Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/WtOWnsKOcKLzxIElvM0UpQswY54.roa
File:                     WtOWnsKOcKLzxIElvM0UpQswY54.roa (raw, json)
Hash identifier:          bafPfGCDA0Xw3ax94f1WUVDZj2uPip6/hDe6oGEr8Rk=
Subject key identifier:   5A:D3:96:9E:C2:8E:70:A2:F3:C4:81:25:BC:CD:14:A5:0B:30:63:9E
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       018CC79423C02E51F8EBE783C85DBB95E6A0
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/WtOWnsKOcKLzxIElvM0UpQswY54.roa
Signing time:             Tue 02 Jan 2024 00:30:23 +0000
ROA not before:           Tue 02 Jan 2024 00:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207713
IP address blocks:        188.130.196.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 09:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:23:c0:2e:51:f8:eb:e7:83:c8:5d:bb:95:e6:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  2 00:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ad3969ec28e70a2f3c48125bccd14a50b30639e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:82:a2:e0:b1:43:8b:11:f5:aa:ab:b6:c4:f3:
                    1b:4e:8a:65:b5:09:5d:a1:e1:0b:8c:d8:4d:27:34:
                    41:70:cf:0a:e9:fe:ec:b2:cd:f0:6d:28:87:02:1c:
                    a9:34:59:91:b9:a7:f2:f9:11:fb:ae:08:2a:a7:53:
                    66:bd:88:9e:4e:61:00:22:7a:ca:1d:50:13:1b:95:
                    c5:4a:ad:d2:47:88:af:67:f2:15:59:27:e6:53:89:
                    69:d2:f5:15:0b:8b:3f:49:7b:37:3a:8f:35:13:05:
                    b3:c9:f7:91:a7:68:92:c3:ad:9c:c0:f4:fb:67:e5:
                    2b:96:d8:c7:56:67:5a:95:04:94:9e:17:ff:ea:49:
                    b3:48:e1:2e:13:87:c8:5a:f7:a7:6e:e9:12:d1:1c:
                    93:2e:2a:fc:d5:81:97:bc:fe:6b:30:b5:5c:e4:db:
                    db:0d:03:7d:72:80:28:94:34:85:ae:2a:6d:c0:fa:
                    86:44:e3:86:9e:4e:c3:17:96:44:f2:31:14:88:1e:
                    c0:9e:96:d1:12:6e:4d:86:e6:5f:02:ef:cf:88:ed:
                    ec:6b:73:3e:81:bd:7b:f2:03:87:40:b6:f3:58:ac:
                    ca:b9:c5:a5:94:0a:22:7f:8c:83:95:69:71:37:5f:
                    89:11:0d:a6:95:8e:da:9d:46:e6:e2:56:c5:42:4c:
                    a9:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:D3:96:9E:C2:8E:70:A2:F3:C4:81:25:BC:CD:14:A5:0B:30:63:9E
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/WtOWnsKOcKLzxIElvM0UpQswY54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.130.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         99:f7:80:65:ac:a6:ff:f2:56:34:40:24:85:44:d4:9c:4a:0f:
         33:71:f1:d5:d8:3a:ab:73:f5:59:c0:93:7e:e4:1a:de:a9:2a:
         67:1d:8d:f0:6f:ff:28:d4:cb:12:95:6f:2e:5d:9d:15:11:2f:
         14:5f:27:0e:1c:78:d0:cc:7d:f9:dc:0d:71:5d:03:a9:7e:ba:
         1e:3f:7f:23:35:6a:f5:44:48:76:5a:04:cf:0d:80:fc:52:d8:
         62:93:94:9a:96:44:5f:67:49:ad:be:89:52:b8:10:87:a3:d1:
         5f:49:33:2b:86:1c:03:e1:80:57:7f:25:e6:69:48:c0:36:e3:
         03:8a:5a:f7:97:5e:b4:70:ea:09:3b:8d:41:32:e2:5c:fe:3a:
         70:01:a9:be:82:31:1c:05:2d:bb:c7:54:ea:fd:42:b0:47:7c:
         5b:74:5e:d7:39:a0:61:3f:54:c8:5f:54:03:a5:4a:c5:61:2b:
         9f:d4:b0:89:be:93:6d:e8:43:40:48:2d:ff:f4:a8:23:be:e0:
         71:44:95:ee:1a:01:32:ab:9f:aa:0f:c7:2c:90:62:3f:b3:b9:
         69:9a:6c:d3:84:48:a8:ee:4f:38:4d:e0:ac:79:cd:69:44:a5:
         2c:9c:a0:10:d7:91:17:8e:e0:fc:3b:00:51:84:b0:14:b3:0b:
         53:3d:a6:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlCPALlH46+eDyF27leagMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjQwMTAyMDAzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWQzOTY5ZWMyOGU3MGEyZjNjNDgxMjViY2NkMTRhNTBiMzA2MzllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoIKi4LFDixH1qqu2xPMbTopltQld
oeELjNhNJzRBcM8K6f7sss3wbSiHAhypNFmRuafy+RH7rggqp1NmvYieTmEAInrK
HVATG5XFSq3SR4ivZ/IVWSfmU4lp0vUVC4s/SXs3Oo81EwWzyfeRp2iSw62cwPT7
Z+UrltjHVmdalQSUnhf/6kmzSOEuE4fIWvenbukS0RyTLir81YGXvP5rMLVc5Nvb
DQN9coAolDSFriptwPqGROOGnk7DF5ZE8jEUiB7AnpbREm5NhuZfAu/PiO3sa3M+
gb178gOHQLbzWKzKucWllAoif4yDlWlxN1+JEQ2mlY7anUbm4lbFQkypPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFrTlp7CjnCi88SBJbzNFKULMGOeMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvV3RPV25zS09jS0x6eElFbHZNMFVwUXN3WTU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCvILEMA0G
CSqGSIb3DQEBCwUAA4IBAQCZ94BlrKb/8lY0QCSFRNScSg8zcfHV2Dqrc/VZwJN+
5BreqSpnHY3wb/8o1MsSlW8uXZ0VES8UXycOHHjQzH353A1xXQOpfroeP38jNWr1
REh2WgTPDYD8Uthik5SalkRfZ0mtvolSuBCHo9FfSTMrhhwD4YBXfyXmaUjANuMD
ilr3l160cOoJO41BMuJc/jpwAam+gjEcBS27x1Tq/UKwR3xbdF7XOaBhP1TIX1QD
pUrFYSuf1LCJvpNt6ENASC3/9KgjvuBxRJXuGgEyq5+qD8cskGI/s7lpmmzThEio
7k84TeCsec1pRKUsnKAQ15EXjuD8OwBRhLAUswtTPaam
-----END CERTIFICATE-----