Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/Wm3dC_FyJmD6CVkXd4WKuoX-bOI.roa
File:                     Wm3dC_FyJmD6CVkXd4WKuoX-bOI.roa (raw, json)
Hash identifier:          jIr4zaGZA04aBiHgPBng3Hx85KnMB0l3Yuubg1SG59c=
Subject key identifier:   5A:6D:DD:0B:F1:72:26:60:FA:09:59:17:77:85:8A:BA:85:FE:6C:E2
Certificate issuer:       /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial:       018CC493868522177A8BCAEB6313BF4510B3
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/Wm3dC_FyJmD6CVkXd4WKuoX-bOI.roa
Signing time:             Mon 01 Jan 2024 10:30:51 +0000
ROA not before:           Mon 01 Jan 2024 10:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     32780
IP address blocks:        212.60.12.0/24 maxlen: 24
                          45.67.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:86:85:22:17:7a:8b:ca:eb:63:13:bf:45:10:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
        Validity
            Not Before: Jan  1 10:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a6ddd0bf1722660fa09591777858aba85fe6ce2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:6b:9b:7a:eb:96:fd:3a:3c:eb:b3:2f:20:c1:
                    a5:c5:76:86:63:49:24:23:55:53:35:ee:01:09:4b:
                    ef:56:ad:0f:9c:ff:e8:8e:16:54:12:eb:03:ee:4f:
                    23:37:7c:a9:36:7e:69:c6:8a:be:17:65:57:fc:e6:
                    bb:00:9a:f5:92:b4:57:98:2d:d9:33:95:72:5d:f1:
                    15:63:17:a8:58:84:c1:4e:b5:13:03:40:4c:ca:be:
                    90:71:07:03:c8:1b:cf:05:43:dd:9a:09:38:ee:26:
                    9b:5f:e5:e1:83:34:f3:94:8f:75:75:b8:b7:17:b6:
                    59:72:c2:7b:fd:c3:9d:b4:e0:59:c3:c8:c7:b1:6e:
                    0b:9f:b6:fb:1b:6c:4b:72:75:a8:6a:79:4a:d9:1c:
                    f0:bc:3d:2c:49:02:aa:f7:99:59:18:d1:4f:47:fd:
                    91:bd:a5:33:90:ba:46:3b:1d:8d:05:09:46:a7:4a:
                    e4:93:dd:d3:cd:bc:cd:b2:bd:89:fe:8b:6c:e4:24:
                    a3:04:a0:36:0b:0f:70:7d:a9:4e:56:a2:ee:91:36:
                    02:ef:fc:c6:9f:dc:c4:5a:fe:bb:43:cc:42:90:e9:
                    26:34:b8:e7:0e:b0:99:6d:24:f5:1b:60:88:6b:22:
                    f4:ec:14:09:3b:ce:90:fe:a2:56:67:5c:3b:a8:5b:
                    32:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:6D:DD:0B:F1:72:26:60:FA:09:59:17:77:85:8A:BA:85:FE:6C:E2
            X509v3 Authority Key Identifier:
                keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/Wm3dC_FyJmD6CVkXd4WKuoX-bOI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.141.0/24
                  212.60.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:e2:b4:ca:d1:67:14:94:4f:5e:bc:c6:31:8e:8d:26:b7:73:
         f2:cf:32:9e:66:44:2c:6d:90:c0:f9:7d:a0:4e:98:d6:d7:af:
         45:2c:5b:72:6b:e6:bb:24:bb:bb:09:ab:34:bb:af:13:57:e7:
         92:29:14:3d:23:c1:c5:6f:d4:c1:d7:a2:bf:39:52:d4:14:99:
         40:e6:5a:8b:2b:b4:05:3f:ae:23:52:5e:e7:40:8f:51:fd:49:
         eb:88:64:87:c0:75:fd:f3:2d:c5:ec:93:9f:45:00:62:90:7a:
         86:ec:e3:f9:36:79:2b:cd:0f:f7:65:79:8c:d9:c6:c3:ed:48:
         36:a2:d1:d8:bc:44:ca:4e:85:06:35:f6:9d:8f:98:4d:0a:bc:
         67:82:48:9e:f5:cb:f6:48:d3:03:fa:4c:f1:39:a4:37:16:90:
         2f:88:4b:e0:da:a7:82:a3:cf:d5:23:53:4a:2d:a1:67:70:b2:
         0d:97:cb:ea:68:00:b0:c4:b9:d3:00:e3:18:14:f0:d8:39:94:
         b3:e5:78:d4:a9:2c:7d:49:a0:be:c7:b2:35:d1:0e:9c:83:0b:
         9c:da:a0:8e:ce:8a:04:1b:34:be:50:9c:28:89:cb:5e:bf:7f:
         46:26:eb:8d:38:9b:b0:31:6c:a8:ff:9a:7d:2d:09:fc:02:aa:
         ff:c1:ab:69
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEk4aFIhd6i8rrYxO/RRCzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjQwMTAxMTAzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTZkZGQwYmYxNzIyNjYwZmEwOTU5MTc3Nzg1OGFiYTg1ZmU2Y2UyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxWubeuuW/To867MvIMGlxXaGY0kk
I1VTNe4BCUvvVq0PnP/ojhZUEusD7k8jN3ypNn5pxoq+F2VX/Oa7AJr1krRXmC3Z
M5VyXfEVYxeoWITBTrUTA0BMyr6QcQcDyBvPBUPdmgk47iabX+XhgzTzlI91dbi3
F7ZZcsJ7/cOdtOBZw8jHsW4Ln7b7G2xLcnWoanlK2RzwvD0sSQKq95lZGNFPR/2R
vaUzkLpGOx2NBQlGp0rkk93TzbzNsr2J/ots5CSjBKA2Cw9wfalOVqLukTYC7/zG
n9zEWv67Q8xCkOkmNLjnDrCZbST1G2CIayL07BQJO86Q/qJWZ1w7qFsyyQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFpt3QvxciZg+glZF3eFirqF/mziMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvV20zZENfRnlKbUQ2Q1ZrWGQ0V0t1b1gtYk9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALUONAwQA
1DwMMA0GCSqGSIb3DQEBCwUAA4IBAQCN4rTK0WcUlE9evMYxjo0mt3PyzzKeZkQs
bZDA+X2gTpjW169FLFtya+a7JLu7Cas0u68TV+eSKRQ9I8HFb9TB16K/OVLUFJlA
5lqLK7QFP64jUl7nQI9R/UnriGSHwHX98y3F7JOfRQBikHqG7OP5NnkrzQ/3ZXmM
2cbD7Ug2otHYvETKToUGNfadj5hNCrxngkie9cv2SNMD+kzxOaQ3FpAviEvg2qeC
o8/VI1NKLaFncLINl8vqaACwxLnTAOMYFPDYOZSz5XjUqSx9SaC+x7I10Q6cgwuc
2qCOzooEGzS+UJwoictev39GJuuNOJuwMWyo/5p9LQn8Aqr/watp
-----END CERTIFICATE-----