Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/17a3c0-e97a-4306-bce4-7ff32b6ffd1e/1/1-WbeoKo-R_gNtIEt2hih9981Y44.roa
File:                     1-WbeoKo-R_gNtIEt2hih9981Y44.roa (raw, json)
Hash identifier:          m/gtDl/nciHK+MXN+Z5ag2ToDk22LBKc+NnS2CtKTGE=
Subject key identifier:   F9:66:DE:A0:AA:3E:47:F8:0D:B4:81:2D:DA:18:A1:F7:DF:35:63:8E
Certificate issuer:       /CN=11e512976b91a2967ebce10ed4052ece12b14155
Certificate serial:       018CC50141C5542E088341448BFDE653045D
Authority key identifier: 11:E5:12:97:6B:91:A2:96:7E:BC:E1:0E:D4:05:2E:CE:12:B1:41:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EeUSl2uRopZ-vOEO1AUuzhKxQVU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/17a3c0-e97a-4306-bce4-7ff32b6ffd1e/1/1-WbeoKo-R_gNtIEt2hih9981Y44.roa
Signing time:             Mon 01 Jan 2024 12:30:43 +0000
ROA not before:           Mon 01 Jan 2024 12:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2386
IP address blocks:        185.76.181.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/17a3c0-e97a-4306-bce4-7ff32b6ffd1e/1/EeUSl2uRopZ-vOEO1AUuzhKxQVU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/17a3c0-e97a-4306-bce4-7ff32b6ffd1e/1/EeUSl2uRopZ-vOEO1AUuzhKxQVU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EeUSl2uRopZ-vOEO1AUuzhKxQVU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:41:c5:54:2e:08:83:41:44:8b:fd:e6:53:04:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11e512976b91a2967ebce10ed4052ece12b14155
        Validity
            Not Before: Jan  1 12:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f966dea0aa3e47f80db4812dda18a1f7df35638e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:66:3b:87:8a:fb:33:00:04:2a:a3:3b:90:8c:
                    4e:23:23:f6:2a:e9:0b:b0:19:1b:39:c1:45:c3:e5:
                    90:87:90:d9:d0:0e:05:bc:40:02:a6:37:b1:36:73:
                    dc:62:6e:71:89:f1:f2:1c:ba:ee:2e:79:91:93:79:
                    5d:8f:ba:62:3e:78:a3:fd:4e:df:70:1f:d5:47:67:
                    3d:63:af:bb:39:15:61:16:69:69:9a:ed:a7:47:99:
                    e5:3f:bc:57:f4:72:b9:3a:af:68:78:cb:cf:e0:4e:
                    c0:95:c5:b1:77:c4:ae:45:fe:b8:15:18:14:92:d5:
                    1b:99:51:47:46:73:1a:84:30:e0:51:be:1e:67:c8:
                    1f:a4:8d:d2:5b:49:24:db:11:9f:14:8c:ef:5a:52:
                    47:41:13:6f:ff:cf:62:51:24:fa:11:42:ae:f4:33:
                    cc:0a:8e:5c:80:dd:b0:64:fd:8d:a9:39:f6:c4:7b:
                    c5:b8:33:fa:db:6a:01:82:fe:73:f4:52:48:6d:43:
                    c9:17:aa:7c:3a:47:99:60:dd:b4:64:a7:32:c4:e4:
                    9c:13:a3:8b:41:7c:9e:38:6a:4f:57:49:68:4b:b3:
                    c8:f2:8f:79:ad:a6:b2:43:4f:d0:86:24:13:f3:71:
                    f2:5f:fc:18:e4:6f:67:1c:f8:3a:b4:56:4c:be:b0:
                    df:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:66:DE:A0:AA:3E:47:F8:0D:B4:81:2D:DA:18:A1:F7:DF:35:63:8E
            X509v3 Authority Key Identifier:
                keyid:11:E5:12:97:6B:91:A2:96:7E:BC:E1:0E:D4:05:2E:CE:12:B1:41:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EeUSl2uRopZ-vOEO1AUuzhKxQVU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/17a3c0-e97a-4306-bce4-7ff32b6ffd1e/1/1-WbeoKo-R_gNtIEt2hih9981Y44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/17a3c0-e97a-4306-bce4-7ff32b6ffd1e/1/EeUSl2uRopZ-vOEO1AUuzhKxQVU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.76.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:eb:5c:99:a8:d1:62:96:f8:23:7c:90:5a:f3:37:88:d6:9f:
         47:8a:34:e8:0a:1a:9c:9e:ca:c4:d0:88:56:50:c2:6c:0d:29:
         5c:69:d8:0f:79:9c:0f:bf:2b:20:fa:ad:be:6d:03:9a:dd:55:
         ba:6e:ed:bb:52:e0:9f:2e:6f:a5:e4:02:83:32:6d:b7:0a:98:
         a3:39:b4:ba:c3:5a:6d:20:0d:ca:bc:e0:b2:3d:62:23:21:0b:
         a9:b1:c8:28:71:93:e4:86:db:3a:13:2e:4a:93:96:5a:23:10:
         ec:8c:f7:27:95:65:5c:85:22:9b:35:35:0d:1c:4d:8b:08:9f:
         31:f9:d2:d3:25:bb:00:69:1e:57:1b:33:02:f5:df:05:26:79:
         05:33:27:e7:fe:b3:7b:7f:f5:05:fe:cf:35:47:ca:98:ee:c6:
         06:97:76:cb:e8:5b:51:aa:d9:d2:a4:92:74:d6:46:b3:71:04:
         4a:66:ae:2e:ec:8b:61:49:00:33:8a:76:c2:dd:e8:2d:37:76:
         57:08:9c:17:46:34:6a:80:26:5e:eb:88:04:9f:ae:2a:cb:f7:
         55:64:2d:2c:cb:1e:34:a2:8d:d9:70:f7:2d:d2:38:38:ec:0f:
         cd:26:ea:95:dd:4c:e4:15:f2:9e:d3:b6:70:fd:d7:c8:17:48:
         4a:7e:12:06
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFAUHFVC4Ig0FEi/3mUwRdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExZTUxMjk3NmI5MWEyOTY3ZWJjZTEwZWQ0MDUyZWNlMTJi
MTQxNTUwHhcNMjQwMTAxMTIzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTY2ZGVhMGFhM2U0N2Y4MGRiNDgxMmRkYTE4YTFmN2RmMzU2MzhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoWY7h4r7MwAEKqM7kIxOIyP2KukL
sBkbOcFFw+WQh5DZ0A4FvEACpjexNnPcYm5xifHyHLruLnmRk3ldj7piPnij/U7f
cB/VR2c9Y6+7ORVhFmlpmu2nR5nlP7xX9HK5Oq9oeMvP4E7AlcWxd8SuRf64FRgU
ktUbmVFHRnMahDDgUb4eZ8gfpI3SW0kk2xGfFIzvWlJHQRNv/89iUST6EUKu9DPM
Co5cgN2wZP2NqTn2xHvFuDP622oBgv5z9FJIbUPJF6p8OkeZYN20ZKcyxOScE6OL
QXyeOGpPV0loS7PI8o95raayQ0/QhiQT83HyX/wY5G9nHPg6tFZMvrDfEQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPlm3qCqPkf4DbSBLdoYofffNWOOMB8GA1UdIwQY
MBaAFBHlEpdrkaKWfrzhDtQFLs4SsUFVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWVVU2wydVJvcFotdk9FTzFBVXV6aEt4UVZVLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS8xN2EzYzAtZTk3YS00MzA2LWJjZTQt
N2ZmMzJiNmZmZDFlLzEvMS1XYmVvS28tUl9nTnRJRXQyaGloOTk4MVk0NC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYmEvMTdhM2MwLWU5N2EtNDMwNi1iY2U0LTdmZjMyYjZmZmQx
ZS8xL0VlVVNsMnVSb3BaLXZPRU8xQVV1emhLeFFWVS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALlMtTAN
BgkqhkiG9w0BAQsFAAOCAQEAFOtcmajRYpb4I3yQWvM3iNafR4o06AoanJ7KxNCI
VlDCbA0pXGnYD3mcD78rIPqtvm0Dmt1Vum7tu1Lgny5vpeQCgzJttwqYozm0usNa
bSANyrzgsj1iIyELqbHIKHGT5IbbOhMuSpOWWiMQ7Iz3J5VlXIUimzU1DRxNiwif
MfnS0yW7AGkeVxszAvXfBSZ5BTMn5/6ze3/1Bf7PNUfKmO7GBpd2y+hbUarZ0qSS
dNZGs3EESmauLuyLYUkAM4p2wt3oLTd2VwicF0Y0aoAmXuuIBJ+uKsv3VWQtLMse
NKKN2XD3LdI4OOwPzSbqld1M5BXyntO2cP3XyBdISn4SBg==
-----END CERTIFICATE-----