Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/Wx0n_P_6F5MSg1KVySM5tJqWkSg.roa
File:                     Wx0n_P_6F5MSg1KVySM5tJqWkSg.roa (raw, json)
Hash identifier:          sbGIguG5dPvziuiTSZQdtg7/KXVpeak3iQuqTG+/62w=
Subject key identifier:   5B:1D:27:FC:FF:FA:17:93:12:83:52:95:C9:23:39:B4:9A:96:91:28
Certificate issuer:       /CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
Certificate serial:       018EC96BC5520E55A7B72F80AF576351EEAF
Authority key identifier: 0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/Wx0n_P_6F5MSg1KVySM5tJqWkSg.roa
Signing time:             Wed 10 Apr 2024 19:11:06 +0000
ROA not before:           Wed 10 Apr 2024 19:11:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        87.236.165.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c9:6b:c5:52:0e:55:a7:b7:2f:80:af:57:63:51:ee:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
        Validity
            Not Before: Apr 10 19:11:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b1d27fcfffa179312835295c92339b49a969128
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:aa:7a:0f:5b:af:46:99:dc:b5:7e:26:a8:94:
                    30:17:bd:ed:6c:4e:dd:f7:53:62:d4:b9:2d:3d:2a:
                    b8:da:5c:4d:56:92:83:88:30:51:cc:cd:6f:04:17:
                    15:6a:d0:2b:4f:b8:c6:3f:79:4c:18:f3:9e:6a:0d:
                    e5:db:2b:9b:56:bd:cd:69:2c:64:be:e4:19:20:4f:
                    a4:a7:37:23:3e:89:0b:94:b9:c1:93:3b:a8:db:0d:
                    75:48:4d:01:80:46:d2:6b:93:e6:ee:97:61:4f:b8:
                    7d:ac:03:ff:5b:fc:41:9d:bd:de:37:2e:fa:ea:b1:
                    8e:7b:ee:98:b8:86:cf:f7:95:8e:62:fe:a9:ce:5b:
                    0e:fb:4f:63:fd:5f:81:0d:a2:c6:43:14:87:82:f5:
                    fa:b9:87:e4:31:32:a1:97:af:6a:e9:ae:78:06:af:
                    c1:4f:ce:a1:7e:11:ba:1a:16:65:4f:82:0b:c9:dc:
                    d2:70:df:ca:2d:d7:ba:0e:be:43:54:58:5e:e4:56:
                    f5:13:42:9f:00:dd:6a:3b:09:a4:4b:e7:ea:8c:1d:
                    4c:2e:e1:19:44:11:21:a1:38:d0:1d:52:00:98:57:
                    45:93:a6:00:79:ae:05:15:a7:3a:f2:e1:31:ab:12:
                    8b:4e:62:8a:6f:0e:77:f8:91:c8:fe:01:62:d7:52:
                    57:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:1D:27:FC:FF:FA:17:93:12:83:52:95:C9:23:39:B4:9A:96:91:28
            X509v3 Authority Key Identifier:
                keyid:0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/Wx0n_P_6F5MSg1KVySM5tJqWkSg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.236.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:2e:31:61:24:d4:06:38:d3:40:81:36:f7:fb:84:56:a9:f9:
         3a:2a:fa:43:18:63:f7:33:41:da:a0:cc:00:71:0e:ff:0f:f8:
         75:1a:fa:33:48:73:c5:70:df:b4:24:35:9a:86:c7:11:72:d4:
         79:64:b2:16:29:f6:28:c5:b6:4b:b8:2e:46:39:de:24:7d:d7:
         95:d5:00:6f:3d:d6:0b:3c:fe:29:c8:a6:e5:99:64:94:d7:49:
         62:bc:15:e3:a8:c1:5b:91:fd:72:98:a8:b7:e0:37:37:72:3a:
         0c:ba:9f:8b:fb:25:ec:84:a9:e4:47:ce:94:75:df:f4:9c:fa:
         17:c0:fe:c5:4e:f7:a1:04:f0:f7:a1:32:7b:b1:ac:3d:26:49:
         8b:94:19:3d:1f:d4:2b:23:cf:a4:7d:45:e0:0c:84:85:84:da:
         ae:4a:48:e5:e9:15:2d:9c:a0:5a:47:da:8c:48:42:27:ef:01:
         8a:10:b0:66:57:2d:69:35:12:35:4c:82:48:51:78:a7:eb:f5:
         dd:00:90:67:07:45:8e:9f:fc:91:49:bc:e1:5e:37:d6:2c:f1:
         84:9a:1f:67:3d:5d:aa:75:67:36:79:0a:a7:91:f7:4c:ea:0e:
         fa:86:56:0d:95:ee:c8:e9:dc:8c:18:c7:72:cd:15:1d:ec:41:
         f5:fc:77:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7Ja8VSDlWnty+Ar1djUe6vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkYjY3YzVjN2ZhN2ZlMjQ5MmVlYzM3Y2Y0Mjc2NDJiNzFk
NDI1YjAwHhcNMjQwNDEwMTkxMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjFkMjdmY2ZmZmExNzkzMTI4MzUyOTVjOTIzMzliNDlhOTY5MTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6p6D1uvRpnctX4mqJQwF73tbE7d
91Ni1LktPSq42lxNVpKDiDBRzM1vBBcVatArT7jGP3lMGPOeag3l2yubVr3NaSxk
vuQZIE+kpzcjPokLlLnBkzuo2w11SE0BgEbSa5Pm7pdhT7h9rAP/W/xBnb3eNy76
6rGOe+6YuIbP95WOYv6pzlsO+09j/V+BDaLGQxSHgvX6uYfkMTKhl69q6a54Bq/B
T86hfhG6GhZlT4ILydzScN/KLde6Dr5DVFhe5Fb1E0KfAN1qOwmkS+fqjB1MLuEZ
RBEhoTjQHVIAmFdFk6YAea4FFac68uExqxKLTmKKbw53+JHI/gFi11JX+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFsdJ/z/+heTEoNSlckjObSalpEoMB8GA1UdIwQY
MBaAFA22fFx/p/4kku7DfPQnZCtx1CWwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjkt
YjAzZGY5OTZlNDgxLzEvV3gwbl9QXzZGNU1TZzFLVnlTTTV0SnFXa1NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjktYjAzZGY5OTZlNDgx
LzEvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+ylMA0G
CSqGSIb3DQEBCwUAA4IBAQAjLjFhJNQGONNAgTb3+4RWqfk6KvpDGGP3M0HaoMwA
cQ7/D/h1GvozSHPFcN+0JDWahscRctR5ZLIWKfYoxbZLuC5GOd4kfdeV1QBvPdYL
PP4pyKblmWSU10livBXjqMFbkf1ymKi34Dc3cjoMup+L+yXshKnkR86Udd/0nPoX
wP7FTvehBPD3oTJ7saw9JkmLlBk9H9QrI8+kfUXgDISFhNquSkjl6RUtnKBaR9qM
SEIn7wGKELBmVy1pNRI1TIJIUXin6/XdAJBnB0WOn/yRSbzhXjfWLPGEmh9nPV2q
dWc2eQqnkfdM6g76hlYNle7I6dyMGMdyzRUd7EH1/Hf+
-----END CERTIFICATE-----