Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/20e8e0-68d3-489e-bcf3-fe4b5e346840/1/wBPl-J0_NEjC8yclSCZzAA9Nw4Q.roa
File:                     wBPl-J0_NEjC8yclSCZzAA9Nw4Q.roa (raw, json)
Hash identifier:          yVACB5PpvXZuv6IE/gIVyImNClRWP6Az0DQ4QSGFwx0=
Subject key identifier:   C0:13:E5:F8:9D:3F:34:48:C2:F3:27:25:48:26:73:00:0F:4D:C3:84
Certificate issuer:       /CN=d8915609656f08f7a28d24b7c4ba9b639ca0b009
Certificate serial:       018CC26D4880AEA72C1C290E9B10680DF981
Authority key identifier: D8:91:56:09:65:6F:08:F7:A2:8D:24:B7:C4:BA:9B:63:9C:A0:B0:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2JFWCWVvCPeijSS3xLqbY5ygsAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/20e8e0-68d3-489e-bcf3-fe4b5e346840/1/wBPl-J0_NEjC8yclSCZzAA9Nw4Q.roa
Signing time:             Mon 01 Jan 2024 00:29:51 +0000
ROA not before:           Mon 01 Jan 2024 00:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206150
IP address blocks:        185.205.132.0/24 maxlen: 24
                          185.205.132.0/22 maxlen: 22
                          185.205.134.0/24 maxlen: 24
                          185.205.133.0/24 maxlen: 24
                          185.205.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/20e8e0-68d3-489e-bcf3-fe4b5e346840/1/2JFWCWVvCPeijSS3xLqbY5ygsAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/20e8e0-68d3-489e-bcf3-fe4b5e346840/1/2JFWCWVvCPeijSS3xLqbY5ygsAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2JFWCWVvCPeijSS3xLqbY5ygsAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:48:80:ae:a7:2c:1c:29:0e:9b:10:68:0d:f9:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8915609656f08f7a28d24b7c4ba9b639ca0b009
        Validity
            Not Before: Jan  1 00:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c013e5f89d3f3448c2f32725482673000f4dc384
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:dc:63:70:07:29:9b:13:5b:55:1e:ec:4b:fa:
                    64:47:7b:f4:e4:80:70:51:3a:c5:cf:2f:1c:f1:79:
                    86:35:14:4b:c3:5d:58:03:d4:d0:3b:c5:1a:c0:87:
                    d4:34:53:37:d3:69:4e:26:48:94:45:1c:c3:bd:09:
                    02:dd:4d:e4:b6:7a:3a:30:74:51:93:30:95:01:19:
                    88:cd:f1:92:5d:92:25:83:54:89:40:fa:1f:4e:47:
                    9b:77:9b:e2:86:2f:45:ae:02:42:e3:5d:1c:c7:07:
                    87:3f:81:e6:0a:c7:24:97:43:94:2e:b0:db:f2:f8:
                    a0:5d:82:94:7a:b2:d6:47:4b:a9:c4:7f:e1:51:57:
                    c9:32:e4:7b:63:50:e0:e3:11:7c:a2:86:58:51:bf:
                    8c:23:72:c2:d4:0b:89:b4:90:d5:ac:a5:ac:fb:88:
                    6f:e8:2b:38:7f:b3:3c:63:6a:79:b9:0a:61:5a:60:
                    23:95:e8:08:f1:1c:84:35:30:6e:21:52:8e:bb:91:
                    0f:a3:2f:e8:ad:92:8e:94:02:c0:c4:49:19:60:fa:
                    24:a9:ba:50:70:ea:7a:a2:a1:80:dd:03:26:d3:46:
                    94:53:7c:a3:5c:43:ac:d3:f2:0f:87:de:00:77:e0:
                    fe:db:23:5c:62:87:28:68:cb:3e:35:a2:dc:51:0e:
                    58:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:13:E5:F8:9D:3F:34:48:C2:F3:27:25:48:26:73:00:0F:4D:C3:84
            X509v3 Authority Key Identifier:
                keyid:D8:91:56:09:65:6F:08:F7:A2:8D:24:B7:C4:BA:9B:63:9C:A0:B0:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2JFWCWVvCPeijSS3xLqbY5ygsAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/20e8e0-68d3-489e-bcf3-fe4b5e346840/1/wBPl-J0_NEjC8yclSCZzAA9Nw4Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/20e8e0-68d3-489e-bcf3-fe4b5e346840/1/2JFWCWVvCPeijSS3xLqbY5ygsAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.205.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         11:47:5b:c3:02:23:56:6c:8f:e9:d4:c4:4f:64:7a:64:ee:1c:
         1c:a0:dc:4b:ea:ee:ad:79:43:b3:2f:14:e2:12:ee:5a:d9:a6:
         df:3d:71:8f:d9:99:9a:16:1a:8b:ee:ac:1e:0a:a4:2c:b8:d1:
         a8:56:84:c9:17:70:27:83:94:38:17:5d:e1:49:70:f1:b8:ca:
         ba:7e:be:e7:59:97:e2:43:38:b9:af:f4:8e:71:3e:64:de:34:
         bd:d5:98:4c:c7:77:46:7d:10:c6:25:8c:dd:fd:74:94:db:29:
         fb:7f:a4:bf:88:22:2b:5d:f2:fe:3c:f1:3f:cc:05:10:f8:ac:
         5b:41:6b:dd:c1:92:21:ef:29:fa:47:ee:b9:ba:9b:81:76:96:
         1e:dd:2b:ce:b6:0c:46:fa:c3:d6:a3:c0:e4:9a:20:9a:d6:d6:
         6f:9a:cb:eb:00:55:de:7f:57:94:04:e9:5b:cd:b5:5f:af:a1:
         2c:64:d8:ab:ef:41:b0:a6:79:02:e0:26:8a:ca:47:8f:4a:05:
         bb:b8:29:5c:ec:00:32:3a:de:b8:63:da:97:dc:06:d6:e5:9b:
         18:0e:e9:dd:7b:37:6e:0b:5d:35:2a:fb:1f:e9:55:51:e9:4c:
         bb:cf:71:5c:63:b4:66:4e:b6:c6:ea:ed:28:ee:8d:1d:68:b4:
         84:b7:66:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbUiArqcsHCkOmxBoDfmBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4OTE1NjA5NjU2ZjA4ZjdhMjhkMjRiN2M0YmE5YjYzOWNh
MGIwMDkwHhcNMjQwMTAxMDAyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDEzZTVmODlkM2YzNDQ4YzJmMzI3MjU0ODI2NzMwMDBmNGRjMzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9xjcAcpmxNbVR7sS/pkR3v05IBw
UTrFzy8c8XmGNRRLw11YA9TQO8UawIfUNFM302lOJkiURRzDvQkC3U3ktno6MHRR
kzCVARmIzfGSXZIlg1SJQPofTkebd5vihi9FrgJC410cxweHP4HmCsckl0OULrDb
8vigXYKUerLWR0upxH/hUVfJMuR7Y1Dg4xF8ooZYUb+MI3LC1AuJtJDVrKWs+4hv
6Cs4f7M8Y2p5uQphWmAjlegI8RyENTBuIVKOu5EPoy/orZKOlALAxEkZYPokqbpQ
cOp6oqGA3QMm00aUU3yjXEOs0/IPh94Ad+D+2yNcYocoaMs+NaLcUQ5YVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMAT5fidPzRIwvMnJUgmcwAPTcOEMB8GA1UdIwQY
MBaAFNiRVgllbwj3oo0kt8S6m2OcoLAJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkpGV0NXVnZDUGVpalNTM3hMcWJZNXlnc0FrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy8yMGU4ZTAtNjhkMy00ODllLWJjZjMt
ZmU0YjVlMzQ2ODQwLzEvd0JQbC1KMF9ORWpDOHljbFNDWnpBQTlOdzRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy8yMGU4ZTAtNjhkMy00ODllLWJjZjMtZmU0YjVlMzQ2ODQw
LzEvMkpGV0NXVnZDUGVpalNTM3hMcWJZNXlnc0FrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuc2EMA0G
CSqGSIb3DQEBCwUAA4IBAQARR1vDAiNWbI/p1MRPZHpk7hwcoNxL6u6teUOzLxTi
Eu5a2abfPXGP2ZmaFhqL7qweCqQsuNGoVoTJF3Ang5Q4F13hSXDxuMq6fr7nWZfi
Qzi5r/SOcT5k3jS91ZhMx3dGfRDGJYzd/XSU2yn7f6S/iCIrXfL+PPE/zAUQ+Kxb
QWvdwZIh7yn6R+65upuBdpYe3SvOtgxG+sPWo8DkmiCa1tZvmsvrAFXef1eUBOlb
zbVfr6EsZNir70GwpnkC4CaKykePSgW7uClc7AAyOt64Y9qX3AbW5ZsYDundezdu
C101Kvsf6VVR6Uy7z3FcY7RmTrbG6u0o7o0daLSEt2Ye
-----END CERTIFICATE-----