Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/WvEIkWwpne6kG-Ye7A1mm-xHIGc.roa
File:                     WvEIkWwpne6kG-Ye7A1mm-xHIGc.roa (raw, json)
Hash identifier:          5xZv+ktOcYyQLsyPROxNHvLWWHI5BH2J62rZWZxME1c=
Subject key identifier:   5A:F1:08:91:6C:29:9D:EE:A4:1B:E6:1E:EC:0D:66:9B:EC:47:20:67
Certificate issuer:       /CN=fc4d06978969a8bdab6d6359062d7781e03449ca
Certificate serial:       018EB960855CA2E3B41B781E877DE87C43D0
Authority key identifier: FC:4D:06:97:89:69:A8:BD:AB:6D:63:59:06:2D:77:81:E0:34:49:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_E0Gl4lpqL2rbWNZBi13geA0Sco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/WvEIkWwpne6kG-Ye7A1mm-xHIGc.roa
Signing time:             Sun 07 Apr 2024 16:24:54 +0000
ROA not before:           Sun 07 Apr 2024 16:24:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        185.54.12.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/_E0Gl4lpqL2rbWNZBi13geA0Sco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/_E0Gl4lpqL2rbWNZBi13geA0Sco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_E0Gl4lpqL2rbWNZBi13geA0Sco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:b9:60:85:5c:a2:e3:b4:1b:78:1e:87:7d:e8:7c:43:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc4d06978969a8bdab6d6359062d7781e03449ca
        Validity
            Not Before: Apr  7 16:24:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5af108916c299deea41be61eec0d669bec472067
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:1c:3d:54:6c:6d:e2:3b:75:70:47:b3:a6:a3:
                    85:66:ff:fb:de:48:0c:5f:e9:2d:35:13:35:23:a0:
                    c9:a8:93:44:ae:ff:94:60:54:0b:22:f2:62:e8:6a:
                    0b:cf:40:c3:d7:01:65:67:5a:e6:56:a0:98:91:05:
                    c7:66:21:32:bb:b5:44:55:a2:ed:8a:8f:ff:b5:18:
                    5f:da:87:9a:9a:cd:94:20:56:ba:43:34:e6:b9:0c:
                    35:02:58:bc:6e:82:b2:09:ae:23:3f:18:0b:6b:6b:
                    2a:fc:36:3d:19:8c:25:ca:87:70:c4:82:1a:c0:a1:
                    7c:65:bf:0b:78:9f:5a:6f:3a:0d:01:ec:f7:4a:89:
                    99:6a:2b:4f:de:e4:a1:5d:5d:7e:44:0f:4f:43:d4:
                    b8:06:93:d5:66:b1:e6:95:63:7f:7d:96:80:04:7c:
                    aa:7d:12:5a:dd:b4:4e:ad:f0:b5:ed:f7:b5:d4:26:
                    65:fb:c0:1a:03:05:04:3b:18:d7:fe:cc:61:e6:66:
                    e8:c1:29:74:65:9e:6e:a7:60:8f:ca:a3:3b:7b:cc:
                    41:18:c0:00:a0:98:25:f3:a7:2f:79:db:02:e6:8d:
                    f6:b1:fe:c7:c3:73:b2:f7:5d:90:a6:78:25:f3:d8:
                    2f:ee:e3:0d:40:b9:81:1e:a1:45:48:e5:40:91:dc:
                    fc:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:F1:08:91:6C:29:9D:EE:A4:1B:E6:1E:EC:0D:66:9B:EC:47:20:67
            X509v3 Authority Key Identifier:
                keyid:FC:4D:06:97:89:69:A8:BD:AB:6D:63:59:06:2D:77:81:E0:34:49:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_E0Gl4lpqL2rbWNZBi13geA0Sco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/WvEIkWwpne6kG-Ye7A1mm-xHIGc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/_E0Gl4lpqL2rbWNZBi13geA0Sco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.54.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6e:46:01:81:35:ba:4c:53:75:98:13:b6:67:79:77:69:0f:4b:
         fc:8b:d4:7f:0f:19:84:a1:6a:be:5f:aa:08:2b:a1:80:26:7b:
         2c:10:7a:08:fb:7d:8d:4b:17:22:0d:b8:67:89:5b:f5:3f:24:
         3f:b9:7a:82:a5:54:8e:e1:c0:51:6f:26:0c:f2:76:f9:9a:35:
         e1:e9:e3:d4:ce:77:17:30:be:2d:57:62:4f:fa:eb:f7:e7:16:
         5c:d2:f6:72:a4:04:bd:e0:42:61:e7:1e:2f:ea:2d:af:9a:1d:
         17:6e:b3:7f:db:28:54:7c:ad:4f:b3:ab:57:fb:94:00:8e:54:
         7b:38:de:67:3c:d9:42:87:1b:e8:c6:77:53:77:82:48:1e:9f:
         f0:71:4a:c4:13:89:71:1a:c3:70:c9:94:5f:e0:ad:ed:df:7e:
         32:2d:78:84:11:46:53:b6:ea:06:34:a8:4c:60:f8:9a:fd:81:
         e7:c7:f9:65:43:11:12:77:02:86:50:1a:9c:a3:5b:79:dd:63:
         ee:bb:7d:bc:fb:ae:c6:0e:7d:2e:45:9d:8b:5e:ee:f6:9c:fb:
         59:73:c0:c0:44:02:ff:08:5c:d1:b9:98:89:5c:d8:49:4a:82:
         15:8e:e8:94:fd:dd:76:d8:82:25:a0:96:ad:6c:90:9e:4c:8c:
         75:06:7d:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY65YIVcouO0G3geh33ofEPQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjNGQwNjk3ODk2OWE4YmRhYjZkNjM1OTA2MmQ3NzgxZTAz
NDQ5Y2EwHhcNMjQwNDA3MTYyNDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWYxMDg5MTZjMjk5ZGVlYTQxYmU2MWVlYzBkNjY5YmVjNDcyMDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjhw9VGxt4jt1cEezpqOFZv/73kgM
X+ktNRM1I6DJqJNErv+UYFQLIvJi6GoLz0DD1wFlZ1rmVqCYkQXHZiEyu7VEVaLt
io//tRhf2oeams2UIFa6QzTmuQw1Ali8boKyCa4jPxgLa2sq/DY9GYwlyodwxIIa
wKF8Zb8LeJ9abzoNAez3SomZaitP3uShXV1+RA9PQ9S4BpPVZrHmlWN/fZaABHyq
fRJa3bROrfC17fe11CZl+8AaAwUEOxjX/sxh5mbowSl0ZZ5up2CPyqM7e8xBGMAA
oJgl86cvedsC5o32sf7Hw3Oy912Qpngl89gv7uMNQLmBHqFFSOVAkdz8KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFrxCJFsKZ3upBvmHuwNZpvsRyBnMB8GA1UdIwQY
MBaAFPxNBpeJaai9q21jWQYtd4HgNEnKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0UwR2w0bHBxTDJyYldOWkJpMTNnZUEwU2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC8wODJjMzEtZjRlZi00YWNiLTkwZjEt
ZGEwM2JmN2EyZWMyLzEvV3ZFSWtXd3BuZTZrRy1ZZTdBMW1tLXhISUdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC8wODJjMzEtZjRlZi00YWNiLTkwZjEtZGEwM2JmN2EyZWMy
LzEvX0UwR2w0bHBxTDJyYldOWkJpMTNnZUEwU2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuTYMMA0G
CSqGSIb3DQEBCwUAA4IBAQBuRgGBNbpMU3WYE7ZneXdpD0v8i9R/DxmEoWq+X6oI
K6GAJnssEHoI+32NSxciDbhniVv1PyQ/uXqCpVSO4cBRbyYM8nb5mjXh6ePUzncX
ML4tV2JP+uv35xZc0vZypAS94EJh5x4v6i2vmh0XbrN/2yhUfK1Ps6tX+5QAjlR7
ON5nPNlChxvoxndTd4JIHp/wcUrEE4lxGsNwyZRf4K3t334yLXiEEUZTtuoGNKhM
YPia/YHnx/llQxESdwKGUBqco1t53WPuu328+67GDn0uRZ2LXu72nPtZc8DARAL/
CFzRuZiJXNhJSoIVjuiU/d122IIloJatbJCeTIx1Bn0Y
-----END CERTIFICATE-----