Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/wtj5JvX20VPyihHQRDKgB6NlGbQ.roa
File:                     wtj5JvX20VPyihHQRDKgB6NlGbQ.roa (raw, json)
Hash identifier:          Kem7Jxkb7ypxvC8ISKAqBG8zjFOYwEHXu6GEIFlemjc=
Subject key identifier:   C2:D8:F9:26:F5:F6:D1:53:F2:8A:11:D0:44:32:A0:07:A3:65:19:B4
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018DF981793BA0C4009EF5693515E991595B
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/wtj5JvX20VPyihHQRDKgB6NlGbQ.roa
Signing time:             Fri 01 Mar 2024 10:13:48 +0000
ROA not before:           Fri 01 Mar 2024 10:13:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60721
IP address blocks:        185.194.28.0/24 maxlen: 24
                          185.225.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f9:81:79:3b:a0:c4:00:9e:f5:69:35:15:e9:91:59:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Mar  1 10:13:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2d8f926f5f6d153f28a11d04432a007a36519b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:bd:41:50:de:71:6b:96:a7:69:27:28:75:a1:
                    e1:45:e7:23:72:5f:d5:8c:2a:0a:94:6b:22:62:27:
                    bb:50:1d:73:a3:dd:75:68:de:1c:1d:97:dd:a4:9c:
                    a4:ce:b3:0b:a3:c8:2a:28:0e:d3:ad:4f:10:36:14:
                    58:75:51:28:c0:3e:0f:0c:8c:12:db:78:0a:d2:d8:
                    69:98:15:69:3e:32:cd:09:7f:19:09:d5:ee:b0:fa:
                    bd:d6:73:e7:81:fe:5c:11:e8:37:aa:d0:c0:d5:e8:
                    46:e2:fa:4e:11:d8:ce:7c:ff:72:1c:9e:7a:f5:7d:
                    6c:eb:f5:2b:ff:79:10:bb:6b:7f:06:a6:b9:66:c3:
                    7b:f1:dc:75:a5:ab:37:ff:eb:79:17:16:21:e8:53:
                    fe:db:1d:2d:1c:a7:64:67:54:a4:b7:33:16:9f:5a:
                    6d:a6:9c:6e:8c:84:3a:3e:c5:c7:90:38:7e:a2:7f:
                    a5:73:6c:54:82:0e:24:3e:23:79:44:8c:a8:44:96:
                    42:c9:6b:e9:85:d7:1b:3b:ec:7e:d2:3f:b7:f3:72:
                    19:f8:bf:99:b4:9d:c5:e3:e1:59:60:56:d9:16:e3:
                    69:06:b2:12:34:e8:22:02:e9:71:4f:21:42:19:62:
                    50:0c:54:d0:b3:c1:8c:f2:f6:5b:30:d6:7d:43:84:
                    7e:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:D8:F9:26:F5:F6:D1:53:F2:8A:11:D0:44:32:A0:07:A3:65:19:B4
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/wtj5JvX20VPyihHQRDKgB6NlGbQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.28.0/24
                  185.225.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:bc:e5:d1:e8:43:e1:3e:2b:a7:9e:ba:b2:42:ea:ec:80:4d:
         f7:28:be:91:1f:3c:c2:31:01:09:93:05:48:76:90:63:2a:85:
         3c:fb:3f:70:bd:df:b7:db:21:bb:75:27:cc:ca:47:c6:42:4d:
         1a:8a:50:aa:f5:6f:44:c8:b8:0f:da:02:e9:de:4a:48:30:ad:
         bc:9f:ad:40:f9:8d:ce:31:8a:1b:45:3a:3e:53:e1:da:f8:a4:
         ac:3f:47:8a:6d:03:ad:66:04:98:b4:e7:c3:0b:46:c7:13:68:
         c1:6c:4e:17:db:11:fc:47:3d:87:cb:b3:a4:7d:3a:3f:40:d3:
         1f:55:2d:47:7f:f2:6c:85:59:5b:36:34:88:59:b7:f0:08:0b:
         ad:97:9f:2f:29:d7:d4:e5:eb:97:ac:d9:48:da:88:fc:00:46:
         ee:a9:56:45:84:1f:6f:c8:ec:b4:92:80:e3:37:74:27:38:8c:
         85:d1:2e:ea:1f:41:35:89:11:3b:49:f7:a6:fb:f2:7b:a9:7f:
         e7:22:a3:48:d0:53:fd:a9:14:79:c2:48:8c:40:42:a4:67:6f:
         8a:ba:d3:8b:aa:3b:d0:2d:d5:62:41:fa:1f:99:80:38:77:ca:
         57:81:f4:67:25:3f:46:cd:b1:a6:c8:26:60:77:92:df:9d:9c:
         e3:92:5b:80
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY35gXk7oMQAnvVpNRXpkVlbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMzAxMTAxMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmQ4ZjkyNmY1ZjZkMTUzZjI4YTExZDA0NDMyYTAwN2EzNjUxOWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvr1BUN5xa5anaScodaHhRecjcl/V
jCoKlGsiYie7UB1zo911aN4cHZfdpJykzrMLo8gqKA7TrU8QNhRYdVEowD4PDIwS
23gK0thpmBVpPjLNCX8ZCdXusPq91nPngf5cEeg3qtDA1ehG4vpOEdjOfP9yHJ56
9X1s6/Ur/3kQu2t/Bqa5ZsN78dx1pas3/+t5FxYh6FP+2x0tHKdkZ1SktzMWn1pt
ppxujIQ6PsXHkDh+on+lc2xUgg4kPiN5RIyoRJZCyWvphdcbO+x+0j+383IZ+L+Z
tJ3F4+FZYFbZFuNpBrISNOgiAulxTyFCGWJQDFTQs8GM8vZbMNZ9Q4R+EQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMLY+Sb19tFT8ooR0EQyoAejZRm0MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvd3RqNUp2WDIwVlB5aWhIUVJES2dCNk5sR2JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAucIcAwQA
ueEDMA0GCSqGSIb3DQEBCwUAA4IBAQARvOXR6EPhPiunnrqyQursgE33KL6RHzzC
MQEJkwVIdpBjKoU8+z9wvd+32yG7dSfMykfGQk0ailCq9W9EyLgP2gLp3kpIMK28
n61A+Y3OMYobRTo+U+Ha+KSsP0eKbQOtZgSYtOfDC0bHE2jBbE4X2xH8Rz2Hy7Ok
fTo/QNMfVS1Hf/JshVlbNjSIWbfwCAutl58vKdfU5euXrNlI2oj8AEbuqVZFhB9v
yOy0koDjN3QnOIyF0S7qH0E1iRE7Sfem+/J7qX/nIqNI0FP9qRR5wkiMQEKkZ2+K
utOLqjvQLdViQfofmYA4d8pXgfRnJT9GzbGmyCZgd5LfnZzjkluA
-----END CERTIFICATE-----