Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/6123c4-2bc5-4df9-ad13-e1d99b8706e4/1/wV5nic2v9y4s_8bG75Ixm8zE8iw.roa
File:                     wV5nic2v9y4s_8bG75Ixm8zE8iw.roa (raw, json)
Hash identifier:          ebRCDfEsjqQmIV0ly3gokHM3lsJwBzA8MX0M21g48Zc=
Subject key identifier:   C1:5E:67:89:CD:AF:F7:2E:2C:FF:C6:C6:EF:92:31:9B:CC:C4:F2:2C
Certificate issuer:       /CN=1008ba5429a709bc58ecdbae3f17e1bc9d3a4d5c
Certificate serial:       018CC4254064DCB3608EEBE6A000EB57AFDE
Authority key identifier: 10:08:BA:54:29:A7:09:BC:58:EC:DB:AE:3F:17:E1:BC:9D:3A:4D:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EAi6VCmnCbxY7NuuPxfhvJ06TVw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/6123c4-2bc5-4df9-ad13-e1d99b8706e4/1/wV5nic2v9y4s_8bG75Ixm8zE8iw.roa
Signing time:             Mon 01 Jan 2024 08:30:24 +0000
ROA not before:           Mon 01 Jan 2024 08:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47688
IP address blocks:        185.142.226.0/23 maxlen: 24
                          2a07:3146::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/6123c4-2bc5-4df9-ad13-e1d99b8706e4/1/EAi6VCmnCbxY7NuuPxfhvJ06TVw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/6123c4-2bc5-4df9-ad13-e1d99b8706e4/1/EAi6VCmnCbxY7NuuPxfhvJ06TVw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EAi6VCmnCbxY7NuuPxfhvJ06TVw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:40:64:dc:b3:60:8e:eb:e6:a0:00:eb:57:af:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1008ba5429a709bc58ecdbae3f17e1bc9d3a4d5c
        Validity
            Not Before: Jan  1 08:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c15e6789cdaff72e2cffc6c6ef92319bccc4f22c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:c4:62:00:a2:a7:71:5c:ee:44:10:57:08:0a:
                    ec:aa:98:52:a1:2d:f6:f9:6d:bf:65:e8:c2:af:78:
                    8c:fd:6e:97:69:bb:92:17:e6:5b:24:4c:1d:6b:56:
                    dc:9f:37:3a:50:b1:db:da:ec:f9:24:79:ea:f6:3b:
                    fc:79:90:1d:12:24:df:22:14:83:55:c6:c2:57:25:
                    3a:17:b7:da:90:00:80:77:4b:09:42:03:db:2c:90:
                    3e:05:6e:e6:48:3f:36:7c:0b:52:5c:c9:49:c2:2d:
                    ea:0a:60:b5:d7:fb:72:8d:8f:42:f2:a7:5a:c1:c9:
                    3c:e8:c5:6e:5b:c9:74:de:2f:8e:e4:e2:db:35:ca:
                    07:4a:21:19:d5:ac:b6:b7:d0:e4:d1:c6:6a:8b:89:
                    0c:a3:5a:a2:e6:36:e1:48:6e:fd:b9:01:08:15:27:
                    61:b3:75:0b:61:0a:51:af:2e:0a:6c:ec:1a:e8:f0:
                    7f:7a:19:b2:13:b0:41:ba:54:74:21:f8:b6:c7:cb:
                    d5:d2:d6:53:46:7a:4e:ef:79:61:96:e3:31:3e:bd:
                    26:d6:77:68:cf:ca:6c:2d:ff:88:de:61:73:af:01:
                    bd:ed:7a:1a:5b:bf:60:48:4f:6d:e0:4b:e3:eb:48:
                    94:e6:db:25:cf:91:8e:3b:e8:a2:6b:06:e0:4d:66:
                    d1:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:5E:67:89:CD:AF:F7:2E:2C:FF:C6:C6:EF:92:31:9B:CC:C4:F2:2C
            X509v3 Authority Key Identifier:
                keyid:10:08:BA:54:29:A7:09:BC:58:EC:DB:AE:3F:17:E1:BC:9D:3A:4D:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EAi6VCmnCbxY7NuuPxfhvJ06TVw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/6123c4-2bc5-4df9-ad13-e1d99b8706e4/1/wV5nic2v9y4s_8bG75Ixm8zE8iw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/6123c4-2bc5-4df9-ad13-e1d99b8706e4/1/EAi6VCmnCbxY7NuuPxfhvJ06TVw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.142.226.0/23
                IPv6:
                  2a07:3146::/32

    Signature Algorithm: sha256WithRSAEncryption
         27:a5:b3:76:d5:96:e9:73:e3:fd:10:21:ed:a9:c3:49:f4:f8:
         04:12:cb:63:9a:e3:12:84:27:20:45:a7:c1:fa:c4:89:13:9b:
         85:eb:5f:bc:cf:a8:85:09:56:17:0d:93:6e:3a:d4:34:14:96:
         fc:64:a6:b9:a6:a6:3c:e0:c3:92:9e:31:4e:30:51:24:50:ba:
         6a:2d:60:f9:d8:ec:31:93:45:6d:01:48:02:6e:4d:69:0d:ac:
         44:ad:63:ef:cb:58:e6:39:42:94:f3:fb:00:ab:f8:af:07:68:
         86:dc:f0:36:2d:99:3c:60:3e:fa:99:ea:1e:1f:be:a6:64:03:
         87:c1:0a:dd:bb:d9:66:cc:d9:59:3a:68:d6:c3:60:51:04:fa:
         95:f3:1d:38:4f:f4:04:d6:4d:6c:b2:1f:16:16:2e:7e:e3:07:
         c6:77:d3:d1:20:b2:4f:af:81:37:fa:2f:62:69:15:33:db:45:
         27:5d:8c:51:29:ad:c3:c1:fe:6c:f0:a8:88:8e:73:4a:6a:94:
         1e:d3:c6:d4:52:56:b0:af:c0:0b:6d:a0:4a:db:f0:fc:ed:7b:
         5a:25:94:5b:59:0b:38:74:4d:4d:23:02:34:db:84:04:07:76:
         78:d3:b9:e9:4b:50:ed:60:d2:ea:67:1b:52:50:24:54:31:bc:
         80:df:5f:c1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJUBk3LNgjuvmoADrV6/eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwMDhiYTU0MjlhNzA5YmM1OGVjZGJhZTNmMTdlMWJjOWQz
YTRkNWMwHhcNMjQwMTAxMDgzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTVlNjc4OWNkYWZmNzJlMmNmZmM2YzZlZjkyMzE5YmNjYzRmMjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg8RiAKKncVzuRBBXCArsqphSoS32
+W2/ZejCr3iM/W6XabuSF+ZbJEwda1bcnzc6ULHb2uz5JHnq9jv8eZAdEiTfIhSD
VcbCVyU6F7fakACAd0sJQgPbLJA+BW7mSD82fAtSXMlJwi3qCmC11/tyjY9C8qda
wck86MVuW8l03i+O5OLbNcoHSiEZ1ay2t9Dk0cZqi4kMo1qi5jbhSG79uQEIFSdh
s3ULYQpRry4KbOwa6PB/ehmyE7BBulR0Ifi2x8vV0tZTRnpO73lhluMxPr0m1ndo
z8psLf+I3mFzrwG97XoaW79gSE9t4Evj60iU5tslz5GOO+iiawbgTWbR9wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMFeZ4nNr/cuLP/Gxu+SMZvMxPIsMB8GA1UdIwQY
MBaAFBAIulQppwm8WOzbrj8X4bydOk1cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUFpNlZDbW5DYnhZN051dVB4Zmh2SjA2VFZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS82MTIzYzQtMmJjNS00ZGY5LWFkMTMt
ZTFkOTliODcwNmU0LzEvd1Y1bmljMnY5eTRzXzhiRzc1SXhtOHpFOGl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS82MTIzYzQtMmJjNS00ZGY5LWFkMTMtZTFkOTliODcwNmU0
LzEvRUFpNlZDbW5DYnhZN051dVB4Zmh2SjA2VFZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBuY7iMA0E
AgACMAcDBQAqBzFGMA0GCSqGSIb3DQEBCwUAA4IBAQAnpbN21Zbpc+P9ECHtqcNJ
9PgEEstjmuMShCcgRafB+sSJE5uF61+8z6iFCVYXDZNuOtQ0FJb8ZKa5pqY84MOS
njFOMFEkULpqLWD52Owxk0VtAUgCbk1pDaxErWPvy1jmOUKU8/sAq/ivB2iG3PA2
LZk8YD76meoeH76mZAOHwQrdu9lmzNlZOmjWw2BRBPqV8x04T/QE1k1ssh8WFi5+
4wfGd9PRILJPr4E3+i9iaRUz20UnXYxRKa3Dwf5s8KiIjnNKapQe08bUUlawr8AL
baBK2/D87XtaJZRbWQs4dE1NIwI024QEB3Z407npS1DtYNLqZxtSUCRUMbyA31/B
-----END CERTIFICATE-----