Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/465c40-6718-4ea9-91e5-912047153e01/1/wgdhruz0xtRxWdWf--i6dPU1wQE.roa
File:                     wgdhruz0xtRxWdWf--i6dPU1wQE.roa (raw, json)
Hash identifier:          WcvpeOu2J24CdapCRKlSln4v+gu+O2IeoZu5OdQe1GY=
Subject key identifier:   C2:07:61:AE:EC:F4:C6:D4:71:59:D5:9F:FB:E8:BA:74:F5:35:C1:01
Certificate issuer:       /CN=b135377901a7871d3bff7a70277a2f4e2fc0e277
Certificate serial:       019422204128C2EDA8B2E1B2D4CFC8BC1880
Authority key identifier: B1:35:37:79:01:A7:87:1D:3B:FF:7A:70:27:7A:2F:4E:2F:C0:E2:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sTU3eQGnhx07_3pwJ3ovTi_A4nc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/465c40-6718-4ea9-91e5-912047153e01/1/wgdhruz0xtRxWdWf--i6dPU1wQE.roa
Signing time:             Wed 01 Jan 2025 13:48:46 +0000
ROA not before:           Wed 01 Jan 2025 13:48:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215833
IP address blocks:        185.104.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/465c40-6718-4ea9-91e5-912047153e01/1/sTU3eQGnhx07_3pwJ3ovTi_A4nc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/465c40-6718-4ea9-91e5-912047153e01/1/sTU3eQGnhx07_3pwJ3ovTi_A4nc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sTU3eQGnhx07_3pwJ3ovTi_A4nc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 17:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:41:28:c2:ed:a8:b2:e1:b2:d4:cf:c8:bc:18:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b135377901a7871d3bff7a70277a2f4e2fc0e277
        Validity
            Not Before: Jan  1 13:48:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c20761aeecf4c6d47159d59ffbe8ba74f535c101
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:11:f8:d4:a3:ea:e4:4f:96:58:d4:55:3d:54:
                    03:9e:2c:1b:a1:c0:41:e0:07:7b:9b:5c:05:75:80:
                    59:1c:d0:53:88:92:d9:a0:2c:b0:8e:38:3d:0f:01:
                    16:d2:2e:f0:28:bd:e3:e4:23:4d:3a:4e:e6:e9:22:
                    dc:bf:45:01:b6:c9:4e:45:df:a2:1c:02:8a:7a:11:
                    5a:da:88:27:98:39:40:43:88:c4:6f:1f:44:d5:00:
                    1c:e8:30:c8:e6:49:8d:82:77:e2:56:6c:6e:8a:4f:
                    3d:f7:76:b7:5b:0b:cd:7c:68:50:09:b1:2f:d3:a8:
                    c1:e3:5a:ab:47:c7:f3:ed:33:58:c5:94:6c:74:43:
                    87:26:38:3b:26:a6:ad:c5:1e:85:a2:fc:f7:25:db:
                    cc:55:f6:a2:86:db:fa:27:de:e8:e1:f0:48:a7:ce:
                    f3:44:90:35:54:59:2d:94:b0:5c:e1:dc:80:fe:8a:
                    0d:65:e0:42:4c:93:b8:1c:f7:d8:98:41:3c:81:ad:
                    25:34:6d:62:c3:f3:f9:a9:3b:3c:8f:09:a4:48:fc:
                    94:c9:ad:2d:b3:58:46:10:8d:be:b6:51:76:31:c5:
                    c8:23:9e:47:8b:66:f9:4a:91:0b:0e:84:0a:e0:b2:
                    55:b6:bd:51:bf:82:17:15:eb:59:57:78:b8:a4:b3:
                    d4:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:07:61:AE:EC:F4:C6:D4:71:59:D5:9F:FB:E8:BA:74:F5:35:C1:01
            X509v3 Authority Key Identifier:
                keyid:B1:35:37:79:01:A7:87:1D:3B:FF:7A:70:27:7A:2F:4E:2F:C0:E2:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sTU3eQGnhx07_3pwJ3ovTi_A4nc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/465c40-6718-4ea9-91e5-912047153e01/1/wgdhruz0xtRxWdWf--i6dPU1wQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/465c40-6718-4ea9-91e5-912047153e01/1/sTU3eQGnhx07_3pwJ3ovTi_A4nc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.104.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:f5:82:46:f7:a4:4e:55:c8:02:85:24:0f:e4:bd:63:d2:79:
         32:92:42:27:45:26:c3:6c:8f:34:97:ef:a2:3a:bb:a0:2a:8d:
         18:ae:2d:8e:8c:c5:82:54:c0:10:85:fd:ff:d6:f6:a9:37:91:
         90:b4:c4:cb:12:74:66:5c:f5:c0:cc:4e:b8:e9:4e:53:6b:1a:
         12:91:93:90:1b:35:a2:fa:94:89:23:f7:c7:68:3d:00:ca:52:
         c2:8a:e9:b7:4c:6b:31:0d:c9:7c:27:3c:a9:a1:b1:f2:d6:22:
         b3:96:56:00:9b:d4:c8:34:e9:15:39:77:9d:6e:19:47:59:06:
         de:c6:8e:a5:15:95:fb:fc:b3:82:94:22:10:3a:cc:77:64:91:
         e4:a8:fb:18:d9:8c:e3:33:53:bb:f1:f6:af:a4:92:e4:38:40:
         23:1f:d1:d3:52:3e:23:7f:69:74:ad:03:8b:35:16:43:0d:14:
         fa:bf:c4:34:4e:a8:01:3f:1f:5d:fc:4d:c3:ee:fb:b0:9e:43:
         bf:bd:b1:e3:4d:a7:b5:36:a2:a5:11:c2:54:5c:7b:37:59:c0:
         79:76:00:9b:26:98:8f:aa:d9:83:d7:f7:b9:73:e7:e0:f0:ac:
         83:43:ef:e0:25:8c:1d:72:ce:75:c5:42:6f:77:d8:f4:67:22:
         3a:06:39:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIEEowu2osuGy1M/IvBiAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxMzUzNzc5MDFhNzg3MWQzYmZmN2E3MDI3N2EyZjRlMmZj
MGUyNzcwHhcNMjUwMTAxMTM0ODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjA3NjFhZWVjZjRjNmQ0NzE1OWQ1OWZmYmU4YmE3NGY1MzVjMTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBH41KPq5E+WWNRVPVQDniwbocBB
4Ad7m1wFdYBZHNBTiJLZoCywjjg9DwEW0i7wKL3j5CNNOk7m6SLcv0UBtslORd+i
HAKKehFa2ognmDlAQ4jEbx9E1QAc6DDI5kmNgnfiVmxuik8993a3WwvNfGhQCbEv
06jB41qrR8fz7TNYxZRsdEOHJjg7JqatxR6Fovz3JdvMVfaihtv6J97o4fBIp87z
RJA1VFktlLBc4dyA/ooNZeBCTJO4HPfYmEE8ga0lNG1iw/P5qTs8jwmkSPyUya0t
s1hGEI2+tlF2McXII55Hi2b5SpELDoQK4LJVtr1Rv4IXFetZV3i4pLPUZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMIHYa7s9MbUcVnVn/vounT1NcEBMB8GA1UdIwQY
MBaAFLE1N3kBp4cdO/96cCd6L04vwOJ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1RVM2VRR25oeDA3XzNwd0ozb3ZUaV9BNG5jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi80NjVjNDAtNjcxOC00ZWE5LTkxZTUt
OTEyMDQ3MTUzZTAxLzEvd2dkaHJ1ejB4dFJ4V2RXZi0taTZkUFUxd1FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi80NjVjNDAtNjcxOC00ZWE5LTkxZTUtOTEyMDQ3MTUzZTAx
LzEvc1RVM2VRR25oeDA3XzNwd0ozb3ZUaV9BNG5jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWh7MA0G
CSqGSIb3DQEBCwUAA4IBAQBi9YJG96ROVcgChSQP5L1j0nkykkInRSbDbI80l++i
OrugKo0Yri2OjMWCVMAQhf3/1vapN5GQtMTLEnRmXPXAzE646U5TaxoSkZOQGzWi
+pSJI/fHaD0AylLCium3TGsxDcl8JzypobHy1iKzllYAm9TINOkVOXedbhlHWQbe
xo6lFZX7/LOClCIQOsx3ZJHkqPsY2YzjM1O78favpJLkOEAjH9HTUj4jf2l0rQOL
NRZDDRT6v8Q0TqgBPx9d/E3D7vuwnkO/vbHjTae1NqKlEcJUXHs3WcB5dgCbJpiP
qtmD1/e5c+fg8KyDQ+/gJYwdcs51xUJvd9j0ZyI6Bjmq
-----END CERTIFICATE-----