Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/237947-70c2-4661-a36f-6b497b2c0b38/1/wHKsjuqLir222rSa7_SmmcXx3o4.roa
File:                     wHKsjuqLir222rSa7_SmmcXx3o4.roa (raw, json)
Hash identifier:          YO1h3MqNzj0RctnMFQGvC4443QxwU6HP7WpcSuMhUCE=
Subject key identifier:   C0:72:AC:8E:EA:8B:8A:BD:B6:DA:B4:9A:EF:F4:A6:99:C5:F1:DE:8E
Certificate issuer:       /CN=10a8c6e9308bb00083100171e00dbb6140f4f580
Certificate serial:       01900D002FAB7B61FD5A6B4DE746DA3D06E9
Authority key identifier: 10:A8:C6:E9:30:8B:B0:00:83:10:01:71:E0:0D:BB:61:40:F4:F5:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EKjG6TCLsACDEAFx4A27YUD09YA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/237947-70c2-4661-a36f-6b497b2c0b38/1/wHKsjuqLir222rSa7_SmmcXx3o4.roa
Signing time:             Wed 12 Jun 2024 15:10:34 +0000
ROA not before:           Wed 12 Jun 2024 15:10:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39923
IP address blocks:        185.70.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/237947-70c2-4661-a36f-6b497b2c0b38/1/EKjG6TCLsACDEAFx4A27YUD09YA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/237947-70c2-4661-a36f-6b497b2c0b38/1/EKjG6TCLsACDEAFx4A27YUD09YA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EKjG6TCLsACDEAFx4A27YUD09YA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:0d:00:2f:ab:7b:61:fd:5a:6b:4d:e7:46:da:3d:06:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10a8c6e9308bb00083100171e00dbb6140f4f580
        Validity
            Not Before: Jun 12 15:10:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c072ac8eea8b8abdb6dab49aeff4a699c5f1de8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:00:11:0d:85:3c:1b:05:07:e2:92:17:6d:53:
                    6c:2e:9f:82:e8:8d:be:91:cb:f7:4d:62:a7:5d:8a:
                    17:19:6a:d1:df:c6:57:bf:4c:18:b5:9d:af:f0:b1:
                    f8:ec:6d:fd:98:93:c9:86:97:c5:6d:04:60:40:d1:
                    3c:89:74:9f:cd:7a:8f:96:20:bb:3f:3b:65:77:40:
                    ef:04:f0:c2:8b:f2:b9:0e:02:a8:7c:d6:a5:0a:1b:
                    f5:c6:ad:80:a5:fd:66:73:f5:4e:ba:13:09:2d:7d:
                    e7:40:0b:c1:6b:b2:f2:19:43:cb:75:ff:dd:6b:66:
                    57:c1:b7:d4:77:04:8e:8c:08:ab:0d:40:3b:3d:a0:
                    cf:ef:31:20:46:37:17:a9:97:1b:05:a0:f1:5b:96:
                    73:b7:59:7c:a2:fd:e4:a0:7f:bd:0b:29:7c:4a:89:
                    3b:7d:7d:81:9f:05:0d:bc:25:53:82:98:b5:ed:c4:
                    60:ae:80:ec:f3:5b:9a:68:e4:62:11:8f:a4:b8:24:
                    c5:0d:02:b9:cc:53:e2:88:8c:2c:e4:21:cc:09:a0:
                    7f:df:e9:77:bc:05:2f:9d:9d:ca:56:c4:1d:52:fd:
                    b6:54:cc:f2:65:01:a7:73:fb:3a:89:00:ee:56:0a:
                    56:43:ee:f9:03:ff:d6:94:f8:ae:94:50:5f:54:07:
                    47:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:72:AC:8E:EA:8B:8A:BD:B6:DA:B4:9A:EF:F4:A6:99:C5:F1:DE:8E
            X509v3 Authority Key Identifier:
                keyid:10:A8:C6:E9:30:8B:B0:00:83:10:01:71:E0:0D:BB:61:40:F4:F5:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EKjG6TCLsACDEAFx4A27YUD09YA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/237947-70c2-4661-a36f-6b497b2c0b38/1/wHKsjuqLir222rSa7_SmmcXx3o4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/237947-70c2-4661-a36f-6b497b2c0b38/1/EKjG6TCLsACDEAFx4A27YUD09YA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.70.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:11:2b:7b:06:25:fc:5e:ab:ed:c3:44:67:ee:2e:08:0b:75:
         7f:af:16:f8:cd:c3:f0:46:8d:cc:e2:71:81:66:13:c1:ef:c6:
         d6:fc:69:cd:11:e7:b8:e5:65:77:d9:34:92:c2:0e:75:d3:62:
         35:51:0a:e5:b3:56:dd:0a:31:09:af:7d:6b:1c:83:89:d4:9c:
         22:c4:81:a3:93:69:d6:3e:b6:48:d4:01:8c:ff:25:c7:6a:14:
         cf:e3:08:d7:e7:dc:8a:e4:e4:96:69:9f:69:d1:02:cc:1d:e5:
         89:e2:2d:dd:ee:65:c1:4a:52:44:7f:eb:81:c0:d2:57:52:00:
         04:b9:61:3f:f6:0b:f8:29:86:e6:2b:88:96:bc:7d:8a:2e:ec:
         c3:10:58:ad:1e:a2:a7:96:92:3d:6d:32:c6:0f:cf:0d:2a:c6:
         5b:4c:63:17:85:ca:67:86:9b:e4:61:fb:c9:c2:06:ea:03:20:
         a7:41:51:43:41:c2:e3:83:7c:db:c6:23:38:8e:98:11:45:87:
         a6:d1:b1:76:0c:5b:b2:39:d3:d9:e6:4f:4b:10:fe:60:24:ff:
         34:d9:38:3c:59:a6:cd:eb:6a:f6:c6:8e:a3:b8:f4:09:39:48:
         53:fb:43:1c:76:55:fc:ff:36:31:85:2a:3d:d1:b0:96:4f:ea:
         33:d0:f4:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZANAC+re2H9WmtN50baPQbpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwYThjNmU5MzA4YmIwMDA4MzEwMDE3MWUwMGRiYjYxNDBm
NGY1ODAwHhcNMjQwNjEyMTUxMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDcyYWM4ZWVhOGI4YWJkYjZkYWI0OWFlZmY0YTY5OWM1ZjFkZThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzwARDYU8GwUH4pIXbVNsLp+C6I2+
kcv3TWKnXYoXGWrR38ZXv0wYtZ2v8LH47G39mJPJhpfFbQRgQNE8iXSfzXqPliC7
Pztld0DvBPDCi/K5DgKofNalChv1xq2Apf1mc/VOuhMJLX3nQAvBa7LyGUPLdf/d
a2ZXwbfUdwSOjAirDUA7PaDP7zEgRjcXqZcbBaDxW5Zzt1l8ov3koH+9Cyl8Sok7
fX2BnwUNvCVTgpi17cRgroDs81uaaORiEY+kuCTFDQK5zFPiiIws5CHMCaB/3+l3
vAUvnZ3KVsQdUv22VMzyZQGnc/s6iQDuVgpWQ+75A//WlPiulFBfVAdHhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMByrI7qi4q9ttq0mu/0ppnF8d6OMB8GA1UdIwQY
MBaAFBCoxukwi7AAgxABceANu2FA9PWAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUtqRzZUQ0xzQUNERUFGeDRBMjdZVUQwOVlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMzc5NDctNzBjMi00NjYxLWEzNmYt
NmI0OTdiMmMwYjM4LzEvd0hLc2p1cUxpcjIyMnJTYTdfU21tY1h4M280LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMzc5NDctNzBjMi00NjYxLWEzNmYtNmI0OTdiMmMwYjM4
LzEvRUtqRzZUQ0xzQUNERUFGeDRBMjdZVUQwOVlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUYvMA0G
CSqGSIb3DQEBCwUAA4IBAQAdESt7BiX8Xqvtw0Rn7i4IC3V/rxb4zcPwRo3M4nGB
ZhPB78bW/GnNEee45WV32TSSwg5102I1UQrls1bdCjEJr31rHIOJ1JwixIGjk2nW
PrZI1AGM/yXHahTP4wjX59yK5OSWaZ9p0QLMHeWJ4i3d7mXBSlJEf+uBwNJXUgAE
uWE/9gv4KYbmK4iWvH2KLuzDEFitHqKnlpI9bTLGD88NKsZbTGMXhcpnhpvkYfvJ
wgbqAyCnQVFDQcLjg3zbxiM4jpgRRYem0bF2DFuyOdPZ5k9LEP5gJP802Tg8WabN
62r2xo6juPQJOUhT+0McdlX8/zYxhSo90bCWT+oz0PTQ
-----END CERTIFICATE-----