Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/a7938f-7c9a-43c9-95f3-f3810bd70376/1/wQAVc6UvFjgVcRp_YiZUXIKcwlY.roa
File:                     wQAVc6UvFjgVcRp_YiZUXIKcwlY.roa (raw, json)
Hash identifier:          l6a9JRCJ9ubwZnERRiwb2SJ0KMUcllZH5DItVa+Nc5I=
Subject key identifier:   C1:00:15:73:A5:2F:16:38:15:71:1A:7F:62:26:54:5C:82:9C:C2:56
Certificate issuer:       /CN=411c4322082191c79e2d86db4e1bf9d0718e27e9
Certificate serial:       018CC50031C734A47EEE926F6612C6C6490E
Authority key identifier: 41:1C:43:22:08:21:91:C7:9E:2D:86:DB:4E:1B:F9:D0:71:8E:27:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QRxDIgghkceeLYbbThv50HGOJ-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/a7938f-7c9a-43c9-95f3-f3810bd70376/1/wQAVc6UvFjgVcRp_YiZUXIKcwlY.roa
Signing time:             Mon 01 Jan 2024 12:29:33 +0000
ROA not before:           Mon 01 Jan 2024 12:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202695
IP address blocks:        185.156.244.0/22 maxlen: 22
                          64.38.104.0/22 maxlen: 22
                          2a03:5b00::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/a7938f-7c9a-43c9-95f3-f3810bd70376/1/QRxDIgghkceeLYbbThv50HGOJ-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/a7938f-7c9a-43c9-95f3-f3810bd70376/1/QRxDIgghkceeLYbbThv50HGOJ-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QRxDIgghkceeLYbbThv50HGOJ-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:31:c7:34:a4:7e:ee:92:6f:66:12:c6:c6:49:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=411c4322082191c79e2d86db4e1bf9d0718e27e9
        Validity
            Not Before: Jan  1 12:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1001573a52f163815711a7f6226545c829cc256
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:b7:3b:dd:dd:a4:0d:a2:74:06:b0:22:b4:f9:
                    f1:54:db:a4:62:ec:b4:23:f7:d6:10:c8:1f:42:b6:
                    79:5c:ce:9a:5e:5d:87:61:93:bf:7f:cf:7a:65:e3:
                    11:b7:15:24:51:76:65:f5:f1:6f:45:81:77:b9:da:
                    95:0f:ee:f3:77:ac:46:31:22:b2:91:be:ba:b3:0f:
                    24:fe:b8:10:c3:0f:e9:47:af:14:56:b3:b4:c9:8c:
                    03:a3:d4:fc:3d:30:68:00:23:28:66:50:c7:97:c5:
                    e7:7e:f8:17:81:51:f4:c6:16:7e:4c:96:f6:17:e5:
                    39:e0:ed:1a:ef:c7:b6:34:01:dc:d4:99:67:ea:3c:
                    37:9d:4c:02:74:52:d0:7f:e4:a8:e4:ff:6d:78:ac:
                    6d:63:f3:24:89:ae:2c:4a:09:b2:76:16:56:76:0b:
                    9d:b8:9f:e1:00:29:92:86:05:17:00:24:bd:c0:57:
                    cd:c7:32:41:a2:a5:6d:28:2b:ae:da:fb:4b:3d:8f:
                    d2:89:1e:fa:81:06:0e:ac:a1:7f:02:e1:f7:62:40:
                    e4:02:e1:ee:f4:b1:46:da:9d:f8:4f:e7:8c:b2:40:
                    e5:56:3b:57:d4:9f:10:b7:59:ac:5d:a2:c5:38:3d:
                    fc:4c:75:dc:6d:ef:6a:2b:2e:f3:dc:75:48:a7:5c:
                    35:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:00:15:73:A5:2F:16:38:15:71:1A:7F:62:26:54:5C:82:9C:C2:56
            X509v3 Authority Key Identifier:
                keyid:41:1C:43:22:08:21:91:C7:9E:2D:86:DB:4E:1B:F9:D0:71:8E:27:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QRxDIgghkceeLYbbThv50HGOJ-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/a7938f-7c9a-43c9-95f3-f3810bd70376/1/wQAVc6UvFjgVcRp_YiZUXIKcwlY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/a7938f-7c9a-43c9-95f3-f3810bd70376/1/QRxDIgghkceeLYbbThv50HGOJ-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.38.104.0/22
                  185.156.244.0/22
                IPv6:
                  2a03:5b00::/32

    Signature Algorithm: sha256WithRSAEncryption
         b7:66:ab:83:f0:3c:da:a6:1f:5f:51:2a:4e:ca:93:3b:96:b7:
         db:31:38:af:e5:36:ad:ec:9a:6c:f8:78:7c:9b:4c:d5:e7:5f:
         ea:64:5e:8c:c0:dd:e5:d1:cb:4a:4e:0b:e0:f2:a7:a4:62:41:
         73:3f:08:75:2c:3e:02:8a:8e:4f:a9:f8:07:8f:b5:6d:34:b5:
         1d:65:e4:4d:3e:68:c2:00:9c:5f:1f:4e:02:75:bf:c1:e3:35:
         3a:f0:03:d3:03:93:a3:8e:27:6d:ae:9f:51:64:98:68:68:c8:
         3f:6c:c3:21:20:95:8f:bc:c9:12:be:51:e1:84:15:79:7f:b2:
         d8:55:b2:58:59:69:a7:7d:44:f2:ae:96:73:74:3e:33:8f:b6:
         8d:b6:74:a6:e8:f3:1b:be:60:68:39:2c:fa:86:67:24:42:45:
         5c:7f:ce:98:f4:92:94:00:c4:3b:a7:ff:6e:f2:9a:97:4c:d3:
         24:5d:8e:44:4e:7e:01:4c:43:41:77:63:7e:74:61:47:6e:9c:
         45:42:fe:56:b0:c3:f1:f6:2e:8e:6e:c2:32:77:c6:5d:06:ea:
         77:8b:92:76:f0:80:a2:1d:3f:4d:52:90:bd:de:e5:03:a2:d2:
         6e:3b:77:02:bd:41:25:cf:8a:37:35:d7:1c:69:b9:10:eb:65:
         51:3c:97:7d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzFADHHNKR+7pJvZhLGxkkOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMWM0MzIyMDgyMTkxYzc5ZTJkODZkYjRlMWJmOWQwNzE4
ZTI3ZTkwHhcNMjQwMTAxMTIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTAwMTU3M2E1MmYxNjM4MTU3MTFhN2Y2MjI2NTQ1YzgyOWNjMjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj7c73d2kDaJ0BrAitPnxVNukYuy0
I/fWEMgfQrZ5XM6aXl2HYZO/f896ZeMRtxUkUXZl9fFvRYF3udqVD+7zd6xGMSKy
kb66sw8k/rgQww/pR68UVrO0yYwDo9T8PTBoACMoZlDHl8XnfvgXgVH0xhZ+TJb2
F+U54O0a78e2NAHc1Jln6jw3nUwCdFLQf+So5P9teKxtY/Mkia4sSgmydhZWdgud
uJ/hACmShgUXACS9wFfNxzJBoqVtKCuu2vtLPY/SiR76gQYOrKF/AuH3YkDkAuHu
9LFG2p34T+eMskDlVjtX1J8Qt1msXaLFOD38THXcbe9qKy7z3HVIp1w1AwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMEAFXOlLxY4FXEaf2ImVFyCnMJWMB8GA1UdIwQY
MBaAFEEcQyIIIZHHni2G204b+dBxjifpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVJ4RElnZ2hrY2VlTFliYlRodjUwSEdPSi1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy9hNzkzOGYtN2M5YS00M2M5LTk1ZjMt
ZjM4MTBiZDcwMzc2LzEvd1FBVmM2VXZGamdWY1JwX1lpWlVYSUtjd2xZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy9hNzkzOGYtN2M5YS00M2M5LTk1ZjMtZjM4MTBiZDcwMzc2
LzEvUVJ4RElnZ2hrY2VlTFliYlRodjUwSEdPSi1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCQCZoAwQC
uZz0MA0EAgACMAcDBQAqA1sAMA0GCSqGSIb3DQEBCwUAA4IBAQC3ZquD8Dzaph9f
USpOypM7lrfbMTiv5Tat7Jps+Hh8m0zV51/qZF6MwN3l0ctKTgvg8qekYkFzPwh1
LD4Cio5PqfgHj7VtNLUdZeRNPmjCAJxfH04Cdb/B4zU68APTA5Ojjidtrp9RZJho
aMg/bMMhIJWPvMkSvlHhhBV5f7LYVbJYWWmnfUTyrpZzdD4zj7aNtnSm6PMbvmBo
OSz6hmckQkVcf86Y9JKUAMQ7p/9u8pqXTNMkXY5ETn4BTENBd2N+dGFHbpxFQv5W
sMPx9i6ObsIyd8ZdBup3i5J28ICiHT9NUpC93uUDotJuO3cCvUElz4o3NdccabkQ
62VRPJd9
-----END CERTIFICATE-----