Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/026896-d734-4b9a-9c33-9e71cbd4217b/1/wTgEBqELpl-kfLYLIw86txTYOYg.roa
File:                     wTgEBqELpl-kfLYLIw86txTYOYg.roa (raw, json)
Hash identifier:          qx2VAA2tUrDjqAq4zI6porgwdOvSRDaVwV0Sasae6Y0=
Subject key identifier:   C1:38:04:06:A1:0B:A6:5F:A4:7C:B6:0B:23:0F:3A:B7:14:D8:39:88
Certificate issuer:       /CN=ee377ed9fa11ec19955559762de047a5a6eb14a8
Certificate serial:       018CC500DAA8165ABC7AA2665CA57D613BC0
Authority key identifier: EE:37:7E:D9:FA:11:EC:19:95:55:59:76:2D:E0:47:A5:A6:EB:14:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7jd-2foR7BmVVVl2LeBHpabrFKg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/026896-d734-4b9a-9c33-9e71cbd4217b/1/wTgEBqELpl-kfLYLIw86txTYOYg.roa
Signing time:             Mon 01 Jan 2024 12:30:16 +0000
ROA not before:           Mon 01 Jan 2024 12:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12750
IP address blocks:        212.80.96.0/19 maxlen: 19
                          2a01:7480::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/026896-d734-4b9a-9c33-9e71cbd4217b/1/7jd-2foR7BmVVVl2LeBHpabrFKg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/026896-d734-4b9a-9c33-9e71cbd4217b/1/7jd-2foR7BmVVVl2LeBHpabrFKg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7jd-2foR7BmVVVl2LeBHpabrFKg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:da:a8:16:5a:bc:7a:a2:66:5c:a5:7d:61:3b:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee377ed9fa11ec19955559762de047a5a6eb14a8
        Validity
            Not Before: Jan  1 12:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1380406a10ba65fa47cb60b230f3ab714d83988
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:4b:95:3f:64:68:20:35:4c:aa:39:c9:b5:2a:
                    c8:8f:7d:f6:ad:19:c1:f9:13:45:3e:b0:10:f5:20:
                    9f:6e:c9:d1:b7:1e:80:70:5d:2f:04:fb:a3:ef:55:
                    31:be:8b:aa:b5:bf:f4:b9:8c:5c:27:ee:d5:be:d0:
                    fe:56:50:4c:29:eb:4f:b4:77:8f:c0:b3:b7:42:0d:
                    71:fa:a7:d5:f9:dc:3a:c3:ec:b4:a1:4f:f1:9c:9d:
                    d9:71:7f:a3:6e:85:c8:8b:ab:cd:ec:38:24:16:2f:
                    06:b6:22:7d:b3:e6:d8:af:b2:86:67:eb:1d:1e:64:
                    37:87:61:15:5b:09:1b:7f:73:d6:73:4d:eb:22:cd:
                    1d:02:79:76:66:9f:92:b2:15:ef:ac:05:a3:27:69:
                    d5:89:cb:38:8e:68:b2:8d:38:5f:a7:2e:dc:6b:49:
                    c8:d7:0a:39:35:ec:23:78:ea:48:d7:e9:80:62:4c:
                    05:b3:02:47:31:cc:68:9e:a3:44:41:ed:bc:28:a4:
                    0c:24:05:a8:5e:30:8b:df:45:53:e4:63:2f:f4:71:
                    dd:62:d4:80:20:45:88:eb:4a:d3:73:aa:01:07:2e:
                    b5:77:2c:7d:d8:4a:fa:a8:5f:51:82:7a:7f:4b:56:
                    6c:84:e5:ec:1f:db:25:f8:71:55:55:72:8f:90:dc:
                    85:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:38:04:06:A1:0B:A6:5F:A4:7C:B6:0B:23:0F:3A:B7:14:D8:39:88
            X509v3 Authority Key Identifier:
                keyid:EE:37:7E:D9:FA:11:EC:19:95:55:59:76:2D:E0:47:A5:A6:EB:14:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7jd-2foR7BmVVVl2LeBHpabrFKg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/026896-d734-4b9a-9c33-9e71cbd4217b/1/wTgEBqELpl-kfLYLIw86txTYOYg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/026896-d734-4b9a-9c33-9e71cbd4217b/1/7jd-2foR7BmVVVl2LeBHpabrFKg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.80.96.0/19
                IPv6:
                  2a01:7480::/32

    Signature Algorithm: sha256WithRSAEncryption
         1d:1f:e9:ce:d8:ab:be:5c:fc:6c:ed:40:89:3a:62:88:ab:e6:
         ed:1d:77:f1:10:24:8e:c2:ba:31:06:ce:93:26:97:d1:1f:db:
         6c:45:1f:2a:03:9d:e7:5d:26:d0:bc:5c:f4:c7:6f:e8:11:5e:
         e2:a1:6c:88:46:22:9c:8a:bf:45:9c:7e:4e:ef:fe:f1:b1:62:
         dc:3d:c8:30:ff:83:0a:8c:6e:23:24:c1:ed:59:e7:f2:96:da:
         0c:45:a6:0d:ce:3c:d8:9c:ea:ef:16:fa:e0:52:44:57:08:39:
         63:d5:ed:98:69:0d:cf:0c:cf:e9:75:94:87:c9:e0:f3:a3:ee:
         06:dd:40:b9:96:9c:e7:b4:4b:d9:14:4c:6b:e0:49:c7:7f:5c:
         37:9e:d0:c5:e7:7e:0c:ec:62:d4:7b:92:52:37:0c:64:ed:f2:
         05:9c:ea:d9:ba:0c:49:5e:4e:fb:dd:93:06:2f:b3:bc:7c:62:
         85:1b:5e:ed:03:d5:b9:15:29:2c:f0:e8:dc:17:5f:95:a0:55:
         7a:5a:87:ae:0b:ef:64:67:a0:7c:e5:03:bd:45:72:cc:72:03:
         31:23:c8:75:f9:ea:fa:a8:ae:77:ea:b8:30:46:d2:64:10:5c:
         13:96:f6:4a:06:58:a1:d1:e7:af:9e:63:26:56:21:5f:eb:04:
         9d:52:e8:9e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFANqoFlq8eqJmXKV9YTvAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMzc3ZWQ5ZmExMWVjMTk5NTU1NTk3NjJkZTA0N2E1YTZl
YjE0YTgwHhcNMjQwMTAxMTIzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTM4MDQwNmExMGJhNjVmYTQ3Y2I2MGIyMzBmM2FiNzE0ZDgzOTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi0uVP2RoIDVMqjnJtSrIj332rRnB
+RNFPrAQ9SCfbsnRtx6AcF0vBPuj71Uxvouqtb/0uYxcJ+7VvtD+VlBMKetPtHeP
wLO3Qg1x+qfV+dw6w+y0oU/xnJ3ZcX+jboXIi6vN7DgkFi8GtiJ9s+bYr7KGZ+sd
HmQ3h2EVWwkbf3PWc03rIs0dAnl2Zp+SshXvrAWjJ2nVics4jmiyjThfpy7ca0nI
1wo5NewjeOpI1+mAYkwFswJHMcxonqNEQe28KKQMJAWoXjCL30VT5GMv9HHdYtSA
IEWI60rTc6oBBy61dyx92Er6qF9Rgnp/S1ZshOXsH9sl+HFVVXKPkNyFZwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFME4BAahC6ZfpHy2CyMPOrcU2DmIMB8GA1UdIwQY
MBaAFO43ftn6EewZlVVZdi3gR6Wm6xSoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2pkLTJmb1I3Qm1WVlZsMkxlQkhwYWJyRktnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS8wMjY4OTYtZDczNC00YjlhLTljMzMt
OWU3MWNiZDQyMTdiLzEvd1RnRUJxRUxwbC1rZkxZTEl3ODZ0eFRZT1lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS8wMjY4OTYtZDczNC00YjlhLTljMzMtOWU3MWNiZDQyMTdi
LzEvN2pkLTJmb1I3Qm1WVlZsMkxlQkhwYWJyRktnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQF1FBgMA0E
AgACMAcDBQAqAXSAMA0GCSqGSIb3DQEBCwUAA4IBAQAdH+nO2Ku+XPxs7UCJOmKI
q+btHXfxECSOwroxBs6TJpfRH9tsRR8qA53nXSbQvFz0x2/oEV7ioWyIRiKcir9F
nH5O7/7xsWLcPcgw/4MKjG4jJMHtWefyltoMRaYNzjzYnOrvFvrgUkRXCDlj1e2Y
aQ3PDM/pdZSHyeDzo+4G3UC5lpzntEvZFExr4EnHf1w3ntDF534M7GLUe5JSNwxk
7fIFnOrZugxJXk773ZMGL7O8fGKFG17tA9W5FSks8OjcF1+VoFV6WoeuC+9kZ6B8
5QO9RXLMcgMxI8h1+er6qK536rgwRtJkEFwTlvZKBlih0eevnmMmViFf6wSdUuie
-----END CERTIFICATE-----