Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/785090-f864-4dbe-9a4b-80faeca9c2ee/1/wxWEwIgWl0iTGnd-nWZz7CHYu0M.roa
File:                     wxWEwIgWl0iTGnd-nWZz7CHYu0M.roa (raw, json)
Hash identifier:          utu5oosmhAYBXFJCyDXG3NIkit1kS1LA5ntTAHD+k38=
Subject key identifier:   C3:15:84:C0:88:16:97:48:93:1A:77:7E:9D:66:73:EC:21:D8:BB:43
Certificate issuer:       /CN=ce9d0647dc17141d842b32f5115d99aa9c9f33dd
Certificate serial:       018CC9BC3E1FD15F4A6A4800D63788C8F007
Authority key identifier: CE:9D:06:47:DC:17:14:1D:84:2B:32:F5:11:5D:99:AA:9C:9F:33:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zp0GR9wXFB2EKzL1EV2ZqpyfM90.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/785090-f864-4dbe-9a4b-80faeca9c2ee/1/wxWEwIgWl0iTGnd-nWZz7CHYu0M.roa
Signing time:             Tue 02 Jan 2024 10:33:26 +0000
ROA not before:           Tue 02 Jan 2024 10:33:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57866
IP address blocks:        46.226.126.0/24 maxlen: 24
                          2a11:7b80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/785090-f864-4dbe-9a4b-80faeca9c2ee/1/zp0GR9wXFB2EKzL1EV2ZqpyfM90.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/785090-f864-4dbe-9a4b-80faeca9c2ee/1/zp0GR9wXFB2EKzL1EV2ZqpyfM90.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zp0GR9wXFB2EKzL1EV2ZqpyfM90.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:3e:1f:d1:5f:4a:6a:48:00:d6:37:88:c8:f0:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce9d0647dc17141d842b32f5115d99aa9c9f33dd
        Validity
            Not Before: Jan  2 10:33:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c31584c088169748931a777e9d6673ec21d8bb43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ea:21:f3:c6:63:bd:ef:05:e9:2f:e1:0d:06:
                    9b:40:fc:63:61:04:f7:f2:71:83:54:73:84:dc:eb:
                    04:8a:3e:c9:f3:c4:74:16:91:e8:96:c4:aa:5a:1e:
                    d9:0b:3a:0b:4c:04:96:d3:58:00:f5:db:2b:10:e3:
                    71:f3:84:64:3f:1f:54:a1:37:55:7c:03:5e:08:cf:
                    1d:66:1d:eb:dd:8c:5d:25:49:3b:17:0a:84:4b:8a:
                    a7:9c:a5:50:84:69:1c:12:18:83:fe:85:12:d6:cd:
                    8e:16:74:d0:91:42:7f:77:07:0f:07:c8:de:b0:2b:
                    8e:07:83:bc:17:88:20:4d:ff:6b:c2:7a:fb:33:ed:
                    40:0d:50:45:40:82:72:8b:f3:f7:25:87:b9:75:68:
                    c3:b3:f2:ed:5e:44:93:5f:7f:d4:a4:37:f1:b2:3f:
                    6d:33:d7:34:99:77:ea:06:c8:1f:78:4d:aa:d3:b5:
                    8e:3f:6a:ab:2d:45:6e:57:ac:78:5c:21:d0:ad:7d:
                    6b:3d:ec:f4:0a:1d:fd:02:24:93:78:a7:16:26:93:
                    0b:fc:3e:97:64:e0:40:12:41:56:da:3c:91:f7:f1:
                    53:8f:c1:79:a1:aa:ca:a2:b5:52:6f:26:ff:e9:6f:
                    1c:01:dd:42:e3:54:dc:ca:ed:ea:15:6e:96:6c:0e:
                    f7:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:15:84:C0:88:16:97:48:93:1A:77:7E:9D:66:73:EC:21:D8:BB:43
            X509v3 Authority Key Identifier:
                keyid:CE:9D:06:47:DC:17:14:1D:84:2B:32:F5:11:5D:99:AA:9C:9F:33:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zp0GR9wXFB2EKzL1EV2ZqpyfM90.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/785090-f864-4dbe-9a4b-80faeca9c2ee/1/wxWEwIgWl0iTGnd-nWZz7CHYu0M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/785090-f864-4dbe-9a4b-80faeca9c2ee/1/zp0GR9wXFB2EKzL1EV2ZqpyfM90.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.226.126.0/24
                IPv6:
                  2a11:7b80::/29

    Signature Algorithm: sha256WithRSAEncryption
         10:dc:f5:55:ce:9d:95:32:f6:f1:d6:cf:c8:b3:bb:c5:82:88:
         81:d5:58:1f:3b:63:ef:ed:90:c3:77:77:61:50:9e:b0:df:c8:
         1c:f9:26:0f:ab:5f:88:54:5f:63:7b:95:b3:da:e6:54:bc:6c:
         63:5d:7e:fc:a9:36:b5:f6:b7:87:7a:2d:3e:57:13:ff:d9:85:
         f9:5a:ea:07:2b:fa:9b:54:fa:06:bf:55:b6:39:71:0c:57:95:
         0f:0f:85:7a:8a:f9:00:a8:93:26:4c:07:9a:ff:9e:b2:3f:11:
         ac:43:8a:90:c9:15:41:89:54:04:8a:22:e0:bb:10:e8:07:9c:
         c9:50:d4:d9:37:77:ab:13:3f:7c:8a:7e:2d:71:8b:94:c5:d1:
         84:32:3c:e8:4d:d9:1a:60:cf:ff:2c:47:6a:77:36:36:b3:dc:
         3c:28:50:20:bc:69:7e:28:47:20:72:ff:9e:79:e3:f3:84:36:
         eb:4a:16:47:cb:31:74:68:14:26:b2:30:2a:47:b7:8b:c3:b4:
         a2:10:ee:40:a2:ef:79:d5:5f:ea:fe:3b:68:65:ac:36:3b:a5:
         fe:e8:c6:49:38:26:98:c5:40:86:07:c1:1f:71:bd:4a:b2:3e:
         33:18:12:53:46:62:ed:9e:e9:36:2d:81:ac:7d:c5:26:cf:23:
         7b:00:1a:26
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJvD4f0V9KakgA1jeIyPAHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlOWQwNjQ3ZGMxNzE0MWQ4NDJiMzJmNTExNWQ5OWFhOWM5
ZjMzZGQwHhcNMjQwMTAyMTAzMzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzE1ODRjMDg4MTY5NzQ4OTMxYTc3N2U5ZDY2NzNlYzIxZDhiYjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOoh88Zjve8F6S/hDQabQPxjYQT3
8nGDVHOE3OsEij7J88R0FpHolsSqWh7ZCzoLTASW01gA9dsrEONx84RkPx9UoTdV
fANeCM8dZh3r3YxdJUk7FwqES4qnnKVQhGkcEhiD/oUS1s2OFnTQkUJ/dwcPB8je
sCuOB4O8F4ggTf9rwnr7M+1ADVBFQIJyi/P3JYe5dWjDs/LtXkSTX3/UpDfxsj9t
M9c0mXfqBsgfeE2q07WOP2qrLUVuV6x4XCHQrX1rPez0Ch39AiSTeKcWJpML/D6X
ZOBAEkFW2jyR9/FTj8F5oarKorVSbyb/6W8cAd1C41Tcyu3qFW6WbA73KwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMMVhMCIFpdIkxp3fp1mc+wh2LtDMB8GA1UdIwQY
MBaAFM6dBkfcFxQdhCsy9RFdmaqcnzPdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenAwR1I5d1hGQjJFS3pMMUVWMlpxcHlmTTkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS83ODUwOTAtZjg2NC00ZGJlLTlhNGIt
ODBmYWVjYTljMmVlLzEvd3hXRXdJZ1dsMGlUR25kLW5XWno3Q0hZdTBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS83ODUwOTAtZjg2NC00ZGJlLTlhNGItODBmYWVjYTljMmVl
LzEvenAwR1I5d1hGQjJFS3pMMUVWMlpxcHlmTTkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALuJ+MA0E
AgACMAcDBQMqEXuAMA0GCSqGSIb3DQEBCwUAA4IBAQAQ3PVVzp2VMvbx1s/Is7vF
goiB1VgfO2Pv7ZDDd3dhUJ6w38gc+SYPq1+IVF9je5Wz2uZUvGxjXX78qTa19reH
ei0+VxP/2YX5WuoHK/qbVPoGv1W2OXEMV5UPD4V6ivkAqJMmTAea/56yPxGsQ4qQ
yRVBiVQEiiLguxDoB5zJUNTZN3erEz98in4tcYuUxdGEMjzoTdkaYM//LEdqdzY2
s9w8KFAgvGl+KEcgcv+eeePzhDbrShZHyzF0aBQmsjAqR7eLw7SiEO5Aou951V/q
/jtoZaw2O6X+6MZJOCaYxUCGB8Efcb1Ksj4zGBJTRmLtnuk2LYGsfcUmzyN7ABom
-----END CERTIFICATE-----