Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/6fbbed-871f-485b-ad1a-46269d17e9f1/1/wrUHLlFAc83Kq7nZsPwNwR6eaMo.roa
File:                     wrUHLlFAc83Kq7nZsPwNwR6eaMo.roa (raw, json)
Hash identifier:          TkpymnTR1s0ASbEd3HSHqK+TSuL1E5Aa+atGg1aE0FI=
Subject key identifier:   C2:B5:07:2E:51:40:73:CD:CA:AB:B9:D9:B0:FC:0D:C1:1E:9E:68:CA
Certificate issuer:       /CN=faf814df8575986dd904a98687583c138768a114
Certificate serial:       018E76741DCDA545A3F86DA1A44D97569614
Authority key identifier: FA:F8:14:DF:85:75:98:6D:D9:04:A9:86:87:58:3C:13:87:68:A1:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-vgU34V1mG3ZBKmGh1g8E4dooRQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/6fbbed-871f-485b-ad1a-46269d17e9f1/1/wrUHLlFAc83Kq7nZsPwNwR6eaMo.roa
Signing time:             Mon 25 Mar 2024 16:31:45 +0000
ROA not before:           Mon 25 Mar 2024 16:31:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56798
IP address blocks:        185.169.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/6fbbed-871f-485b-ad1a-46269d17e9f1/1/1-vgU34V1mG3ZBKmGh1g8E4dooRQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/6fbbed-871f-485b-ad1a-46269d17e9f1/1/1-vgU34V1mG3ZBKmGh1g8E4dooRQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-vgU34V1mG3ZBKmGh1g8E4dooRQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:76:74:1d:cd:a5:45:a3:f8:6d:a1:a4:4d:97:56:96:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=faf814df8575986dd904a98687583c138768a114
        Validity
            Not Before: Mar 25 16:31:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2b5072e514073cdcaabb9d9b0fc0dc11e9e68ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:6e:c5:dd:4d:15:c7:bb:c1:73:3b:39:e1:7c:
                    1d:ff:bb:ab:a7:46:58:71:83:a9:5d:bc:d4:d9:d6:
                    d6:68:27:3c:6d:e1:54:5e:4c:d2:f9:b8:84:8c:0f:
                    92:a8:74:02:03:d3:91:ac:79:cd:90:63:76:b4:a6:
                    eb:1a:f0:db:e2:a0:12:3d:9a:92:4e:4e:55:23:82:
                    49:da:a4:79:9d:f8:c5:5f:27:89:b3:6e:3b:2f:5c:
                    23:5f:c7:0e:0c:a6:f5:2b:1a:2e:8c:4d:50:3e:bf:
                    ec:d5:95:dc:23:6a:e4:65:a4:ab:66:7c:54:d4:b4:
                    5f:50:75:22:41:fb:dd:41:4d:4c:e4:ca:fd:eb:22:
                    60:69:1b:aa:cf:e9:3d:dd:15:2d:1b:a8:cc:24:07:
                    07:af:1e:c4:d6:64:89:57:78:34:f3:11:97:04:c8:
                    e4:26:60:f3:4f:31:80:6d:74:d6:1a:3e:df:d3:18:
                    7d:18:28:5c:71:1c:04:cc:ae:f6:6a:51:b9:d8:22:
                    d4:39:22:c4:02:a3:04:fa:24:b5:50:3e:3e:2e:dd:
                    89:52:cb:64:33:c1:9f:f9:9a:ef:29:08:0a:76:a2:
                    45:76:56:a4:83:f6:08:b2:00:59:a4:d9:66:64:ee:
                    80:2f:96:db:06:a5:86:f3:9d:92:04:2d:85:7e:63:
                    74:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:B5:07:2E:51:40:73:CD:CA:AB:B9:D9:B0:FC:0D:C1:1E:9E:68:CA
            X509v3 Authority Key Identifier:
                keyid:FA:F8:14:DF:85:75:98:6D:D9:04:A9:86:87:58:3C:13:87:68:A1:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-vgU34V1mG3ZBKmGh1g8E4dooRQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/6fbbed-871f-485b-ad1a-46269d17e9f1/1/wrUHLlFAc83Kq7nZsPwNwR6eaMo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/6fbbed-871f-485b-ad1a-46269d17e9f1/1/1-vgU34V1mG3ZBKmGh1g8E4dooRQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.169.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:0f:f9:2f:08:96:70:a9:1c:28:ba:39:6e:09:f8:16:34:a2:
         25:46:1a:c6:4a:c9:9f:fe:54:5f:e9:f7:9d:11:a0:ce:7a:b5:
         3d:e2:48:65:2c:79:49:50:1d:10:74:2a:8c:bb:72:c1:36:d6:
         70:4c:43:23:a6:80:78:66:8b:4f:38:aa:1c:82:52:56:80:f2:
         91:47:c3:14:69:8a:cd:c7:a7:8c:79:e1:1c:f6:0c:84:aa:6e:
         61:5b:27:88:98:c6:09:ae:50:a2:9e:0f:6c:1e:72:4a:61:16:
         6e:b3:18:7f:a0:dd:2a:36:48:f3:16:1b:39:c3:16:71:1c:62:
         e4:5f:22:80:0b:e8:74:41:02:93:56:de:2a:e7:2e:ce:d4:8c:
         56:7a:f5:fc:7f:08:6d:aa:be:b0:dd:0a:c2:03:8b:7f:12:85:
         2d:5c:20:d3:97:3d:46:1b:d0:10:44:7e:ce:c0:da:1e:ee:bc:
         a4:36:97:63:b1:cb:f0:11:b1:59:77:76:9d:08:c1:cc:1e:a1:
         ea:fb:84:c2:9e:b2:fa:d0:86:07:53:6e:f1:03:bb:27:43:93:
         23:9d:db:ab:1f:58:3c:75:62:de:ba:6d:f5:4f:5a:f3:23:06:
         9e:10:58:b2:d8:8a:2d:89:9c:dc:62:14:8e:f9:f0:29:24:38:
         05:45:2a:ff
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY52dB3NpUWj+G2hpE2XVpYUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhZjgxNGRmODU3NTk4NmRkOTA0YTk4Njg3NTgzYzEzODc2
OGExMTQwHhcNMjQwMzI1MTYzMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmI1MDcyZTUxNDA3M2NkY2FhYmI5ZDliMGZjMGRjMTFlOWU2OGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApG7F3U0Vx7vBczs54Xwd/7urp0ZY
cYOpXbzU2dbWaCc8beFUXkzS+biEjA+SqHQCA9ORrHnNkGN2tKbrGvDb4qASPZqS
Tk5VI4JJ2qR5nfjFXyeJs247L1wjX8cODKb1KxoujE1QPr/s1ZXcI2rkZaSrZnxU
1LRfUHUiQfvdQU1M5Mr96yJgaRuqz+k93RUtG6jMJAcHrx7E1mSJV3g08xGXBMjk
JmDzTzGAbXTWGj7f0xh9GChccRwEzK72alG52CLUOSLEAqME+iS1UD4+Lt2JUstk
M8Gf+ZrvKQgKdqJFdlakg/YIsgBZpNlmZO6AL5bbBqWG852SBC2FfmN0cwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMK1By5RQHPNyqu52bD8DcEenmjKMB8GA1UdIwQY
MBaAFPr4FN+FdZht2QSphodYPBOHaKEUMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS12Z1UzNFYxbUczWkJLbUdoMWc4RTRkb29SUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWEvNmZiYmVkLTg3MWYtNDg1Yi1hZDFh
LTQ2MjY5ZDE3ZTlmMS8xL3dyVUhMbEZBYzgzS3E3blpzUHdOd1I2ZWFNby5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYWEvNmZiYmVkLTg3MWYtNDg1Yi1hZDFhLTQ2MjY5ZDE3ZTlm
MS8xLzEtdmdVMzRWMW1HM1pCS21HaDFnOEU0ZG9vUlEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5qV4w
DQYJKoZIhvcNAQELBQADggEBAHIP+S8IlnCpHCi6OW4J+BY0oiVGGsZKyZ/+VF/p
950RoM56tT3iSGUseUlQHRB0Koy7csE21nBMQyOmgHhmi084qhyCUlaA8pFHwxRp
is3Hp4x54Rz2DISqbmFbJ4iYxgmuUKKeD2weckphFm6zGH+g3So2SPMWGznDFnEc
YuRfIoAL6HRBApNW3irnLs7UjFZ69fx/CG2qvrDdCsIDi38ShS1cINOXPUYb0BBE
fs7A2h7uvKQ2l2Oxy/ARsVl3dp0Iwcweoer7hMKesvrQhgdTbvEDuydDkyOd26sf
WDx1Yt66bfVPWvMjBp4QWLLYii2JnNxiFI758CkkOAVFKv8=
-----END CERTIFICATE-----