Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/WvxOfeXPQW5hhkK-8X1QTdkdis0.roa
File:                     WvxOfeXPQW5hhkK-8X1QTdkdis0.roa (raw, json)
Hash identifier:          oNJxw7MDpTygcQaVmGN69/Mm77VrCJFhGLB6GfFDKWI=
Subject key identifier:   5A:FC:4E:7D:E5:CF:41:6E:61:86:42:BE:F1:7D:50:4D:D9:1D:8A:CD
Certificate issuer:       /CN=d5637692ff5c45486d1053b149dc1420026cd733
Certificate serial:       0192B2D725FD74F078CB63E7C107D457D547
Authority key identifier: D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/WvxOfeXPQW5hhkK-8X1QTdkdis0.roa
Signing time:             Tue 22 Oct 2024 06:08:17 +0000
ROA not before:           Tue 22 Oct 2024 06:08:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398465
IP address blocks:        80.246.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b2:d7:25:fd:74:f0:78:cb:63:e7:c1:07:d4:57:d5:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5637692ff5c45486d1053b149dc1420026cd733
        Validity
            Not Before: Oct 22 06:08:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5afc4e7de5cf416e618642bef17d504dd91d8acd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:47:a0:09:87:ec:21:9d:a4:77:f4:6f:18:fe:
                    7b:38:38:70:06:1c:4e:b1:c1:4e:1d:70:2c:dc:98:
                    c3:32:a5:be:02:75:ac:41:86:34:5c:52:9e:87:87:
                    93:6d:02:3d:87:06:99:17:19:68:24:b2:77:22:a3:
                    36:67:7a:0a:f2:16:d9:f5:a6:e0:d7:27:99:b9:61:
                    c2:86:9e:b1:2b:75:05:39:8f:62:b4:c3:b3:41:de:
                    7f:5d:a8:64:ba:8b:19:b8:d0:33:a3:6e:79:66:23:
                    b4:7e:01:06:ae:88:13:53:2c:36:36:d6:cd:6e:7e:
                    c6:e2:0c:78:10:37:4e:74:cc:8e:79:dd:cf:d3:7b:
                    b3:65:44:d7:4a:b6:8f:81:24:88:d8:af:0b:12:09:
                    20:1f:55:4c:db:28:bf:f4:f7:90:3c:33:f8:cb:3f:
                    36:b9:1b:1e:e9:86:53:71:62:24:58:78:5e:eb:3f:
                    b4:bb:ab:40:0e:84:07:af:ea:d4:aa:33:a0:80:07:
                    4e:07:c0:6b:32:0a:0a:28:b4:c2:8a:0a:25:35:99:
                    e4:6a:f6:8f:40:46:92:18:4e:c5:a1:c6:7b:52:c3:
                    b8:5b:63:17:b7:e9:7f:13:3d:cf:64:ea:e6:df:89:
                    92:55:0e:4f:b3:6c:ae:0f:e2:10:3a:d4:f8:2e:30:
                    0a:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:FC:4E:7D:E5:CF:41:6E:61:86:42:BE:F1:7D:50:4D:D9:1D:8A:CD
            X509v3 Authority Key Identifier:
                keyid:D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/WvxOfeXPQW5hhkK-8X1QTdkdis0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.246.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:b6:95:af:94:e3:34:23:b8:c8:e1:6d:2e:d5:1e:db:a5:09:
         21:12:d3:d0:5d:ca:1e:be:d2:39:04:bf:1f:eb:f6:53:94:6e:
         94:1f:4b:a8:56:7c:bf:85:c7:77:d1:22:cf:cc:40:7c:47:d3:
         25:7b:6f:6a:94:37:e0:c5:14:54:77:39:6b:6d:ef:c7:a0:c7:
         8f:10:bf:6b:79:53:52:fd:38:36:c5:7d:9f:4a:b0:1e:db:3a:
         0c:84:44:6c:df:2f:51:6d:2e:41:76:7f:e3:d1:b0:5d:84:bd:
         39:34:e3:87:bb:eb:2f:9d:f3:7d:5e:2e:aa:5e:23:62:9c:13:
         11:d2:94:28:c9:26:95:87:19:1a:75:06:11:84:cc:00:23:7a:
         a0:8d:4d:4f:2e:44:25:50:06:db:31:49:01:59:16:f4:56:eb:
         7f:5e:34:8f:20:a8:52:b4:6c:d8:f4:7e:d2:a7:32:cc:07:eb:
         ae:8d:24:db:45:c8:b8:f5:c1:6b:df:d3:c0:33:d2:18:c8:25:
         3f:fb:7b:01:72:02:87:2a:2f:04:d2:e0:91:71:6c:e4:ae:71:
         fe:87:9a:56:ad:a1:e7:4f:4d:c2:6b:9d:e3:80:ff:b9:3f:79:
         a4:4a:33:13:69:68:0e:8e:52:e2:00:a9:22:f6:6c:90:58:60:
         35:c5:a6:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKy1yX9dPB4y2PnwQfUV9VHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NjM3NjkyZmY1YzQ1NDg2ZDEwNTNiMTQ5ZGMxNDIwMDI2
Y2Q3MzMwHhcNMjQxMDIyMDYwODE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWZjNGU3ZGU1Y2Y0MTZlNjE4NjQyYmVmMTdkNTA0ZGQ5MWQ4YWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhEegCYfsIZ2kd/RvGP57ODhwBhxO
scFOHXAs3JjDMqW+AnWsQYY0XFKeh4eTbQI9hwaZFxloJLJ3IqM2Z3oK8hbZ9abg
1yeZuWHChp6xK3UFOY9itMOzQd5/XahkuosZuNAzo255ZiO0fgEGrogTUyw2NtbN
bn7G4gx4EDdOdMyOed3P03uzZUTXSraPgSSI2K8LEgkgH1VM2yi/9PeQPDP4yz82
uRse6YZTcWIkWHhe6z+0u6tADoQHr+rUqjOggAdOB8BrMgoKKLTCigolNZnkavaP
QEaSGE7FocZ7UsO4W2MXt+l/Ez3PZOrm34mSVQ5Ps2yuD+IQOtT4LjAKyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFr8Tn3lz0FuYYZCvvF9UE3ZHYrNMB8GA1UdIwQY
MBaAFNVjdpL/XEVIbRBTsUncFCACbNczMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDkt
YWRlYWRlMjg2NWMxLzEvV3Z4T2ZlWFBRVzVoaGtLLThYMVFUZGtkaXMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDktYWRlYWRlMjg2NWMx
LzEvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPblMA0G
CSqGSIb3DQEBCwUAA4IBAQAmtpWvlOM0I7jI4W0u1R7bpQkhEtPQXcoevtI5BL8f
6/ZTlG6UH0uoVny/hcd30SLPzEB8R9Mle29qlDfgxRRUdzlrbe/HoMePEL9reVNS
/Tg2xX2fSrAe2zoMhERs3y9RbS5Bdn/j0bBdhL05NOOHu+svnfN9Xi6qXiNinBMR
0pQoySaVhxkadQYRhMwAI3qgjU1PLkQlUAbbMUkBWRb0Vut/XjSPIKhStGzY9H7S
pzLMB+uujSTbRci49cFr39PAM9IYyCU/+3sBcgKHKi8E0uCRcWzkrnH+h5pWraHn
T03Ca53jgP+5P3mkSjMTaWgOjlLiAKki9myQWGA1xaam
-----END CERTIFICATE-----