Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/WVD3Ads3Pf52KRspoZX6s1W_JTw.roa
File:                     WVD3Ads3Pf52KRspoZX6s1W_JTw.roa (raw, json)
Hash identifier:          7ARmlvDhkN9eEqdQprCsoNmp0inWQH1wV0KO1qW2rqU=
Subject key identifier:   59:50:F7:01:DB:37:3D:FE:76:29:1B:29:A1:95:FA:B3:55:BF:25:3C
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       018CC56EEFB143B83F77DFA9ECAD80F132B6
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/WVD3Ads3Pf52KRspoZX6s1W_JTw.roa
Signing time:             Mon 01 Jan 2024 14:30:31 +0000
ROA not before:           Mon 01 Jan 2024 14:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208046
IP address blocks:        82.118.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:ef:b1:43:b8:3f:77:df:a9:ec:ad:80:f1:32:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  1 14:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5950f701db373dfe76291b29a195fab355bf253c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:aa:6f:c1:96:26:61:78:9e:6f:3a:b3:27:f2:
                    c8:e7:dd:8e:23:48:57:90:69:01:40:e1:e9:ed:fc:
                    ba:d7:aa:db:58:f5:8d:92:d2:2e:55:da:00:bb:80:
                    ff:84:99:b1:6d:38:f5:16:ff:89:40:d3:56:60:80:
                    ba:32:0b:18:f5:fd:b8:f3:e5:82:ee:db:b3:6e:ab:
                    76:4b:bb:11:bc:cf:46:6f:66:34:a5:60:9a:ed:4d:
                    58:05:d7:16:51:34:c9:8b:50:5a:77:c6:1a:21:13:
                    a0:b1:cd:ab:b4:7f:32:11:08:e6:07:76:71:7e:2c:
                    ae:23:f9:f0:b8:26:3d:96:b5:fb:9e:0d:e8:c8:e0:
                    89:c7:0c:0e:81:a5:da:6c:41:fa:03:35:ef:eb:3c:
                    30:51:4b:ad:2d:50:9c:5d:d0:cf:0a:b0:e2:75:17:
                    8a:35:89:cd:78:53:eb:39:d8:d3:52:fb:11:e8:e9:
                    0e:f3:ba:1e:46:68:ac:a8:4f:66:2c:9f:56:b4:9b:
                    ec:71:ba:c8:f9:5c:a7:69:d8:d7:44:59:e0:aa:17:
                    10:81:7a:48:b2:0f:c5:f9:28:c9:55:d1:62:91:f5:
                    b5:28:dc:c5:6a:7c:f4:9a:d1:86:98:f0:4f:4a:c0:
                    10:e9:35:df:1e:ff:28:16:72:ae:a3:79:1c:28:e5:
                    7f:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:50:F7:01:DB:37:3D:FE:76:29:1B:29:A1:95:FA:B3:55:BF:25:3C
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/WVD3Ads3Pf52KRspoZX6s1W_JTw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.118.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:5f:d3:18:81:fd:77:86:21:50:a4:fc:1e:16:62:aa:5c:89:
         f6:e4:68:9f:e6:e6:14:43:cd:32:33:4a:93:e3:07:b7:50:1d:
         5f:e6:a5:70:9f:64:c6:c1:13:10:14:ed:ea:bf:32:99:da:f1:
         9c:71:aa:4b:eb:7f:e3:fb:f5:43:1a:e0:c1:90:99:fc:05:3d:
         13:ee:2e:40:dc:22:2c:f6:f4:4b:df:05:95:3a:39:9f:f4:d1:
         f7:0c:24:4d:05:6e:17:aa:9b:26:49:96:c4:35:07:ab:2c:d1:
         ce:70:79:8b:a3:a9:85:87:43:35:24:f1:70:1f:76:c3:1c:f1:
         6e:e9:de:be:2f:64:b4:31:8e:ca:f6:0a:ae:21:c6:dc:a1:72:
         01:38:0e:2f:46:3a:61:6e:98:fd:fd:0b:cd:5c:04:64:87:32:
         fb:24:29:28:aa:9f:44:bf:9f:41:81:a5:57:7c:95:aa:62:64:
         1c:84:91:3a:67:a7:9a:0b:cd:54:c3:33:14:f6:73:02:57:39:
         9c:d7:d2:fb:d3:0d:8f:1c:3b:fe:b5:3c:1d:d4:0c:ed:c9:13:
         0d:30:0c:14:33:1d:c6:bb:fc:b1:d1:05:6a:02:0a:17:2a:93:
         4e:d6:8a:9d:26:c5:72:c9:2d:80:d5:99:b4:5e:58:1f:ae:a8:
         cd:dd:24:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbu+xQ7g/d9+p7K2A8TK2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjQwMTAxMTQzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTUwZjcwMWRiMzczZGZlNzYyOTFiMjlhMTk1ZmFiMzU1YmYyNTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqpvwZYmYXiebzqzJ/LI592OI0hX
kGkBQOHp7fy616rbWPWNktIuVdoAu4D/hJmxbTj1Fv+JQNNWYIC6MgsY9f248+WC
7tuzbqt2S7sRvM9Gb2Y0pWCa7U1YBdcWUTTJi1Bad8YaIROgsc2rtH8yEQjmB3Zx
fiyuI/nwuCY9lrX7ng3oyOCJxwwOgaXabEH6AzXv6zwwUUutLVCcXdDPCrDidReK
NYnNeFPrOdjTUvsR6OkO87oeRmisqE9mLJ9WtJvscbrI+VynadjXRFngqhcQgXpI
sg/F+SjJVdFikfW1KNzFanz0mtGGmPBPSsAQ6TXfHv8oFnKuo3kcKOV/nwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFlQ9wHbNz3+dikbKaGV+rNVvyU8MB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvV1ZEM0FkczNQZjUyS1JzcG9aWDZzMVdfSlR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUnbmMA0G
CSqGSIb3DQEBCwUAA4IBAQBCX9MYgf13hiFQpPweFmKqXIn25Gif5uYUQ80yM0qT
4we3UB1f5qVwn2TGwRMQFO3qvzKZ2vGccapL63/j+/VDGuDBkJn8BT0T7i5A3CIs
9vRL3wWVOjmf9NH3DCRNBW4XqpsmSZbENQerLNHOcHmLo6mFh0M1JPFwH3bDHPFu
6d6+L2S0MY7K9gquIcbcoXIBOA4vRjphbpj9/QvNXARkhzL7JCkoqp9Ev59BgaVX
fJWqYmQchJE6Z6eaC81UwzMU9nMCVzmc19L70w2PHDv+tTwd1AztyRMNMAwUMx3G
u/yx0QVqAgoXKpNO1oqdJsVyyS2A1Zm0XlgfrqjN3SSA
-----END CERTIFICATE-----