Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/6356b9-c49f-4b4d-8e29-362ffe8ee270/1/wl6cLHeP8mVQw2d5hV00dtiltNw.roa
File:                     wl6cLHeP8mVQw2d5hV00dtiltNw.roa (raw, json)
Hash identifier:          1hddWLSpZdqMQ7wTA/gaKm+jC+lKnCgKlSRHmxPK5Ic=
Subject key identifier:   C2:5E:9C:2C:77:8F:F2:65:50:C3:67:79:85:5D:34:76:D8:A5:B4:DC
Certificate issuer:       /CN=691242c33bc2e2e9e45850a0fc64ab2c7506a4b8
Certificate serial:       018CC9BCBD5B73D0EA433805F2BE0A7B3378
Authority key identifier: 69:12:42:C3:3B:C2:E2:E9:E4:58:50:A0:FC:64:AB:2C:75:06:A4:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aRJCwzvC4unkWFCg_GSrLHUGpLg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/6356b9-c49f-4b4d-8e29-362ffe8ee270/1/wl6cLHeP8mVQw2d5hV00dtiltNw.roa
Signing time:             Tue 02 Jan 2024 10:33:58 +0000
ROA not before:           Tue 02 Jan 2024 10:33:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57814
IP address blocks:        185.104.192.0/24 maxlen: 24
                          2a01:8640:10::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/6356b9-c49f-4b4d-8e29-362ffe8ee270/1/aRJCwzvC4unkWFCg_GSrLHUGpLg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/6356b9-c49f-4b4d-8e29-362ffe8ee270/1/aRJCwzvC4unkWFCg_GSrLHUGpLg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aRJCwzvC4unkWFCg_GSrLHUGpLg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:bd:5b:73:d0:ea:43:38:05:f2:be:0a:7b:33:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=691242c33bc2e2e9e45850a0fc64ab2c7506a4b8
        Validity
            Not Before: Jan  2 10:33:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c25e9c2c778ff26550c36779855d3476d8a5b4dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:93:42:00:71:0e:71:6c:1f:6c:cd:4c:60:0d:
                    b0:9e:31:cf:59:6e:81:14:f7:33:35:1a:37:7d:db:
                    64:ed:cf:6b:62:51:dd:2a:a6:00:a4:a3:cd:cd:61:
                    ca:de:90:fa:49:36:37:9d:a7:05:62:bf:1f:dd:33:
                    00:0e:e9:2f:f7:0a:11:ad:ae:5e:66:4d:da:e0:36:
                    32:e6:fa:70:41:a7:9f:22:9b:24:6e:33:ed:4d:47:
                    19:9f:f4:ca:e6:42:b5:a0:a7:1f:9f:e1:41:83:e2:
                    64:c4:9d:79:ec:c8:af:29:8b:41:48:db:7f:da:ab:
                    ea:6f:89:e7:6f:55:8d:af:5a:8e:2d:eb:5c:0a:74:
                    95:fe:f4:4a:69:e5:72:34:31:4f:1d:6a:82:94:0e:
                    9f:5e:e7:20:db:45:6f:14:b9:ef:87:d7:13:51:f0:
                    de:6c:40:b4:9d:60:85:ae:04:b6:7c:1a:25:a5:89:
                    2e:6e:80:6d:f1:9c:29:43:f7:91:69:a9:9d:35:fa:
                    3d:17:6e:09:e6:a6:42:e1:e3:e5:f3:c6:dd:05:9b:
                    a1:82:59:4f:03:ee:45:7f:6a:ab:7d:42:a8:0d:e7:
                    6b:ff:67:3a:9d:2f:93:2f:98:75:56:3e:af:77:e7:
                    9c:fd:2b:e7:b1:c4:08:8f:f5:28:48:a9:1e:24:b9:
                    70:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:5E:9C:2C:77:8F:F2:65:50:C3:67:79:85:5D:34:76:D8:A5:B4:DC
            X509v3 Authority Key Identifier:
                keyid:69:12:42:C3:3B:C2:E2:E9:E4:58:50:A0:FC:64:AB:2C:75:06:A4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aRJCwzvC4unkWFCg_GSrLHUGpLg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/6356b9-c49f-4b4d-8e29-362ffe8ee270/1/wl6cLHeP8mVQw2d5hV00dtiltNw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/6356b9-c49f-4b4d-8e29-362ffe8ee270/1/aRJCwzvC4unkWFCg_GSrLHUGpLg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.104.192.0/24
                IPv6:
                  2a01:8640:10::/48

    Signature Algorithm: sha256WithRSAEncryption
         4c:d1:5c:2d:82:3a:f5:80:e9:4c:93:a2:52:d5:bf:57:57:1c:
         57:78:b7:98:fa:aa:ba:40:99:5b:06:f7:a3:4a:c8:db:4f:bd:
         30:e6:05:c2:5e:7a:50:43:08:80:1d:23:d1:ac:b2:a5:d6:c0:
         b6:ea:c1:2b:ee:6e:8c:8c:33:39:ab:b0:18:91:32:6c:75:91:
         35:44:1d:7d:73:03:54:5d:70:55:17:b1:3c:88:8d:0a:1e:c4:
         bc:73:d9:2a:d8:96:0f:16:a8:f1:5a:4e:75:97:03:53:1b:d7:
         46:84:15:65:27:9f:7b:7f:a4:3a:5f:1e:9a:fb:85:6f:9a:5c:
         07:b2:2f:0b:d6:1c:64:05:4c:36:85:f6:49:24:6e:62:e0:c6:
         ad:6c:47:b6:b1:84:bb:95:44:e0:cc:ea:ff:48:41:59:fb:61:
         ce:fe:66:bf:e3:73:4f:30:38:26:af:f6:94:c4:c5:34:5e:ee:
         00:52:b1:bc:9f:92:86:f6:15:33:b7:7d:c3:b2:25:04:e3:4c:
         69:1f:b5:cf:b6:83:23:df:02:ca:f4:7d:d3:fb:db:27:d4:eb:
         70:92:a9:30:0a:a6:9e:99:5a:4c:9c:19:e7:6c:fc:60:aa:25:
         50:c6:87:59:45:c3:f6:88:cc:b8:93:fb:96:f0:b2:a8:4e:0e:
         d6:57:8a:7f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJvL1bc9DqQzgF8r4KezN4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5MTI0MmMzM2JjMmUyZTllNDU4NTBhMGZjNjRhYjJjNzUw
NmE0YjgwHhcNMjQwMTAyMTAzMzU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjVlOWMyYzc3OGZmMjY1NTBjMzY3Nzk4NTVkMzQ3NmQ4YTViNGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgJNCAHEOcWwfbM1MYA2wnjHPWW6B
FPczNRo3fdtk7c9rYlHdKqYApKPNzWHK3pD6STY3nacFYr8f3TMADukv9woRra5e
Zk3a4DYy5vpwQaefIpskbjPtTUcZn/TK5kK1oKcfn+FBg+JkxJ157MivKYtBSNt/
2qvqb4nnb1WNr1qOLetcCnSV/vRKaeVyNDFPHWqClA6fXucg20VvFLnvh9cTUfDe
bEC0nWCFrgS2fBolpYkuboBt8ZwpQ/eRaamdNfo9F24J5qZC4ePl88bdBZuhgllP
A+5Ff2qrfUKoDedr/2c6nS+TL5h1Vj6vd+ec/SvnscQIj/UoSKkeJLlw+QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMJenCx3j/JlUMNneYVdNHbYpbTcMB8GA1UdIwQY
MBaAFGkSQsM7wuLp5FhQoPxkqyx1BqS4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVJKQ3d6dkM0dW5rV0ZDZ19HU3JMSFVHcExnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy82MzU2YjktYzQ5Zi00YjRkLThlMjkt
MzYyZmZlOGVlMjcwLzEvd2w2Y0xIZVA4bVZRdzJkNWhWMDBkdGlsdE53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy82MzU2YjktYzQ5Zi00YjRkLThlMjktMzYyZmZlOGVlMjcw
LzEvYVJKQ3d6dkM0dW5rV0ZDZ19HU3JMSFVHcExnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuWjAMA8E
AgACMAkDBwAqAYZAABAwDQYJKoZIhvcNAQELBQADggEBAEzRXC2COvWA6UyTolLV
v1dXHFd4t5j6qrpAmVsG96NKyNtPvTDmBcJeelBDCIAdI9GssqXWwLbqwSvuboyM
MzmrsBiRMmx1kTVEHX1zA1RdcFUXsTyIjQoexLxz2SrYlg8WqPFaTnWXA1Mb10aE
FWUnn3t/pDpfHpr7hW+aXAeyLwvWHGQFTDaF9kkkbmLgxq1sR7axhLuVRODM6v9I
QVn7Yc7+Zr/jc08wOCav9pTExTRe7gBSsbyfkob2FTO3fcOyJQTjTGkftc+2gyPf
Asr0fdP72yfU63CSqTAKpp6ZWkycGeds/GCqJVDGh1lFw/aIzLiT+5bwsqhODtZX
in8=
-----END CERTIFICATE-----