Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/ffdb69-680a-465c-a489-66c1442480de/1/WgDj-Rp9EIoapaZQK584RXubRIQ.roa
File:                     WgDj-Rp9EIoapaZQK584RXubRIQ.roa (raw, json)
Hash identifier:          Dd31yjTN+iKaStr3/r2X1chnxEbk8zagDuN72kYqUa4=
Subject key identifier:   5A:00:E3:F9:1A:7D:10:8A:1A:A5:A6:50:2B:9F:38:45:7B:9B:44:84
Certificate issuer:       /CN=9e3e00c6d2b2f98d51482e943b9793d43bf3bc86
Certificate serial:       018CC6B854D9E2000271290C0FD39A19E739
Authority key identifier: 9E:3E:00:C6:D2:B2:F9:8D:51:48:2E:94:3B:97:93:D4:3B:F3:BC:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nj4AxtKy-Y1RSC6UO5eT1DvzvIY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/ffdb69-680a-465c-a489-66c1442480de/1/WgDj-Rp9EIoapaZQK584RXubRIQ.roa
Signing time:             Mon 01 Jan 2024 20:30:18 +0000
ROA not before:           Mon 01 Jan 2024 20:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205348
IP address blocks:        185.220.124.0/24 maxlen: 24
                          185.220.125.0/24 maxlen: 24
                          185.220.126.0/24 maxlen: 24
                          185.220.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/ffdb69-680a-465c-a489-66c1442480de/1/nj4AxtKy-Y1RSC6UO5eT1DvzvIY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/ffdb69-680a-465c-a489-66c1442480de/1/nj4AxtKy-Y1RSC6UO5eT1DvzvIY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nj4AxtKy-Y1RSC6UO5eT1DvzvIY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:54:d9:e2:00:02:71:29:0c:0f:d3:9a:19:e7:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e3e00c6d2b2f98d51482e943b9793d43bf3bc86
        Validity
            Not Before: Jan  1 20:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a00e3f91a7d108a1aa5a6502b9f38457b9b4484
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:07:7a:8e:83:c1:f3:8a:62:65:06:f7:ff:09:
                    2c:f1:3a:29:e9:3e:29:0c:2b:5d:a5:eb:45:75:2d:
                    08:33:e9:63:e3:c9:9a:0d:14:00:36:48:6f:82:80:
                    bf:fb:33:37:d4:11:6b:b7:d7:6a:58:bd:ea:1d:a4:
                    d7:33:a8:1c:e3:28:2f:a5:93:a5:a1:52:43:fe:10:
                    e8:d0:c8:bf:fe:f2:9a:62:ca:d6:1c:e3:9c:bd:67:
                    7e:2c:14:d9:a9:b3:3a:eb:18:00:1c:34:31:e7:2c:
                    24:8e:cc:27:6a:a4:2d:31:24:b1:cd:7f:26:b3:39:
                    34:ae:05:87:3b:e3:ca:43:8b:20:69:00:b3:75:e0:
                    a7:3b:0b:6c:da:54:36:8f:ac:b0:72:1c:70:fb:1a:
                    77:9e:72:df:63:7a:10:97:18:70:f3:0f:ce:1f:58:
                    e5:9d:bd:71:f8:bd:6f:7c:63:24:12:b9:9c:b1:bf:
                    11:a1:3f:0a:2c:5e:8f:08:5d:a7:2d:06:af:f8:9b:
                    bb:2b:40:26:16:87:4d:2d:5b:88:a1:57:96:55:12:
                    05:41:d4:40:f9:61:2f:61:31:1c:dc:53:a4:2d:53:
                    b5:c9:a6:72:d4:14:09:4d:ec:81:89:0d:cb:c5:c6:
                    92:78:c3:eb:15:61:45:b3:c6:c4:01:f5:8f:29:48:
                    fc:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:00:E3:F9:1A:7D:10:8A:1A:A5:A6:50:2B:9F:38:45:7B:9B:44:84
            X509v3 Authority Key Identifier:
                keyid:9E:3E:00:C6:D2:B2:F9:8D:51:48:2E:94:3B:97:93:D4:3B:F3:BC:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nj4AxtKy-Y1RSC6UO5eT1DvzvIY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/ffdb69-680a-465c-a489-66c1442480de/1/WgDj-Rp9EIoapaZQK584RXubRIQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/ffdb69-680a-465c-a489-66c1442480de/1/nj4AxtKy-Y1RSC6UO5eT1DvzvIY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.220.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3e:7d:53:bf:92:0a:cb:82:2b:29:45:b4:c3:c5:86:72:10:17:
         fb:8b:22:12:1c:76:57:cd:8f:67:50:15:26:00:29:54:f4:00:
         ef:72:b2:db:1c:20:f4:3f:cc:2f:2c:f1:d4:18:a7:29:cc:8d:
         a7:3f:75:37:98:01:9d:44:3d:b0:f4:c7:77:5c:41:5c:b0:73:
         b1:f5:e7:2f:74:f8:19:01:0d:75:2b:40:fa:30:21:33:e0:2c:
         70:a1:7d:34:ef:3f:f7:75:06:af:c9:db:f3:da:89:83:8b:48:
         dd:d9:e2:15:fc:35:b2:21:26:c5:e5:a6:c2:0a:bc:1d:cf:fe:
         72:39:cf:3f:5c:7a:75:59:44:2b:36:c1:5a:5f:f1:cf:e1:08:
         3b:a9:88:08:1c:e7:7c:ac:30:e3:12:ee:36:d0:05:17:d5:12:
         6f:d3:49:27:66:1a:30:02:1d:ee:bd:8a:1a:ac:0c:7c:66:c0:
         9b:22:71:e7:01:4b:cd:04:93:39:87:d1:18:5f:30:a1:c0:06:
         af:5c:24:9a:ed:00:bb:a2:7d:fa:b4:63:9f:67:c0:5a:1a:03:
         e7:87:f3:84:87:32:81:c1:ef:fc:81:3c:62:ab:77:a3:90:13:
         79:25:0c:ee:fa:9a:85:90:d2:cd:8f:80:52:bc:6d:f9:66:da:
         34:3d:47:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuFTZ4gACcSkMD9OaGec5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllM2UwMGM2ZDJiMmY5OGQ1MTQ4MmU5NDNiOTc5M2Q0M2Jm
M2JjODYwHhcNMjQwMTAxMjAzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTAwZTNmOTFhN2QxMDhhMWFhNWE2NTAyYjlmMzg0NTdiOWI0NDg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgd6joPB84piZQb3/wks8Top6T4p
DCtdpetFdS0IM+lj48maDRQANkhvgoC/+zM31BFrt9dqWL3qHaTXM6gc4ygvpZOl
oVJD/hDo0Mi//vKaYsrWHOOcvWd+LBTZqbM66xgAHDQx5ywkjswnaqQtMSSxzX8m
szk0rgWHO+PKQ4sgaQCzdeCnOwts2lQ2j6ywchxw+xp3nnLfY3oQlxhw8w/OH1jl
nb1x+L1vfGMkErmcsb8RoT8KLF6PCF2nLQav+Ju7K0AmFodNLVuIoVeWVRIFQdRA
+WEvYTEc3FOkLVO1yaZy1BQJTeyBiQ3LxcaSeMPrFWFFs8bEAfWPKUj84QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFoA4/kafRCKGqWmUCufOEV7m0SEMB8GA1UdIwQY
MBaAFJ4+AMbSsvmNUUgulDuXk9Q787yGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmo0QXh0S3ktWTFSU0M2VU81ZVQxRHZ6dklZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9mZmRiNjktNjgwYS00NjVjLWE0ODkt
NjZjMTQ0MjQ4MGRlLzEvV2dEai1ScDlFSW9hcGFaUUs1ODRSWHViUklRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9mZmRiNjktNjgwYS00NjVjLWE0ODktNjZjMTQ0MjQ4MGRl
LzEvbmo0QXh0S3ktWTFSU0M2VU81ZVQxRHZ6dklZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudx8MA0G
CSqGSIb3DQEBCwUAA4IBAQA+fVO/kgrLgispRbTDxYZyEBf7iyISHHZXzY9nUBUm
AClU9ADvcrLbHCD0P8wvLPHUGKcpzI2nP3U3mAGdRD2w9Md3XEFcsHOx9ecvdPgZ
AQ11K0D6MCEz4CxwoX007z/3dQavydvz2omDi0jd2eIV/DWyISbF5abCCrwdz/5y
Oc8/XHp1WUQrNsFaX/HP4Qg7qYgIHOd8rDDjEu420AUX1RJv00knZhowAh3uvYoa
rAx8ZsCbInHnAUvNBJM5h9EYXzChwAavXCSa7QC7on36tGOfZ8BaGgPnh/OEhzKB
we/8gTxiq3ejkBN5JQzu+pqFkNLNj4BSvG35Zto0PUel
-----END CERTIFICATE-----