Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/118e24-742b-4392-8dfa-071518e0573e/1/WkgBNtXlo1htamIU-2ca0A4EaOU.roa
File:                     WkgBNtXlo1htamIU-2ca0A4EaOU.roa (raw, json)
Hash identifier:          2iQ9cP87fbJxF+KDANdGX3PIR7LhqaqFWq4Zu1aWtV0=
Subject key identifier:   5A:48:01:36:D5:E5:A3:58:6D:6A:62:14:FB:67:1A:D0:0E:04:68:E5
Certificate issuer:       /CN=69f7352d07135623e33f5a7e62925d4bab722fc6
Certificate serial:       018CC56EF909F73C1DAEB74BC23CB26450B6
Authority key identifier: 69:F7:35:2D:07:13:56:23:E3:3F:5A:7E:62:92:5D:4B:AB:72:2F:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/afc1LQcTViPjP1p-YpJdS6tyL8Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/118e24-742b-4392-8dfa-071518e0573e/1/WkgBNtXlo1htamIU-2ca0A4EaOU.roa
Signing time:             Mon 01 Jan 2024 14:30:33 +0000
ROA not before:           Mon 01 Jan 2024 14:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210094
IP address blocks:        178.251.20.0/22 maxlen: 22
                          2a0d:5d40::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/118e24-742b-4392-8dfa-071518e0573e/1/afc1LQcTViPjP1p-YpJdS6tyL8Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/118e24-742b-4392-8dfa-071518e0573e/1/afc1LQcTViPjP1p-YpJdS6tyL8Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/afc1LQcTViPjP1p-YpJdS6tyL8Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 14:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:f9:09:f7:3c:1d:ae:b7:4b:c2:3c:b2:64:50:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69f7352d07135623e33f5a7e62925d4bab722fc6
        Validity
            Not Before: Jan  1 14:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a480136d5e5a3586d6a6214fb671ad00e0468e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:97:bb:2f:0a:7a:81:51:f6:ee:a4:e5:3f:0f:
                    07:35:cc:4b:0d:74:c9:1f:7c:fc:28:6b:6b:83:91:
                    7e:02:11:e5:25:5c:97:0b:57:2e:98:10:50:ad:d5:
                    85:03:1b:77:ac:e3:e8:2b:e6:99:fb:06:39:df:01:
                    69:85:05:8e:50:24:8b:ac:2b:cf:6a:0a:76:59:63:
                    15:84:e0:01:47:4d:95:f7:1a:e3:6d:9a:0d:6e:79:
                    b5:1f:04:c0:b0:c1:06:6e:83:8b:bf:35:d3:55:44:
                    90:6d:53:95:b2:d1:38:b1:d5:76:4d:36:c4:05:3b:
                    c3:42:45:be:f1:93:c6:cb:e5:7a:2d:ae:ed:40:70:
                    d1:2f:14:2b:5d:f7:3c:a3:59:0b:1b:e5:03:09:a2:
                    1c:64:a7:dd:b7:4b:d0:45:ed:aa:20:62:4b:8c:cc:
                    35:ff:c7:50:8a:ae:9f:2b:23:18:8a:07:33:13:65:
                    b3:9f:58:1f:bd:fc:17:9c:a5:a9:a6:eb:e9:f5:15:
                    90:da:40:af:db:05:cf:f4:f7:bc:78:18:15:0b:f7:
                    45:61:bd:b4:bd:f2:cc:40:1d:29:6e:43:03:7f:12:
                    5f:01:90:d0:67:63:0b:9b:23:59:09:fd:7c:b4:2b:
                    86:ee:89:16:30:2d:2e:62:a0:42:de:26:4d:65:1c:
                    25:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:48:01:36:D5:E5:A3:58:6D:6A:62:14:FB:67:1A:D0:0E:04:68:E5
            X509v3 Authority Key Identifier:
                keyid:69:F7:35:2D:07:13:56:23:E3:3F:5A:7E:62:92:5D:4B:AB:72:2F:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/afc1LQcTViPjP1p-YpJdS6tyL8Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/118e24-742b-4392-8dfa-071518e0573e/1/WkgBNtXlo1htamIU-2ca0A4EaOU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/118e24-742b-4392-8dfa-071518e0573e/1/afc1LQcTViPjP1p-YpJdS6tyL8Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.251.20.0/22
                IPv6:
                  2a0d:5d40::/32

    Signature Algorithm: sha256WithRSAEncryption
         24:79:27:f7:45:68:97:c8:f3:7f:87:fb:24:0b:22:7c:9e:d3:
         e0:7b:36:0b:c6:12:08:3f:35:8b:d5:63:10:83:77:94:6f:a0:
         14:ba:d7:86:77:a7:32:fd:70:c0:94:4a:c3:8d:1c:d7:27:b2:
         b8:c6:d0:d0:df:55:79:d1:19:96:38:51:30:ed:86:26:9e:82:
         72:eb:64:da:60:51:44:3f:e5:df:bc:bc:06:ea:9d:d2:6d:0b:
         b4:a7:da:9f:17:36:9f:1b:03:d1:ba:c5:94:7c:ca:4d:b9:f2:
         a3:41:c5:31:15:88:27:3e:b1:17:57:82:e5:1b:02:7d:79:9e:
         e8:0d:33:0e:6c:90:09:53:cb:34:e6:df:19:ff:26:87:21:f7:
         40:1b:d9:bd:44:40:ab:32:0e:f8:c2:5d:78:7d:78:24:7e:7c:
         bc:73:a5:e7:b2:2f:56:e3:27:c0:32:0e:be:78:e1:d3:fe:b4:
         0a:67:ec:46:e7:fe:4c:66:4f:76:76:c7:9f:a1:55:78:ec:93:
         4e:d1:3a:89:da:c2:9a:51:7f:00:ba:9e:52:04:23:9d:57:ef:
         48:ef:ff:94:be:ab:6b:6f:6b:26:ce:8e:7d:f3:b7:77:75:75:
         8b:bf:7f:63:75:ee:7c:69:5f:7b:47:12:3a:68:c9:3b:71:aa:
         2d:3e:38:c0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbvkJ9zwdrrdLwjyyZFC2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ZjczNTJkMDcxMzU2MjNlMzNmNWE3ZTYyOTI1ZDRiYWI3
MjJmYzYwHhcNMjQwMTAxMTQzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTQ4MDEzNmQ1ZTVhMzU4NmQ2YTYyMTRmYjY3MWFkMDBlMDQ2OGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhZe7Lwp6gVH27qTlPw8HNcxLDXTJ
H3z8KGtrg5F+AhHlJVyXC1cumBBQrdWFAxt3rOPoK+aZ+wY53wFphQWOUCSLrCvP
agp2WWMVhOABR02V9xrjbZoNbnm1HwTAsMEGboOLvzXTVUSQbVOVstE4sdV2TTbE
BTvDQkW+8ZPGy+V6La7tQHDRLxQrXfc8o1kLG+UDCaIcZKfdt0vQRe2qIGJLjMw1
/8dQiq6fKyMYigczE2Wzn1gfvfwXnKWppuvp9RWQ2kCv2wXP9Pe8eBgVC/dFYb20
vfLMQB0pbkMDfxJfAZDQZ2MLmyNZCf18tCuG7okWMC0uYqBC3iZNZRwlrQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFpIATbV5aNYbWpiFPtnGtAOBGjlMB8GA1UdIwQY
MBaAFGn3NS0HE1Yj4z9afmKSXUurci/GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWZjMUxRY1RWaVBqUDFwLVlwSmRTNnR5TDhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8xMThlMjQtNzQyYi00MzkyLThkZmEt
MDcxNTE4ZTA1NzNlLzEvV2tnQk50WGxvMWh0YW1JVS0yY2EwQTRFYU9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8xMThlMjQtNzQyYi00MzkyLThkZmEtMDcxNTE4ZTA1NzNl
LzEvYWZjMUxRY1RWaVBqUDFwLVlwSmRTNnR5TDhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCsvsUMA0E
AgACMAcDBQAqDV1AMA0GCSqGSIb3DQEBCwUAA4IBAQAkeSf3RWiXyPN/h/skCyJ8
ntPgezYLxhIIPzWL1WMQg3eUb6AUuteGd6cy/XDAlErDjRzXJ7K4xtDQ31V50RmW
OFEw7YYmnoJy62TaYFFEP+XfvLwG6p3SbQu0p9qfFzafGwPRusWUfMpNufKjQcUx
FYgnPrEXV4LlGwJ9eZ7oDTMObJAJU8s05t8Z/yaHIfdAG9m9RECrMg74wl14fXgk
fny8c6Xnsi9W4yfAMg6+eOHT/rQKZ+xG5/5MZk92dsefoVV47JNO0TqJ2sKaUX8A
up5SBCOdV+9I7/+Uvqtrb2smzo5987d3dXWLv39jde58aV97RxI6aMk7caotPjjA
-----END CERTIFICATE-----