Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/ff3422-0ecd-4bb5-8b27-5d9603638322/1/5wlBBWx_kjtgWz3aeK1cR4WGZNE.roa
File:                     5wlBBWx_kjtgWz3aeK1cR4WGZNE.roa (raw, json)
Hash identifier:          8MDfzXMmyka/6vx7+a3yJ/7JqX7SIrG8mxVOfxbtEzI=
Subject key identifier:   E7:09:41:05:6C:7F:92:3B:60:5B:3D:DA:78:AD:5C:47:85:86:64:D1
Certificate issuer:       /CN=ba9c1933f1efd78700efdd5fdb0dc89cc8b6734a
Certificate serial:       018CC72704FA941E60BFA25A04BDCB47ADE0
Authority key identifier: BA:9C:19:33:F1:EF:D7:87:00:EF:DD:5F:DB:0D:C8:9C:C8:B6:73:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/upwZM_Hv14cA791f2w3InMi2c0o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/ff3422-0ecd-4bb5-8b27-5d9603638322/1/5wlBBWx_kjtgWz3aeK1cR4WGZNE.roa
Signing time:             Mon 01 Jan 2024 22:31:12 +0000
ROA not before:           Mon 01 Jan 2024 22:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        185.103.201.0/24 maxlen: 24
                          2a06:2d40:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/ff3422-0ecd-4bb5-8b27-5d9603638322/1/upwZM_Hv14cA791f2w3InMi2c0o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/ff3422-0ecd-4bb5-8b27-5d9603638322/1/upwZM_Hv14cA791f2w3InMi2c0o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/upwZM_Hv14cA791f2w3InMi2c0o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:04:fa:94:1e:60:bf:a2:5a:04:bd:cb:47:ad:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba9c1933f1efd78700efdd5fdb0dc89cc8b6734a
        Validity
            Not Before: Jan  1 22:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e70941056c7f923b605b3dda78ad5c47858664d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:7f:70:e2:dd:b1:b0:61:27:80:b8:ca:06:dd:
                    58:49:65:0d:3d:a0:98:0d:46:42:19:d9:1c:73:c7:
                    1d:c1:26:10:de:d4:28:6a:13:94:fc:cc:52:73:bd:
                    f1:5b:b7:da:4e:94:da:00:39:ab:2a:b6:4c:8f:1d:
                    b0:e0:22:cb:27:3f:a5:68:6d:20:3d:5c:87:96:6f:
                    46:49:d6:e3:f1:40:c4:da:4a:03:06:d8:0e:31:86:
                    3d:91:72:3e:37:e2:b9:46:3c:41:bf:f8:08:eb:7f:
                    11:24:6e:87:4b:6f:64:e1:39:d4:51:4e:2f:ac:8c:
                    43:3f:d1:59:f9:cc:1a:07:9a:1d:a5:52:dd:12:be:
                    81:78:7b:a2:ba:33:d6:e3:af:4c:01:eb:ff:45:f3:
                    7e:97:f7:d0:04:85:dc:68:91:b9:eb:4d:66:8b:cd:
                    a1:24:71:06:86:d4:64:8a:58:7f:91:64:13:60:54:
                    66:07:07:ae:2b:8a:01:fc:f9:59:c8:34:bf:91:c2:
                    32:9f:0e:4f:c9:27:a1:c9:7c:2e:b7:57:3c:25:42:
                    b2:c5:b8:d3:6a:7d:42:ac:18:bc:a5:d7:3c:65:de:
                    73:b6:8b:0b:01:7d:95:82:92:08:af:bb:b1:35:0a:
                    50:63:94:0c:b5:e4:c1:82:60:a6:d7:e8:41:e0:34:
                    b2:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:09:41:05:6C:7F:92:3B:60:5B:3D:DA:78:AD:5C:47:85:86:64:D1
            X509v3 Authority Key Identifier:
                keyid:BA:9C:19:33:F1:EF:D7:87:00:EF:DD:5F:DB:0D:C8:9C:C8:B6:73:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/upwZM_Hv14cA791f2w3InMi2c0o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/ff3422-0ecd-4bb5-8b27-5d9603638322/1/5wlBBWx_kjtgWz3aeK1cR4WGZNE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/ff3422-0ecd-4bb5-8b27-5d9603638322/1/upwZM_Hv14cA791f2w3InMi2c0o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.103.201.0/24
                IPv6:
                  2a06:2d40:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         ad:3c:9a:a7:3e:03:68:f4:f1:8e:46:36:95:57:45:65:9f:19:
         13:89:ac:26:e2:94:00:50:1b:7f:4a:ae:1f:b2:95:47:df:37:
         bc:27:51:9e:6b:7e:fd:53:39:bb:7b:a9:74:ac:ab:57:1e:34:
         13:cf:a6:06:3e:57:c4:3b:1e:8f:78:35:81:05:8a:e1:62:78:
         e1:d8:cb:0d:15:9b:e4:38:65:75:ee:53:32:df:8e:65:cd:a1:
         d6:14:cb:30:40:7b:5d:09:ab:f5:17:df:b6:74:c0:3c:db:52:
         03:2f:a1:83:af:9d:2b:46:5e:90:fe:70:48:61:53:72:82:fd:
         eb:1e:16:40:e7:f1:e9:ed:e3:bb:ee:ca:06:5e:af:c8:f0:64:
         10:da:74:49:05:e3:55:4a:9e:a0:cd:4a:b4:8b:d9:c2:9d:fe:
         b9:52:37:fb:db:24:89:21:6c:7d:4b:72:01:a7:3c:f1:e6:c4:
         84:93:96:e7:fd:e5:19:62:de:0f:d1:d1:3c:ef:a3:34:7f:33:
         78:9d:fa:f3:23:12:1c:e2:21:75:e8:fa:ec:4d:60:1e:04:e7:
         c9:54:cd:2b:5e:e2:2b:f5:8a:0e:9b:33:fe:cf:62:5f:9a:2a:
         8e:22:10:e9:f7:d1:51:08:d0:4c:e1:20:e9:22:65:29:61:95:
         b5:41:53:f4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHJwT6lB5gv6JaBL3LR63gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhOWMxOTMzZjFlZmQ3ODcwMGVmZGQ1ZmRiMGRjODljYzhi
NjczNGEwHhcNMjQwMTAxMjIzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzA5NDEwNTZjN2Y5MjNiNjA1YjNkZGE3OGFkNWM0Nzg1ODY2NGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApX9w4t2xsGEngLjKBt1YSWUNPaCY
DUZCGdkcc8cdwSYQ3tQoahOU/MxSc73xW7faTpTaADmrKrZMjx2w4CLLJz+laG0g
PVyHlm9GSdbj8UDE2koDBtgOMYY9kXI+N+K5RjxBv/gI638RJG6HS29k4TnUUU4v
rIxDP9FZ+cwaB5odpVLdEr6BeHuiujPW469MAev/RfN+l/fQBIXcaJG5601mi82h
JHEGhtRkilh/kWQTYFRmBweuK4oB/PlZyDS/kcIynw5PySehyXwut1c8JUKyxbjT
an1CrBi8pdc8Zd5ztosLAX2VgpIIr7uxNQpQY5QMteTBgmCm1+hB4DSySQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOcJQQVsf5I7YFs92nitXEeFhmTRMB8GA1UdIwQY
MBaAFLqcGTPx79eHAO/dX9sNyJzItnNKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXB3Wk1fSHYxNGNBNzkxZjJ3M0luTWkyYzBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mZjM0MjItMGVjZC00YmI1LThiMjct
NWQ5NjAzNjM4MzIyLzEvNXdsQkJXeF9ranRnV3ozYWVLMWNSNFdHWk5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mZjM0MjItMGVjZC00YmI1LThiMjctNWQ5NjAzNjM4MzIy
LzEvdXB3Wk1fSHYxNGNBNzkxZjJ3M0luTWkyYzBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuWfJMA8E
AgACMAkDBwAqBi1AAAIwDQYJKoZIhvcNAQELBQADggEBAK08mqc+A2j08Y5GNpVX
RWWfGROJrCbilABQG39Krh+ylUffN7wnUZ5rfv1TObt7qXSsq1ceNBPPpgY+V8Q7
Ho94NYEFiuFieOHYyw0Vm+Q4ZXXuUzLfjmXNodYUyzBAe10Jq/UX37Z0wDzbUgMv
oYOvnStGXpD+cEhhU3KC/eseFkDn8ent47vuygZer8jwZBDadEkF41VKnqDNSrSL
2cKd/rlSN/vbJIkhbH1LcgGnPPHmxISTluf95Rli3g/R0TzvozR/M3id+vMjEhzi
IXXo+uxNYB4E58lUzSte4iv1ig6bM/7PYl+aKo4iEOn30VEI0EzhIOkiZSlhlbVB
U/Q=
-----END CERTIFICATE-----