Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/720c04-e9c7-48b2-8fec-9cfe1b57cd20/1/wWp1b7QO_QnrQNmWIpl3zyG7T-4.roa
File:                     wWp1b7QO_QnrQNmWIpl3zyG7T-4.roa (raw, json)
Hash identifier:          UtI4qX//LYqc/J/XdNbZMCMWKkwGkFGbe574IjMVOnU=
Subject key identifier:   C1:6A:75:6F:B4:0E:FD:09:EB:40:D9:96:22:99:77:CF:21:BB:4F:EE
Certificate issuer:       /CN=9cb80bc4b597c176bd8538c188fec73da25e6e84
Certificate serial:       01931FA7C9722CA4B1E7E731CCA7B7A9D663
Authority key identifier: 9C:B8:0B:C4:B5:97:C1:76:BD:85:38:C1:88:FE:C7:3D:A2:5E:6E:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nLgLxLWXwXa9hTjBiP7HPaJeboQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/720c04-e9c7-48b2-8fec-9cfe1b57cd20/1/wWp1b7QO_QnrQNmWIpl3zyG7T-4.roa
Signing time:             Tue 12 Nov 2024 09:15:09 +0000
ROA not before:           Tue 12 Nov 2024 09:15:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41683
IP address blocks:        185.163.129.0/24 maxlen: 24
                          185.163.130.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/720c04-e9c7-48b2-8fec-9cfe1b57cd20/1/nLgLxLWXwXa9hTjBiP7HPaJeboQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/720c04-e9c7-48b2-8fec-9cfe1b57cd20/1/nLgLxLWXwXa9hTjBiP7HPaJeboQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nLgLxLWXwXa9hTjBiP7HPaJeboQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:1f:a7:c9:72:2c:a4:b1:e7:e7:31:cc:a7:b7:a9:d6:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cb80bc4b597c176bd8538c188fec73da25e6e84
        Validity
            Not Before: Nov 12 09:15:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c16a756fb40efd09eb40d996229977cf21bb4fee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:98:b8:17:d9:88:ee:0b:aa:d4:ea:bb:10:4d:
                    b0:0c:43:8e:4b:d8:41:a1:f5:db:73:80:45:0a:8d:
                    0c:56:fa:d9:db:5a:c9:8c:b6:7b:ae:8a:f3:ea:10:
                    83:88:2c:e5:10:22:7f:9b:48:56:d5:19:f0:83:67:
                    8e:9f:5f:91:e9:2f:ad:2e:33:d0:13:35:c2:ea:3a:
                    c7:21:ba:32:59:94:74:ad:9c:69:ff:b7:59:6c:2d:
                    10:a0:87:aa:dc:a0:eb:1e:bf:6e:74:df:3d:93:f6:
                    18:71:da:61:7b:1a:73:25:15:b7:49:22:f6:4f:88:
                    2d:c1:67:90:70:bc:82:ef:1f:51:2d:e2:43:77:37:
                    a3:f7:14:d8:a1:f9:87:5b:50:ea:6f:66:f2:26:85:
                    b2:b9:18:37:58:92:a5:38:b7:76:56:28:8d:e0:98:
                    09:a4:7f:3f:8c:99:ac:3d:8c:e4:26:db:8e:71:48:
                    40:8d:d5:91:7f:5b:49:61:58:6e:ad:81:b2:bb:03:
                    dd:33:a6:51:96:be:69:ff:35:99:77:75:d9:11:1b:
                    bb:6b:f7:80:d8:50:21:1a:dc:2c:11:f6:d9:ba:e4:
                    5c:74:43:8c:70:75:38:0f:e1:69:82:43:55:44:d4:
                    5d:aa:0f:7a:55:af:c1:4a:fc:b4:0c:29:6f:81:bd:
                    cd:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:6A:75:6F:B4:0E:FD:09:EB:40:D9:96:22:99:77:CF:21:BB:4F:EE
            X509v3 Authority Key Identifier:
                keyid:9C:B8:0B:C4:B5:97:C1:76:BD:85:38:C1:88:FE:C7:3D:A2:5E:6E:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nLgLxLWXwXa9hTjBiP7HPaJeboQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/720c04-e9c7-48b2-8fec-9cfe1b57cd20/1/wWp1b7QO_QnrQNmWIpl3zyG7T-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/720c04-e9c7-48b2-8fec-9cfe1b57cd20/1/nLgLxLWXwXa9hTjBiP7HPaJeboQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.163.129.0-185.163.130.255

    Signature Algorithm: sha256WithRSAEncryption
         5c:2f:56:89:25:3d:cb:6b:dd:92:20:3f:9b:7b:c8:fb:d1:bf:
         04:6b:47:15:fc:ea:18:b9:c2:82:e4:66:c0:a1:89:a1:59:c4:
         54:81:a2:1f:43:f0:fd:1c:c2:f9:7c:b3:ce:2a:99:d8:43:8e:
         c2:68:bd:fa:25:fa:03:31:59:b9:33:47:1d:3f:a7:a5:25:4f:
         5d:59:da:94:1a:d2:5b:53:5d:08:43:b6:ff:38:d2:8a:c5:58:
         51:3b:24:cb:12:14:3d:96:6f:5d:70:3b:8f:68:98:7e:a8:ed:
         61:14:18:28:6a:61:8b:dc:32:9b:2a:4b:13:49:03:5a:1b:9d:
         a0:61:5b:e2:39:8d:af:45:8b:93:90:28:ea:60:a8:15:13:3d:
         5e:15:94:d5:a4:39:ad:47:9c:7c:31:97:2f:31:fb:87:c2:d6:
         e9:2b:ea:54:e8:7f:8d:1d:70:35:e5:94:9f:67:3a:a1:ce:bc:
         84:b4:ad:74:81:a3:69:e1:e4:b9:95:99:b4:76:90:3f:cd:12:
         23:8e:03:81:4f:98:99:2c:ca:15:0e:6b:eb:e3:0d:c5:b0:7e:
         c5:61:ac:de:fd:36:11:b7:2c:f0:8c:c0:65:1b:5a:d5:a3:ae:
         19:e5:9e:52:f2:c2:93:53:bc:da:63:51:01:fa:9f:24:ea:12:
         75:f0:c5:9d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZMfp8lyLKSx5+cxzKe3qdZjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljYjgwYmM0YjU5N2MxNzZiZDg1MzhjMTg4ZmVjNzNkYTI1
ZTZlODQwHhcNMjQxMTEyMDkxNTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTZhNzU2ZmI0MGVmZDA5ZWI0MGQ5OTYyMjk5NzdjZjIxYmI0ZmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Zi4F9mI7guq1Oq7EE2wDEOOS9hB
ofXbc4BFCo0MVvrZ21rJjLZ7rorz6hCDiCzlECJ/m0hW1Rnwg2eOn1+R6S+tLjPQ
EzXC6jrHIboyWZR0rZxp/7dZbC0QoIeq3KDrHr9udN89k/YYcdphexpzJRW3SSL2
T4gtwWeQcLyC7x9RLeJDdzej9xTYofmHW1Dqb2byJoWyuRg3WJKlOLd2ViiN4JgJ
pH8/jJmsPYzkJtuOcUhAjdWRf1tJYVhurYGyuwPdM6ZRlr5p/zWZd3XZERu7a/eA
2FAhGtwsEfbZuuRcdEOMcHU4D+FpgkNVRNRdqg96Va/BSvy0DClvgb3NpwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMFqdW+0Dv0J60DZliKZd88hu0/uMB8GA1UdIwQY
MBaAFJy4C8S1l8F2vYU4wYj+xz2iXm6EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkxnTHhMV1h3WGE5aFRqQmlQN0hQYUplYm9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi83MjBjMDQtZTljNy00OGIyLThmZWMt
OWNmZTFiNTdjZDIwLzEvd1dwMWI3UU9fUW5yUU5tV0lwbDN6eUc3VC00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi83MjBjMDQtZTljNy00OGIyLThmZWMtOWNmZTFiNTdjZDIw
LzEvbkxnTHhMV1h3WGE5aFRqQmlQN0hQYUplYm9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5o4ED
BAC5o4IwDQYJKoZIhvcNAQELBQADggEBAFwvVoklPctr3ZIgP5t7yPvRvwRrRxX8
6hi5woLkZsChiaFZxFSBoh9D8P0cwvl8s84qmdhDjsJovfol+gMxWbkzRx0/p6Ul
T11Z2pQa0ltTXQhDtv840orFWFE7JMsSFD2Wb11wO49omH6o7WEUGChqYYvcMpsq
SxNJA1obnaBhW+I5ja9Fi5OQKOpgqBUTPV4VlNWkOa1HnHwxly8x+4fC1ukr6lTo
f40dcDXllJ9nOqHOvIS0rXSBo2nh5LmVmbR2kD/NEiOOA4FPmJksyhUOa+vjDcWw
fsVhrN79NhG3LPCMwGUbWtWjrhnlnlLywpNTvNpjUQH6nyTqEnXwxZ0=
-----END CERTIFICATE-----