Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/9f6872-581b-4d47-bc6a-eba0cd57c020/1/wEU2le_nc323czRviazTJUjYUCw.roa
File:                     wEU2le_nc323czRviazTJUjYUCw.roa (raw, json)
Hash identifier:          HHKPbOE1YElWSt0n5LAhrN/CqOXqzZqP6TTwBDSnngU=
Subject key identifier:   C0:45:36:95:EF:E7:73:7D:B7:73:34:6F:89:AC:D3:25:48:D8:50:2C
Certificate issuer:       /CN=9fd9886e2db2709db22364e334d39e2ee488d36e
Certificate serial:       019112D6FC7BAE8C8847E37E6986996B4FC6
Authority key identifier: 9F:D9:88:6E:2D:B2:70:9D:B2:23:64:E3:34:D3:9E:2E:E4:88:D3:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n9mIbi2ycJ2yI2TjNNOeLuSI024.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/9f6872-581b-4d47-bc6a-eba0cd57c020/1/wEU2le_nc323czRviazTJUjYUCw.roa
Signing time:             Fri 02 Aug 2024 11:26:04 +0000
ROA not before:           Fri 02 Aug 2024 11:26:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20847
IP address blocks:        185.158.200.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/9f6872-581b-4d47-bc6a-eba0cd57c020/1/n9mIbi2ycJ2yI2TjNNOeLuSI024.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/9f6872-581b-4d47-bc6a-eba0cd57c020/1/n9mIbi2ycJ2yI2TjNNOeLuSI024.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n9mIbi2ycJ2yI2TjNNOeLuSI024.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:12:d6:fc:7b:ae:8c:88:47:e3:7e:69:86:99:6b:4f:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9fd9886e2db2709db22364e334d39e2ee488d36e
        Validity
            Not Before: Aug  2 11:26:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c0453695efe7737db773346f89acd32548d8502c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:78:90:52:3a:b4:aa:ab:6b:75:b4:43:db:17:
                    34:f0:50:91:f5:06:94:f5:c2:94:3f:1b:4e:d9:69:
                    52:6a:8f:97:70:b2:7e:0d:ca:8b:9a:1e:f6:aa:cf:
                    6c:3d:da:ae:4f:3b:b0:79:59:e2:22:30:8a:c9:94:
                    9c:4a:5a:9c:5e:42:5b:c5:58:19:cc:e7:f1:53:6e:
                    c8:fd:ba:69:91:6c:26:0d:2f:eb:d5:01:b7:07:ba:
                    17:1d:30:b1:b5:da:96:e5:a9:70:0e:80:e2:f9:5e:
                    7e:9a:e1:da:18:08:de:46:b6:c9:92:e8:aa:fb:f0:
                    17:dd:10:90:54:53:7b:8d:4e:ff:42:34:d5:a5:5f:
                    9c:1c:b2:49:90:3f:ec:85:ea:9f:76:9b:b4:c5:61:
                    37:0b:dc:aa:2a:ff:91:30:d9:58:70:40:9e:78:64:
                    15:09:7a:11:c2:13:59:40:f2:bd:a9:a5:46:d6:7c:
                    46:48:23:18:ed:d5:a5:f6:3a:ae:39:51:b2:0b:2f:
                    2e:e4:47:9a:5a:97:2b:ad:ca:9d:65:bc:21:5f:a0:
                    c7:46:43:6c:a5:aa:d4:b8:ea:85:d2:10:d1:dc:55:
                    4c:4b:80:03:a6:84:02:ea:4c:af:90:fe:08:e5:c1:
                    b2:be:92:89:3a:bb:6c:76:17:fe:8f:90:05:a9:a4:
                    94:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:45:36:95:EF:E7:73:7D:B7:73:34:6F:89:AC:D3:25:48:D8:50:2C
            X509v3 Authority Key Identifier:
                keyid:9F:D9:88:6E:2D:B2:70:9D:B2:23:64:E3:34:D3:9E:2E:E4:88:D3:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n9mIbi2ycJ2yI2TjNNOeLuSI024.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/9f6872-581b-4d47-bc6a-eba0cd57c020/1/wEU2le_nc323czRviazTJUjYUCw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/9f6872-581b-4d47-bc6a-eba0cd57c020/1/n9mIbi2ycJ2yI2TjNNOeLuSI024.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.158.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8d:ee:16:31:64:e3:0b:0c:f6:1b:ee:f8:6a:a4:32:ba:35:64:
         c4:4b:a8:08:7e:53:c4:18:34:74:3d:89:5d:3e:85:b0:02:c9:
         1b:e2:96:8a:ce:3e:41:8b:e6:52:f7:28:b1:62:91:5a:52:0b:
         39:92:00:f9:97:e1:ee:5a:a7:5a:53:0d:b5:69:e5:94:d2:5b:
         15:05:7c:91:31:a3:8a:0e:6b:84:5b:6e:06:82:09:c0:bd:df:
         68:25:10:50:e7:09:94:9a:76:ec:28:48:1c:69:6f:5d:2e:3c:
         5a:c7:61:fb:91:fe:ab:16:1e:e0:95:ee:c3:9e:31:6b:d9:dd:
         be:bd:f8:27:3c:0f:b2:be:c4:7c:de:52:6b:1c:e1:8f:67:4c:
         06:2d:ce:e7:6b:e8:7e:ca:38:2c:8c:57:0e:f2:40:8f:3a:89:
         66:db:98:dd:a0:13:64:a8:7d:0d:a5:cf:2e:13:dc:47:1d:34:
         bb:62:80:10:3e:6e:16:4d:0b:9c:f3:9e:be:5e:38:eb:50:a3:
         75:3e:bb:a5:39:58:3a:a0:fa:f6:6b:81:49:5a:04:7d:54:ad:
         4c:18:6a:3d:13:5a:bd:f9:72:b6:01:04:f9:0b:2a:6b:6e:42:
         cf:f2:52:cb:2d:05:97:c0:8f:32:d5:cb:a4:d4:65:b7:fa:18:
         e7:af:e3:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZES1vx7royIR+N+aYaZa0/GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmZDk4ODZlMmRiMjcwOWRiMjIzNjRlMzM0ZDM5ZTJlZTQ4
OGQzNmUwHhcNMjQwODAyMTEyNjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDQ1MzY5NWVmZTc3MzdkYjc3MzM0NmY4OWFjZDMyNTQ4ZDg1MDJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+HiQUjq0qqtrdbRD2xc08FCR9QaU
9cKUPxtO2WlSao+XcLJ+DcqLmh72qs9sPdquTzuweVniIjCKyZScSlqcXkJbxVgZ
zOfxU27I/bppkWwmDS/r1QG3B7oXHTCxtdqW5alwDoDi+V5+muHaGAjeRrbJkuiq
+/AX3RCQVFN7jU7/QjTVpV+cHLJJkD/sheqfdpu0xWE3C9yqKv+RMNlYcECeeGQV
CXoRwhNZQPK9qaVG1nxGSCMY7dWl9jquOVGyCy8u5EeaWpcrrcqdZbwhX6DHRkNs
parUuOqF0hDR3FVMS4ADpoQC6kyvkP4I5cGyvpKJOrtsdhf+j5AFqaSUiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMBFNpXv53N9t3M0b4ms0yVI2FAsMB8GA1UdIwQY
MBaAFJ/ZiG4tsnCdsiNk4zTTni7kiNNuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjltSWJpMnljSjJ5STJUak5OT2VMdVNJMDI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS85ZjY4NzItNTgxYi00ZDQ3LWJjNmEt
ZWJhMGNkNTdjMDIwLzEvd0VVMmxlX25jMzIzY3pSdmlhelRKVWpZVUN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS85ZjY4NzItNTgxYi00ZDQ3LWJjNmEtZWJhMGNkNTdjMDIw
LzEvbjltSWJpMnljSjJ5STJUak5OT2VMdVNJMDI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZ7IMA0G
CSqGSIb3DQEBCwUAA4IBAQCN7hYxZOMLDPYb7vhqpDK6NWTES6gIflPEGDR0PYld
PoWwAskb4paKzj5Bi+ZS9yixYpFaUgs5kgD5l+HuWqdaUw21aeWU0lsVBXyRMaOK
DmuEW24GggnAvd9oJRBQ5wmUmnbsKEgcaW9dLjxax2H7kf6rFh7gle7DnjFr2d2+
vfgnPA+yvsR83lJrHOGPZ0wGLc7na+h+yjgsjFcO8kCPOolm25jdoBNkqH0Npc8u
E9xHHTS7YoAQPm4WTQuc856+XjjrUKN1PrulOVg6oPr2a4FJWgR9VK1MGGo9E1q9
+XK2AQT5CyprbkLP8lLLLQWXwI8y1cuk1GW3+hjnr+Pp
-----END CERTIFICATE-----