Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/f59ee1-6afe-4e38-b995-419b5723eef9/1/wvdynAJlKFHjoAQqfBhIg9B5o_M.roa
File:                     wvdynAJlKFHjoAQqfBhIg9B5o_M.roa (raw, json)
Hash identifier:          uumJHVTjKCv1ZOpLhWWc03ZZkFRGOo3iTIaLrWJtwLc=
Subject key identifier:   C2:F7:72:9C:02:65:28:51:E3:A0:04:2A:7C:18:48:83:D0:79:A3:F3
Certificate issuer:       /CN=099f12f3fa7311cd993ab6bc5bb29a1bf2ad48a1
Certificate serial:       018CC3B6AF5DC43593438C4D377768742CBA
Authority key identifier: 09:9F:12:F3:FA:73:11:CD:99:3A:B6:BC:5B:B2:9A:1B:F2:AD:48:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CZ8S8_pzEc2ZOra8W7KaG_KtSKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/f59ee1-6afe-4e38-b995-419b5723eef9/1/wvdynAJlKFHjoAQqfBhIg9B5o_M.roa
Signing time:             Mon 01 Jan 2024 06:29:38 +0000
ROA not before:           Mon 01 Jan 2024 06:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49250
IP address blocks:        45.149.248.0/23 maxlen: 23
                          45.149.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/f59ee1-6afe-4e38-b995-419b5723eef9/1/CZ8S8_pzEc2ZOra8W7KaG_KtSKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/f59ee1-6afe-4e38-b995-419b5723eef9/1/CZ8S8_pzEc2ZOra8W7KaG_KtSKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CZ8S8_pzEc2ZOra8W7KaG_KtSKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 06:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:af:5d:c4:35:93:43:8c:4d:37:77:68:74:2c:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=099f12f3fa7311cd993ab6bc5bb29a1bf2ad48a1
        Validity
            Not Before: Jan  1 06:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2f7729c02652851e3a0042a7c184883d079a3f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:10:93:ab:c1:fa:b3:da:cc:1b:c4:94:c0:9e:
                    5c:a4:21:c2:b9:42:ee:e1:4c:86:f8:0d:f8:f0:bf:
                    71:45:4f:96:fc:10:7f:ee:2b:f1:a4:88:7d:27:aa:
                    4b:47:24:b8:ee:d7:8f:fa:67:eb:9d:97:86:c0:d0:
                    74:48:bf:86:56:57:3c:bb:b7:18:53:f3:15:9c:e8:
                    5e:5a:dd:a0:87:d9:54:2b:b5:36:8c:fe:31:68:a7:
                    1d:9b:83:00:c0:e0:54:e8:1c:5b:0e:c3:3a:9d:63:
                    a3:d8:9b:90:2f:9d:93:5e:a1:16:7e:de:5e:3a:4c:
                    aa:db:1e:ee:3a:92:09:02:74:89:19:2d:3e:43:10:
                    66:6f:75:47:69:9b:98:a0:81:59:76:f6:ab:39:c3:
                    8a:8b:32:eb:97:29:f1:c9:63:ab:c1:7d:c3:e0:6b:
                    f1:b1:db:94:7d:05:3d:71:93:c2:c7:40:f0:48:e8:
                    81:11:09:66:79:df:8f:0c:2a:10:d3:23:32:08:44:
                    25:e1:08:80:f3:54:79:d1:c2:85:7f:23:4d:56:9e:
                    23:09:42:0b:14:cf:84:e3:1a:16:76:43:a6:03:1a:
                    9d:78:84:e1:4c:b5:18:07:ce:e4:16:d5:08:34:0f:
                    af:bd:5d:99:8f:9f:81:1e:51:24:4e:20:95:4a:a8:
                    19:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:F7:72:9C:02:65:28:51:E3:A0:04:2A:7C:18:48:83:D0:79:A3:F3
            X509v3 Authority Key Identifier:
                keyid:09:9F:12:F3:FA:73:11:CD:99:3A:B6:BC:5B:B2:9A:1B:F2:AD:48:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CZ8S8_pzEc2ZOra8W7KaG_KtSKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/f59ee1-6afe-4e38-b995-419b5723eef9/1/wvdynAJlKFHjoAQqfBhIg9B5o_M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/f59ee1-6afe-4e38-b995-419b5723eef9/1/CZ8S8_pzEc2ZOra8W7KaG_KtSKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.248.0-45.149.250.255

    Signature Algorithm: sha256WithRSAEncryption
         72:61:1d:8a:24:1e:dd:8e:3e:d9:74:c0:d6:0d:3a:97:60:95:
         57:0f:10:bc:ff:70:85:da:3e:74:65:6f:d5:97:37:d9:de:91:
         04:38:24:b5:02:11:a5:b7:94:ef:3f:9a:84:45:42:72:a1:ab:
         de:31:bd:79:bc:39:54:00:71:d4:24:fd:06:88:f2:7a:17:19:
         28:e9:85:fb:43:60:13:0f:69:23:c4:93:30:a1:7e:85:e0:1f:
         26:8c:65:8f:8f:93:00:c9:c4:22:1e:83:91:ea:28:9e:99:44:
         a3:09:22:f8:40:dc:73:57:ac:be:ec:03:6d:7b:52:14:3e:95:
         7b:d9:7d:8d:68:08:5d:96:91:96:6b:92:10:68:b0:08:4b:09:
         40:7a:ac:32:ab:d3:21:b8:c6:f3:b2:02:d2:31:06:dd:07:94:
         22:d6:ff:47:8b:ad:99:5e:27:78:ca:09:e6:82:96:82:e5:5d:
         fa:ab:eb:c4:77:f0:ee:b5:19:b3:a8:6a:7e:91:33:e8:d4:0f:
         20:4a:42:bc:a0:5f:e2:42:14:6d:cb:e1:f2:15:68:34:60:85:
         b7:0e:c6:3b:49:e0:fc:2e:54:7d:bf:3e:6c:b0:15:aa:6f:45:
         63:2c:cc:37:9d:bc:e2:df:13:9b:74:cf:de:8a:c0:81:7c:15:
         1b:66:be:62
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzDtq9dxDWTQ4xNN3dodCy6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5OWYxMmYzZmE3MzExY2Q5OTNhYjZiYzViYjI5YTFiZjJh
ZDQ4YTEwHhcNMjQwMTAxMDYyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmY3NzI5YzAyNjUyODUxZTNhMDA0MmE3YzE4NDg4M2QwNzlhM2YzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsBCTq8H6s9rMG8SUwJ5cpCHCuULu
4UyG+A348L9xRU+W/BB/7ivxpIh9J6pLRyS47teP+mfrnZeGwNB0SL+GVlc8u7cY
U/MVnOheWt2gh9lUK7U2jP4xaKcdm4MAwOBU6BxbDsM6nWOj2JuQL52TXqEWft5e
Okyq2x7uOpIJAnSJGS0+QxBmb3VHaZuYoIFZdvarOcOKizLrlynxyWOrwX3D4Gvx
sduUfQU9cZPCx0DwSOiBEQlmed+PDCoQ0yMyCEQl4QiA81R50cKFfyNNVp4jCUIL
FM+E4xoWdkOmAxqdeIThTLUYB87kFtUINA+vvV2Zj5+BHlEkTiCVSqgZHwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFML3cpwCZShR46AEKnwYSIPQeaPzMB8GA1UdIwQY
MBaAFAmfEvP6cxHNmTq2vFuymhvyrUihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1o4UzhfcHpFYzJaT3JhOFc3S2FHX0t0U0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC9mNTllZTEtNmFmZS00ZTM4LWI5OTUt
NDE5YjU3MjNlZWY5LzEvd3ZkeW5BSmxLRkhqb0FRcWZCaElnOUI1b19NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC9mNTllZTEtNmFmZS00ZTM4LWI5OTUtNDE5YjU3MjNlZWY5
LzEvQ1o4UzhfcHpFYzJaT3JhOFc3S2FHX0t0U0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAMtlfgD
BAAtlfowDQYJKoZIhvcNAQELBQADggEBAHJhHYokHt2OPtl0wNYNOpdglVcPELz/
cIXaPnRlb9WXN9nekQQ4JLUCEaW3lO8/moRFQnKhq94xvXm8OVQAcdQk/QaI8noX
GSjphftDYBMPaSPEkzChfoXgHyaMZY+PkwDJxCIeg5HqKJ6ZRKMJIvhA3HNXrL7s
A217UhQ+lXvZfY1oCF2WkZZrkhBosAhLCUB6rDKr0yG4xvOyAtIxBt0HlCLW/0eL
rZleJ3jKCeaCloLlXfqr68R38O61GbOoan6RM+jUDyBKQrygX+JCFG3L4fIVaDRg
hbcOxjtJ4PwuVH2/PmywFapvRWMszDedvOLfE5t0z96KwIF8FRtmvmI=
-----END CERTIFICATE-----