Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/wt6KPa6w7mta0Ui5I4LN0k7aa6o.roa
File:                     wt6KPa6w7mta0Ui5I4LN0k7aa6o.roa (raw, json)
Hash identifier:          Yl/k/I3KuugRypjrXOInwioFM8BSOUXc43ZAS1tGqw0=
Subject key identifier:   C2:DE:8A:3D:AE:B0:EE:6B:5A:D1:48:B9:23:82:CD:D2:4E:DA:6B:AA
Certificate issuer:       /CN=4104a40821c4176cc42e255ef6c1727473c3f00a
Certificate serial:       018CC56F01EEA660D542BBE6FE883DA16531
Authority key identifier: 41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/wt6KPa6w7mta0Ui5I4LN0k7aa6o.roa
Signing time:             Mon 01 Jan 2024 14:30:35 +0000
ROA not before:           Mon 01 Jan 2024 14:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49704
IP address blocks:        82.119.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 20:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6f:01:ee:a6:60:d5:42:bb:e6:fe:88:3d:a1:65:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4104a40821c4176cc42e255ef6c1727473c3f00a
        Validity
            Not Before: Jan  1 14:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2de8a3daeb0ee6b5ad148b92382cdd24eda6baa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:1e:fd:bf:4b:ed:e7:c6:7f:3d:a8:b7:c1:fc:
                    34:fd:13:7c:fe:a9:1b:ae:d5:32:62:66:6d:5e:7b:
                    59:27:6f:f1:68:55:6b:a2:c4:06:e5:86:14:4c:7b:
                    47:bb:a2:da:61:b8:5d:2f:6e:8d:c4:ce:29:ce:44:
                    08:18:ac:97:68:c3:ca:cf:7c:f6:09:f4:c2:d1:da:
                    89:53:1d:88:39:9c:dc:97:ba:4c:73:72:d8:c3:e1:
                    43:47:9a:d6:fb:d9:4f:51:c6:8c:71:20:3f:f8:98:
                    ac:41:7d:02:7e:6b:90:aa:e9:70:2a:18:59:af:17:
                    cf:e9:39:52:2b:1c:67:c0:01:19:53:49:62:02:db:
                    af:c2:b8:0d:4f:d8:e5:fe:f3:63:75:60:d4:e7:85:
                    30:93:e9:2b:f3:59:c3:91:35:8b:ea:bb:ee:ae:1d:
                    8d:66:15:f8:07:90:af:2c:91:8e:65:6a:88:bc:b3:
                    5d:44:3e:57:71:83:3e:93:7d:58:12:b8:dc:a5:c4:
                    26:dd:77:7a:80:52:a9:27:70:1d:cd:e5:c2:2d:07:
                    bc:93:83:66:14:65:46:67:b0:fb:c5:f2:50:45:57:
                    14:23:2b:56:56:ab:09:c1:21:9c:eb:24:92:9b:ff:
                    5f:81:33:33:68:19:39:4a:e5:69:6b:2a:8f:87:59:
                    6b:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:DE:8A:3D:AE:B0:EE:6B:5A:D1:48:B9:23:82:CD:D2:4E:DA:6B:AA
            X509v3 Authority Key Identifier:
                keyid:41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/wt6KPa6w7mta0Ui5I4LN0k7aa6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.119.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:6a:36:0d:10:65:ed:a2:a0:ab:5e:66:f8:6a:be:c0:5e:6d:
         26:c2:87:0e:35:4a:59:3d:3c:4d:f3:b8:dc:0f:67:af:d0:6f:
         bb:8a:f7:0e:9c:c2:d4:ad:bc:d9:87:e3:ea:d3:a4:0f:b8:ee:
         cc:97:08:27:c5:30:ed:9c:56:63:d7:ed:bb:d3:19:15:b4:14:
         76:bf:59:0f:47:00:88:55:4d:0f:0f:13:2f:b7:3f:fe:a8:89:
         6e:61:61:50:d6:7e:5e:c2:b5:b7:c1:14:d7:eb:1f:3f:e9:ac:
         c8:5f:01:04:e1:8b:d5:b3:67:9c:d5:d4:72:2f:e0:ce:16:21:
         fb:df:8c:38:b6:38:0e:11:94:c3:d0:c5:18:2e:10:08:31:94:
         67:3d:ae:31:a7:98:ba:a1:0e:2d:14:01:85:d4:90:2c:a1:56:
         0b:56:ab:28:9f:76:93:ad:3d:df:1a:11:79:f4:2d:40:83:1e:
         79:5b:81:9a:20:fb:f0:04:ab:e0:93:91:f3:18:58:b1:12:85:
         c2:b8:e2:d4:bd:9f:cd:48:f6:df:1e:b1:48:59:d2:c8:d8:c1:
         e6:b7:1c:fc:df:d0:04:2b:4e:b4:4e:f6:91:b5:d6:cc:aa:69:
         21:f4:7f:7b:7b:70:df:92:cf:3e:94:25:d6:13:96:96:93:05:
         b9:7f:4c:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbwHupmDVQrvm/og9oWUxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMDRhNDA4MjFjNDE3NmNjNDJlMjU1ZWY2YzE3Mjc0NzNj
M2YwMGEwHhcNMjQwMTAxMTQzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmRlOGEzZGFlYjBlZTZiNWFkMTQ4YjkyMzgyY2RkMjRlZGE2YmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiR79v0vt58Z/Pai3wfw0/RN8/qkb
rtUyYmZtXntZJ2/xaFVrosQG5YYUTHtHu6LaYbhdL26NxM4pzkQIGKyXaMPKz3z2
CfTC0dqJUx2IOZzcl7pMc3LYw+FDR5rW+9lPUcaMcSA/+JisQX0CfmuQqulwKhhZ
rxfP6TlSKxxnwAEZU0liAtuvwrgNT9jl/vNjdWDU54Uwk+kr81nDkTWL6rvurh2N
ZhX4B5CvLJGOZWqIvLNdRD5XcYM+k31YErjcpcQm3Xd6gFKpJ3AdzeXCLQe8k4Nm
FGVGZ7D7xfJQRVcUIytWVqsJwSGc6ySSm/9fgTMzaBk5SuVpayqPh1lrGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMLeij2usO5rWtFIuSOCzdJO2muqMB8GA1UdIwQY
MBaAFEEEpAghxBdsxC4lXvbBcnRzw/AKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMt
YjI3ZDZlMjc4ZTE4LzEvd3Q2S1BhNnc3bXRhMFVpNUk0TE4wazdhYTZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMtYjI3ZDZlMjc4ZTE4
LzEvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUndbMA0G
CSqGSIb3DQEBCwUAA4IBAQCGajYNEGXtoqCrXmb4ar7AXm0mwocONUpZPTxN87jc
D2ev0G+7ivcOnMLUrbzZh+Pq06QPuO7MlwgnxTDtnFZj1+270xkVtBR2v1kPRwCI
VU0PDxMvtz/+qIluYWFQ1n5ewrW3wRTX6x8/6azIXwEE4YvVs2ec1dRyL+DOFiH7
34w4tjgOEZTD0MUYLhAIMZRnPa4xp5i6oQ4tFAGF1JAsoVYLVqson3aTrT3fGhF5
9C1Agx55W4GaIPvwBKvgk5HzGFixEoXCuOLUvZ/NSPbfHrFIWdLI2MHmtxz839AE
K060TvaRtdbMqmkh9H97e3Dfks8+lCXWE5aWkwW5f0yY
-----END CERTIFICATE-----