Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/ac410a-49a0-4e38-ae3b-5ca5bf67e69d/1/wkxXq3P8dQqFNbN4qKHoqzui_YA.roa
File:                     wkxXq3P8dQqFNbN4qKHoqzui_YA.roa (raw, json)
Hash identifier:          eauT8dVnb45Uy5OdYP6OMOy/tYoWYlq2lFkLIPa05W4=
Subject key identifier:   C2:4C:57:AB:73:FC:75:0A:85:35:B3:78:A8:A1:E8:AB:3B:A2:FD:80
Certificate issuer:       /CN=d3367dba3a220060e67d4ec680b0f99f247a872c
Certificate serial:       018F2A7330A55557B4471DCA5F0C45090FCA
Authority key identifier: D3:36:7D:BA:3A:22:00:60:E6:7D:4E:C6:80:B0:F9:9F:24:7A:87:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0zZ9ujoiAGDmfU7GgLD5nyR6hyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/ac410a-49a0-4e38-ae3b-5ca5bf67e69d/1/wkxXq3P8dQqFNbN4qKHoqzui_YA.roa
Signing time:             Mon 29 Apr 2024 15:22:23 +0000
ROA not before:           Mon 29 Apr 2024 15:22:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        140.150.96.0/19 maxlen: 24
                          176.116.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/ac410a-49a0-4e38-ae3b-5ca5bf67e69d/1/0zZ9ujoiAGDmfU7GgLD5nyR6hyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/ac410a-49a0-4e38-ae3b-5ca5bf67e69d/1/0zZ9ujoiAGDmfU7GgLD5nyR6hyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0zZ9ujoiAGDmfU7GgLD5nyR6hyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 06:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:2a:73:30:a5:55:57:b4:47:1d:ca:5f:0c:45:09:0f:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3367dba3a220060e67d4ec680b0f99f247a872c
        Validity
            Not Before: Apr 29 15:22:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c24c57ab73fc750a8535b378a8a1e8ab3ba2fd80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:f3:c0:00:95:34:f1:29:31:7a:ec:5e:7a:eb:
                    40:ad:ec:61:e5:78:a7:72:69:04:9c:38:94:0b:37:
                    4a:d2:6a:09:2e:30:01:ea:8f:7d:69:8a:85:b8:51:
                    77:f1:91:11:e3:17:9c:0e:c1:ad:db:a9:ae:ca:ed:
                    ef:37:68:a4:bb:f0:29:fd:3a:a0:9b:55:c5:de:1f:
                    f6:5f:71:d4:9b:04:c0:7f:a4:42:21:84:96:1a:69:
                    af:04:67:b2:2a:af:45:91:44:94:0d:df:5c:52:31:
                    4f:36:e7:6d:31:33:bc:fc:77:aa:09:79:96:cb:8a:
                    1c:64:1c:fb:83:7d:70:d9:db:19:20:54:b0:81:62:
                    6e:6e:36:56:73:b2:73:6d:38:86:60:99:2a:18:1f:
                    4f:12:bd:35:d7:61:ac:a5:a0:88:4b:6d:a6:6a:1a:
                    78:1b:ed:e6:96:ef:4d:d1:2c:73:49:8c:7e:f7:76:
                    64:26:f0:a5:7e:be:1d:43:07:1d:3d:33:7e:c7:37:
                    e0:55:be:e5:37:b0:44:02:8b:04:a6:07:c9:00:23:
                    8c:5f:78:78:cb:c8:18:4a:8c:1f:d9:82:88:8f:df:
                    34:96:cb:ca:3b:6b:d5:10:48:11:3b:92:4b:37:84:
                    13:bb:1c:36:e5:55:a0:f4:0c:d9:d1:8b:2e:49:a6:
                    65:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:4C:57:AB:73:FC:75:0A:85:35:B3:78:A8:A1:E8:AB:3B:A2:FD:80
            X509v3 Authority Key Identifier:
                keyid:D3:36:7D:BA:3A:22:00:60:E6:7D:4E:C6:80:B0:F9:9F:24:7A:87:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0zZ9ujoiAGDmfU7GgLD5nyR6hyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/ac410a-49a0-4e38-ae3b-5ca5bf67e69d/1/wkxXq3P8dQqFNbN4qKHoqzui_YA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/ac410a-49a0-4e38-ae3b-5ca5bf67e69d/1/0zZ9ujoiAGDmfU7GgLD5nyR6hyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.150.96.0/19
                  176.116.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:07:aa:2f:f2:3c:8e:09:32:57:d4:f8:42:72:87:6b:1b:df:
         27:35:1b:0b:03:ba:b0:ac:2d:df:a7:c9:3e:82:73:3b:11:38:
         77:c6:b1:ac:ab:41:05:c5:1f:fe:47:d7:7f:46:d0:a4:cc:2e:
         56:c0:58:fd:4d:7d:09:23:69:42:63:62:f5:cd:8d:ed:3a:55:
         5d:1f:2b:a0:fb:ea:48:c3:f9:4f:f0:91:15:87:96:93:d1:0b:
         70:59:20:db:4c:bd:4c:5a:9a:fe:7d:53:88:5b:96:3d:d2:c5:
         4e:c7:fb:58:43:78:e9:ea:a2:47:04:f2:35:42:4e:97:a4:d5:
         4c:ac:db:d4:19:5f:5e:5d:67:d2:10:94:9a:6a:16:da:15:7e:
         54:2b:3a:58:42:87:bd:7b:9b:a1:6f:48:02:b2:22:e5:64:8c:
         2c:4d:a7:de:e9:5a:7f:3c:9e:25:f4:5a:fc:21:89:52:f7:9c:
         bb:64:26:7f:e4:a6:4d:b4:85:36:6d:24:f4:c4:6d:c9:42:3b:
         4c:0b:c5:14:8d:4f:30:dd:9a:4e:7a:21:fd:4c:76:82:b7:3c:
         b9:ee:e3:b1:8e:ba:c3:64:97:5d:dc:82:3a:87:b5:9e:02:e1:
         77:08:84:a8:50:2f:6f:a6:eb:c6:df:cd:fd:eb:e6:a0:ae:e3:
         1e:ae:fd:03
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY8qczClVVe0Rx3KXwxFCQ/KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzMzY3ZGJhM2EyMjAwNjBlNjdkNGVjNjgwYjBmOTlmMjQ3
YTg3MmMwHhcNMjQwNDI5MTUyMjIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjRjNTdhYjczZmM3NTBhODUzNWIzNzhhOGExZThhYjNiYTJmZDgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvPAAJU08SkxeuxeeutArexh5Xin
cmkEnDiUCzdK0moJLjAB6o99aYqFuFF38ZER4xecDsGt26muyu3vN2iku/Ap/Tqg
m1XF3h/2X3HUmwTAf6RCIYSWGmmvBGeyKq9FkUSUDd9cUjFPNudtMTO8/HeqCXmW
y4ocZBz7g31w2dsZIFSwgWJubjZWc7JzbTiGYJkqGB9PEr0112GspaCIS22mahp4
G+3mlu9N0SxzSYx+93ZkJvClfr4dQwcdPTN+xzfgVb7lN7BEAosEpgfJACOMX3h4
y8gYSowf2YKIj980lsvKO2vVEEgRO5JLN4QTuxw25VWg9AzZ0YsuSaZl9wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMJMV6tz/HUKhTWzeKih6Ks7ov2AMB8GA1UdIwQY
MBaAFNM2fbo6IgBg5n1OxoCw+Z8keocsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHpaOXVqb2lBR0RtZlU3R2dMRDVueVI2aHl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy9hYzQxMGEtNDlhMC00ZTM4LWFlM2It
NWNhNWJmNjdlNjlkLzEvd2t4WHEzUDhkUXFGTmJONHFLSG9xenVpX1lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy9hYzQxMGEtNDlhMC00ZTM4LWFlM2ItNWNhNWJmNjdlNjlk
LzEvMHpaOXVqb2lBR0RtZlU3R2dMRDVueVI2aHl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFjJZgAwQA
sHQVMA0GCSqGSIb3DQEBCwUAA4IBAQCyB6ov8jyOCTJX1PhCcodrG98nNRsLA7qw
rC3fp8k+gnM7ETh3xrGsq0EFxR/+R9d/RtCkzC5WwFj9TX0JI2lCY2L1zY3tOlVd
Hyug++pIw/lP8JEVh5aT0QtwWSDbTL1MWpr+fVOIW5Y90sVOx/tYQ3jp6qJHBPI1
Qk6XpNVMrNvUGV9eXWfSEJSaahbaFX5UKzpYQoe9e5uhb0gCsiLlZIwsTafe6Vp/
PJ4l9Fr8IYlS95y7ZCZ/5KZNtIU2bST0xG3JQjtMC8UUjU8w3ZpOeiH9THaCtzy5
7uOxjrrDZJdd3II6h7WeAuF3CISoUC9vpuvG38396+agruMerv0D
-----END CERTIFICATE-----