Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/0b7ee0-130c-4fab-bf9d-8ba36c16c08d/1/wfiBXvp0psiDXmZIUYF-LmCbN-U.roa
File:                     wfiBXvp0psiDXmZIUYF-LmCbN-U.roa (raw, json)
Hash identifier:          hTXhUqVSmE2iU5Qqawr8uuzYR/K4Ypidz476nXsKYMo=
Subject key identifier:   C1:F8:81:5E:FA:74:A6:C8:83:5E:66:48:51:81:7E:2E:60:9B:37:E5
Certificate issuer:       /CN=6585e9dd5ac9bf6e60005bc3cce55a954c3198cf
Certificate serial:       018CC3B7412BF51E16F7696935E6845EC929
Authority key identifier: 65:85:E9:DD:5A:C9:BF:6E:60:00:5B:C3:CC:E5:5A:95:4C:31:98:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZYXp3VrJv25gAFvDzOValUwxmM8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/0b7ee0-130c-4fab-bf9d-8ba36c16c08d/1/wfiBXvp0psiDXmZIUYF-LmCbN-U.roa
Signing time:             Mon 01 Jan 2024 06:30:16 +0000
ROA not before:           Mon 01 Jan 2024 06:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60272
IP address blocks:        91.246.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/0b7ee0-130c-4fab-bf9d-8ba36c16c08d/1/ZYXp3VrJv25gAFvDzOValUwxmM8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/0b7ee0-130c-4fab-bf9d-8ba36c16c08d/1/ZYXp3VrJv25gAFvDzOValUwxmM8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZYXp3VrJv25gAFvDzOValUwxmM8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:41:2b:f5:1e:16:f7:69:69:35:e6:84:5e:c9:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6585e9dd5ac9bf6e60005bc3cce55a954c3198cf
        Validity
            Not Before: Jan  1 06:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1f8815efa74a6c8835e664851817e2e609b37e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:78:e1:e6:03:9f:52:46:af:4f:fe:e6:1b:3f:
                    c7:76:89:24:a9:36:57:d5:a3:db:48:1d:bf:21:0f:
                    07:28:c9:e9:a6:45:04:bc:53:a6:2c:29:58:1b:1e:
                    2b:eb:f0:0f:33:e9:eb:7c:e0:c3:c3:86:cc:7d:a3:
                    3c:f2:1b:04:3e:3d:f4:23:b0:0d:f3:5d:c1:63:04:
                    fb:29:7e:00:3f:45:63:8e:63:fb:6b:c1:ec:db:07:
                    34:3e:e7:c2:f7:64:61:eb:e4:69:65:fb:27:fc:30:
                    5f:89:a1:ce:8a:8d:94:bb:ac:6e:16:8d:b0:8c:6e:
                    f3:cb:19:dd:fa:ab:79:c9:19:53:03:fa:09:bd:2c:
                    86:53:45:45:92:fb:1b:b3:05:50:d6:52:79:c9:cf:
                    dc:ba:46:bc:3c:d7:6a:65:c4:99:b2:24:24:f6:77:
                    98:f2:9b:42:9e:a2:81:c3:76:4a:9b:03:b2:86:84:
                    74:44:02:ca:ff:4b:18:92:c6:17:22:2c:5c:ab:f2:
                    2f:07:49:13:4b:85:77:e3:6f:29:38:4a:58:e6:6d:
                    e5:fe:1b:46:6c:73:b4:c9:07:0f:8f:a2:e9:cb:e7:
                    b6:a8:95:76:8a:54:e2:71:c0:f4:b2:ff:b5:b5:5d:
                    39:29:aa:83:4f:1a:36:77:41:39:ab:77:48:05:9e:
                    3e:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:F8:81:5E:FA:74:A6:C8:83:5E:66:48:51:81:7E:2E:60:9B:37:E5
            X509v3 Authority Key Identifier:
                keyid:65:85:E9:DD:5A:C9:BF:6E:60:00:5B:C3:CC:E5:5A:95:4C:31:98:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZYXp3VrJv25gAFvDzOValUwxmM8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/0b7ee0-130c-4fab-bf9d-8ba36c16c08d/1/wfiBXvp0psiDXmZIUYF-LmCbN-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/0b7ee0-130c-4fab-bf9d-8ba36c16c08d/1/ZYXp3VrJv25gAFvDzOValUwxmM8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.246.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:83:28:9d:51:6d:e8:59:67:f2:cf:94:85:be:48:da:0b:3f:
         44:2b:cf:f0:94:b5:94:ef:10:a5:84:03:38:21:99:1e:15:7b:
         95:2e:a9:a2:7f:b4:f7:6b:a9:8a:4f:12:49:8e:c2:c8:50:3b:
         64:90:0f:31:1e:68:37:02:05:c6:4f:63:b0:67:59:de:db:1a:
         70:ce:7b:44:ac:b7:e3:f5:a4:f5:d3:55:d0:5b:64:96:78:a2:
         cb:ce:49:df:d9:4e:d4:96:9d:5b:9d:55:eb:0b:98:de:bb:2a:
         d2:29:f3:26:38:57:29:10:e4:84:a2:2e:ea:19:83:38:ec:fb:
         e2:06:78:d3:76:04:c4:de:26:7b:6b:5c:09:32:ce:b3:7a:01:
         bc:8a:ac:76:26:03:2b:ee:e5:73:c3:c7:5b:f5:0d:d7:fc:a2:
         1f:55:8a:51:8e:e9:58:65:47:ee:19:a4:4c:c3:90:ec:b1:93:
         76:d0:42:ad:21:42:47:4b:bd:71:6e:dc:2b:b6:aa:d6:0e:c7:
         cd:4f:ed:50:f7:09:5a:9f:0b:b7:1c:58:0c:86:1a:e7:88:e9:
         c3:57:73:22:b4:40:fe:09:f2:8f:8e:0e:36:3e:77:80:79:0f:
         f8:6d:93:03:47:ea:ce:43:4c:1d:4e:09:26:38:bd:c0:11:11:
         66:cc:ce:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDt0Er9R4W92lpNeaEXskpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1ODVlOWRkNWFjOWJmNmU2MDAwNWJjM2NjZTU1YTk1NGMz
MTk4Y2YwHhcNMjQwMTAxMDYzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWY4ODE1ZWZhNzRhNmM4ODM1ZTY2NDg1MTgxN2UyZTYwOWIzN2U1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnnjh5gOfUkavT/7mGz/HdokkqTZX
1aPbSB2/IQ8HKMnppkUEvFOmLClYGx4r6/APM+nrfODDw4bMfaM88hsEPj30I7AN
813BYwT7KX4AP0VjjmP7a8Hs2wc0PufC92Rh6+RpZfsn/DBfiaHOio2Uu6xuFo2w
jG7zyxnd+qt5yRlTA/oJvSyGU0VFkvsbswVQ1lJ5yc/cuka8PNdqZcSZsiQk9neY
8ptCnqKBw3ZKmwOyhoR0RALK/0sYksYXIixcq/IvB0kTS4V3428pOEpY5m3l/htG
bHO0yQcPj6Lpy+e2qJV2ilTiccD0sv+1tV05KaqDTxo2d0E5q3dIBZ4+DwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMH4gV76dKbIg15mSFGBfi5gmzflMB8GA1UdIwQY
MBaAFGWF6d1ayb9uYABbw8zlWpVMMZjPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWllYcDNWckp2MjVnQUZ2RHpPVmFsVXd4bU04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC8wYjdlZTAtMTMwYy00ZmFiLWJmOWQt
OGJhMzZjMTZjMDhkLzEvd2ZpQlh2cDBwc2lEWG1aSVVZRi1MbUNiTi1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC8wYjdlZTAtMTMwYy00ZmFiLWJmOWQtOGJhMzZjMTZjMDhk
LzEvWllYcDNWckp2MjVnQUZ2RHpPVmFsVXd4bU04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/bKMA0G
CSqGSIb3DQEBCwUAA4IBAQB3gyidUW3oWWfyz5SFvkjaCz9EK8/wlLWU7xClhAM4
IZkeFXuVLqmif7T3a6mKTxJJjsLIUDtkkA8xHmg3AgXGT2OwZ1ne2xpwzntErLfj
9aT101XQW2SWeKLLzknf2U7Ulp1bnVXrC5jeuyrSKfMmOFcpEOSEoi7qGYM47Pvi
BnjTdgTE3iZ7a1wJMs6zegG8iqx2JgMr7uVzw8db9Q3X/KIfVYpRjulYZUfuGaRM
w5DssZN20EKtIUJHS71xbtwrtqrWDsfNT+1Q9wlanwu3HFgMhhrniOnDV3MitED+
CfKPjg42PneAeQ/4bZMDR+rOQ0wdTgkmOL3AERFmzM72
-----END CERTIFICATE-----