Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/fb42e6-cc51-4d2b-8637-a243cbfaaef3/1/w8iwwx_XCLrucJUNX6_J6N56TV8.roa
File:                     w8iwwx_XCLrucJUNX6_J6N56TV8.roa (raw, json)
Hash identifier:          WRcmRWO+J9XQAL0Cry2Q4fDRSqIJkeG8fVE4nh+K/a0=
Subject key identifier:   C3:C8:B0:C3:1F:D7:08:BA:EE:70:95:0D:5F:AF:C9:E8:DE:7A:4D:5F
Certificate issuer:       /CN=986ce5249635e4e2964d374493dcc37a875d0539
Certificate serial:       018CC56E0B60E563AA436A91B5AF3BBBBA3D
Authority key identifier: 98:6C:E5:24:96:35:E4:E2:96:4D:37:44:93:DC:C3:7A:87:5D:05:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mGzlJJY15OKWTTdEk9zDeoddBTk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/fb42e6-cc51-4d2b-8637-a243cbfaaef3/1/w8iwwx_XCLrucJUNX6_J6N56TV8.roa
Signing time:             Mon 01 Jan 2024 14:29:32 +0000
ROA not before:           Mon 01 Jan 2024 14:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198024
IP address blocks:        185.124.92.0/22 maxlen: 22
                          2a06:b100::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/fb42e6-cc51-4d2b-8637-a243cbfaaef3/1/mGzlJJY15OKWTTdEk9zDeoddBTk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/fb42e6-cc51-4d2b-8637-a243cbfaaef3/1/mGzlJJY15OKWTTdEk9zDeoddBTk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mGzlJJY15OKWTTdEk9zDeoddBTk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 02:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:0b:60:e5:63:aa:43:6a:91:b5:af:3b:bb:ba:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=986ce5249635e4e2964d374493dcc37a875d0539
        Validity
            Not Before: Jan  1 14:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c3c8b0c31fd708baee70950d5fafc9e8de7a4d5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:38:1f:9e:c3:8b:d1:70:ac:ec:c7:ff:55:5c:
                    3e:cc:11:e4:75:00:ec:9c:fd:e5:1c:cd:e5:1d:3f:
                    61:36:8a:24:74:be:3c:98:10:e8:2b:e2:dc:40:18:
                    a4:bf:a9:4b:1b:72:46:b4:a2:96:c2:ba:4d:6e:99:
                    2d:ef:e4:6f:1b:51:fc:3f:f5:30:ba:9e:97:39:49:
                    76:90:a4:d0:a8:fb:3a:9d:f4:25:9a:d7:53:79:b1:
                    c5:bd:b8:73:de:44:ec:a2:46:e0:22:9b:85:8f:c6:
                    4b:4f:8d:ed:cf:33:f6:5d:c6:a8:4c:c8:d9:59:ad:
                    fa:7e:f7:12:cb:a4:b0:c9:0a:8f:fd:0b:66:e4:bc:
                    39:2a:2d:03:0d:cd:82:22:ce:d0:2b:82:59:10:97:
                    89:8a:ac:7f:86:7a:28:f1:41:3d:ee:08:01:0f:6a:
                    ef:54:fb:34:ff:0c:92:50:60:50:4d:f7:c6:e4:86:
                    a7:af:f2:3a:80:d1:25:98:37:da:a3:02:d9:b1:c6:
                    86:1b:d0:0b:78:c0:f3:fe:42:78:31:e6:9e:da:5b:
                    ea:52:a3:6c:e1:35:c2:51:f1:1d:8f:2a:d4:42:b4:
                    8a:29:12:8e:24:68:5c:d5:a6:bd:74:44:d2:ec:61:
                    38:50:d2:d2:04:05:79:b8:b9:38:ea:92:35:33:ff:
                    d8:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:C8:B0:C3:1F:D7:08:BA:EE:70:95:0D:5F:AF:C9:E8:DE:7A:4D:5F
            X509v3 Authority Key Identifier:
                keyid:98:6C:E5:24:96:35:E4:E2:96:4D:37:44:93:DC:C3:7A:87:5D:05:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mGzlJJY15OKWTTdEk9zDeoddBTk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/fb42e6-cc51-4d2b-8637-a243cbfaaef3/1/w8iwwx_XCLrucJUNX6_J6N56TV8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/fb42e6-cc51-4d2b-8637-a243cbfaaef3/1/mGzlJJY15OKWTTdEk9zDeoddBTk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.124.92.0/22
                IPv6:
                  2a06:b100::/29

    Signature Algorithm: sha256WithRSAEncryption
         6f:8d:f4:78:72:d8:bb:c0:71:25:5c:99:db:05:f0:73:56:05:
         d8:af:1c:da:bf:e7:89:da:b2:bf:ed:3f:50:1a:99:d9:5f:8f:
         6e:c9:59:91:7e:0f:21:84:86:38:03:9c:3e:68:6e:80:19:68:
         28:ee:b4:64:94:f7:f6:06:90:ba:cc:9e:3b:cc:88:e9:7a:92:
         31:a4:16:1c:b5:4b:c6:fd:a1:7f:a0:09:24:b7:77:dd:be:bc:
         b9:57:0d:26:73:df:bb:dc:ac:98:ce:42:7c:7d:a8:47:3c:99:
         2a:f8:6f:25:23:42:06:69:4c:7b:c9:8f:32:31:ac:a6:db:49:
         02:85:8f:98:c6:84:5a:54:7b:4f:56:64:a1:87:49:0c:39:7a:
         e8:84:64:7e:cf:46:db:b9:ff:a7:31:da:92:cc:7f:0d:a0:0f:
         8b:71:65:d2:18:41:ae:f2:03:b9:47:f8:da:4c:b9:e6:e9:e4:
         43:d6:45:b2:cd:b0:d9:9d:0c:22:e0:7a:6e:5e:75:87:b7:75:
         b5:f0:4f:3e:63:7a:42:10:9f:f4:51:b2:5d:27:f1:90:37:22:
         3a:7b:aa:02:cf:fb:e2:f8:f8:6a:ec:3c:e5:0c:3e:4d:df:d4:
         2a:3c:07:56:42:55:2c:a5:f6:e3:65:58:bc:17:d3:68:3e:d2:
         29:83:1d:24
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbgtg5WOqQ2qRta87u7o9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4NmNlNTI0OTYzNWU0ZTI5NjRkMzc0NDkzZGNjMzdhODc1
ZDA1MzkwHhcNMjQwMTAxMTQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2M4YjBjMzFmZDcwOGJhZWU3MDk1MGQ1ZmFmYzllOGRlN2E0ZDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmjgfnsOL0XCs7Mf/VVw+zBHkdQDs
nP3lHM3lHT9hNookdL48mBDoK+LcQBikv6lLG3JGtKKWwrpNbpkt7+RvG1H8P/Uw
up6XOUl2kKTQqPs6nfQlmtdTebHFvbhz3kTsokbgIpuFj8ZLT43tzzP2XcaoTMjZ
Wa36fvcSy6SwyQqP/Qtm5Lw5Ki0DDc2CIs7QK4JZEJeJiqx/hnoo8UE97ggBD2rv
VPs0/wySUGBQTffG5Ianr/I6gNElmDfaowLZscaGG9ALeMDz/kJ4Meae2lvqUqNs
4TXCUfEdjyrUQrSKKRKOJGhc1aa9dETS7GE4UNLSBAV5uLk46pI1M//YcwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMPIsMMf1wi67nCVDV+vyejeek1fMB8GA1UdIwQY
MBaAFJhs5SSWNeTilk03RJPcw3qHXQU5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUd6bEpKWTE1T0tXVFRkRWs5ekRlb2RkQlRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9mYjQyZTYtY2M1MS00ZDJiLTg2Mzct
YTI0M2NiZmFhZWYzLzEvdzhpd3d4X1hDTHJ1Y0pVTlg2X0o2TjU2VFY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9mYjQyZTYtY2M1MS00ZDJiLTg2MzctYTI0M2NiZmFhZWYz
LzEvbUd6bEpKWTE1T0tXVFRkRWs5ekRlb2RkQlRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuXxcMA0E
AgACMAcDBQMqBrEAMA0GCSqGSIb3DQEBCwUAA4IBAQBvjfR4cti7wHElXJnbBfBz
VgXYrxzav+eJ2rK/7T9QGpnZX49uyVmRfg8hhIY4A5w+aG6AGWgo7rRklPf2BpC6
zJ47zIjpepIxpBYctUvG/aF/oAkkt3fdvry5Vw0mc9+73KyYzkJ8fahHPJkq+G8l
I0IGaUx7yY8yMaym20kChY+YxoRaVHtPVmShh0kMOXrohGR+z0bbuf+nMdqSzH8N
oA+LcWXSGEGu8gO5R/jaTLnm6eRD1kWyzbDZnQwi4HpuXnWHt3W18E8+Y3pCEJ/0
UbJdJ/GQNyI6e6oCz/vi+Phq7DzlDD5N39QqPAdWQlUspfbjZVi8F9NoPtIpgx0k
-----END CERTIFICATE-----