Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/fce675-bf53-4787-93e7-81f566185b06/1/igpWWFPXsnjwYog_sHX06y5zNG8.roa
File:                     igpWWFPXsnjwYog_sHX06y5zNG8.roa (raw, json)
Hash identifier:          McZvGf7iYw82D8NLye+j+so3k8fdjrn+ygHzCluhcKM=
Subject key identifier:   8A:0A:56:58:53:D7:B2:78:F0:62:88:3F:B0:75:F4:EB:2E:73:34:6F
Certificate issuer:       /CN=2b0be226230d4099ceea0a4a6cf4ed8b90201350
Certificate serial:       018CC50102E1D52EF06986DD6EE38DED23B3
Authority key identifier: 2B:0B:E2:26:23:0D:40:99:CE:EA:0A:4A:6C:F4:ED:8B:90:20:13:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KwviJiMNQJnO6gpKbPTti5AgE1A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/fce675-bf53-4787-93e7-81f566185b06/1/igpWWFPXsnjwYog_sHX06y5zNG8.roa
Signing time:             Mon 01 Jan 2024 12:30:26 +0000
ROA not before:           Mon 01 Jan 2024 12:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203971
IP address blocks:        213.154.24.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/fce675-bf53-4787-93e7-81f566185b06/1/KwviJiMNQJnO6gpKbPTti5AgE1A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/fce675-bf53-4787-93e7-81f566185b06/1/KwviJiMNQJnO6gpKbPTti5AgE1A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KwviJiMNQJnO6gpKbPTti5AgE1A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:02:e1:d5:2e:f0:69:86:dd:6e:e3:8d:ed:23:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b0be226230d4099ceea0a4a6cf4ed8b90201350
        Validity
            Not Before: Jan  1 12:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a0a565853d7b278f062883fb075f4eb2e73346f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:3c:e5:32:00:fd:b7:de:0b:2a:88:4a:c2:88:
                    44:a6:c1:41:b2:5d:81:28:f9:f7:20:be:a6:ae:82:
                    50:96:48:e7:44:fe:15:cc:30:0e:6b:4d:82:c4:b5:
                    5c:c0:ff:64:6e:d1:43:cb:7b:4e:06:5e:29:18:95:
                    7e:da:c0:aa:01:14:e2:63:41:3f:08:31:68:c6:b4:
                    12:84:82:5f:f3:68:d8:6f:a7:6c:aa:4c:92:1b:38:
                    fd:d1:f9:1d:26:19:7e:63:05:a8:92:7b:59:0c:e0:
                    33:31:b0:96:55:6e:21:2b:be:42:b2:57:2d:33:e4:
                    a9:4c:52:02:6b:d3:e0:e2:cd:a4:3f:ad:dc:29:b0:
                    3a:2c:c7:ce:db:ce:29:3e:78:94:97:cd:8e:64:bc:
                    3e:33:31:1f:0f:8f:01:a5:3a:73:39:41:bc:6b:5b:
                    23:5d:e3:fd:f5:07:5a:b3:2e:eb:0b:15:41:b6:7d:
                    a8:7b:12:ad:8a:ee:47:63:66:e0:81:50:3c:88:48:
                    3e:cd:f1:bc:68:f9:84:d0:3a:3c:15:e4:9f:6a:47:
                    2d:2c:29:6d:e9:18:e3:ee:d4:e0:27:cf:cd:a4:2e:
                    e9:cb:eb:1c:ab:30:14:9f:05:52:16:ac:df:63:8e:
                    ee:de:23:99:ff:20:51:c4:ed:51:98:13:44:00:21:
                    d0:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:0A:56:58:53:D7:B2:78:F0:62:88:3F:B0:75:F4:EB:2E:73:34:6F
            X509v3 Authority Key Identifier:
                keyid:2B:0B:E2:26:23:0D:40:99:CE:EA:0A:4A:6C:F4:ED:8B:90:20:13:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KwviJiMNQJnO6gpKbPTti5AgE1A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/fce675-bf53-4787-93e7-81f566185b06/1/igpWWFPXsnjwYog_sHX06y5zNG8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/fce675-bf53-4787-93e7-81f566185b06/1/KwviJiMNQJnO6gpKbPTti5AgE1A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.154.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         84:ec:2e:95:b5:56:2f:1d:f1:16:cf:f6:2c:2c:7d:d9:55:13:
         43:9e:4a:63:3c:8e:9b:65:8f:26:d7:76:c0:a5:8f:9e:78:ff:
         41:86:9a:e9:92:38:0e:7d:24:df:2b:a0:5e:17:84:98:b6:83:
         b4:53:09:40:51:3d:13:47:a8:da:81:1a:26:a8:20:c1:f1:48:
         9a:8d:7f:90:7b:c0:08:c4:d5:d1:ff:99:79:ee:b4:6e:06:a5:
         5b:0f:32:9a:32:c5:91:d7:fe:3e:b7:17:34:84:33:1f:3b:a7:
         9e:11:30:71:ff:02:3e:4e:5a:1c:2f:c1:a9:53:45:48:6d:3f:
         e0:98:98:80:f5:a3:40:53:ee:5d:47:b9:a1:e6:79:bd:1c:93:
         2d:65:10:98:14:e9:5e:0a:71:dd:8f:81:94:11:dc:79:d3:9f:
         b8:6d:32:cf:29:7d:22:fc:d3:d7:a1:56:21:66:25:50:cf:6f:
         f7:f0:70:4b:b8:73:06:5a:db:23:90:df:71:3f:c2:ff:f0:bc:
         de:eb:c8:8c:f0:30:37:c1:8c:9f:f3:39:d2:ef:10:33:ac:b8:
         be:bb:dc:64:7e:ed:7a:07:a2:61:4c:fa:52:b5:48:bc:20:dc:
         8b:06:d0:bd:f6:cc:b3:fc:8e:68:61:bd:38:63:aa:46:f7:97:
         be:34:f3:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAQLh1S7waYbdbuON7SOzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiMGJlMjI2MjMwZDQwOTljZWVhMGE0YTZjZjRlZDhiOTAy
MDEzNTAwHhcNMjQwMTAxMTIzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTBhNTY1ODUzZDdiMjc4ZjA2Mjg4M2ZiMDc1ZjRlYjJlNzMzNDZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhTzlMgD9t94LKohKwohEpsFBsl2B
KPn3IL6mroJQlkjnRP4VzDAOa02CxLVcwP9kbtFDy3tOBl4pGJV+2sCqARTiY0E/
CDFoxrQShIJf82jYb6dsqkySGzj90fkdJhl+YwWokntZDOAzMbCWVW4hK75Cslct
M+SpTFICa9Pg4s2kP63cKbA6LMfO284pPniUl82OZLw+MzEfD48BpTpzOUG8a1sj
XeP99Qdasy7rCxVBtn2oexKtiu5HY2bggVA8iEg+zfG8aPmE0Do8FeSfakctLClt
6Rjj7tTgJ8/NpC7py+scqzAUnwVSFqzfY47u3iOZ/yBRxO1RmBNEACHQTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIoKVlhT17J48GKIP7B19OsuczRvMB8GA1UdIwQY
MBaAFCsL4iYjDUCZzuoKSmz07YuQIBNQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3d2aUppTU5RSm5PNmdwS2JQVHRpNUFnRTFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9mY2U2NzUtYmY1My00Nzg3LTkzZTct
ODFmNTY2MTg1YjA2LzEvaWdwV1dGUFhzbmp3WW9nX3NIWDA2eTV6Tkc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9mY2U2NzUtYmY1My00Nzg3LTkzZTctODFmNTY2MTg1YjA2
LzEvS3d2aUppTU5RSm5PNmdwS2JQVHRpNUFnRTFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1ZoYMA0G
CSqGSIb3DQEBCwUAA4IBAQCE7C6VtVYvHfEWz/YsLH3ZVRNDnkpjPI6bZY8m13bA
pY+eeP9BhprpkjgOfSTfK6BeF4SYtoO0UwlAUT0TR6jagRomqCDB8UiajX+Qe8AI
xNXR/5l57rRuBqVbDzKaMsWR1/4+txc0hDMfO6eeETBx/wI+TlocL8GpU0VIbT/g
mJiA9aNAU+5dR7mh5nm9HJMtZRCYFOleCnHdj4GUEdx505+4bTLPKX0i/NPXoVYh
ZiVQz2/38HBLuHMGWtsjkN9xP8L/8Lze68iM8DA3wYyf8znS7xAzrLi+u9xkfu16
B6JhTPpStUi8INyLBtC99syz/I5oYb04Y6pG95e+NPOb
-----END CERTIFICATE-----