Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/WuG_aIanLPcZteY2c9kjb4FovCk.roa
File:                     WuG_aIanLPcZteY2c9kjb4FovCk.roa (raw, json)
Hash identifier:          wKqfa4++IwDtP5BvOqWUSPe0EPhKxTOC90SBWFtRB3M=
Subject key identifier:   5A:E1:BF:68:86:A7:2C:F7:19:B5:E6:36:73:D9:23:6F:81:68:BC:29
Certificate issuer:       /CN=fa3d0bc11b29da44ad57304c3f8568870a019c24
Certificate serial:       0191D65F5BC5B181A9D279911D1C91051DF3
Authority key identifier: FA:3D:0B:C1:1B:29:DA:44:AD:57:30:4C:3F:85:68:87:0A:01:9C:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-j0LwRsp2kStVzBMP4VohwoBnCQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/WuG_aIanLPcZteY2c9kjb4FovCk.roa
Signing time:             Mon 09 Sep 2024 10:40:59 +0000
ROA not before:           Mon 09 Sep 2024 10:40:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62048
IP address blocks:        185.49.104.0/24 maxlen: 24
                          185.118.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/1-j0LwRsp2kStVzBMP4VohwoBnCQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/1-j0LwRsp2kStVzBMP4VohwoBnCQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-j0LwRsp2kStVzBMP4VohwoBnCQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:d6:5f:5b:c5:b1:81:a9:d2:79:91:1d:1c:91:05:1d:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa3d0bc11b29da44ad57304c3f8568870a019c24
        Validity
            Not Before: Sep  9 10:40:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ae1bf6886a72cf719b5e63673d9236f8168bc29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:e5:c8:40:aa:d6:6d:1f:c1:1c:66:8c:69:45:
                    6b:27:a6:79:7c:76:73:16:82:f2:ab:15:0b:9d:9b:
                    40:00:95:50:e3:e0:32:2f:d6:3a:47:d8:81:73:75:
                    90:fb:f1:ed:90:1b:cb:0e:28:29:73:00:00:73:8c:
                    5b:ec:68:bd:16:c7:22:06:09:b9:68:48:65:ea:fa:
                    86:55:4d:7c:29:05:ef:65:ec:05:24:2e:fd:83:1b:
                    86:83:2a:6a:02:d0:cd:a4:15:97:77:37:bf:14:d5:
                    01:f6:8c:46:62:5f:5d:f7:5f:a5:ba:08:75:ce:b3:
                    cd:1e:cf:da:d3:0a:bb:f8:9d:9a:22:62:41:f8:5e:
                    c7:87:54:3f:c8:44:a0:5e:0e:56:31:bf:72:03:c1:
                    9a:ff:3f:29:64:71:3a:bf:a9:9c:c2:b6:61:a0:a0:
                    13:9c:33:a0:69:e0:a2:47:00:4d:e1:56:ed:01:20:
                    54:59:52:9a:a3:c5:08:53:20:7d:c8:b6:fb:4c:2a:
                    26:0d:ea:60:0c:b0:8e:00:c8:b9:88:5c:a0:90:07:
                    f7:94:2d:3d:a2:36:76:1e:4e:6d:00:d1:97:fe:65:
                    7b:69:36:cf:c9:11:26:89:29:64:b4:28:76:98:f3:
                    9d:3a:0c:0a:67:5e:ed:1e:89:e7:a1:97:6a:f9:6f:
                    eb:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:E1:BF:68:86:A7:2C:F7:19:B5:E6:36:73:D9:23:6F:81:68:BC:29
            X509v3 Authority Key Identifier:
                keyid:FA:3D:0B:C1:1B:29:DA:44:AD:57:30:4C:3F:85:68:87:0A:01:9C:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-j0LwRsp2kStVzBMP4VohwoBnCQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/WuG_aIanLPcZteY2c9kjb4FovCk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/1-j0LwRsp2kStVzBMP4VohwoBnCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.49.104.0/24
                  185.118.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:f5:72:bc:f2:01:9a:e3:7a:44:10:2c:d5:34:86:13:f0:b1:
         6c:5b:8a:fb:ec:c1:b2:69:16:4b:99:be:4c:55:0c:08:13:0a:
         98:c3:d1:e3:e6:2c:e0:ff:0f:25:f1:54:1e:67:e9:db:7f:f2:
         8a:c3:5a:a3:d7:09:f3:00:4b:7e:48:7b:e4:7c:4f:e3:31:c4:
         39:3b:9f:c3:0e:ec:9c:77:6b:7b:b7:6e:97:67:be:50:97:28:
         c3:c9:cb:dc:69:f4:cc:52:d7:2d:f3:0b:a2:e9:10:b3:39:1d:
         13:ea:0e:89:f1:25:4e:bd:c5:78:19:87:48:6e:f9:1b:18:d0:
         d8:e6:dd:83:9a:12:ca:8e:ee:ae:02:d2:be:68:e0:b3:75:50:
         39:af:03:e6:42:ad:b1:9d:c3:db:d2:7a:6c:77:90:a0:0f:bb:
         73:b5:35:bb:48:fa:d4:67:01:d6:71:83:e9:fe:fa:ca:58:87:
         0c:a4:43:e8:f6:50:2f:ff:95:e3:e0:f6:11:2f:4f:ea:43:78:
         d5:38:47:62:ab:d5:27:ee:b6:2d:9f:3c:1e:39:dd:af:15:5b:
         15:47:f1:54:2c:95:99:8b:5a:ee:10:59:37:05:20:f3:63:2b:
         27:35:d7:d7:85:24:56:df:7b:87:27:2c:6b:0e:d2:f1:e3:d9:
         a6:df:1d:f8
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZHWX1vFsYGp0nmRHRyRBR3zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhM2QwYmMxMWIyOWRhNDRhZDU3MzA0YzNmODU2ODg3MGEw
MTljMjQwHhcNMjQwOTA5MTA0MDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWUxYmY2ODg2YTcyY2Y3MTliNWU2MzY3M2Q5MjM2ZjgxNjhiYzI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAseXIQKrWbR/BHGaMaUVrJ6Z5fHZz
FoLyqxULnZtAAJVQ4+AyL9Y6R9iBc3WQ+/HtkBvLDigpcwAAc4xb7Gi9FsciBgm5
aEhl6vqGVU18KQXvZewFJC79gxuGgypqAtDNpBWXdze/FNUB9oxGYl9d91+lugh1
zrPNHs/a0wq7+J2aImJB+F7Hh1Q/yESgXg5WMb9yA8Ga/z8pZHE6v6mcwrZhoKAT
nDOgaeCiRwBN4VbtASBUWVKao8UIUyB9yLb7TComDepgDLCOAMi5iFygkAf3lC09
ojZ2Hk5tANGX/mV7aTbPyREmiSlktCh2mPOdOgwKZ17tHonnoZdq+W/rHwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFrhv2iGpyz3GbXmNnPZI2+BaLwpMB8GA1UdIwQY
MBaAFPo9C8EbKdpErVcwTD+FaIcKAZwkMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1qMEx3UnNwMmtTdFZ6Qk1QNFZvaHdvQm5DUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzMvYWE2NjI5LWQxNDktNDE5Ny1hMzE1
LWQyMTA3MWVmNzM1Yi8xL1d1R19hSWFuTFBjWnRlWTJjOWtqYjRGb3ZDay5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzMvYWE2NjI5LWQxNDktNDE5Ny1hMzE1LWQyMTA3MWVmNzM1
Yi8xLzEtajBMd1JzcDJrU3RWekJNUDRWb2h3b0JuQ1EuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAC5MWgD
BAC5dgwwDQYJKoZIhvcNAQELBQADggEBAFz1crzyAZrjekQQLNU0hhPwsWxbivvs
wbJpFkuZvkxVDAgTCpjD0ePmLOD/DyXxVB5n6dt/8orDWqPXCfMAS35Ie+R8T+Mx
xDk7n8MO7Jx3a3u3bpdnvlCXKMPJy9xp9MxS1y3zC6LpELM5HRPqDonxJU69xXgZ
h0hu+RsY0Njm3YOaEsqO7q4C0r5o4LN1UDmvA+ZCrbGdw9vSemx3kKAPu3O1NbtI
+tRnAdZxg+n++spYhwykQ+j2UC//lePg9hEvT+pDeNU4R2Kr1Sfuti2fPB453a8V
WxVH8VQslZmLWu4QWTcFIPNjKyc119eFJFbfe4cnLGsO0vHj2abfHfg=
-----END CERTIFICATE-----