Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/bf1283-8d1b-4b1a-b9d9-0e195ec65b72/1/WQUS7VK4iJIkZrfE7-uPBajlizU.roa
File:                     WQUS7VK4iJIkZrfE7-uPBajlizU.roa (raw, json)
Hash identifier:          5A+RSd9zbXqbpZ+m+O/a9JolpGhxGweYbbxkrC/XQ3c=
Subject key identifier:   59:05:12:ED:52:B8:88:92:24:66:B7:C4:EF:EB:8F:05:A8:E5:8B:35
Certificate issuer:       /CN=b415beef9ea1dd4772c2ee952761d655d9865026
Certificate serial:       018CC9BC28B5AAC288AF19A9B1B2B1F78FFE
Authority key identifier: B4:15:BE:EF:9E:A1:DD:47:72:C2:EE:95:27:61:D6:55:D9:86:50:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tBW-756h3Udywu6VJ2HWVdmGUCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/bf1283-8d1b-4b1a-b9d9-0e195ec65b72/1/WQUS7VK4iJIkZrfE7-uPBajlizU.roa
Signing time:             Tue 02 Jan 2024 10:33:20 +0000
ROA not before:           Tue 02 Jan 2024 10:33:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202546
IP address blocks:        185.127.4.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/bf1283-8d1b-4b1a-b9d9-0e195ec65b72/1/tBW-756h3Udywu6VJ2HWVdmGUCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/bf1283-8d1b-4b1a-b9d9-0e195ec65b72/1/tBW-756h3Udywu6VJ2HWVdmGUCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tBW-756h3Udywu6VJ2HWVdmGUCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:28:b5:aa:c2:88:af:19:a9:b1:b2:b1:f7:8f:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b415beef9ea1dd4772c2ee952761d655d9865026
        Validity
            Not Before: Jan  2 10:33:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=590512ed52b888922466b7c4efeb8f05a8e58b35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:82:e0:67:91:c3:d0:0e:87:df:c7:fd:1e:e9:
                    9f:dd:14:fb:49:36:99:b0:e5:71:f9:33:95:e5:0a:
                    59:0f:07:11:43:55:8f:74:77:21:29:cb:99:83:20:
                    a0:76:41:08:0b:4d:2c:e1:43:70:2c:99:15:40:f9:
                    a1:13:96:e0:1c:9e:51:98:6e:22:09:92:6b:02:3a:
                    22:35:a2:98:a7:60:d5:9d:33:d2:52:a8:e7:bf:50:
                    71:5b:8e:57:69:c7:c2:66:e3:38:17:9c:ae:6b:3c:
                    b2:10:ca:39:6e:39:1c:29:52:3f:c4:72:57:60:d1:
                    0c:8b:34:41:a3:e4:6c:f2:ed:cd:09:95:df:8b:17:
                    8f:8f:5f:0e:4c:55:10:4c:e9:de:b2:62:21:ca:f7:
                    d9:bc:53:14:21:80:3e:29:d8:ad:15:3b:e3:0a:63:
                    f6:83:94:83:08:a0:f9:5e:79:cd:66:df:cb:09:c7:
                    6f:e6:d8:90:0e:d7:8c:eb:87:83:45:35:59:86:a7:
                    88:73:8f:89:6b:28:92:a0:24:f5:cc:bc:50:80:f2:
                    18:69:79:80:9f:aa:2f:d9:04:33:be:d6:f7:a7:b0:
                    ab:e1:3d:b7:c1:09:5e:fd:a4:59:e3:b8:b5:75:fa:
                    c4:af:f1:f0:76:20:60:79:d0:c2:0b:58:55:3b:45:
                    cf:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:05:12:ED:52:B8:88:92:24:66:B7:C4:EF:EB:8F:05:A8:E5:8B:35
            X509v3 Authority Key Identifier:
                keyid:B4:15:BE:EF:9E:A1:DD:47:72:C2:EE:95:27:61:D6:55:D9:86:50:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tBW-756h3Udywu6VJ2HWVdmGUCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/bf1283-8d1b-4b1a-b9d9-0e195ec65b72/1/WQUS7VK4iJIkZrfE7-uPBajlizU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/bf1283-8d1b-4b1a-b9d9-0e195ec65b72/1/tBW-756h3Udywu6VJ2HWVdmGUCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.127.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         88:27:ce:39:f0:94:f2:56:14:13:ef:1e:f0:4a:b9:5d:18:83:
         a7:74:01:69:d2:53:ce:b8:cb:bc:96:1e:de:8d:4b:e4:8d:7f:
         32:f2:7b:12:75:e2:c6:7d:9b:71:54:06:61:c1:cc:ce:db:6b:
         4f:6c:bb:a4:c4:39:5f:f8:2f:07:8f:61:56:80:4e:20:c7:a5:
         5f:a8:37:c6:2b:c5:ab:af:fe:9e:94:e6:4a:68:a5:f7:8c:bf:
         ee:11:0e:e6:cf:d8:a3:ff:93:9d:cd:4c:b1:a9:71:4a:69:2e:
         d1:5e:9a:83:6e:14:01:42:b4:7d:d7:2b:b7:c3:0c:44:ca:1e:
         13:e7:a1:56:30:5a:cd:01:3c:ae:2a:84:9b:38:f0:d9:94:17:
         65:f2:e6:c2:b6:ae:67:97:9f:a3:76:8f:0d:09:71:35:d7:da:
         38:47:78:f9:dc:a5:ff:c5:ef:4a:88:0a:5d:8c:a5:e7:37:cd:
         fe:6a:4b:0f:38:48:7b:3d:19:94:f3:ed:fb:cd:08:d6:96:25:
         f8:69:24:bf:b7:56:78:9d:75:33:c6:a4:84:54:36:61:91:5d:
         30:71:4f:06:09:b3:fc:30:e6:50:57:83:85:b2:07:cb:ae:27:
         85:67:8e:23:ed:36:4b:4a:81:f0:c0:21:e9:23:cd:c2:5b:df:
         98:98:66:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvCi1qsKIrxmpsbKx94/+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MTViZWVmOWVhMWRkNDc3MmMyZWU5NTI3NjFkNjU1ZDk4
NjUwMjYwHhcNMjQwMTAyMTAzMzIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTA1MTJlZDUyYjg4ODkyMjQ2NmI3YzRlZmViOGYwNWE4ZTU4YjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAioLgZ5HD0A6H38f9Humf3RT7STaZ
sOVx+TOV5QpZDwcRQ1WPdHchKcuZgyCgdkEIC00s4UNwLJkVQPmhE5bgHJ5RmG4i
CZJrAjoiNaKYp2DVnTPSUqjnv1BxW45XacfCZuM4F5yuazyyEMo5bjkcKVI/xHJX
YNEMizRBo+Rs8u3NCZXfixePj18OTFUQTOnesmIhyvfZvFMUIYA+KditFTvjCmP2
g5SDCKD5XnnNZt/LCcdv5tiQDteM64eDRTVZhqeIc4+JayiSoCT1zLxQgPIYaXmA
n6ov2QQzvtb3p7Cr4T23wQle/aRZ47i1dfrEr/HwdiBgedDCC1hVO0XPjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFkFEu1SuIiSJGa3xO/rjwWo5Ys1MB8GA1UdIwQY
MBaAFLQVvu+eod1HcsLulSdh1lXZhlAmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEJXLTc1NmgzVWR5d3U2VkoySFdWZG1HVUNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9iZjEyODMtOGQxYi00YjFhLWI5ZDkt
MGUxOTVlYzY1YjcyLzEvV1FVUzdWSzRpSklrWnJmRTctdVBCYWpsaXpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9iZjEyODMtOGQxYi00YjFhLWI5ZDktMGUxOTVlYzY1Yjcy
LzEvdEJXLTc1NmgzVWR5d3U2VkoySFdWZG1HVUNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuX8EMA0G
CSqGSIb3DQEBCwUAA4IBAQCIJ8458JTyVhQT7x7wSrldGIOndAFp0lPOuMu8lh7e
jUvkjX8y8nsSdeLGfZtxVAZhwczO22tPbLukxDlf+C8Hj2FWgE4gx6VfqDfGK8Wr
r/6elOZKaKX3jL/uEQ7mz9ij/5OdzUyxqXFKaS7RXpqDbhQBQrR91yu3wwxEyh4T
56FWMFrNATyuKoSbOPDZlBdl8ubCtq5nl5+jdo8NCXE119o4R3j53KX/xe9KiApd
jKXnN83+aksPOEh7PRmU8+37zQjWliX4aSS/t1Z4nXUzxqSEVDZhkV0wcU8GCbP8
MOZQV4OFsgfLrieFZ44j7TZLSoHwwCHpI83CW9+YmGbM
-----END CERTIFICATE-----