Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/wn2bIs8prhFXu2K0wBjzCvgZxCM.roa
File:                     wn2bIs8prhFXu2K0wBjzCvgZxCM.roa (raw, json)
Hash identifier:          ZbvwXAOxAnhqMLWat9nLpl6cN09+BSs/l5xW991OE/Y=
Subject key identifier:   C2:7D:9B:22:CF:29:AE:11:57:BB:62:B4:C0:18:F3:0A:F8:19:C4:23
Certificate issuer:       /CN=dee623e2aff7b03afeb94260348c1633b54d9056
Certificate serial:       018CC3491EEFD26BB247C37AAB1CED9462CE
Authority key identifier: DE:E6:23:E2:AF:F7:B0:3A:FE:B9:42:60:34:8C:16:33:B5:4D:90:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/wn2bIs8prhFXu2K0wBjzCvgZxCM.roa
Signing time:             Mon 01 Jan 2024 04:29:58 +0000
ROA not before:           Mon 01 Jan 2024 04:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211090
IP address blocks:        194.127.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:1e:ef:d2:6b:b2:47:c3:7a:ab:1c:ed:94:62:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dee623e2aff7b03afeb94260348c1633b54d9056
        Validity
            Not Before: Jan  1 04:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c27d9b22cf29ae1157bb62b4c018f30af819c423
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:3b:90:71:7e:ab:dd:58:5a:fd:14:75:cd:a8:
                    3d:fe:25:2a:ef:a6:b1:62:1d:bd:d0:59:ed:22:59:
                    d2:67:44:96:a5:fe:5e:ff:fd:af:65:3a:12:fa:91:
                    a2:ff:d2:4c:e0:fb:7f:52:ad:dc:d1:63:2b:6c:c2:
                    15:4c:18:fb:f6:31:93:50:19:35:63:08:10:b8:be:
                    01:f7:c3:11:d4:ae:04:f3:fa:e0:82:97:a3:94:ab:
                    7e:b9:01:16:93:04:93:8a:c6:de:46:67:08:4a:af:
                    ba:45:6f:d6:1e:09:1e:de:cb:05:ce:3a:17:74:d5:
                    d8:bb:0f:78:13:da:95:91:81:2c:8b:55:07:ee:5e:
                    75:81:18:c9:ad:cb:2d:32:25:3f:1c:e5:a2:f9:3f:
                    f2:7e:a8:74:f6:c0:30:7c:6b:02:6d:86:36:b1:93:
                    5c:0c:a9:76:b7:3d:41:8a:9e:e3:8e:7a:77:dc:6d:
                    c1:25:4d:5d:42:ab:57:15:6d:90:46:4c:1e:ad:1a:
                    7b:7b:74:9e:11:ce:08:98:7b:a6:da:88:b2:1a:3b:
                    ca:87:1d:54:f9:e4:be:10:b9:1b:2f:ca:40:09:91:
                    af:72:52:fb:54:c6:93:34:68:04:a6:f0:1b:f7:b5:
                    aa:f0:98:1f:7f:8c:a0:63:52:4e:6e:82:74:d9:90:
                    6b:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:7D:9B:22:CF:29:AE:11:57:BB:62:B4:C0:18:F3:0A:F8:19:C4:23
            X509v3 Authority Key Identifier:
                keyid:DE:E6:23:E2:AF:F7:B0:3A:FE:B9:42:60:34:8C:16:33:B5:4D:90:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/wn2bIs8prhFXu2K0wBjzCvgZxCM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:c4:97:de:9d:ac:07:b9:c1:a6:8c:5f:cd:51:33:00:ea:cc:
         23:86:17:a2:c0:f4:f1:b1:70:ed:f6:1a:c5:23:70:05:42:6e:
         f6:a7:75:7c:5d:e0:e7:83:a6:5b:3a:1e:8a:8a:3a:e5:21:21:
         41:16:8a:22:59:02:56:30:8f:20:f5:4a:fb:8f:5f:9a:4c:d2:
         eb:da:53:9f:be:f2:cd:78:f4:54:94:ac:5d:54:ad:f7:d9:72:
         8e:f0:d0:32:01:6e:0f:c9:80:0e:7d:2b:c3:1e:77:60:6c:50:
         0f:c0:36:5f:09:b7:6a:58:fd:fe:8e:b0:72:7e:37:e1:13:69:
         3d:8a:4c:7e:d1:ec:c5:66:d8:69:09:65:f7:3b:a7:b9:da:62:
         a4:7a:53:42:12:68:8d:ed:bc:87:ba:cb:67:c6:5e:34:a1:95:
         eb:89:63:24:37:9c:88:ab:26:4f:e7:7f:ce:bb:a2:ed:69:1b:
         2b:40:1c:d7:fc:20:66:79:09:b2:6a:b9:23:ad:08:98:49:93:
         b8:3d:34:c9:54:6c:bb:db:56:1a:f1:e0:83:c6:38:5a:73:bd:
         75:07:44:97:22:92:93:4a:06:7d:56:42:3f:1f:10:70:92:6e:
         22:3e:17:2f:74:8d:9b:73:17:8a:3a:ca:ae:50:b3:3c:20:87:
         15:ea:28:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSR7v0muyR8N6qxztlGLOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlZTYyM2UyYWZmN2IwM2FmZWI5NDI2MDM0OGMxNjMzYjU0
ZDkwNTYwHhcNMjQwMTAxMDQyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjdkOWIyMmNmMjlhZTExNTdiYjYyYjRjMDE4ZjMwYWY4MTljNDIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkzuQcX6r3Vha/RR1zag9/iUq76ax
Yh290FntIlnSZ0SWpf5e//2vZToS+pGi/9JM4Pt/Uq3c0WMrbMIVTBj79jGTUBk1
YwgQuL4B98MR1K4E8/rggpejlKt+uQEWkwSTisbeRmcISq+6RW/WHgke3ssFzjoX
dNXYuw94E9qVkYEsi1UH7l51gRjJrcstMiU/HOWi+T/yfqh09sAwfGsCbYY2sZNc
DKl2tz1Bip7jjnp33G3BJU1dQqtXFW2QRkwerRp7e3SeEc4ImHum2oiyGjvKhx1U
+eS+ELkbL8pACZGvclL7VMaTNGgEpvAb97Wq8Jgff4ygY1JOboJ02ZBrRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMJ9myLPKa4RV7titMAY8wr4GcQjMB8GA1UdIwQY
MBaAFN7mI+Kv97A6/rlCYDSMFjO1TZBWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3VZajRxXzNzRHItdVVKZ05Jd1dNN1ZOa0ZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85ODcxZmYtM2YyNi00Yjk0LWE0NjQt
NmNjMWQzZWE4MzJlLzEvd24yYklzOHByaEZYdTJLMHdCanpDdmdaeENNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85ODcxZmYtM2YyNi00Yjk0LWE0NjQtNmNjMWQzZWE4MzJl
LzEvM3VZajRxXzNzRHItdVVKZ05Jd1dNN1ZOa0ZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn9vMA0G
CSqGSIb3DQEBCwUAA4IBAQCSxJfenawHucGmjF/NUTMA6swjhheiwPTxsXDt9hrF
I3AFQm72p3V8XeDng6ZbOh6KijrlISFBFooiWQJWMI8g9Ur7j1+aTNLr2lOfvvLN
ePRUlKxdVK332XKO8NAyAW4PyYAOfSvDHndgbFAPwDZfCbdqWP3+jrByfjfhE2k9
ikx+0ezFZthpCWX3O6e52mKkelNCEmiN7byHustnxl40oZXriWMkN5yIqyZP53/O
u6LtaRsrQBzX/CBmeQmyarkjrQiYSZO4PTTJVGy721Ya8eCDxjhac711B0SXIpKT
SgZ9VkI/HxBwkm4iPhcvdI2bcxeKOsquULM8IIcV6ij8
-----END CERTIFICATE-----