Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/6483c2-3921-4c6e-9373-31a4da61d576/1/wJZWkACD4z74xYl3Eh73b1e6c9o.roa
File:                     wJZWkACD4z74xYl3Eh73b1e6c9o.roa (raw, json)
Hash identifier:          EI0fca0IMjIZuHA6NlKScJkQo5wgsNdZcRbsaJt4IfY=
Subject key identifier:   C0:96:56:90:00:83:E3:3E:F8:C5:89:77:12:1E:F7:6F:57:BA:73:DA
Certificate issuer:       /CN=c90edd10e6d9062215bfd64e45b3bf8a6b996379
Certificate serial:       0194228E2DBEC9DF83E2B03D84EBC71BC28A
Authority key identifier: C9:0E:DD:10:E6:D9:06:22:15:BF:D6:4E:45:B3:BF:8A:6B:99:63:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yQ7dEObZBiIVv9ZORbO_imuZY3k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/6483c2-3921-4c6e-9373-31a4da61d576/1/wJZWkACD4z74xYl3Eh73b1e6c9o.roa
Signing time:             Wed 01 Jan 2025 15:48:50 +0000
ROA not before:           Wed 01 Jan 2025 15:48:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        23.239.128.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/6483c2-3921-4c6e-9373-31a4da61d576/1/yQ7dEObZBiIVv9ZORbO_imuZY3k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/6483c2-3921-4c6e-9373-31a4da61d576/1/yQ7dEObZBiIVv9ZORbO_imuZY3k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yQ7dEObZBiIVv9ZORbO_imuZY3k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 18:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:2d:be:c9:df:83:e2:b0:3d:84:eb:c7:1b:c2:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c90edd10e6d9062215bfd64e45b3bf8a6b996379
        Validity
            Not Before: Jan  1 15:48:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c09656900083e33ef8c58977121ef76f57ba73da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:27:96:f9:27:de:80:0c:ff:cb:2d:d8:7e:84:
                    3e:85:31:87:4c:be:5d:ee:c1:2f:8c:4c:8e:4f:5d:
                    12:1f:15:4e:53:6e:55:13:0e:50:4c:17:9d:f8:f4:
                    88:f7:66:56:74:58:82:7a:f6:0e:12:12:95:b4:3e:
                    0f:23:57:33:5a:44:05:0c:75:d8:f4:fd:cf:ff:60:
                    f0:30:7f:e7:a9:8f:cd:b8:b0:89:0c:89:d5:bd:76:
                    c7:00:91:ad:78:9f:28:a5:00:e7:10:84:5c:b9:b4:
                    24:07:6e:eb:fa:14:e1:f1:95:c4:2c:cd:e4:5e:22:
                    fe:d5:6d:9d:58:a6:23:d9:7e:59:7f:6d:82:68:b4:
                    d0:c2:c6:8b:bb:ad:52:cb:d6:e6:f3:05:de:45:2c:
                    ea:b1:db:75:df:34:fb:94:bd:a5:0c:a2:f7:a5:29:
                    ea:6c:7c:c5:72:3c:a0:c1:99:b8:af:af:d5:1a:83:
                    1c:7f:88:6e:9b:fa:12:e7:b6:ff:4c:d3:c1:b0:71:
                    bd:1a:a9:65:3b:ab:96:1f:53:45:bd:56:94:2b:05:
                    82:bd:3e:f6:5f:68:a8:ec:94:99:cd:90:77:75:3a:
                    f4:fb:96:c9:be:c8:85:49:7d:c1:d1:ca:03:c4:bd:
                    91:c5:53:22:57:0e:4f:42:47:98:20:6c:4d:d4:c8:
                    dc:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:96:56:90:00:83:E3:3E:F8:C5:89:77:12:1E:F7:6F:57:BA:73:DA
            X509v3 Authority Key Identifier:
                keyid:C9:0E:DD:10:E6:D9:06:22:15:BF:D6:4E:45:B3:BF:8A:6B:99:63:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yQ7dEObZBiIVv9ZORbO_imuZY3k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/6483c2-3921-4c6e-9373-31a4da61d576/1/wJZWkACD4z74xYl3Eh73b1e6c9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/6483c2-3921-4c6e-9373-31a4da61d576/1/yQ7dEObZBiIVv9ZORbO_imuZY3k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.239.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         42:09:de:85:1c:bf:9a:50:61:fa:60:dd:07:c7:61:e6:99:50:
         98:5c:c8:5a:8f:1d:a7:4e:3e:0e:95:8b:d7:1d:4b:e5:8b:26:
         ae:df:8c:67:00:59:1c:e9:4a:91:88:f0:81:e0:24:7a:84:24:
         75:0d:27:80:e2:8b:e2:d5:61:01:89:32:40:8b:74:88:ec:68:
         0e:eb:82:f3:3e:fd:12:53:8c:39:29:05:f7:77:39:4c:99:32:
         96:17:59:06:47:a0:ae:47:d1:b2:da:d5:0e:ce:6a:3c:11:64:
         35:af:d7:c6:d1:f5:d1:2a:8d:43:da:85:6e:97:36:4e:bd:dc:
         c6:5b:b6:e7:f8:35:22:32:68:18:4e:fe:7e:e3:0a:7a:96:c2:
         e5:dd:8f:6b:a2:ac:56:15:0d:86:3a:0c:24:63:cf:5c:a4:11:
         a2:d0:87:68:f0:e4:6b:aa:f2:12:af:6d:43:22:fa:1b:bd:63:
         e1:e9:be:07:f1:5b:6f:c6:6c:3a:81:a2:fd:1f:23:45:ca:a0:
         03:23:0c:d8:f3:91:2e:12:ad:b6:1a:bc:e7:4c:96:40:b3:0f:
         cf:91:3a:55:0a:83:2a:c0:a5:2b:37:9d:20:2e:d0:22:04:8c:
         43:b8:da:eb:7e:87:eb:b3:2e:82:a4:7b:c9:8b:c5:92:27:9d:
         e8:d0:f2:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiji2+yd+D4rA9hOvHG8KKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5MGVkZDEwZTZkOTA2MjIxNWJmZDY0ZTQ1YjNiZjhhNmI5
OTYzNzkwHhcNMjUwMTAxMTU0ODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDk2NTY5MDAwODNlMzNlZjhjNTg5NzcxMjFlZjc2ZjU3YmE3M2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzieW+SfegAz/yy3YfoQ+hTGHTL5d
7sEvjEyOT10SHxVOU25VEw5QTBed+PSI92ZWdFiCevYOEhKVtD4PI1czWkQFDHXY
9P3P/2DwMH/nqY/NuLCJDInVvXbHAJGteJ8opQDnEIRcubQkB27r+hTh8ZXELM3k
XiL+1W2dWKYj2X5Zf22CaLTQwsaLu61Sy9bm8wXeRSzqsdt13zT7lL2lDKL3pSnq
bHzFcjygwZm4r6/VGoMcf4hum/oS57b/TNPBsHG9GqllO6uWH1NFvVaUKwWCvT72
X2io7JSZzZB3dTr0+5bJvsiFSX3B0coDxL2RxVMiVw5PQkeYIGxN1MjcgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMCWVpAAg+M++MWJdxIe929XunPaMB8GA1UdIwQY
MBaAFMkO3RDm2QYiFb/WTkWzv4prmWN5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVE3ZEVPYlpCaUlWdjlaT1JiT19pbXVaWTNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS82NDgzYzItMzkyMS00YzZlLTkzNzMt
MzFhNGRhNjFkNTc2LzEvd0paV2tBQ0Q0ejc0eFlsM0VoNzNiMWU2YzlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS82NDgzYzItMzkyMS00YzZlLTkzNzMtMzFhNGRhNjFkNTc2
LzEveVE3ZEVPYlpCaUlWdjlaT1JiT19pbXVaWTNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFF++AMA0G
CSqGSIb3DQEBCwUAA4IBAQBCCd6FHL+aUGH6YN0Hx2HmmVCYXMhajx2nTj4OlYvX
HUvliyau34xnAFkc6UqRiPCB4CR6hCR1DSeA4ovi1WEBiTJAi3SI7GgO64LzPv0S
U4w5KQX3dzlMmTKWF1kGR6CuR9Gy2tUOzmo8EWQ1r9fG0fXRKo1D2oVulzZOvdzG
W7bn+DUiMmgYTv5+4wp6lsLl3Y9roqxWFQ2GOgwkY89cpBGi0Ido8ORrqvISr21D
IvobvWPh6b4H8Vtvxmw6gaL9HyNFyqADIwzY85EuEq22GrznTJZAsw/PkTpVCoMq
wKUrN50gLtAiBIxDuNrrfofrsy6CpHvJi8WSJ53o0PKV
-----END CERTIFICATE-----