Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/e62169-486d-4054-b121-f2c8ba021ca8/1/WHcJQXw_kgO4GnF1aZY5-D5333I.roa
File:                     WHcJQXw_kgO4GnF1aZY5-D5333I.roa (raw, json)
Hash identifier:          saWQ8vtkMr6ADoy19mqoUZJPUB++D7+WnKuez79ymZ4=
Subject key identifier:   58:77:09:41:7C:3F:92:03:B8:1A:71:75:69:96:39:F8:3E:77:DF:72
Certificate issuer:       /CN=efc3605c32bbc85d235f0a9ce8f45f0796b723cb
Certificate serial:       018CC64B029FEE3DE25D0B1B89A43FBAB962
Authority key identifier: EF:C3:60:5C:32:BB:C8:5D:23:5F:0A:9C:E8:F4:5F:07:96:B7:23:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/78NgXDK7yF0jXwqc6PRfB5a3I8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/e62169-486d-4054-b121-f2c8ba021ca8/1/WHcJQXw_kgO4GnF1aZY5-D5333I.roa
Signing time:             Mon 01 Jan 2024 18:30:53 +0000
ROA not before:           Mon 01 Jan 2024 18:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48854
IP address blocks:        185.232.149.0/24 maxlen: 24
                          185.232.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/e62169-486d-4054-b121-f2c8ba021ca8/1/78NgXDK7yF0jXwqc6PRfB5a3I8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/e62169-486d-4054-b121-f2c8ba021ca8/1/78NgXDK7yF0jXwqc6PRfB5a3I8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/78NgXDK7yF0jXwqc6PRfB5a3I8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 10:01:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:02:9f:ee:3d:e2:5d:0b:1b:89:a4:3f:ba:b9:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=efc3605c32bbc85d235f0a9ce8f45f0796b723cb
        Validity
            Not Before: Jan  1 18:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=587709417c3f9203b81a7175699639f83e77df72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:8c:a3:74:d6:6d:c2:5e:7c:15:bc:c7:70:09:
                    8a:7b:8c:b1:2a:fb:47:ed:2a:6a:c5:1f:73:d4:28:
                    ab:a7:44:37:55:ac:3b:08:78:16:c2:53:34:0b:89:
                    db:ce:e9:9f:83:73:78:1b:66:e5:fd:81:d5:42:76:
                    b8:73:78:31:14:e9:b3:7b:bb:d1:76:61:31:47:3f:
                    bd:b8:b2:54:55:fb:21:05:65:4f:fa:ac:b2:91:49:
                    c7:9e:f5:2a:34:f4:d4:37:4b:71:77:ee:c5:36:56:
                    1f:1c:6c:83:8b:24:6f:e8:d4:77:04:d6:24:2a:7e:
                    e6:ff:38:a4:98:b3:55:ba:0d:4c:d7:aa:15:34:d1:
                    21:11:0e:d3:a1:29:13:87:95:b7:f6:e6:55:2e:e3:
                    c1:6f:06:ff:d2:bc:46:7f:14:7f:54:af:1f:f7:a6:
                    4e:fa:91:e6:ed:80:ee:8b:c1:1d:35:2b:37:f8:1e:
                    53:08:d5:6f:75:88:66:7f:74:b3:b8:09:aa:5e:c7:
                    cd:a4:d7:8a:a4:4c:ab:b8:98:66:ab:3f:1b:70:12:
                    cc:16:a5:4b:4b:3c:46:6d:f8:42:17:3a:1d:44:25:
                    74:04:69:87:5b:2e:b5:40:35:1f:a6:1e:88:be:52:
                    44:41:e5:c4:9f:87:d8:a9:f4:f5:ee:13:ac:23:9b:
                    f8:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:77:09:41:7C:3F:92:03:B8:1A:71:75:69:96:39:F8:3E:77:DF:72
            X509v3 Authority Key Identifier:
                keyid:EF:C3:60:5C:32:BB:C8:5D:23:5F:0A:9C:E8:F4:5F:07:96:B7:23:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/78NgXDK7yF0jXwqc6PRfB5a3I8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/e62169-486d-4054-b121-f2c8ba021ca8/1/WHcJQXw_kgO4GnF1aZY5-D5333I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/e62169-486d-4054-b121-f2c8ba021ca8/1/78NgXDK7yF0jXwqc6PRfB5a3I8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.232.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c0:2e:84:45:6c:28:20:ae:d7:0d:47:51:6f:32:1a:10:1f:0b:
         62:57:06:56:08:2a:31:e3:27:2c:ec:cc:20:53:e5:10:4e:8c:
         ce:e5:a6:e9:7a:d5:c5:70:1e:b9:1b:30:44:c5:bd:65:a6:f4:
         6a:6f:ba:11:cb:28:88:f4:c4:d1:33:d9:ba:c3:d7:9a:a2:10:
         6f:70:b6:4c:15:16:eb:e3:70:27:16:d7:17:59:42:3e:70:fa:
         dc:60:35:9a:3f:00:25:94:72:11:34:95:7a:e8:f2:ad:71:c0:
         7a:0a:6c:5b:36:af:cf:6f:54:d4:3d:82:39:08:37:b3:a2:d7:
         27:57:c9:63:62:5a:6b:f0:b1:66:3e:9d:4e:1e:cf:ab:d9:1a:
         5a:05:1e:c6:b7:e6:28:6f:9b:b3:a5:0e:46:7c:f3:0d:bd:f9:
         eb:61:b3:ca:0e:9b:b6:ba:45:dc:58:fd:74:6f:04:55:c1:17:
         bc:47:2d:42:f2:8e:92:c4:67:33:3b:f6:4c:f1:18:ab:21:ed:
         c0:1e:5f:2e:bb:5f:4e:86:2c:49:29:1d:81:20:8b:e3:97:cd:
         83:0a:ec:a4:57:b2:c4:ed:c5:00:60:2d:98:26:b6:13:e6:25:
         4f:10:86:4f:70:fc:31:bd:bc:ba:21:6f:66:42:e6:51:9b:05:
         84:40:3b:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSwKf7j3iXQsbiaQ/urliMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmYzM2MDVjMzJiYmM4NWQyMzVmMGE5Y2U4ZjQ1ZjA3OTZi
NzIzY2IwHhcNMjQwMTAxMTgzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODc3MDk0MTdjM2Y5MjAzYjgxYTcxNzU2OTk2MzlmODNlNzdkZjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3oyjdNZtwl58FbzHcAmKe4yxKvtH
7SpqxR9z1Cirp0Q3Vaw7CHgWwlM0C4nbzumfg3N4G2bl/YHVQna4c3gxFOmze7vR
dmExRz+9uLJUVfshBWVP+qyykUnHnvUqNPTUN0txd+7FNlYfHGyDiyRv6NR3BNYk
Kn7m/zikmLNVug1M16oVNNEhEQ7ToSkTh5W39uZVLuPBbwb/0rxGfxR/VK8f96ZO
+pHm7YDui8EdNSs3+B5TCNVvdYhmf3SzuAmqXsfNpNeKpEyruJhmqz8bcBLMFqVL
SzxGbfhCFzodRCV0BGmHWy61QDUfph6IvlJEQeXEn4fYqfT17hOsI5v4/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFh3CUF8P5IDuBpxdWmWOfg+d99yMB8GA1UdIwQY
MBaAFO/DYFwyu8hdI18KnOj0XweWtyPLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzhOZ1hESzd5RjBqWHdxYzZQUmZCNWEzSThzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9lNjIxNjktNDg2ZC00MDU0LWIxMjEt
ZjJjOGJhMDIxY2E4LzEvV0hjSlFYd19rZ080R25GMWFaWTUtRDUzMzNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9lNjIxNjktNDg2ZC00MDU0LWIxMjEtZjJjOGJhMDIxY2E4
LzEvNzhOZ1hESzd5RjBqWHdxYzZQUmZCNWEzSThzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBueiUMA0G
CSqGSIb3DQEBCwUAA4IBAQDALoRFbCggrtcNR1FvMhoQHwtiVwZWCCox4ycs7Mwg
U+UQTozO5abpetXFcB65GzBExb1lpvRqb7oRyyiI9MTRM9m6w9eaohBvcLZMFRbr
43AnFtcXWUI+cPrcYDWaPwAllHIRNJV66PKtccB6CmxbNq/Pb1TUPYI5CDezotcn
V8ljYlpr8LFmPp1OHs+r2RpaBR7Gt+Yob5uzpQ5GfPMNvfnrYbPKDpu2ukXcWP10
bwRVwRe8Ry1C8o6SxGczO/ZM8RirIe3AHl8uu19OhixJKR2BIIvjl82DCuykV7LE
7cUAYC2YJrYT5iVPEIZPcPwxvby6IW9mQuZRmwWEQDsJ
-----END CERTIFICATE-----