Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f9c92d-2cfd-4962-8f26-3acaf1425b9a/1/W5ePCuNVHGRZf3RBM-zfApfD1kw.roa
File:                     W5ePCuNVHGRZf3RBM-zfApfD1kw.roa (raw, json)
Hash identifier:          F2bxKmc0++DlG0SLnKGVmuFIvTXpjvGl6YDHmE3/G60=
Subject key identifier:   5B:97:8F:0A:E3:55:1C:64:59:7F:74:41:33:EC:DF:02:97:C3:D6:4C
Certificate issuer:       /CN=23d895115bd860fe613834e82be425cb04226878
Certificate serial:       018CC8019D546A11A1E3D5B4D9445D890B42
Authority key identifier: 23:D8:95:11:5B:D8:60:FE:61:38:34:E8:2B:E4:25:CB:04:22:68:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I9iVEVvYYP5hODToK-QlywQiaHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f9c92d-2cfd-4962-8f26-3acaf1425b9a/1/W5ePCuNVHGRZf3RBM-zfApfD1kw.roa
Signing time:             Tue 02 Jan 2024 02:29:58 +0000
ROA not before:           Tue 02 Jan 2024 02:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24904
IP address blocks:        185.210.108.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f9c92d-2cfd-4962-8f26-3acaf1425b9a/1/I9iVEVvYYP5hODToK-QlywQiaHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f9c92d-2cfd-4962-8f26-3acaf1425b9a/1/I9iVEVvYYP5hODToK-QlywQiaHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I9iVEVvYYP5hODToK-QlywQiaHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 22:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:9d:54:6a:11:a1:e3:d5:b4:d9:44:5d:89:0b:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23d895115bd860fe613834e82be425cb04226878
        Validity
            Not Before: Jan  2 02:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b978f0ae3551c64597f744133ecdf0297c3d64c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:48:bb:49:78:ca:04:7f:de:05:06:0d:e2:62:
                    68:53:8c:86:7d:4a:71:b8:44:74:5c:ba:1d:4b:f4:
                    a1:7b:86:49:2b:8f:f7:df:19:68:54:7e:4b:4c:52:
                    08:bf:cc:f9:a4:9d:a7:7b:ca:cb:e3:7f:83:7f:5e:
                    ba:8b:3b:ae:40:74:35:ae:e5:fd:fb:46:53:39:d0:
                    c8:26:a6:1f:73:44:df:89:2e:8f:52:fd:d1:74:90:
                    75:63:83:ac:5e:83:92:7e:1e:7b:bf:69:86:80:72:
                    c6:ce:45:d0:d5:0d:5c:07:43:79:8c:bf:c4:71:97:
                    9e:8e:92:f6:43:0b:05:c8:f8:bd:d7:51:42:88:b0:
                    aa:6e:dd:b8:c2:6a:bd:95:03:89:c6:1c:17:75:96:
                    81:e1:35:00:6d:23:52:bb:d8:ba:f1:74:a6:a7:40:
                    aa:3d:03:d8:d3:63:05:d2:5c:04:1e:16:af:05:2d:
                    9b:c3:a2:13:e8:02:7c:03:ec:40:97:28:5f:30:1b:
                    67:19:64:43:b2:0c:36:7b:ea:f0:1a:22:7a:af:75:
                    9a:23:2b:9b:10:00:92:54:dd:fd:ed:8e:9a:53:65:
                    ba:76:fb:66:af:5d:77:13:95:f9:86:8c:43:ac:02:
                    02:a7:2e:8b:d0:ef:61:bc:cf:f7:b7:23:04:0d:59:
                    3f:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:97:8F:0A:E3:55:1C:64:59:7F:74:41:33:EC:DF:02:97:C3:D6:4C
            X509v3 Authority Key Identifier:
                keyid:23:D8:95:11:5B:D8:60:FE:61:38:34:E8:2B:E4:25:CB:04:22:68:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I9iVEVvYYP5hODToK-QlywQiaHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f9c92d-2cfd-4962-8f26-3acaf1425b9a/1/W5ePCuNVHGRZf3RBM-zfApfD1kw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f9c92d-2cfd-4962-8f26-3acaf1425b9a/1/I9iVEVvYYP5hODToK-QlywQiaHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.210.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2a:04:7f:2d:a3:4b:cb:36:4b:41:fa:17:8f:67:2a:2c:37:a2:
         84:e2:5c:d0:c6:d0:bb:c5:a0:2b:c6:6a:3c:45:33:9a:06:6b:
         d1:95:4f:7e:98:b8:10:b6:67:90:53:fc:92:0e:e8:34:c7:f6:
         15:19:0f:a0:2b:d7:a8:a2:e7:42:55:ff:6a:fc:cf:08:32:c0:
         91:6e:f4:5e:a1:bd:35:2e:fc:c7:09:f1:67:0e:d3:0e:39:fa:
         ef:50:78:67:4d:26:96:ee:a5:b7:e5:50:9f:a4:51:d3:8a:20:
         50:bf:5a:ba:c6:94:ae:c8:58:ec:ab:4d:31:1d:40:41:46:3f:
         3d:62:87:f2:27:d8:37:af:83:88:94:5c:84:65:b6:b2:1d:a6:
         88:30:d5:6c:99:5e:2c:25:43:0b:f8:29:fa:51:b7:27:86:e6:
         e3:c7:8d:ec:a6:d4:21:d6:a8:85:b5:e8:c9:11:d0:61:85:74:
         c9:e1:20:ac:43:68:28:1d:bd:9d:69:19:8e:09:44:c5:28:69:
         ee:3e:5f:6d:0e:e6:38:86:08:45:00:21:fe:24:06:1d:85:57:
         b5:ac:68:fc:a4:f6:be:14:8a:44:2d:ca:a9:c9:09:be:44:88:
         a6:01:69:ce:92:00:68:de:31:0e:f6:07:24:8d:41:69:b6:57:
         12:a2:a5:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAZ1UahGh49W02URdiQtCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzZDg5NTExNWJkODYwZmU2MTM4MzRlODJiZTQyNWNiMDQy
MjY4NzgwHhcNMjQwMTAyMDIyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Yjk3OGYwYWUzNTUxYzY0NTk3Zjc0NDEzM2VjZGYwMjk3YzNkNjRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0i7SXjKBH/eBQYN4mJoU4yGfUpx
uER0XLodS/She4ZJK4/33xloVH5LTFIIv8z5pJ2ne8rL43+Df166izuuQHQ1ruX9
+0ZTOdDIJqYfc0TfiS6PUv3RdJB1Y4OsXoOSfh57v2mGgHLGzkXQ1Q1cB0N5jL/E
cZeejpL2QwsFyPi911FCiLCqbt24wmq9lQOJxhwXdZaB4TUAbSNSu9i68XSmp0Cq
PQPY02MF0lwEHhavBS2bw6IT6AJ8A+xAlyhfMBtnGWRDsgw2e+rwGiJ6r3WaIyub
EACSVN397Y6aU2W6dvtmr113E5X5hoxDrAICpy6L0O9hvM/3tyMEDVk/OwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFuXjwrjVRxkWX90QTPs3wKXw9ZMMB8GA1UdIwQY
MBaAFCPYlRFb2GD+YTg06CvkJcsEImh4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTlpVkVWdllZUDVoT0RUb0stUWx5d1FpYUhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mOWM5MmQtMmNmZC00OTYyLThmMjYt
M2FjYWYxNDI1YjlhLzEvVzVlUEN1TlZIR1JaZjNSQk0temZBcGZEMWt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mOWM5MmQtMmNmZC00OTYyLThmMjYtM2FjYWYxNDI1Yjlh
LzEvSTlpVkVWdllZUDVoT0RUb0stUWx5d1FpYUhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudJsMA0G
CSqGSIb3DQEBCwUAA4IBAQAqBH8to0vLNktB+hePZyosN6KE4lzQxtC7xaArxmo8
RTOaBmvRlU9+mLgQtmeQU/ySDug0x/YVGQ+gK9eooudCVf9q/M8IMsCRbvReob01
LvzHCfFnDtMOOfrvUHhnTSaW7qW35VCfpFHTiiBQv1q6xpSuyFjsq00xHUBBRj89
YofyJ9g3r4OIlFyEZbayHaaIMNVsmV4sJUML+Cn6Ubcnhubjx43sptQh1qiFtejJ
EdBhhXTJ4SCsQ2goHb2daRmOCUTFKGnuPl9tDuY4hghFACH+JAYdhVe1rGj8pPa+
FIpELcqpyQm+RIimAWnOkgBo3jEO9gckjUFptlcSoqV2
-----END CERTIFICATE-----