Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/0fbf48-5db7-49fe-bf44-6a36705bba6f/1/2WJCBdXwdeVKa1c0hW2v2wgoTRw.roa
File:                     2WJCBdXwdeVKa1c0hW2v2wgoTRw.roa (raw, json)
Hash identifier:          WgG033s4fS0srO/JbEHPEj3VSdyDuNkcHfxfML7oxHs=
Subject key identifier:   D9:62:42:05:D5:F0:75:E5:4A:6B:57:34:85:6D:AF:DB:08:28:4D:1C
Certificate issuer:       /CN=0c05ca111c0093b56514215be467b515dda56c06
Certificate serial:       018F151C4D435336A1F6C5DC08F01D14FC19
Authority key identifier: 0C:05:CA:11:1C:00:93:B5:65:14:21:5B:E4:67:B5:15:DD:A5:6C:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DAXKERwAk7VlFCFb5Ge1Fd2lbAY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/0fbf48-5db7-49fe-bf44-6a36705bba6f/1/2WJCBdXwdeVKa1c0hW2v2wgoTRw.roa
Signing time:             Thu 25 Apr 2024 11:55:27 +0000
ROA not before:           Thu 25 Apr 2024 11:55:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209824
IP address blocks:        217.113.54.0/23 maxlen: 23
                          2a13:e700::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/0fbf48-5db7-49fe-bf44-6a36705bba6f/1/DAXKERwAk7VlFCFb5Ge1Fd2lbAY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/0fbf48-5db7-49fe-bf44-6a36705bba6f/1/DAXKERwAk7VlFCFb5Ge1Fd2lbAY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DAXKERwAk7VlFCFb5Ge1Fd2lbAY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 02:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:15:1c:4d:43:53:36:a1:f6:c5:dc:08:f0:1d:14:fc:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c05ca111c0093b56514215be467b515dda56c06
        Validity
            Not Before: Apr 25 11:55:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d9624205d5f075e54a6b5734856dafdb08284d1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:f7:34:d9:14:4c:31:3e:30:d7:15:06:53:3d:
                    3e:b0:71:42:6c:ec:e4:7a:0b:1e:21:f8:fe:d4:4d:
                    f1:54:fa:6f:02:d0:98:04:40:b0:c5:2d:35:69:5a:
                    d1:60:c3:a5:42:7b:43:d2:30:82:fc:e6:ae:40:c8:
                    50:5a:25:ca:03:65:55:2c:a6:bb:85:46:fd:b7:cd:
                    ff:f7:72:8d:ee:c1:df:f3:27:11:74:3b:8e:92:31:
                    ed:0f:d4:e9:dd:55:6c:6c:53:8e:1c:77:fd:74:07:
                    78:2e:08:13:e3:c9:a5:33:72:d0:2b:ea:73:d8:77:
                    37:5e:c1:af:5d:4d:91:dd:3c:f0:ab:75:97:86:23:
                    0a:89:2d:ae:64:28:33:d1:1c:93:a0:da:dd:c9:9b:
                    db:f3:87:32:38:e7:01:2f:1f:ea:ca:10:47:82:44:
                    b1:49:f4:38:0e:07:8c:c6:83:c4:ea:c4:10:b4:12:
                    83:d8:66:2f:dc:c4:c7:fb:af:f6:6e:e7:ff:8d:17:
                    8c:70:84:19:ef:2b:25:d6:80:d0:b6:37:dc:7f:9d:
                    a7:89:d9:70:7b:aa:e9:18:06:53:8e:10:29:5d:3e:
                    ff:d8:db:ad:57:20:03:6c:d0:05:92:f8:e2:a9:76:
                    80:21:69:b1:46:40:38:f9:eb:0e:49:30:16:75:83:
                    d5:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:62:42:05:D5:F0:75:E5:4A:6B:57:34:85:6D:AF:DB:08:28:4D:1C
            X509v3 Authority Key Identifier:
                keyid:0C:05:CA:11:1C:00:93:B5:65:14:21:5B:E4:67:B5:15:DD:A5:6C:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DAXKERwAk7VlFCFb5Ge1Fd2lbAY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/0fbf48-5db7-49fe-bf44-6a36705bba6f/1/2WJCBdXwdeVKa1c0hW2v2wgoTRw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/0fbf48-5db7-49fe-bf44-6a36705bba6f/1/DAXKERwAk7VlFCFb5Ge1Fd2lbAY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.113.54.0/23
                IPv6:
                  2a13:e700::/48

    Signature Algorithm: sha256WithRSAEncryption
         01:3c:ab:73:d4:44:8e:0c:c3:6e:48:19:02:7d:b4:94:bb:e2:
         c5:f8:12:fd:e5:ca:6d:7d:a1:21:8a:d8:80:99:2b:7b:11:2a:
         d0:01:04:a3:aa:59:3f:6a:15:71:32:ad:0c:36:ad:9c:a4:5a:
         ef:4d:3d:08:03:39:5c:bd:87:63:f3:64:8b:3d:04:40:37:37:
         ec:a8:3a:62:a9:3f:58:48:79:95:05:b9:10:fc:a7:e9:74:02:
         67:bb:df:b4:6f:e4:f8:42:73:9d:93:ce:92:c9:61:aa:81:f2:
         40:dc:2c:0a:2d:5a:e0:38:0c:3c:df:93:d5:93:e6:c4:20:9c:
         b3:69:bc:62:ed:18:fc:6d:4c:47:c6:6c:3b:d7:d5:2e:52:65:
         52:68:80:5f:47:0d:7e:93:00:2a:95:11:98:7c:e9:a4:f0:35:
         9f:59:5f:5b:32:7e:99:97:90:79:ec:22:99:8f:ab:76:b2:48:
         76:62:29:af:b3:7f:64:17:f7:98:e0:92:48:b2:32:98:7a:12:
         42:06:ea:96:f8:52:08:c2:60:6d:fb:bd:68:ab:45:b3:62:15:
         5f:0d:a6:d6:20:89:e0:19:d2:ca:f5:4c:44:5d:8a:20:8d:11:
         ca:25:eb:92:dc:57:0f:38:38:16:68:01:27:b0:3a:35:cf:97:
         9e:9e:7c:43
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY8VHE1DUzah9sXcCPAdFPwZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMDVjYTExMWMwMDkzYjU2NTE0MjE1YmU0NjdiNTE1ZGRh
NTZjMDYwHhcNMjQwNDI1MTE1NTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTYyNDIwNWQ1ZjA3NWU1NGE2YjU3MzQ4NTZkYWZkYjA4Mjg0ZDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/c02RRMMT4w1xUGUz0+sHFCbOzk
egseIfj+1E3xVPpvAtCYBECwxS01aVrRYMOlQntD0jCC/OauQMhQWiXKA2VVLKa7
hUb9t83/93KN7sHf8ycRdDuOkjHtD9Tp3VVsbFOOHHf9dAd4LggT48mlM3LQK+pz
2Hc3XsGvXU2R3Tzwq3WXhiMKiS2uZCgz0RyToNrdyZvb84cyOOcBLx/qyhBHgkSx
SfQ4DgeMxoPE6sQQtBKD2GYv3MTH+6/2buf/jReMcIQZ7ysl1oDQtjfcf52nidlw
e6rpGAZTjhApXT7/2NutVyADbNAFkvjiqXaAIWmxRkA4+esOSTAWdYPVywIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNliQgXV8HXlSmtXNIVtr9sIKE0cMB8GA1UdIwQY
MBaAFAwFyhEcAJO1ZRQhW+RntRXdpWwGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREFYS0VSd0FrN1ZsRkNGYjVHZTFGZDJsYkFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8wZmJmNDgtNWRiNy00OWZlLWJmNDQt
NmEzNjcwNWJiYTZmLzEvMldKQ0JkWHdkZVZLYTFjMGhXMnYyd2dvVFJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8wZmJmNDgtNWRiNy00OWZlLWJmNDQtNmEzNjcwNWJiYTZm
LzEvREFYS0VSd0FrN1ZsRkNGYjVHZTFGZDJsYkFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQB2XE2MA8E
AgACMAkDBwAqE+cAAAAwDQYJKoZIhvcNAQELBQADggEBAAE8q3PURI4Mw25IGQJ9
tJS74sX4Ev3lym19oSGK2ICZK3sRKtABBKOqWT9qFXEyrQw2rZykWu9NPQgDOVy9
h2PzZIs9BEA3N+yoOmKpP1hIeZUFuRD8p+l0Ame737Rv5PhCc52TzpLJYaqB8kDc
LAotWuA4DDzfk9WT5sQgnLNpvGLtGPxtTEfGbDvX1S5SZVJogF9HDX6TACqVEZh8
6aTwNZ9ZX1syfpmXkHnsIpmPq3aySHZiKa+zf2QX95jgkkiyMph6EkIG6pb4UgjC
YG37vWirRbNiFV8NptYgieAZ0sr1TERdiiCNEcol65LcVw84OBZoASewOjXPl56e
fEM=
-----END CERTIFICATE-----