Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/307607-5706-4e44-bb8e-189d00a333ee/1/wG0DKdNraDsbCCiCFmfkeUFIvIw.roa
File:                     wG0DKdNraDsbCCiCFmfkeUFIvIw.roa (raw, json)
Hash identifier:          UM+WV1RJFZrAO6Gd6ZSZfzxZmXn3A4lfrB9MHc7LImk=
Subject key identifier:   C0:6D:03:29:D3:6B:68:3B:1B:08:28:82:16:67:E4:79:41:48:BC:8C
Certificate issuer:       /CN=432fe70f4cef10376836152f38e4e08532cc7b9f
Certificate serial:       018F5E17EB6E12C76D6703B8E11467A0BAAC
Authority key identifier: 43:2F:E7:0F:4C:EF:10:37:68:36:15:2F:38:E4:E0:85:32:CC:7B:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qy_nD0zvEDdoNhUvOOTghTLMe58.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/307607-5706-4e44-bb8e-189d00a333ee/1/wG0DKdNraDsbCCiCFmfkeUFIvIw.roa
Signing time:             Thu 09 May 2024 16:02:56 +0000
ROA not before:           Thu 09 May 2024 16:02:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34984
IP address blocks:        185.95.168.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/307607-5706-4e44-bb8e-189d00a333ee/1/Qy_nD0zvEDdoNhUvOOTghTLMe58.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/307607-5706-4e44-bb8e-189d00a333ee/1/Qy_nD0zvEDdoNhUvOOTghTLMe58.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qy_nD0zvEDdoNhUvOOTghTLMe58.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 12:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:5e:17:eb:6e:12:c7:6d:67:03:b8:e1:14:67:a0:ba:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=432fe70f4cef10376836152f38e4e08532cc7b9f
        Validity
            Not Before: May  9 16:02:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c06d0329d36b683b1b0828821667e4794148bc8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:f4:b6:9b:6d:49:dd:22:23:ff:ca:ec:e0:45:
                    e4:b9:f9:e6:0e:35:a1:53:b5:d8:50:f1:9e:cb:dd:
                    c5:36:4f:42:ce:e7:a8:37:16:7a:d9:2e:1f:ea:c4:
                    f5:d1:af:88:62:67:a7:ea:2b:4e:a6:22:3a:dc:3d:
                    fd:ff:96:d6:c3:4f:e0:ba:75:df:a1:b0:71:c0:7a:
                    36:51:e4:a3:e0:92:2c:6e:4a:0b:cc:e8:1c:fc:8b:
                    f2:e6:7d:cd:9e:0f:e7:9e:fe:d0:d9:90:be:f3:67:
                    df:d4:42:e2:05:f9:17:49:1c:90:b0:f0:bd:85:af:
                    34:74:4e:c0:9a:e7:76:4f:de:3c:2b:df:0a:a3:be:
                    a0:13:de:00:57:91:16:70:d7:e7:7e:41:a5:71:57:
                    e0:61:73:ac:ff:06:f0:e9:f2:44:af:0c:0f:88:d4:
                    9b:7b:4c:53:b6:58:f1:dc:50:51:8c:4c:4e:75:7f:
                    c4:86:9e:4c:85:55:37:e0:c4:17:03:86:55:05:be:
                    2a:59:06:16:87:dd:48:6b:dd:f2:87:1f:06:d8:98:
                    a0:55:8f:4d:4c:6f:96:10:89:35:a0:c9:86:b7:8f:
                    52:27:0b:a4:00:7e:3c:c4:01:ad:86:50:79:59:f0:
                    b6:8f:58:bf:4e:f4:7a:43:a4:78:88:db:7d:6d:b4:
                    8b:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:6D:03:29:D3:6B:68:3B:1B:08:28:82:16:67:E4:79:41:48:BC:8C
            X509v3 Authority Key Identifier:
                keyid:43:2F:E7:0F:4C:EF:10:37:68:36:15:2F:38:E4:E0:85:32:CC:7B:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qy_nD0zvEDdoNhUvOOTghTLMe58.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/307607-5706-4e44-bb8e-189d00a333ee/1/wG0DKdNraDsbCCiCFmfkeUFIvIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/307607-5706-4e44-bb8e-189d00a333ee/1/Qy_nD0zvEDdoNhUvOOTghTLMe58.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.95.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         33:ac:9d:8b:a4:6c:e4:0d:90:70:b5:40:72:e7:43:12:76:38:
         9b:c1:c1:75:cf:e8:ee:a3:63:18:94:c4:2a:2e:b6:26:dc:ef:
         4e:bb:2c:4f:fb:46:8d:cc:4b:aa:57:f8:b6:1a:10:47:2b:9c:
         9d:90:e0:67:00:40:56:0c:ff:d7:13:9a:4f:ed:2a:73:8c:96:
         b9:e4:11:d4:81:eb:e4:2a:fa:f1:1b:60:1a:64:7b:ec:ea:b6:
         a3:47:13:b2:dd:eb:7a:66:4d:de:d9:79:18:cc:7c:6e:46:24:
         48:7a:74:36:87:03:9f:ac:db:65:75:a0:a9:e8:be:f6:ff:d5:
         9f:06:b3:8e:c9:a6:9f:e3:6d:ff:ba:1e:34:02:c9:5b:41:85:
         01:ab:c1:6c:d4:ad:f4:54:b4:50:ca:53:68:48:f4:be:0c:f1:
         fd:5c:a4:e9:96:fe:5b:ba:ab:e8:df:12:19:d1:68:17:49:6d:
         56:25:7f:bc:d3:de:fd:f9:aa:4b:3e:0d:21:b1:2d:19:ac:d6:
         76:c6:fb:f9:ac:64:59:5f:2d:89:cc:3f:1a:27:2f:17:b8:6f:
         2b:9e:77:f4:7b:f5:e6:ee:3e:b9:c7:38:fc:30:fd:72:5f:79:
         5a:e9:0d:bd:df:66:eb:c7:c2:04:08:73:23:0c:33:de:9e:9c:
         18:86:03:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9eF+tuEsdtZwO44RRnoLqsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMmZlNzBmNGNlZjEwMzc2ODM2MTUyZjM4ZTRlMDg1MzJj
YzdiOWYwHhcNMjQwNTA5MTYwMjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDZkMDMyOWQzNmI2ODNiMWIwODI4ODIxNjY3ZTQ3OTQxNDhiYzhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqfS2m21J3SIj/8rs4EXkufnmDjWh
U7XYUPGey93FNk9CzueoNxZ62S4f6sT10a+IYmen6itOpiI63D39/5bWw0/gunXf
obBxwHo2UeSj4JIsbkoLzOgc/Ivy5n3Nng/nnv7Q2ZC+82ff1ELiBfkXSRyQsPC9
ha80dE7Amud2T948K98Ko76gE94AV5EWcNfnfkGlcVfgYXOs/wbw6fJErwwPiNSb
e0xTtljx3FBRjExOdX/Ehp5MhVU34MQXA4ZVBb4qWQYWh91Ia93yhx8G2JigVY9N
TG+WEIk1oMmGt49SJwukAH48xAGthlB5WfC2j1i/TvR6Q6R4iNt9bbSLTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMBtAynTa2g7GwgoghZn5HlBSLyMMB8GA1UdIwQY
MBaAFEMv5w9M7xA3aDYVLzjk4IUyzHufMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXlfbkQwenZFRGRvTmhVdk9PVGdoVExNZTU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8zMDc2MDctNTcwNi00ZTQ0LWJiOGUt
MTg5ZDAwYTMzM2VlLzEvd0cwREtkTnJhRHNiQ0NpQ0ZtZmtlVUZJdkl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8zMDc2MDctNTcwNi00ZTQ0LWJiOGUtMTg5ZDAwYTMzM2Vl
LzEvUXlfbkQwenZFRGRvTmhVdk9PVGdoVExNZTU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuV+oMA0G
CSqGSIb3DQEBCwUAA4IBAQAzrJ2LpGzkDZBwtUBy50MSdjibwcF1z+juo2MYlMQq
LrYm3O9OuyxP+0aNzEuqV/i2GhBHK5ydkOBnAEBWDP/XE5pP7SpzjJa55BHUgevk
KvrxG2AaZHvs6rajRxOy3et6Zk3e2XkYzHxuRiRIenQ2hwOfrNtldaCp6L72/9Wf
BrOOyaaf423/uh40AslbQYUBq8Fs1K30VLRQylNoSPS+DPH9XKTplv5buqvo3xIZ
0WgXSW1WJX+80979+apLPg0hsS0ZrNZ2xvv5rGRZXy2JzD8aJy8XuG8rnnf0e/Xm
7j65xzj8MP1yX3la6Q2932brx8IECHMjDDPenpwYhgPa
-----END CERTIFICATE-----