Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/wLPc1mEh8_N_qlMVxpVtKvY-6YE.roa
File:                     wLPc1mEh8_N_qlMVxpVtKvY-6YE.roa (raw, json)
Hash identifier:          9EWEUX6Dyn8CF3oq8W0d/m1OHKICjEGzvF10TLFmw7s=
Subject key identifier:   C0:B3:DC:D6:61:21:F3:F3:7F:AA:53:15:C6:95:6D:2A:F6:3E:E9:81
Certificate issuer:       /CN=a539afebace899a8ee0bb4f8bb4475fe247a1528
Certificate serial:       018CC348F50E2CD9FBF02A9C8CD20C06DD55
Authority key identifier: A5:39:AF:EB:AC:E8:99:A8:EE:0B:B4:F8:BB:44:75:FE:24:7A:15:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pTmv66zomajuC7T4u0R1_iR6FSg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/wLPc1mEh8_N_qlMVxpVtKvY-6YE.roa
Signing time:             Mon 01 Jan 2024 04:29:47 +0000
ROA not before:           Mon 01 Jan 2024 04:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14230
IP address blocks:        188.172.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/pTmv66zomajuC7T4u0R1_iR6FSg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/pTmv66zomajuC7T4u0R1_iR6FSg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pTmv66zomajuC7T4u0R1_iR6FSg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:f5:0e:2c:d9:fb:f0:2a:9c:8c:d2:0c:06:dd:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a539afebace899a8ee0bb4f8bb4475fe247a1528
        Validity
            Not Before: Jan  1 04:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c0b3dcd66121f3f37faa5315c6956d2af63ee981
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:0e:40:2a:43:94:f4:19:bd:aa:00:21:d8:be:
                    84:0b:42:54:7c:61:14:ce:1b:5b:5a:92:f0:8b:2c:
                    dc:99:ae:b4:b7:b2:7a:ea:ce:75:0d:98:cc:e3:99:
                    44:bd:08:41:93:12:29:89:06:65:55:4b:05:30:67:
                    19:0f:b6:ba:85:47:a6:57:9b:4c:f4:a6:8f:c6:0c:
                    17:76:a0:57:2c:b4:f0:10:2c:f7:fa:28:01:f0:b1:
                    79:a5:83:17:bd:4a:73:1a:5e:a9:da:38:b2:6c:be:
                    7c:97:ef:d2:1d:7b:49:23:09:04:f6:61:b2:78:12:
                    d2:70:60:09:ae:82:9e:fa:c2:40:50:16:36:79:f5:
                    4a:51:dd:f6:f9:2f:ea:8e:b9:0f:47:8d:0a:a5:94:
                    25:dc:01:95:2b:4d:82:3e:0a:3c:6a:20:e3:09:e6:
                    52:40:45:5e:88:9d:ca:48:8e:40:db:1d:76:6b:37:
                    fb:b3:07:14:7d:4d:b4:61:8d:1d:06:8d:e9:41:65:
                    89:41:f6:d0:64:8b:b1:d7:c1:7c:a4:2c:63:a1:8e:
                    61:80:02:08:53:ba:55:26:81:4d:45:cb:97:8b:86:
                    3b:37:6e:7a:03:3e:d0:25:72:7c:3e:ef:bd:30:78:
                    fa:4d:e6:c0:74:b6:12:90:b8:5e:7e:63:55:05:46:
                    b6:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:B3:DC:D6:61:21:F3:F3:7F:AA:53:15:C6:95:6D:2A:F6:3E:E9:81
            X509v3 Authority Key Identifier:
                keyid:A5:39:AF:EB:AC:E8:99:A8:EE:0B:B4:F8:BB:44:75:FE:24:7A:15:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pTmv66zomajuC7T4u0R1_iR6FSg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/wLPc1mEh8_N_qlMVxpVtKvY-6YE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/pTmv66zomajuC7T4u0R1_iR6FSg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.172.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:57:51:cf:06:f2:ee:ee:0a:19:26:14:a7:5a:be:34:fd:92:
         86:72:13:2f:7e:e2:3e:38:14:d0:1d:a5:fb:7b:df:cd:d6:88:
         76:ad:cb:b9:ea:39:13:90:55:5c:65:db:8e:44:2d:80:4a:77:
         05:ec:d6:ef:e8:a9:55:5f:88:a8:bc:e1:e6:e9:4e:e2:24:c8:
         1d:1a:50:8a:0b:0d:03:30:b6:2b:d9:f5:ec:92:b1:9e:83:95:
         e1:69:ff:7a:92:bc:bb:1e:b0:c1:e3:70:a4:76:d4:cb:9b:e0:
         44:de:12:f2:b1:b7:f4:4e:87:4c:2d:5b:46:f8:35:0f:54:c6:
         e5:2f:4c:6a:46:d3:89:ad:cb:05:66:24:24:b4:3d:f1:59:61:
         6b:83:9a:a3:40:a1:eb:8f:c0:61:f0:ae:bb:62:fb:43:0d:d9:
         40:16:35:a0:34:99:a3:2b:2e:d6:f7:6c:ce:04:14:47:7f:23:
         06:65:37:53:de:96:98:ee:80:41:77:3e:04:76:d9:54:d1:ce:
         4a:92:d9:7b:46:bd:1f:e0:f7:ff:86:38:b5:b5:9e:25:af:e4:
         56:14:25:d3:d0:ae:19:60:39:67:a8:44:24:b0:91:27:7a:65:
         ff:3b:35:c0:f1:2a:e0:fd:56:4b:e4:e5:76:9f:03:bd:3d:61:
         19:90:19:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSPUOLNn78CqcjNIMBt1VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1MzlhZmViYWNlODk5YThlZTBiYjRmOGJiNDQ3NWZlMjQ3
YTE1MjgwHhcNMjQwMTAxMDQyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGIzZGNkNjYxMjFmM2YzN2ZhYTUzMTVjNjk1NmQyYWY2M2VlOTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqA5AKkOU9Bm9qgAh2L6EC0JUfGEU
zhtbWpLwiyzcma60t7J66s51DZjM45lEvQhBkxIpiQZlVUsFMGcZD7a6hUemV5tM
9KaPxgwXdqBXLLTwECz3+igB8LF5pYMXvUpzGl6p2jiybL58l+/SHXtJIwkE9mGy
eBLScGAJroKe+sJAUBY2efVKUd32+S/qjrkPR40KpZQl3AGVK02CPgo8aiDjCeZS
QEVeiJ3KSI5A2x12azf7swcUfU20YY0dBo3pQWWJQfbQZIux18F8pCxjoY5hgAII
U7pVJoFNRcuXi4Y7N256Az7QJXJ8Pu+9MHj6TebAdLYSkLhefmNVBUa2vQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMCz3NZhIfPzf6pTFcaVbSr2PumBMB8GA1UdIwQY
MBaAFKU5r+us6Jmo7gu0+LtEdf4kehUoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFRtdjY2em9tYWp1QzdUNHUwUjFfaVI2RlNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS85OGM0ZWUtMmY1OS00NWE3LWFkYjYt
NzQxMzk1OTEzMTJlLzEvd0xQYzFtRWg4X05fcWxNVnhwVnRLdlktNllFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS85OGM0ZWUtMmY1OS00NWE3LWFkYjYtNzQxMzk1OTEzMTJl
LzEvcFRtdjY2em9tYWp1QzdUNHUwUjFfaVI2RlNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvKzqMA0G
CSqGSIb3DQEBCwUAA4IBAQBxV1HPBvLu7goZJhSnWr40/ZKGchMvfuI+OBTQHaX7
e9/N1oh2rcu56jkTkFVcZduORC2ASncF7Nbv6KlVX4iovOHm6U7iJMgdGlCKCw0D
MLYr2fXskrGeg5Xhaf96kry7HrDB43CkdtTLm+BE3hLysbf0TodMLVtG+DUPVMbl
L0xqRtOJrcsFZiQktD3xWWFrg5qjQKHrj8Bh8K67YvtDDdlAFjWgNJmjKy7W92zO
BBRHfyMGZTdT3paY7oBBdz4EdtlU0c5Kktl7Rr0f4Pf/hji1tZ4lr+RWFCXT0K4Z
YDlnqEQksJEnemX/OzXA8Srg/VZL5OV2nwO9PWEZkBng
-----END CERTIFICATE-----