYwai1xNHE2dW42WVpUd0lTZ1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwxuiMA0G
CSqGSIb3DQEBCwUAA4IBAQASkn8EChVJQLTKQEWvVytF3I3l29qwuIIqvojoNGWo
k0/OtmzZY50v50KslBP7vz3XlsXpuQ5+1+LARYfBkxoAtdkCAFvbibOOBWeNB6qg
50qGRGMdpAO802o6Q9Srso7XHVYg/+CET/Hv50JYXqVgeEMON130Td38m8mPLqID
a1fY7DmpxYvHVFBgwufsbP6D1mcLXvXWF3aawzf2NtAhFsait4vkIirV+nyriaEJ
4fPUNfosXP3r5aeG0Y1XLu8TxvctFqqgOzOuCmZvikcDcKVK1Yy+djzxOPZDvvB1
+6bF07g4BAUF/knOHz+aNifEb5GimRJ3OemWO463WMZm
-----END CERTIFICATE-----