Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/0244e4-73e3-449d-a06a-1f689935b90f/1/wMFcmN3BLcS77Xwnt0lBpR9KWew.roa
File:                     wMFcmN3BLcS77Xwnt0lBpR9KWew.roa (raw, json)
Hash identifier:          xfunj33l3MCxTbO4uq4geu7rRrw/Jr4NZEBoQBm4qE4=
Subject key identifier:   C0:C1:5C:98:DD:C1:2D:C4:BB:ED:7C:27:B7:49:41:A5:1F:4A:59:EC
Certificate issuer:       /CN=6810aa89239242dacc9d03e3af22d4e87a783414
Certificate serial:       018CC64B2F4A369265A3B5599C27FF70BE2D
Authority key identifier: 68:10:AA:89:23:92:42:DA:CC:9D:03:E3:AF:22:D4:E8:7A:78:34:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aBCqiSOSQtrMnQPjryLU6Hp4NBQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/0244e4-73e3-449d-a06a-1f689935b90f/1/wMFcmN3BLcS77Xwnt0lBpR9KWew.roa
Signing time:             Mon 01 Jan 2024 18:31:04 +0000
ROA not before:           Mon 01 Jan 2024 18:31:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49722
IP address blocks:        212.48.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/0244e4-73e3-449d-a06a-1f689935b90f/1/aBCqiSOSQtrMnQPjryLU6Hp4NBQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/0244e4-73e3-449d-a06a-1f689935b90f/1/aBCqiSOSQtrMnQPjryLU6Hp4NBQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aBCqiSOSQtrMnQPjryLU6Hp4NBQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:2f:4a:36:92:65:a3:b5:59:9c:27:ff:70:be:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6810aa89239242dacc9d03e3af22d4e87a783414
        Validity
            Not Before: Jan  1 18:31:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c0c15c98ddc12dc4bbed7c27b74941a51f4a59ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:2d:b7:65:72:da:a0:1a:8e:7a:36:8b:eb:cc:
                    fa:f7:d6:44:17:9b:c5:3a:07:6c:e3:2e:09:20:65:
                    13:57:33:ff:e7:ae:4a:ec:65:e5:f4:19:05:9e:7f:
                    9f:f1:ed:ac:ec:1f:82:0d:e0:6a:4c:3d:bb:c3:e8:
                    46:70:9a:5f:3c:97:bd:d1:17:9a:51:8f:7c:37:af:
                    38:d3:42:5c:d6:9e:e8:40:ff:3e:db:f8:b3:94:1b:
                    03:c8:8b:f5:7c:73:11:95:07:af:35:25:6b:4e:63:
                    72:95:3b:2d:ce:41:1d:18:b3:56:ec:5b:5e:29:db:
                    f9:8d:1b:bc:11:15:d6:af:24:5f:6a:ba:0f:ed:37:
                    05:0a:22:c2:9c:e9:3c:57:1f:09:ff:1c:8e:0b:4e:
                    e4:b1:96:03:81:a6:99:4e:68:f0:71:81:54:fd:d2:
                    22:73:ac:37:64:04:6e:aa:72:9e:4c:9c:4e:c5:ee:
                    c9:e3:a8:b5:14:83:ad:10:b6:46:50:5f:d1:1c:15:
                    71:89:ce:ac:b1:59:6c:36:a2:02:1f:cf:48:13:b6:
                    1b:66:6c:f1:11:b3:47:dd:a5:ca:f0:20:b6:ba:f2:
                    f9:12:57:47:62:f0:1e:95:50:4e:ad:90:6e:db:47:
                    9b:a8:50:71:28:6c:38:b1:c9:aa:d3:96:e7:86:1c:
                    85:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:C1:5C:98:DD:C1:2D:C4:BB:ED:7C:27:B7:49:41:A5:1F:4A:59:EC
            X509v3 Authority Key Identifier:
                keyid:68:10:AA:89:23:92:42:DA:CC:9D:03:E3:AF:22:D4:E8:7A:78:34:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aBCqiSOSQtrMnQPjryLU6Hp4NBQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0244e4-73e3-449d-a06a-1f689935b90f/1/wMFcmN3BLcS77Xwnt0lBpR9KWew.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0244e4-73e3-449d-a06a-1f689935b90f/1/aBCqiSOSQtrMnQPjryLU6Hp4NBQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.48.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:a3:d2:c0:9e:dd:fb:02:10:6c:a8:65:ac:f9:18:d5:8a:a2:
         13:b6:3f:23:78:d8:e5:5f:29:20:26:06:3c:bc:1f:ca:ad:8c:
         7f:5b:41:c0:f9:9b:6d:84:93:27:b5:0a:9d:e1:1f:59:eb:bd:
         8d:fb:36:80:2c:76:e6:3e:d2:22:e3:97:69:6f:8f:39:0b:a4:
         95:a9:11:1a:cd:a3:1c:95:15:36:3a:0d:40:96:b7:f7:5b:2a:
         22:86:6f:c5:a7:d1:6d:1d:a6:90:40:98:29:9e:dd:5a:65:12:
         55:4d:ca:1b:d5:42:da:0f:ed:90:5c:dc:87:11:2e:91:76:55:
         a2:21:31:99:73:9b:00:f7:40:fc:c8:02:a3:f6:6e:28:fc:10:
         06:c8:fc:90:7b:73:d3:ca:81:c8:80:d7:99:c3:7f:17:5c:99:
         9e:e4:79:35:ad:92:a6:5c:70:d5:47:54:2d:c7:de:92:20:95:
         03:a1:f6:39:72:28:22:29:65:3b:52:8f:b2:7a:6f:85:2b:50:
         82:51:9e:28:8d:dc:82:6b:ec:e1:2a:c3:a0:d2:b2:1d:4f:bc:
         6b:89:11:91:c7:ce:73:21:ea:20:63:0f:44:c3:e2:c6:a9:9c:
         14:7e:5c:9b:1d:18:7e:dc:1f:cd:b6:77:4d:da:77:65:f6:35:
         ed:b9:7e:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSy9KNpJlo7VZnCf/cL4tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4MTBhYTg5MjM5MjQyZGFjYzlkMDNlM2FmMjJkNGU4N2E3
ODM0MTQwHhcNMjQwMTAxMTgzMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGMxNWM5OGRkYzEyZGM0YmJlZDdjMjdiNzQ5NDFhNTFmNGE1OWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqy23ZXLaoBqOejaL68z699ZEF5vF
Ogds4y4JIGUTVzP/565K7GXl9BkFnn+f8e2s7B+CDeBqTD27w+hGcJpfPJe90Rea
UY98N68400Jc1p7oQP8+2/izlBsDyIv1fHMRlQevNSVrTmNylTstzkEdGLNW7Fte
Kdv5jRu8ERXWryRfaroP7TcFCiLCnOk8Vx8J/xyOC07ksZYDgaaZTmjwcYFU/dIi
c6w3ZARuqnKeTJxOxe7J46i1FIOtELZGUF/RHBVxic6ssVlsNqICH89IE7YbZmzx
EbNH3aXK8CC2uvL5EldHYvAelVBOrZBu20ebqFBxKGw4scmq05bnhhyFrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMDBXJjdwS3Eu+18J7dJQaUfSlnsMB8GA1UdIwQY
MBaAFGgQqokjkkLazJ0D468i1Oh6eDQUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUJDcWlTT1NRdHJNblFQanJ5TFU2SHA0TkJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS8wMjQ0ZTQtNzNlMy00NDlkLWEwNmEt
MWY2ODk5MzViOTBmLzEvd01GY21OM0JMY1M3N1h3bnQwbEJwUjlLV2V3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS8wMjQ0ZTQtNzNlMy00NDlkLWEwNmEtMWY2ODk5MzViOTBm
LzEvYUJDcWlTT1NRdHJNblFQanJ5TFU2SHA0TkJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1DDmMA0G
CSqGSIb3DQEBCwUAA4IBAQCyo9LAnt37AhBsqGWs+RjViqITtj8jeNjlXykgJgY8
vB/KrYx/W0HA+ZtthJMntQqd4R9Z672N+zaALHbmPtIi45dpb485C6SVqREazaMc
lRU2Og1Alrf3Wyoihm/Fp9FtHaaQQJgpnt1aZRJVTcob1ULaD+2QXNyHES6RdlWi
ITGZc5sA90D8yAKj9m4o/BAGyPyQe3PTyoHIgNeZw38XXJme5Hk1rZKmXHDVR1Qt
x96SIJUDofY5cigiKWU7Uo+yem+FK1CCUZ4ojdyCa+zhKsOg0rIdT7xriRGRx85z
IeogYw9Ew+LGqZwUflybHRh+3B/NtndN2ndl9jXtuX5O
-----END CERTIFICATE-----