Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Wo2J_cYawQxIf-s_hTB177tziGw.roa
File:                     Wo2J_cYawQxIf-s_hTB177tziGw.roa (raw, json)
Hash identifier:          11HHsO3VySlJb3WqhzcDcia6m0/YhnBDYiwHY3VQnkM=
Subject key identifier:   5A:8D:89:FD:C6:1A:C1:0C:48:7F:EB:3F:85:30:75:EF:BB:73:88:6C
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       0192BA410992FC231B7D4A388452597A05FA
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Wo2J_cYawQxIf-s_hTB177tziGw.roa
Signing time:             Wed 23 Oct 2024 16:41:17 +0000
ROA not before:           Wed 23 Oct 2024 16:41:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216234
IP address blocks:        193.109.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:ba:41:09:92:fc:23:1b:7d:4a:38:84:52:59:7a:05:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Oct 23 16:41:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a8d89fdc61ac10c487feb3f853075efbb73886c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:a4:7b:72:16:f8:e5:39:d7:29:97:85:7b:d9:
                    4b:40:a2:99:99:9d:1a:1e:3e:83:f3:34:82:d4:e0:
                    5e:14:50:5f:ed:8b:10:3f:3c:2a:ce:af:3b:cc:56:
                    23:99:9e:8a:9a:02:70:96:62:c0:6f:1b:76:19:f6:
                    6a:2c:5a:f2:6b:6e:2b:c3:25:c4:1f:18:79:b0:e6:
                    62:e4:3a:09:72:a3:4a:67:4f:08:9f:43:e8:6c:d8:
                    3d:b5:d2:4d:8d:68:d7:cb:f1:6f:a5:09:fb:5c:08:
                    32:41:7e:1f:ef:97:f8:94:bd:b2:21:64:6d:22:4c:
                    4f:f6:58:a0:36:02:dd:9b:59:a1:07:d3:a9:9f:d9:
                    a0:53:64:28:a0:93:0d:16:43:6e:1b:94:2d:c9:87:
                    74:14:82:05:64:d9:25:ac:ec:02:d5:70:b1:a2:ae:
                    ec:1b:2e:0e:72:06:6e:6e:45:b5:ce:2c:a0:7b:02:
                    15:2c:c0:4f:eb:12:ae:67:3f:be:0d:a1:2f:5a:13:
                    40:8f:bf:f2:e7:f5:7b:ed:8c:65:de:2d:6a:c5:83:
                    5a:e9:f0:fb:83:76:7b:78:99:c8:98:eb:4f:17:9d:
                    8e:f8:6b:aa:4d:46:85:69:2c:3e:0a:1a:98:08:f7:
                    e0:73:1f:85:a3:c2:86:b5:1f:4a:28:a8:86:02:29:
                    17:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:8D:89:FD:C6:1A:C1:0C:48:7F:EB:3F:85:30:75:EF:BB:73:88:6C
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Wo2J_cYawQxIf-s_hTB177tziGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.109.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:6e:50:ca:1b:2e:00:45:a3:a0:31:35:6c:58:3e:2d:89:ea:
         9d:77:d5:c6:0d:5b:68:0f:92:b3:ed:be:ce:aa:aa:15:05:7e:
         f3:a0:5e:75:35:77:fd:41:44:47:18:61:91:3a:74:5b:b6:4e:
         5f:0b:ef:f8:b1:6c:79:43:8e:29:29:2d:2f:c8:9a:52:82:82:
         36:14:da:65:8b:0b:33:38:d2:aa:6a:e8:e3:26:60:9f:07:24:
         a7:49:b1:d1:2b:99:11:d9:bb:d6:2b:57:0a:30:5e:e1:c0:45:
         c1:02:fb:57:e5:51:4a:f0:e7:61:68:8b:72:03:03:36:79:c8:
         ea:75:1f:60:43:1a:0a:9d:ab:e2:b6:da:78:51:10:ca:c9:ff:
         4d:17:60:69:66:b1:4d:e1:da:a2:80:81:3f:e0:ef:0e:d6:be:
         85:36:65:1a:26:b9:d2:06:b3:91:23:4e:8e:17:82:41:08:eb:
         0b:07:2f:f3:80:a6:d7:72:2c:fa:69:f0:9b:5d:d9:f8:f1:73:
         86:7a:22:fd:70:09:61:5c:1b:5f:8a:e2:1e:20:36:b2:2b:ee:
         85:1c:1a:ff:a4:d8:70:a8:9d:fc:9e:94:c7:6a:91:2a:22:ee:
         bd:61:71:32:c1:13:f9:1b:f4:be:c7:9d:7c:a8:7d:d8:3b:6a:
         e8:60:f9:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZK6QQmS/CMbfUo4hFJZegX6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQxMDIzMTY0MTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YThkODlmZGM2MWFjMTBjNDg3ZmViM2Y4NTMwNzVlZmJiNzM4ODZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnKR7chb45TnXKZeFe9lLQKKZmZ0a
Hj6D8zSC1OBeFFBf7YsQPzwqzq87zFYjmZ6KmgJwlmLAbxt2GfZqLFrya24rwyXE
Hxh5sOZi5DoJcqNKZ08In0PobNg9tdJNjWjXy/FvpQn7XAgyQX4f75f4lL2yIWRt
IkxP9ligNgLdm1mhB9Opn9mgU2QooJMNFkNuG5QtyYd0FIIFZNklrOwC1XCxoq7s
Gy4OcgZubkW1ziygewIVLMBP6xKuZz++DaEvWhNAj7/y5/V77Yxl3i1qxYNa6fD7
g3Z7eJnImOtPF52O+GuqTUaFaSw+ChqYCPfgcx+Fo8KGtR9KKKiGAikXCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFqNif3GGsEMSH/rP4Uwde+7c4hsMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvV28ySl9jWWF3UXhJZi1zX2hUQjE3N3R6aUd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwW1VMA0G
CSqGSIb3DQEBCwUAA4IBAQArblDKGy4ARaOgMTVsWD4tieqdd9XGDVtoD5Kz7b7O
qqoVBX7zoF51NXf9QURHGGGROnRbtk5fC+/4sWx5Q44pKS0vyJpSgoI2FNpliwsz
ONKqaujjJmCfBySnSbHRK5kR2bvWK1cKMF7hwEXBAvtX5VFK8OdhaItyAwM2ecjq
dR9gQxoKnavittp4URDKyf9NF2BpZrFN4dqigIE/4O8O1r6FNmUaJrnSBrORI06O
F4JBCOsLBy/zgKbXciz6afCbXdn48XOGeiL9cAlhXBtfiuIeIDayK+6FHBr/pNhw
qJ38npTHapEqIu69YXEywRP5G/S+x518qH3YO2roYPnA
-----END CERTIFICATE-----