Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/cMW-Zdolm_oqj8UMw8MRuC2DwrQ.roa
File:                     cMW-Zdolm_oqj8UMw8MRuC2DwrQ.roa (raw, json)
Hash identifier:          D+uvI1F6z81+X+x2rajQx/UmEcxmiGXEz5/6YHJcsbk=
Subject key identifier:   70:C5:BE:65:DA:25:9B:FA:2A:8F:C5:0C:C3:C3:11:B8:2D:83:C2:B4
Certificate issuer:       /CN=359f0f5ff620e0db5311f64736909973ac60f6f3
Certificate serial:       018CC5006E016D3E2B92AB11E9B73A690A04
Authority key identifier: 35:9F:0F:5F:F6:20:E0:DB:53:11:F6:47:36:90:99:73:AC:60:F6:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/cMW-Zdolm_oqj8UMw8MRuC2DwrQ.roa
Signing time:             Mon 01 Jan 2024 12:29:48 +0000
ROA not before:           Mon 01 Jan 2024 12:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15935
IP address blocks:        185.188.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 08:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:6e:01:6d:3e:2b:92:ab:11:e9:b7:3a:69:0a:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359f0f5ff620e0db5311f64736909973ac60f6f3
        Validity
            Not Before: Jan  1 12:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=70c5be65da259bfa2a8fc50cc3c311b82d83c2b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:ff:ca:1a:9e:b9:e6:a8:f5:17:19:12:40:ce:
                    77:22:21:81:90:eb:be:74:f0:ce:36:35:db:79:33:
                    0a:14:70:f1:93:22:44:6a:cb:bc:4d:4d:92:13:eb:
                    dd:30:6b:f3:50:0d:ee:64:b6:20:03:8a:20:48:48:
                    56:23:e9:f2:d4:db:cf:0b:64:b6:8d:2c:97:65:60:
                    66:d6:fb:9e:7a:39:df:5f:59:cf:05:37:60:db:09:
                    47:da:ab:74:39:95:05:8d:16:68:dc:8e:0b:01:fe:
                    6c:25:45:31:23:29:8e:10:17:f3:1b:a0:73:ac:02:
                    16:e2:df:56:28:fe:ad:d0:84:04:da:5e:36:c6:6b:
                    4b:c1:b3:57:dc:24:57:4e:c4:ee:90:ae:62:f3:96:
                    6c:86:13:21:b3:d6:36:38:9f:b5:83:60:83:1b:eb:
                    5c:bf:9d:8c:6e:39:a4:0e:ef:15:04:a4:09:ad:2c:
                    d3:32:b6:08:59:34:e1:42:d1:1e:c4:20:e5:68:00:
                    ed:61:a6:e0:ef:48:21:61:01:05:35:cb:9c:22:b8:
                    41:ca:45:69:09:cd:a5:9c:96:2d:18:e5:3a:3d:9e:
                    af:3f:3c:4d:8c:6a:f2:f9:c5:69:a3:af:87:67:b4:
                    62:59:59:5c:f5:63:94:b6:71:2e:6c:1a:b4:84:97:
                    7f:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:C5:BE:65:DA:25:9B:FA:2A:8F:C5:0C:C3:C3:11:B8:2D:83:C2:B4
            X509v3 Authority Key Identifier:
                keyid:35:9F:0F:5F:F6:20:E0:DB:53:11:F6:47:36:90:99:73:AC:60:F6:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/cMW-Zdolm_oqj8UMw8MRuC2DwrQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.188.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:81:d2:8b:1f:f4:8b:ac:dc:c9:4b:bc:45:ca:18:e6:43:16:
         ae:38:18:91:2a:08:b4:8e:ef:11:d5:be:7e:cd:82:50:1a:b1:
         55:92:11:f0:14:2a:f9:75:1d:bd:42:8a:65:f9:87:c4:da:9d:
         0a:70:ec:9c:97:f4:4f:09:1f:c7:fe:9d:9b:19:72:4a:76:b4:
         da:b7:5b:e7:78:3b:5d:eb:cc:5e:bc:a3:99:f7:9d:52:14:d3:
         3d:fb:fa:9c:ce:d5:3a:1d:99:6e:ec:79:4c:d2:3c:64:4f:d8:
         b0:d5:91:7b:5a:bd:1c:ce:ba:a5:3c:ad:f0:91:7f:17:da:f3:
         1f:2c:57:c8:17:02:d0:f0:c8:35:c2:57:70:e8:53:e9:19:76:
         fd:be:22:36:5f:ed:81:04:1f:f8:6f:82:86:7f:06:4a:e6:c3:
         16:aa:86:fa:ae:7e:e7:2f:ee:28:b2:d9:1b:60:8c:1d:42:82:
         ac:bb:52:9e:b1:84:b8:a3:a7:cb:b8:5d:c7:ab:d9:56:c1:fd:
         0e:27:e4:f5:54:b7:d0:f7:d4:b7:62:8f:d3:52:32:78:cf:34:
         47:0e:2b:8d:a5:fd:68:10:9c:63:27:c5:69:56:2d:5e:94:0b:
         bb:86:87:b3:71:b8:ab:ef:1e:6a:a5:88:21:41:73:00:92:6c:
         e9:21:a9:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAG4BbT4rkqsR6bc6aQoEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1OWYwZjVmZjYyMGUwZGI1MzExZjY0NzM2OTA5OTczYWM2
MGY2ZjMwHhcNMjQwMTAxMTIyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGM1YmU2NWRhMjU5YmZhMmE4ZmM1MGNjM2MzMTFiODJkODNjMmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhv/KGp655qj1FxkSQM53IiGBkOu+
dPDONjXbeTMKFHDxkyJEasu8TU2SE+vdMGvzUA3uZLYgA4ogSEhWI+ny1NvPC2S2
jSyXZWBm1vueejnfX1nPBTdg2wlH2qt0OZUFjRZo3I4LAf5sJUUxIymOEBfzG6Bz
rAIW4t9WKP6t0IQE2l42xmtLwbNX3CRXTsTukK5i85ZshhMhs9Y2OJ+1g2CDG+tc
v52MbjmkDu8VBKQJrSzTMrYIWTThQtEexCDlaADtYabg70ghYQEFNcucIrhBykVp
Cc2lnJYtGOU6PZ6vPzxNjGry+cVpo6+HZ7RiWVlc9WOUtnEubBq0hJd//wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHDFvmXaJZv6Ko/FDMPDEbgtg8K0MB8GA1UdIwQY
MBaAFDWfD1/2IODbUxH2RzaQmXOsYPbzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlo4UFhfWWc0TnRURWZaSE5wQ1pjNnhnOXZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS80MGQ5YTUtMjU2Ni00OWUxLWE1N2It
ZDFhYmY0ZWUzMmNiLzEvY01XLVpkb2xtX29xajhVTXc4TVJ1QzJEd3JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS80MGQ5YTUtMjU2Ni00OWUxLWE1N2ItZDFhYmY0ZWUzMmNi
LzEvTlo4UFhfWWc0TnRURWZaSE5wQ1pjNnhnOXZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubxmMA0G
CSqGSIb3DQEBCwUAA4IBAQAagdKLH/SLrNzJS7xFyhjmQxauOBiRKgi0ju8R1b5+
zYJQGrFVkhHwFCr5dR29Qopl+YfE2p0KcOycl/RPCR/H/p2bGXJKdrTat1vneDtd
68xevKOZ951SFNM9+/qcztU6HZlu7HlM0jxkT9iw1ZF7Wr0czrqlPK3wkX8X2vMf
LFfIFwLQ8Mg1wldw6FPpGXb9viI2X+2BBB/4b4KGfwZK5sMWqob6rn7nL+4ostkb
YIwdQoKsu1KesYS4o6fLuF3Hq9lWwf0OJ+T1VLfQ99S3Yo/TUjJ4zzRHDiuNpf1o
EJxjJ8VpVi1elAu7hoezcbir7x5qpYghQXMAkmzpIalD
-----END CERTIFICATE-----