Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/wubPbRSbT2u-j3UXzGS9Bpk-EQ0.roa
File:                     wubPbRSbT2u-j3UXzGS9Bpk-EQ0.roa (raw, json)
Hash identifier:          qCCZpaqWVG4VduGI0ov1Dhe2JFjxuHMF+umEw+S9hko=
Subject key identifier:   C2:E6:CF:6D:14:9B:4F:6B:BE:8F:75:17:CC:64:BD:06:99:3E:11:0D
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       018CC80131DF8253D113BF32E42C40BBFD6A
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/wubPbRSbT2u-j3UXzGS9Bpk-EQ0.roa
Signing time:             Tue 02 Jan 2024 02:29:30 +0000
ROA not before:           Tue 02 Jan 2024 02:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201574
IP address blocks:        159.148.197.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 09:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:31:df:82:53:d1:13:bf:32:e4:2c:40:bb:fd:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Jan  2 02:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2e6cf6d149b4f6bbe8f7517cc64bd06993e110d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:89:15:14:93:59:98:6d:3b:7e:ca:a1:c5:a2:
                    4a:ef:06:67:8c:0a:e3:c7:dd:6e:07:2c:e4:f5:3f:
                    d6:6c:29:0d:58:83:32:db:46:03:1f:15:31:14:3d:
                    3e:af:02:8c:46:63:05:98:a4:8b:78:75:fe:9b:49:
                    fb:4c:6b:22:78:c3:8f:9c:32:21:19:6f:de:02:13:
                    6d:69:e8:0a:07:04:e7:10:cf:ec:86:f2:22:21:75:
                    e5:99:fd:d1:3f:39:6b:f6:26:c7:c5:fe:dc:62:31:
                    25:ed:e3:94:90:be:32:c6:43:5d:dd:06:56:28:14:
                    c7:22:ee:f8:35:ab:76:8c:bd:29:dc:c9:67:aa:a6:
                    b4:3c:62:44:7e:d1:81:00:bd:30:7a:58:16:0b:e8:
                    07:9a:6f:4e:bc:54:b8:d5:d3:b5:df:e2:8e:6f:23:
                    82:3b:b2:23:a0:e7:64:a1:01:02:cf:51:83:6a:ff:
                    c2:ae:03:ca:bd:4a:11:ed:57:47:96:41:8a:72:a8:
                    d7:03:a3:eb:61:d7:ca:00:b0:7a:53:b1:de:a2:de:
                    fa:23:b1:3b:92:64:b0:0a:d7:12:67:21:24:2a:8f:
                    2a:bf:0e:3a:07:fb:a0:76:69:ad:a9:cf:e3:60:35:
                    a2:da:d5:2d:95:40:fb:c0:3f:e5:1f:4a:84:9d:20:
                    31:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:E6:CF:6D:14:9B:4F:6B:BE:8F:75:17:CC:64:BD:06:99:3E:11:0D
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/wubPbRSbT2u-j3UXzGS9Bpk-EQ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.148.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:14:f4:22:16:11:5b:34:ef:da:2b:75:c9:f0:e7:a7:43:7c:
         49:be:35:83:a5:da:57:52:38:5a:94:89:ca:22:4b:6f:8f:fd:
         ca:e7:56:93:fd:3b:65:54:db:ec:33:48:03:44:ac:32:bf:7a:
         83:9a:a4:0a:57:e0:d3:17:7d:34:79:95:c2:6c:2a:60:81:36:
         c6:63:9e:ea:c8:fa:51:43:fb:01:5f:06:56:14:d2:8a:28:36:
         a7:a6:ab:c6:23:45:fe:21:7c:5a:b3:ce:05:11:2d:0f:63:d2:
         f6:1a:e9:67:05:e9:42:d3:e9:dd:11:cc:e2:3f:61:22:5d:13:
         48:58:f9:24:42:f8:10:e0:79:53:05:21:35:61:4e:70:62:ca:
         1e:ee:7e:94:09:f4:9a:7a:b4:93:ef:0a:ab:4e:99:a6:88:b3:
         fb:52:e7:2c:43:e3:d0:1e:87:bf:2d:3b:37:9a:66:65:a5:c5:
         c8:99:d2:41:bc:75:f9:29:9a:82:90:8f:be:2e:da:5d:f6:ca:
         65:28:19:f0:c8:f4:d4:9c:1c:7c:24:d5:d6:a7:a5:8b:45:a2:
         3f:d4:b4:87:18:7a:21:11:a7:bd:15:15:f2:f1:f7:89:ca:18:
         cf:4a:35:97:49:d1:89:d6:30:0f:5b:3b:0c:39:1f:bf:f9:fc:
         1f:86:20:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIATHfglPRE78y5CxAu/1qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjQwMTAyMDIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmU2Y2Y2ZDE0OWI0ZjZiYmU4Zjc1MTdjYzY0YmQwNjk5M2UxMTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzYkVFJNZmG07fsqhxaJK7wZnjArj
x91uByzk9T/WbCkNWIMy20YDHxUxFD0+rwKMRmMFmKSLeHX+m0n7TGsieMOPnDIh
GW/eAhNtaegKBwTnEM/shvIiIXXlmf3RPzlr9ibHxf7cYjEl7eOUkL4yxkNd3QZW
KBTHIu74Nat2jL0p3Mlnqqa0PGJEftGBAL0welgWC+gHmm9OvFS41dO13+KObyOC
O7IjoOdkoQECz1GDav/CrgPKvUoR7VdHlkGKcqjXA6PrYdfKALB6U7Heot76I7E7
kmSwCtcSZyEkKo8qvw46B/ugdmmtqc/jYDWi2tUtlUD7wD/lH0qEnSAxFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMLmz20Um09rvo91F8xkvQaZPhENMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvd3ViUGJSU2JUMnUtajNVWHpHUzlCcGstRVEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAn5TFMA0G
CSqGSIb3DQEBCwUAA4IBAQBbFPQiFhFbNO/aK3XJ8OenQ3xJvjWDpdpXUjhalInK
Iktvj/3K51aT/TtlVNvsM0gDRKwyv3qDmqQKV+DTF300eZXCbCpggTbGY57qyPpR
Q/sBXwZWFNKKKDanpqvGI0X+IXxas84FES0PY9L2GulnBelC0+ndEcziP2EiXRNI
WPkkQvgQ4HlTBSE1YU5wYsoe7n6UCfSaerST7wqrTpmmiLP7UucsQ+PQHoe/LTs3
mmZlpcXImdJBvHX5KZqCkI++Ltpd9splKBnwyPTUnBx8JNXWp6WLRaI/1LSHGHoh
Eae9FRXy8feJyhjPSjWXSdGJ1jAPWzsMOR+/+fwfhiDJ
-----END CERTIFICATE-----