Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/WAd3f__LWy_9e-vpEBIMHXqxIqk.roa
File:                     WAd3f__LWy_9e-vpEBIMHXqxIqk.roa (raw, json)
Hash identifier:          m9Wl0OGsMn6YZfhsaVFnFfu8cTcRb9urL/UyGXT9jd0=
Subject key identifier:   58:07:77:7F:FF:CB:5B:2F:FD:7B:EB:E9:10:12:0C:1D:7A:B1:22:A9
Certificate issuer:       /CN=df3fdc4bf33bd80fe128d756843f60b39d5beee3
Certificate serial:       018E0A259D4FFB9D968393B86406683F5C63
Authority key identifier: DF:3F:DC:4B:F3:3B:D8:0F:E1:28:D7:56:84:3F:60:B3:9D:5B:EE:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/WAd3f__LWy_9e-vpEBIMHXqxIqk.roa
Signing time:             Mon 04 Mar 2024 15:47:01 +0000
ROA not before:           Mon 04 Mar 2024 15:47:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215384
IP address blocks:        193.9.47.0/24 maxlen: 24
                          2a14:640::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:0a:25:9d:4f:fb:9d:96:83:93:b8:64:06:68:3f:5c:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df3fdc4bf33bd80fe128d756843f60b39d5beee3
        Validity
            Not Before: Mar  4 15:47:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5807777fffcb5b2ffd7bebe910120c1d7ab122a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:8b:a5:8d:3f:95:7d:95:f2:47:6b:4f:d9:1a:
                    3e:d6:6d:fb:8e:67:60:84:7c:f9:b9:ce:ec:37:11:
                    aa:d5:49:07:20:bf:47:71:8f:2c:bd:de:9c:04:68:
                    2d:ad:5b:66:d1:58:d7:cf:0f:cd:3a:4d:30:16:96:
                    db:38:db:3c:4b:15:0c:67:07:18:88:03:d9:3d:1a:
                    74:ba:16:45:ff:27:d6:39:a3:89:ea:9d:d5:35:5d:
                    f8:ae:38:e2:c4:fa:2a:f6:12:39:9a:17:a7:9e:d3:
                    8e:66:23:08:83:23:cc:70:8b:39:bb:af:f2:67:ef:
                    52:77:72:64:1c:99:76:5d:ba:b7:a5:23:55:23:35:
                    44:bb:c6:2b:61:96:04:c6:8d:8b:ee:9c:cc:a9:77:
                    bc:86:c3:f5:84:d1:c9:c9:3b:fb:a1:a7:b7:3e:fa:
                    85:1b:a6:a1:cc:ce:99:b0:16:d6:5a:b0:c9:21:a0:
                    92:bf:52:fa:d4:52:23:d8:09:ac:92:c9:71:89:ed:
                    6f:f0:6c:67:22:b5:9c:b2:c2:70:87:ac:50:39:aa:
                    31:5c:18:e8:77:71:95:d9:17:95:55:1b:8f:4b:e5:
                    9e:3e:01:bc:9f:d9:70:61:dd:55:9e:9d:4e:4e:41:
                    3d:66:4e:f1:8c:db:f0:ae:21:e0:59:d4:b5:2e:41:
                    bc:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:07:77:7F:FF:CB:5B:2F:FD:7B:EB:E9:10:12:0C:1D:7A:B1:22:A9
            X509v3 Authority Key Identifier:
                keyid:DF:3F:DC:4B:F3:3B:D8:0F:E1:28:D7:56:84:3F:60:B3:9D:5B:EE:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/WAd3f__LWy_9e-vpEBIMHXqxIqk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.9.47.0/24
                IPv6:
                  2a14:640::/48

    Signature Algorithm: sha256WithRSAEncryption
         51:a7:a1:8c:e7:e3:4a:7a:a8:2c:ec:f2:f8:ab:e4:de:16:b9:
         94:65:58:8e:b2:45:e2:ef:e2:27:4f:5b:6e:76:9c:8e:3c:bc:
         3c:f6:b1:c9:52:c4:ed:87:42:f5:7d:1e:f8:fb:b1:bc:ea:18:
         6e:7e:b6:ff:59:88:db:c2:a2:37:5b:05:76:05:ff:f1:c4:a4:
         d1:59:86:ce:f2:15:d9:57:f4:fb:fe:37:73:28:ca:e5:12:32:
         ea:18:94:f2:dd:a8:a7:a9:a9:d3:c3:21:c3:b2:4b:43:0f:bf:
         fd:e4:61:3c:ce:96:54:ff:d4:e4:29:70:fb:ab:17:01:e2:6c:
         0d:8c:2e:8a:08:3f:98:c7:b6:71:4e:2c:fb:3a:90:0a:de:09:
         18:c1:c5:9e:0d:7b:dd:62:2a:c2:12:81:33:4a:70:94:dc:39:
         2d:e6:20:2d:15:05:4b:70:b0:26:9a:e6:27:3e:25:da:ae:f9:
         50:12:d2:35:27:fd:d0:57:4e:31:f4:76:46:4b:ef:61:f4:e9:
         54:b2:4f:e4:f3:98:d8:04:6f:b4:fe:57:f4:a1:16:c0:6a:18:
         f1:81:92:0b:07:97:a6:85:3d:83:d6:38:db:9e:c4:d1:ed:48:
         e3:1c:39:d7:bb:a8:af:9e:5f:f0:15:9f:43:62:55:c1:35:e6:
         67:72:4b:1d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY4KJZ1P+52Wg5O4ZAZoP1xjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmM2ZkYzRiZjMzYmQ4MGZlMTI4ZDc1Njg0M2Y2MGIzOWQ1
YmVlZTMwHhcNMjQwMzA0MTU0NzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODA3Nzc3ZmZmY2I1YjJmZmQ3YmViZTkxMDEyMGMxZDdhYjEyMmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1YuljT+VfZXyR2tP2Ro+1m37jmdg
hHz5uc7sNxGq1UkHIL9HcY8svd6cBGgtrVtm0VjXzw/NOk0wFpbbONs8SxUMZwcY
iAPZPRp0uhZF/yfWOaOJ6p3VNV34rjjixPoq9hI5mhenntOOZiMIgyPMcIs5u6/y
Z+9Sd3JkHJl2Xbq3pSNVIzVEu8YrYZYExo2L7pzMqXe8hsP1hNHJyTv7oae3PvqF
G6ahzM6ZsBbWWrDJIaCSv1L61FIj2Amskslxie1v8GxnIrWcssJwh6xQOaoxXBjo
d3GV2ReVVRuPS+WePgG8n9lwYd1Vnp1OTkE9Zk7xjNvwriHgWdS1LkG8/QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFgHd3//y1sv/Xvr6RASDB16sSKpMB8GA1UdIwQY
MBaAFN8/3EvzO9gP4SjXVoQ/YLOdW+7jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3pfY1NfTTcyQV9oS05kV2hEOWdzNTFiN3VNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi8zMjVjZDMtN2VkYi00MDI2LTg1ODMt
YTQ3M2VjNTQxMGMzLzEvV0FkM2ZfX0xXeV85ZS12cEVCSU1IWHF4SXFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi8zMjVjZDMtN2VkYi00MDI2LTg1ODMtYTQ3M2VjNTQxMGMz
LzEvM3pfY1NfTTcyQV9oS05kV2hEOWdzNTFiN3VNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwQkvMA8E
AgACMAkDBwAqFAZAAAAwDQYJKoZIhvcNAQELBQADggEBAFGnoYzn40p6qCzs8vir
5N4WuZRlWI6yReLv4idPW252nI48vDz2sclSxO2HQvV9Hvj7sbzqGG5+tv9ZiNvC
ojdbBXYF//HEpNFZhs7yFdlX9Pv+N3MoyuUSMuoYlPLdqKepqdPDIcOyS0MPv/3k
YTzOllT/1OQpcPurFwHibA2MLooIP5jHtnFOLPs6kAreCRjBxZ4Ne91iKsISgTNK
cJTcOS3mIC0VBUtwsCaa5ic+Jdqu+VAS0jUn/dBXTjH0dkZL72H06VSyT+TzmNgE
b7T+V/ShFsBqGPGBkgsHl6aFPYPWONuexNHtSOMcOde7qK+eX/AVn0NiVcE15mdy
Sx0=
-----END CERTIFICATE-----