Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/6e43b9-c6a7-4d51-8061-06c8bb374a58/1/IDWWwZGMVR_ZKMGJFpQH-ZoK1bg.roa
File:                     IDWWwZGMVR_ZKMGJFpQH-ZoK1bg.roa (raw, json)
Hash identifier:          eN9ag6fl5NIGkWI6aapUjCp2oeWM9mnSu5BsAzvhMIQ=
Subject key identifier:   20:35:96:C1:91:8C:55:1F:D9:28:C1:89:16:94:07:F9:9A:0A:D5:B8
Certificate issuer:       /CN=e06536d2b17c45c175739f3313119be219d331ac
Certificate serial:       018CC649A33EF8678EF99373FF40B3BF55C6
Authority key identifier: E0:65:36:D2:B1:7C:45:C1:75:73:9F:33:13:11:9B:E2:19:D3:31:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4GU20rF8RcF1c58zExGb4hnTMaw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/6e43b9-c6a7-4d51-8061-06c8bb374a58/1/IDWWwZGMVR_ZKMGJFpQH-ZoK1bg.roa
Signing time:             Mon 01 Jan 2024 18:29:23 +0000
ROA not before:           Mon 01 Jan 2024 18:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15576
IP address blocks:        188.92.224.0/21 maxlen: 21
                          185.254.76.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/6e43b9-c6a7-4d51-8061-06c8bb374a58/1/4GU20rF8RcF1c58zExGb4hnTMaw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/6e43b9-c6a7-4d51-8061-06c8bb374a58/1/4GU20rF8RcF1c58zExGb4hnTMaw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4GU20rF8RcF1c58zExGb4hnTMaw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 10:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:a3:3e:f8:67:8e:f9:93:73:ff:40:b3:bf:55:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e06536d2b17c45c175739f3313119be219d331ac
        Validity
            Not Before: Jan  1 18:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=203596c1918c551fd928c189169407f99a0ad5b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:08:7e:d2:19:43:6a:83:af:0e:e0:0c:82:a6:
                    29:88:ca:f8:7f:88:65:33:8c:51:2e:60:62:3e:bd:
                    4b:92:be:c8:1e:8f:8a:27:8e:9b:d0:dd:ee:ca:46:
                    0c:6d:94:5a:0f:87:f6:a6:b2:7e:f6:e0:aa:6e:d1:
                    ff:52:58:71:e6:3d:7f:2a:f0:a1:c5:cf:5f:27:13:
                    49:1c:ee:56:9c:0d:ff:9d:75:3e:ba:3e:05:8e:6c:
                    f6:4e:cc:40:e2:4e:51:ac:eb:24:66:88:54:94:fb:
                    11:88:a5:54:7b:f8:65:c6:9b:5e:d5:84:b8:4c:32:
                    79:e1:2b:6d:49:7b:dc:09:cc:0e:f7:bd:29:de:ab:
                    76:76:26:ce:a0:b1:17:bf:b6:6c:14:66:f2:7e:67:
                    e4:f6:3c:d5:43:b9:7b:a7:d8:2c:4d:d4:c6:94:47:
                    ee:c6:eb:54:42:f8:8d:d6:45:df:ee:f2:2a:e4:b7:
                    58:de:55:87:a9:13:22:3a:bd:30:a1:71:71:ae:a9:
                    80:a3:f4:2a:d4:6c:5d:6d:5c:28:ee:cd:96:4b:18:
                    9e:5c:8c:3d:97:34:bc:09:f3:6f:23:4c:d9:78:f0:
                    d4:82:5b:ea:87:a8:e3:43:82:d2:61:e0:e5:3a:65:
                    5f:e7:58:ee:71:20:ad:c1:c0:bf:9a:7d:3d:b7:24:
                    7b:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:35:96:C1:91:8C:55:1F:D9:28:C1:89:16:94:07:F9:9A:0A:D5:B8
            X509v3 Authority Key Identifier:
                keyid:E0:65:36:D2:B1:7C:45:C1:75:73:9F:33:13:11:9B:E2:19:D3:31:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4GU20rF8RcF1c58zExGb4hnTMaw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/6e43b9-c6a7-4d51-8061-06c8bb374a58/1/IDWWwZGMVR_ZKMGJFpQH-ZoK1bg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/6e43b9-c6a7-4d51-8061-06c8bb374a58/1/4GU20rF8RcF1c58zExGb4hnTMaw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.254.76.0/22
                  188.92.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         43:23:df:26:90:65:14:fe:d6:10:05:7b:64:f1:d2:4c:bc:7d:
         a0:8a:2f:fa:c2:66:01:c3:e4:b2:eb:d8:32:72:11:fb:4a:3a:
         8e:be:d0:3f:5c:8b:7c:fe:70:b7:ff:7e:e7:d2:e3:65:d0:33:
         26:84:c7:15:7c:c8:8b:3b:81:9a:88:46:9c:e0:b5:7c:96:91:
         36:26:2a:5d:03:16:28:8a:9d:0c:ff:e5:d7:86:d7:39:23:90:
         c4:18:cd:85:0f:f7:09:52:06:8f:07:b3:62:13:c2:f8:a8:6d:
         e1:bc:45:bf:21:b9:79:e3:12:b3:fc:62:37:96:7f:43:54:48:
         18:fd:6a:1c:8e:bf:dd:d2:3e:1c:ba:21:c5:ce:5d:47:f5:b6:
         fd:91:58:96:c4:84:82:7f:5b:3f:ff:ea:e7:a0:eb:cb:83:6f:
         73:c3:b8:8b:73:c1:3d:cf:37:76:a8:2e:fe:c4:fa:cf:17:0a:
         6b:07:24:6e:5b:86:38:97:8a:fe:6d:22:c8:48:9f:bb:24:5e:
         e6:ec:52:64:61:f4:aa:30:ed:94:27:fb:bb:5c:77:9e:a5:41:
         af:b9:3b:4d:59:29:af:07:87:78:8e:ae:da:9c:7e:40:23:63:
         1c:28:a5:21:ea:86:c6:46:d1:e0:63:a8:75:ff:2a:86:aa:15:
         7e:dd:43:ac
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGSaM++GeO+ZNz/0Czv1XGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNjUzNmQyYjE3YzQ1YzE3NTczOWYzMzEzMTE5YmUyMTlk
MzMxYWMwHhcNMjQwMTAxMTgyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDM1OTZjMTkxOGM1NTFmZDkyOGMxODkxNjk0MDdmOTlhMGFkNWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlAh+0hlDaoOvDuAMgqYpiMr4f4hl
M4xRLmBiPr1Lkr7IHo+KJ46b0N3uykYMbZRaD4f2prJ+9uCqbtH/Ulhx5j1/KvCh
xc9fJxNJHO5WnA3/nXU+uj4Fjmz2TsxA4k5RrOskZohUlPsRiKVUe/hlxpte1YS4
TDJ54SttSXvcCcwO970p3qt2dibOoLEXv7ZsFGbyfmfk9jzVQ7l7p9gsTdTGlEfu
xutUQviN1kXf7vIq5LdY3lWHqRMiOr0woXFxrqmAo/Qq1GxdbVwo7s2WSxieXIw9
lzS8CfNvI0zZePDUglvqh6jjQ4LSYeDlOmVf51jucSCtwcC/mn09tyR7gwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCA1lsGRjFUf2SjBiRaUB/maCtW4MB8GA1UdIwQY
MBaAFOBlNtKxfEXBdXOfMxMRm+IZ0zGsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEdVMjByRjhSY0YxYzU4ekV4R2I0aG5UTWF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy82ZTQzYjktYzZhNy00ZDUxLTgwNjEt
MDZjOGJiMzc0YTU4LzEvSURXV3daR01WUl9aS01HSkZwUUgtWm9LMWJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy82ZTQzYjktYzZhNy00ZDUxLTgwNjEtMDZjOGJiMzc0YTU4
LzEvNEdVMjByRjhSY0YxYzU4ekV4R2I0aG5UTWF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuf5MAwQD
vFzgMA0GCSqGSIb3DQEBCwUAA4IBAQBDI98mkGUU/tYQBXtk8dJMvH2gii/6wmYB
w+Sy69gychH7SjqOvtA/XIt8/nC3/37n0uNl0DMmhMcVfMiLO4GaiEac4LV8lpE2
JipdAxYoip0M/+XXhtc5I5DEGM2FD/cJUgaPB7NiE8L4qG3hvEW/Ibl54xKz/GI3
ln9DVEgY/Wocjr/d0j4cuiHFzl1H9bb9kViWxISCf1s//+rnoOvLg29zw7iLc8E9
zzd2qC7+xPrPFwprByRuW4Y4l4r+bSLISJ+7JF7m7FJkYfSqMO2UJ/u7XHeepUGv
uTtNWSmvB4d4jq7anH5AI2McKKUh6obGRtHgY6h1/yqGqhV+3UOs
-----END CERTIFICATE-----