Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/b113c4-7cf1-411c-873b-2883f88a86ec/1/wJTGScrd-b3973mJkNEtURF_dY4.roa
File:                     wJTGScrd-b3973mJkNEtURF_dY4.roa (raw, json)
Hash identifier:          DnaPRJpTkX81MfJBMHY3ixq8MHe2ZbvKP7icku6rSMI=
Subject key identifier:   C0:94:C6:49:CA:DD:F9:BD:FD:EF:79:89:90:D1:2D:51:11:7F:75:8E
Certificate issuer:       /CN=d7061ee87f5b55f1903a2b3704eba0944ab0c5ac
Certificate serial:       018CC4922748D607E0BAE0EC390AC3D1222C
Authority key identifier: D7:06:1E:E8:7F:5B:55:F1:90:3A:2B:37:04:EB:A0:94:4A:B0:C5:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1wYe6H9bVfGQOis3BOuglEqwxaw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/b113c4-7cf1-411c-873b-2883f88a86ec/1/wJTGScrd-b3973mJkNEtURF_dY4.roa
Signing time:             Mon 01 Jan 2024 10:29:21 +0000
ROA not before:           Mon 01 Jan 2024 10:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57201
IP address blocks:        188.0.48.0/20 maxlen: 20
                          2001:67c:23d4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/b113c4-7cf1-411c-873b-2883f88a86ec/1/1wYe6H9bVfGQOis3BOuglEqwxaw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/b113c4-7cf1-411c-873b-2883f88a86ec/1/1wYe6H9bVfGQOis3BOuglEqwxaw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1wYe6H9bVfGQOis3BOuglEqwxaw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:27:48:d6:07:e0:ba:e0:ec:39:0a:c3:d1:22:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d7061ee87f5b55f1903a2b3704eba0944ab0c5ac
        Validity
            Not Before: Jan  1 10:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c094c649caddf9bdfdef798990d12d51117f758e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:7a:4b:2a:15:f4:76:ac:41:e8:fe:46:c3:43:
                    20:2b:43:f4:fc:7a:7b:42:9f:f8:68:a1:77:65:58:
                    8d:51:9b:99:6c:b9:28:a2:3d:7b:db:ca:4a:1f:1d:
                    23:05:8b:aa:8c:bb:92:38:23:8f:34:a2:66:63:a5:
                    18:c0:9d:3a:58:c5:6e:cc:df:bc:a8:ae:c2:f1:7b:
                    00:8c:c6:5e:eb:2e:03:91:6f:71:8c:b8:14:ff:c4:
                    18:8e:45:5c:f2:d4:23:4f:72:cf:ec:94:f8:56:78:
                    25:d0:0d:b6:1e:d7:46:f7:c8:85:7b:1b:c9:3a:e3:
                    d1:3a:9e:6a:7c:0b:a2:e2:a7:f9:5f:be:4d:e9:d0:
                    22:cc:6a:95:16:94:e9:9e:b0:1b:9a:ba:3c:c6:dc:
                    c2:19:ce:b5:c3:b1:b2:09:fe:7c:f0:9e:be:a9:7e:
                    fe:1f:52:6b:0e:de:f6:35:b5:4c:f1:c2:30:1b:9c:
                    1e:9f:80:2e:44:9d:ca:fc:17:10:38:3c:e1:36:7f:
                    1d:e6:53:8b:45:d4:97:50:4d:59:1d:02:e7:7d:0c:
                    3e:68:14:4f:5e:7f:6c:2a:b0:ea:64:29:c7:b0:c3:
                    7d:76:66:37:c7:14:32:a0:c7:b4:88:0d:fe:da:19:
                    a6:1e:bb:5c:8f:41:29:2c:09:f2:f8:9e:d9:bd:94:
                    bf:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:94:C6:49:CA:DD:F9:BD:FD:EF:79:89:90:D1:2D:51:11:7F:75:8E
            X509v3 Authority Key Identifier:
                keyid:D7:06:1E:E8:7F:5B:55:F1:90:3A:2B:37:04:EB:A0:94:4A:B0:C5:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1wYe6H9bVfGQOis3BOuglEqwxaw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b113c4-7cf1-411c-873b-2883f88a86ec/1/wJTGScrd-b3973mJkNEtURF_dY4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b113c4-7cf1-411c-873b-2883f88a86ec/1/1wYe6H9bVfGQOis3BOuglEqwxaw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.0.48.0/20
                IPv6:
                  2001:67c:23d4::/48

    Signature Algorithm: sha256WithRSAEncryption
         03:44:2f:a1:85:d7:60:3b:d1:e3:78:73:89:c0:7a:b5:ca:12:
         ab:2e:60:d9:d7:a3:3d:22:c6:6b:e7:d8:8b:c7:75:05:1f:a7:
         49:ce:a6:78:0d:c4:9c:7f:94:13:cb:68:63:fe:f1:23:58:e1:
         d8:d9:f3:5a:2b:9b:73:8a:0b:f2:01:92:ce:9d:42:07:ee:40:
         f0:89:40:de:2d:88:a6:d4:d9:e6:ef:04:6b:d0:d8:61:b9:ef:
         bf:e7:b5:7e:e3:14:4f:2f:b1:21:48:51:df:99:b6:78:95:99:
         f2:a8:cc:87:4b:77:ee:a3:48:cb:58:3c:d4:d8:a0:fa:df:78:
         b6:d0:96:19:ca:c8:4c:7a:a3:07:70:9e:3e:91:f0:bf:56:0d:
         15:69:9a:2c:13:a4:67:b5:2a:59:34:1d:51:ad:08:51:80:5d:
         b7:62:fe:ef:a1:cc:73:fc:f7:49:82:ab:2f:8e:c5:1b:da:72:
         d1:02:9d:0d:61:fc:ca:e8:c7:a4:87:4d:87:77:fd:b5:6b:0d:
         41:38:e8:ec:33:33:d6:35:e4:0c:b0:b2:52:a3:13:4d:cf:58:
         e9:21:56:d0:50:5c:3a:80:6c:14:34:2e:7b:28:43:8b:87:fa:
         85:a7:94:c8:a3:9f:95:9a:73:f9:b9:a4:21:64:ba:6a:c8:4b:
         77:c3:75:de
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEkidI1gfguuDsOQrD0SIsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MDYxZWU4N2Y1YjU1ZjE5MDNhMmIzNzA0ZWJhMDk0NGFi
MGM1YWMwHhcNMjQwMTAxMTAyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDk0YzY0OWNhZGRmOWJkZmRlZjc5ODk5MGQxMmQ1MTExN2Y3NThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA23pLKhX0dqxB6P5Gw0MgK0P0/Hp7
Qp/4aKF3ZViNUZuZbLkooj1728pKHx0jBYuqjLuSOCOPNKJmY6UYwJ06WMVuzN+8
qK7C8XsAjMZe6y4DkW9xjLgU/8QYjkVc8tQjT3LP7JT4Vngl0A22HtdG98iFexvJ
OuPROp5qfAui4qf5X75N6dAizGqVFpTpnrAbmro8xtzCGc61w7GyCf588J6+qX7+
H1JrDt72NbVM8cIwG5wen4AuRJ3K/BcQODzhNn8d5lOLRdSXUE1ZHQLnfQw+aBRP
Xn9sKrDqZCnHsMN9dmY3xxQyoMe0iA3+2hmmHrtcj0EpLAny+J7ZvZS/jwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMCUxknK3fm9/e95iZDRLVERf3WOMB8GA1UdIwQY
MBaAFNcGHuh/W1XxkDorNwTroJRKsMWsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXdZZTZIOWJWZkdRT2lzM0JPdWdsRXF3eGF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9iMTEzYzQtN2NmMS00MTFjLTg3M2It
Mjg4M2Y4OGE4NmVjLzEvd0pUR1NjcmQtYjM5NzNtSmtORXRVUkZfZFk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9iMTEzYzQtN2NmMS00MTFjLTg3M2ItMjg4M2Y4OGE4NmVj
LzEvMXdZZTZIOWJWZkdRT2lzM0JPdWdsRXF3eGF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQEvAAwMA8E
AgACMAkDBwAgAQZ8I9QwDQYJKoZIhvcNAQELBQADggEBAANEL6GF12A70eN4c4nA
erXKEqsuYNnXoz0ixmvn2IvHdQUfp0nOpngNxJx/lBPLaGP+8SNY4djZ81orm3OK
C/IBks6dQgfuQPCJQN4tiKbU2ebvBGvQ2GG577/ntX7jFE8vsSFIUd+ZtniVmfKo
zIdLd+6jSMtYPNTYoPrfeLbQlhnKyEx6owdwnj6R8L9WDRVpmiwTpGe1Klk0HVGt
CFGAXbdi/u+hzHP890mCqy+OxRvactECnQ1h/Mrox6SHTYd3/bVrDUE46OwzM9Y1
5AywslKjE03PWOkhVtBQXDqAbBQ0LnsoQ4uH+oWnlMijn5Wac/m5pCFkumrIS3fD
dd4=
-----END CERTIFICATE-----