Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/wiv9ohIfO88AdDjHXiP2id1UPWA.roa
File:                     wiv9ohIfO88AdDjHXiP2id1UPWA.roa (raw, json)
Hash identifier:          b7MEyRIl3D8G2gcd1nEeLfNMlpms9v7oYChebhQJqik=
Subject key identifier:   C2:2B:FD:A2:12:1F:3B:CF:00:74:38:C7:5E:23:F6:89:DD:54:3D:60
Certificate issuer:       /CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
Certificate serial:       018CC8DEDFF9D552E35A901F36EA4E1C3E23
Authority key identifier: CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/wiv9ohIfO88AdDjHXiP2id1UPWA.roa
Signing time:             Tue 02 Jan 2024 06:31:38 +0000
ROA not before:           Tue 02 Jan 2024 06:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206448
IP address blocks:        192.109.243.0/24 maxlen: 24
                          192.109.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:df:f9:d5:52:e3:5a:90:1f:36:ea:4e:1c:3e:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
        Validity
            Not Before: Jan  2 06:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c22bfda2121f3bcf007438c75e23f689dd543d60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fd:0d:d5:a1:a2:fd:a8:b3:76:dc:3a:61:a2:bd:
                    94:be:8d:99:8d:93:e0:75:ef:65:0e:ea:3e:13:71:
                    65:ee:96:61:bc:55:ec:c8:fb:ef:8d:c3:9c:b7:48:
                    4b:2a:5c:6e:db:67:58:af:67:f8:79:a0:a6:5e:80:
                    b5:71:27:86:36:07:fa:0a:81:bb:f9:33:86:30:06:
                    65:1c:6b:ff:d6:ac:ce:2d:a9:f1:70:f8:e7:9b:4b:
                    be:4b:06:6a:4b:1a:73:0e:e0:f0:ec:60:ad:8d:78:
                    a3:ea:09:26:02:9a:8d:a2:12:f1:ea:9c:ad:6e:9b:
                    4f:87:38:48:70:9d:f8:13:ed:85:7c:5b:66:ee:57:
                    6c:52:c7:99:50:1e:3b:48:69:f1:79:ce:1a:e3:d5:
                    91:8c:77:1a:c9:0e:07:e4:55:4c:3d:a4:b4:05:16:
                    fd:6d:14:d8:ce:96:ff:66:55:3f:b7:35:c8:af:07:
                    fa:f0:3d:f5:a3:9c:c0:3c:65:db:f3:45:f4:33:ef:
                    b5:dd:9d:6c:e8:50:d7:74:2e:47:39:21:96:1a:cf:
                    d9:2d:b4:b5:4e:8b:fb:83:c7:5e:e4:1b:76:2a:72:
                    c6:79:5c:1a:69:2a:93:bb:53:35:f4:e4:f0:df:66:
                    86:41:da:09:4b:0c:26:d3:88:a7:8a:3b:d1:3d:8e:
                    2d:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:2B:FD:A2:12:1F:3B:CF:00:74:38:C7:5E:23:F6:89:DD:54:3D:60
            X509v3 Authority Key Identifier:
                keyid:CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/wiv9ohIfO88AdDjHXiP2id1UPWA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.243.0/24
                  192.109.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:a0:ca:b7:09:82:32:cf:71:a4:b0:12:90:e1:ff:da:03:be:
         a1:6e:35:00:14:84:12:4f:4f:2b:57:1d:f4:55:f1:42:53:00:
         85:50:bf:f2:ae:b0:b1:cf:9b:59:4c:bd:2d:92:71:35:80:07:
         9f:ba:5b:83:28:6e:35:5e:ef:88:53:ff:97:73:ba:03:fb:00:
         3c:9d:29:78:e3:b5:53:16:5b:7f:6b:01:f3:f8:13:04:4c:54:
         36:d9:f0:38:c1:ce:f4:38:8a:95:26:c7:ba:07:5c:1a:2b:85:
         e1:b3:c1:17:e4:30:72:af:92:e6:9b:2a:52:e4:1d:24:ac:54:
         47:c4:d6:6b:13:10:db:ee:ee:49:b0:b5:4d:b5:38:ba:16:70:
         9f:38:5b:2c:d4:2d:6b:14:3a:6f:7d:64:0e:6d:d0:80:5d:d9:
         9c:01:fa:34:9b:05:1b:27:03:b0:09:a5:ce:eb:58:c5:07:ea:
         bb:32:e5:56:3e:b6:4d:71:ef:b8:7d:47:4a:29:46:5a:6e:36:
         35:d3:cd:06:a0:35:f2:e2:5f:fe:2b:3e:23:1d:8b:ba:41:8a:
         b5:ad:19:71:a1:30:72:92:b7:38:d9:ce:5d:98:5d:42:33:25:
         89:09:32:a4:84:c6:2a:a4:b0:a5:20:7c:f5:a8:4e:e5:22:e1:
         34:ad:c1:53
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3t/51VLjWpAfNupOHD4jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMWRmNjY2N2RhMzhlNTdhMjViMTk0NWZhNDBlNTkzZTVh
ZGZhMDAwHhcNMjQwMTAyMDYzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjJiZmRhMjEyMWYzYmNmMDA3NDM4Yzc1ZTIzZjY4OWRkNTQzZDYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/Q3VoaL9qLN23Dphor2Uvo2ZjZPg
de9lDuo+E3Fl7pZhvFXsyPvvjcOct0hLKlxu22dYr2f4eaCmXoC1cSeGNgf6CoG7
+TOGMAZlHGv/1qzOLanxcPjnm0u+SwZqSxpzDuDw7GCtjXij6gkmApqNohLx6pyt
bptPhzhIcJ34E+2FfFtm7ldsUseZUB47SGnxec4a49WRjHcayQ4H5FVMPaS0BRb9
bRTYzpb/ZlU/tzXIrwf68D31o5zAPGXb80X0M++13Z1s6FDXdC5HOSGWGs/ZLbS1
Tov7g8de5Bt2KnLGeVwaaSqTu1M19OTw32aGQdoJSwwm04inijvRPY4t0QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMIr/aISHzvPAHQ4x14j9ondVD1gMB8GA1UdIwQY
MBaAFM8d9mZ9o45XolsZRfpA5ZPlrfoAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEt
OGRmMzYzMzdlNmJjLzEvd2l2OW9oSWZPODhBZERqSFhpUDJpZDFVUFdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEtOGRmMzYzMzdlNmJj
LzEvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwG3zAwQA
wG36MA0GCSqGSIb3DQEBCwUAA4IBAQCIoMq3CYIyz3GksBKQ4f/aA76hbjUAFIQS
T08rVx30VfFCUwCFUL/yrrCxz5tZTL0tknE1gAefuluDKG41Xu+IU/+Xc7oD+wA8
nSl447VTFlt/awHz+BMETFQ22fA4wc70OIqVJse6B1waK4Xhs8EX5DByr5LmmypS
5B0krFRHxNZrExDb7u5JsLVNtTi6FnCfOFss1C1rFDpvfWQObdCAXdmcAfo0mwUb
JwOwCaXO61jFB+q7MuVWPrZNce+4fUdKKUZabjY1080GoDXy4l/+Kz4jHYu6QYq1
rRlxoTBykrc42c5dmF1CMyWJCTKkhMYqpLClIHz1qE7lIuE0rcFT
-----END CERTIFICATE-----