Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/wuzk9CCXKc0u75gMM12ZdD640DE.roa
File:                     wuzk9CCXKc0u75gMM12ZdD640DE.roa (raw, json)
Hash identifier:          MHDW4wJe5Lqvtv2PuBsd2YQdYDNcCcOJ8tbNJW5TgBw=
Subject key identifier:   C2:EC:E4:F4:20:97:29:CD:2E:EF:98:0C:33:5D:99:74:3E:B8:D0:31
Certificate issuer:       /CN=17067977efd14bc89fb0daba03bb0f600fbb0184
Certificate serial:       0197A1F9EDBF8A9B04EDE3D3BDE19C0784E9
Authority key identifier: 17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/wuzk9CCXKc0u75gMM12ZdD640DE.roa
Signing time:             Tue 24 Jun 2025 12:46:40 +0000
ROA not before:           Tue 24 Jun 2025 12:46:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61003
IP address blocks:        86.110.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 00:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a1:f9:ed:bf:8a:9b:04:ed:e3:d3:bd:e1:9c:07:84:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17067977efd14bc89fb0daba03bb0f600fbb0184
        Validity
            Not Before: Jun 24 12:46:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c2ece4f4209729cd2eef980c335d99743eb8d031
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:42:74:46:26:cc:29:83:f4:cb:63:38:e3:db:
                    6b:e1:76:20:a5:f9:3e:3e:8d:99:2e:1e:28:d0:d4:
                    60:6d:e8:a0:db:ac:62:20:24:16:0c:54:c8:20:35:
                    ef:86:45:f0:85:04:84:ae:b3:10:43:59:69:64:8f:
                    ab:fa:71:30:ac:f9:7d:fc:3d:dc:d2:80:7c:58:28:
                    b5:86:4e:be:1b:85:60:ec:8e:cc:de:5c:a6:e6:98:
                    8e:f7:b1:0b:cb:93:af:92:d0:de:82:87:29:06:6b:
                    5d:7a:a8:4c:14:f3:84:ee:31:a0:8e:24:f6:df:a7:
                    9c:de:0e:b5:38:53:2c:d8:73:2e:64:23:7f:aa:46:
                    e3:63:d7:4e:2b:24:3d:91:07:49:ec:35:c6:02:ca:
                    ad:dc:49:f7:41:e0:de:e6:f3:7c:bb:c5:eb:19:4d:
                    b8:15:c6:4a:49:f8:45:a2:55:10:fa:da:77:98:40:
                    03:58:89:fe:9f:20:82:e7:77:f3:f1:51:1a:a9:04:
                    6a:9d:a8:b3:0a:27:1c:42:77:29:e3:96:fa:ba:cc:
                    86:fd:f4:5a:97:65:14:b9:88:35:90:3a:21:be:c6:
                    c1:fa:14:57:9d:11:44:62:60:fb:9d:6d:6b:8f:a4:
                    61:7c:d4:c3:89:42:e4:92:f1:de:40:75:0f:65:13:
                    14:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:EC:E4:F4:20:97:29:CD:2E:EF:98:0C:33:5D:99:74:3E:B8:D0:31
            X509v3 Authority Key Identifier:
                keyid:17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/wuzk9CCXKc0u75gMM12ZdD640DE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.110.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:29:af:41:f0:3c:b9:61:d0:b0:74:ba:f4:1a:a4:0d:b5:38:
         f0:ca:e2:ae:50:5d:9a:e9:74:0a:d0:f0:a4:c5:ea:7c:9f:29:
         7f:b2:60:da:cb:4b:25:56:d9:c4:84:7f:60:9f:07:c3:82:48:
         6b:6a:0b:0d:3f:88:cf:fa:e8:46:4b:08:77:cf:fd:38:4a:06:
         1a:a2:f1:07:1a:18:5f:b5:17:4b:fa:4d:7b:33:3c:c4:4b:8d:
         66:98:89:06:36:ff:97:5b:ed:b3:2f:c1:a0:82:36:fa:75:f5:
         c9:96:32:e0:1a:f9:84:76:b7:65:61:51:5a:5e:e7:f1:45:0a:
         b6:f0:c6:4c:df:db:c9:97:2c:b1:6f:7c:49:ff:b2:dc:ab:55:
         72:6b:1a:4b:82:b3:c4:58:0c:bb:90:de:48:4e:11:2a:46:85:
         d5:ed:98:a3:c6:9b:c7:40:bb:da:e0:1d:3a:bb:e5:37:f5:8a:
         87:9b:4b:c9:70:75:83:31:03:bc:4a:14:b6:25:e2:b6:2a:2b:
         41:d6:01:67:7d:b7:93:92:cf:20:88:70:65:ff:70:ff:71:31:
         e0:27:ca:13:6f:24:94:cc:83:97:e2:68:f6:ff:0c:95:20:54:
         5f:e9:3a:f5:45:c7:16:37:23:c6:45:45:2b:ed:e0:3e:ee:79:
         05:ae:60:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeh+e2/ipsE7ePTveGcB4TpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MDY3OTc3ZWZkMTRiYzg5ZmIwZGFiYTAzYmIwZjYwMGZi
YjAxODQwHhcNMjUwNjI0MTI0NjQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmVjZTRmNDIwOTcyOWNkMmVlZjk4MGMzMzVkOTk3NDNlYjhkMDMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUJ0RibMKYP0y2M449tr4XYgpfk+
Po2ZLh4o0NRgbeig26xiICQWDFTIIDXvhkXwhQSErrMQQ1lpZI+r+nEwrPl9/D3c
0oB8WCi1hk6+G4Vg7I7M3lym5piO97ELy5OvktDegocpBmtdeqhMFPOE7jGgjiT2
36ec3g61OFMs2HMuZCN/qkbjY9dOKyQ9kQdJ7DXGAsqt3En3QeDe5vN8u8XrGU24
FcZKSfhFolUQ+tp3mEADWIn+nyCC53fz8VEaqQRqnaizCiccQncp45b6usyG/fRa
l2UUuYg1kDohvsbB+hRXnRFEYmD7nW1rj6RhfNTDiULkkvHeQHUPZRMUJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMLs5PQglynNLu+YDDNdmXQ+uNAxMB8GA1UdIwQY
MBaAFBcGeXfv0UvIn7DaugO7D2APuwGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUt
ZDFhNzc3MmRiMDc2LzEvd3V6azlDQ1hLYzB1NzVnTU0xMlpkRDY0MERFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUtZDFhNzc3MmRiMDc2
LzEvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVm4iMA0G
CSqGSIb3DQEBCwUAA4IBAQChKa9B8Dy5YdCwdLr0GqQNtTjwyuKuUF2a6XQK0PCk
xep8nyl/smDay0slVtnEhH9gnwfDgkhragsNP4jP+uhGSwh3z/04SgYaovEHGhhf
tRdL+k17MzzES41mmIkGNv+XW+2zL8Gggjb6dfXJljLgGvmEdrdlYVFaXufxRQq2
8MZM39vJlyyxb3xJ/7Lcq1VyaxpLgrPEWAy7kN5IThEqRoXV7ZijxpvHQLva4B06
u+U39YqHm0vJcHWDMQO8ShS2JeK2KitB1gFnfbeTks8giHBl/3D/cTHgJ8oTbySU
zIOX4mj2/wyVIFRf6Tr1RccWNyPGRUUr7eA+7nkFrmAR
-----END CERTIFICATE-----