Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/64bab8-89b7-4f68-afc3-85a2aeb0798d/1/dWKwLBnTMOvYBGsaiM30HJLSo5M.roa
File:                     dWKwLBnTMOvYBGsaiM30HJLSo5M.roa (raw, json)
Hash identifier:          K8JtWpdIoSOaHmJKxFjQOvCAeZAFbrAKlM9JyZcrRws=
Subject key identifier:   75:62:B0:2C:19:D3:30:EB:D8:04:6B:1A:88:CD:F4:1C:92:D2:A3:93
Certificate issuer:       /CN=9b2dad481cba5483baab0d7a0ccdc1ade832ad16
Certificate serial:       018DEB1610C633EBA38833E1B002FEEC2F11
Authority key identifier: 9B:2D:AD:48:1C:BA:54:83:BA:AB:0D:7A:0C:CD:C1:AD:E8:32:AD:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/my2tSBy6VIO6qw16DM3BregyrRY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/64bab8-89b7-4f68-afc3-85a2aeb0798d/1/dWKwLBnTMOvYBGsaiM30HJLSo5M.roa
Signing time:             Tue 27 Feb 2024 15:01:48 +0000
ROA not before:           Tue 27 Feb 2024 15:01:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197435
IP address blocks:        194.0.179.0/24 maxlen: 24
                          2a0a:a300::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/64bab8-89b7-4f68-afc3-85a2aeb0798d/1/my2tSBy6VIO6qw16DM3BregyrRY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/64bab8-89b7-4f68-afc3-85a2aeb0798d/1/my2tSBy6VIO6qw16DM3BregyrRY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/my2tSBy6VIO6qw16DM3BregyrRY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:eb:16:10:c6:33:eb:a3:88:33:e1:b0:02:fe:ec:2f:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b2dad481cba5483baab0d7a0ccdc1ade832ad16
        Validity
            Not Before: Feb 27 15:01:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7562b02c19d330ebd8046b1a88cdf41c92d2a393
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:07:2f:c0:17:dd:7c:a7:1c:4b:2f:ee:e8:b0:
                    f8:2f:70:55:fd:bf:23:41:79:ae:d7:2f:78:6f:ce:
                    eb:67:e7:00:a9:6b:35:bd:a6:d9:d4:e0:b1:4d:a0:
                    77:73:b1:25:06:63:ad:e8:af:36:41:6a:e9:78:d2:
                    73:04:91:e5:65:3d:6d:0c:14:75:bc:56:d9:5d:f5:
                    d6:cb:a1:16:a9:e7:69:62:ad:86:cf:59:00:05:ed:
                    27:47:3d:63:0d:c4:30:52:4d:bd:e1:6e:a2:95:f4:
                    31:79:01:68:90:43:db:15:75:fd:a7:bc:7a:33:a0:
                    6a:43:bb:1c:b9:23:f5:b9:c2:f1:cb:fa:63:c7:ed:
                    50:71:96:b3:35:df:c4:4b:bd:5a:76:9e:98:c5:af:
                    c9:8f:17:83:84:95:b9:24:0b:57:a9:34:ce:4e:98:
                    3f:d1:2d:9e:f3:fc:9c:a8:34:25:a2:18:6a:2c:cd:
                    18:03:e0:f7:6f:2f:7c:a9:f8:7e:53:d2:bf:34:14:
                    06:39:d6:0e:85:bd:e4:04:30:02:3a:f5:45:c9:d6:
                    bf:fa:3f:3b:75:f2:68:1d:a1:91:1c:fc:f7:29:00:
                    fc:fa:8d:de:d9:43:73:f0:0f:0e:13:27:59:7c:62:
                    d3:14:9d:90:23:8d:3f:eb:39:d3:18:c2:50:4e:ae:
                    a1:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:62:B0:2C:19:D3:30:EB:D8:04:6B:1A:88:CD:F4:1C:92:D2:A3:93
            X509v3 Authority Key Identifier:
                keyid:9B:2D:AD:48:1C:BA:54:83:BA:AB:0D:7A:0C:CD:C1:AD:E8:32:AD:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/my2tSBy6VIO6qw16DM3BregyrRY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/64bab8-89b7-4f68-afc3-85a2aeb0798d/1/dWKwLBnTMOvYBGsaiM30HJLSo5M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/64bab8-89b7-4f68-afc3-85a2aeb0798d/1/my2tSBy6VIO6qw16DM3BregyrRY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.179.0/24
                IPv6:
                  2a0a:a300::/32

    Signature Algorithm: sha256WithRSAEncryption
         ae:1d:ff:31:f6:e3:1d:80:3d:77:3a:0d:d8:f1:73:86:19:e9:
         83:07:e7:21:64:02:70:4a:e5:1c:a5:63:38:2a:cd:e2:7e:d6:
         fa:a0:6d:2c:07:d7:97:2c:43:d1:82:39:b6:b6:bd:48:87:83:
         bf:de:25:da:7a:04:a4:c5:7c:16:4a:3e:84:11:db:20:e2:2d:
         33:91:1e:eb:2e:c5:ee:c6:d1:de:82:1a:01:bc:b0:ee:49:2c:
         6e:09:d7:6e:d2:9e:41:00:59:bc:6c:e4:11:d1:8e:f6:4e:21:
         eb:b8:52:e2:50:02:90:a8:cf:d9:69:bc:70:f6:9c:fa:9e:c5:
         d9:0a:db:76:cf:03:30:29:a9:b2:96:dd:77:11:7c:c4:74:d4:
         21:f9:3a:b6:cd:f9:1a:a9:ec:7f:a7:b0:76:14:0b:09:a5:48:
         80:fa:97:8a:c0:f8:5e:ba:2a:a9:61:ed:9d:ef:0a:c0:71:6a:
         fa:39:7f:b7:29:6c:66:de:64:00:f7:bf:ed:9d:72:de:31:b6:
         1b:75:eb:64:ce:b2:ab:87:82:18:78:41:b7:de:10:ba:32:b1:
         15:6d:ca:4c:89:b9:9a:f6:2f:77:33:10:d5:c5:ad:bc:5a:a7:
         65:38:13:f2:4b:9e:88:43:32:20:94:9e:d7:2d:ee:d4:df:98:
         a4:d2:1f:e4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY3rFhDGM+ujiDPhsAL+7C8RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliMmRhZDQ4MWNiYTU0ODNiYWFiMGQ3YTBjY2RjMWFkZTgz
MmFkMTYwHhcNMjQwMjI3MTUwMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTYyYjAyYzE5ZDMzMGViZDgwNDZiMWE4OGNkZjQxYzkyZDJhMzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsAcvwBfdfKccSy/u6LD4L3BV/b8j
QXmu1y94b87rZ+cAqWs1vabZ1OCxTaB3c7ElBmOt6K82QWrpeNJzBJHlZT1tDBR1
vFbZXfXWy6EWqedpYq2Gz1kABe0nRz1jDcQwUk294W6ilfQxeQFokEPbFXX9p7x6
M6BqQ7scuSP1ucLxy/pjx+1QcZazNd/ES71adp6Yxa/JjxeDhJW5JAtXqTTOTpg/
0S2e8/ycqDQlohhqLM0YA+D3by98qfh+U9K/NBQGOdYOhb3kBDACOvVFyda/+j87
dfJoHaGRHPz3KQD8+o3e2UNz8A8OEydZfGLTFJ2QI40/6znTGMJQTq6hbQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHVisCwZ0zDr2ARrGojN9ByS0qOTMB8GA1UdIwQY
MBaAFJstrUgculSDuqsNegzNwa3oMq0WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXkydFNCeTZWSU82cXcxNkRNM0JyZWd5clJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi82NGJhYjgtODliNy00ZjY4LWFmYzMt
ODVhMmFlYjA3OThkLzEvZFdLd0xCblRNT3ZZQkdzYWlNMzBISkxTbzVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi82NGJhYjgtODliNy00ZjY4LWFmYzMtODVhMmFlYjA3OThk
LzEvbXkydFNCeTZWSU82cXcxNkRNM0JyZWd5clJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwgCzMA0E
AgACMAcDBQAqCqMAMA0GCSqGSIb3DQEBCwUAA4IBAQCuHf8x9uMdgD13Og3Y8XOG
GemDB+chZAJwSuUcpWM4Ks3iftb6oG0sB9eXLEPRgjm2tr1Ih4O/3iXaegSkxXwW
Sj6EEdsg4i0zkR7rLsXuxtHeghoBvLDuSSxuCddu0p5BAFm8bOQR0Y72TiHruFLi
UAKQqM/Zabxw9pz6nsXZCtt2zwMwKamylt13EXzEdNQh+Tq2zfkaqex/p7B2FAsJ
pUiA+peKwPheuiqpYe2d7wrAcWr6OX+3KWxm3mQA97/tnXLeMbYbdetkzrKrh4IY
eEG33hC6MrEVbcpMibma9i93MxDVxa28WqdlOBPyS56IQzIglJ7XLe7U35ik0h/k
-----END CERTIFICATE-----