Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/e6ac01-8bfb-4ef3-bfa7-e57440260be0/1/WuR_tfBCiX280lIcK8wWXeeU7JM.roa
File:                     WuR_tfBCiX280lIcK8wWXeeU7JM.roa (raw, json)
Hash identifier:          j09kBCrloWfzbGwGMoeGOloevFBOYgmaBJTYDzXEnzc=
Subject key identifier:   5A:E4:7F:B5:F0:42:89:7D:BC:D2:52:1C:2B:CC:16:5D:E7:94:EC:93
Certificate issuer:       /CN=1d157824c638c718a07b535e0d824cb24afc070c
Certificate serial:       018CC725B30522349AFE409EA43E07047AB6
Authority key identifier: 1D:15:78:24:C6:38:C7:18:A0:7B:53:5E:0D:82:4C:B2:4A:FC:07:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HRV4JMY4xxige1NeDYJMskr8Bww.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/e6ac01-8bfb-4ef3-bfa7-e57440260be0/1/WuR_tfBCiX280lIcK8wWXeeU7JM.roa
Signing time:             Mon 01 Jan 2024 22:29:45 +0000
ROA not before:           Mon 01 Jan 2024 22:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211802
IP address blocks:        88.218.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/e6ac01-8bfb-4ef3-bfa7-e57440260be0/1/HRV4JMY4xxige1NeDYJMskr8Bww.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/e6ac01-8bfb-4ef3-bfa7-e57440260be0/1/HRV4JMY4xxige1NeDYJMskr8Bww.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HRV4JMY4xxige1NeDYJMskr8Bww.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:b3:05:22:34:9a:fe:40:9e:a4:3e:07:04:7a:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d157824c638c718a07b535e0d824cb24afc070c
        Validity
            Not Before: Jan  1 22:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ae47fb5f042897dbcd2521c2bcc165de794ec93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:d7:2d:2f:b4:d3:37:c3:ef:cd:fb:60:3e:27:
                    4f:dd:b3:51:86:30:76:05:4f:22:73:33:4c:56:05:
                    28:6b:37:4a:1b:20:fb:f9:29:2f:95:6f:79:25:2a:
                    7f:51:ea:b6:f0:cf:72:af:88:7d:2c:51:10:b0:3b:
                    c3:13:93:a1:3a:1b:72:f2:69:f7:b0:c7:72:1d:1e:
                    0a:a6:b8:5a:52:d1:0e:49:25:68:47:7d:ce:a3:1d:
                    4c:71:63:f2:0c:40:95:7b:5e:88:b9:93:e6:a8:22:
                    47:69:aa:ca:60:ee:b1:a3:3f:8e:69:d5:59:21:62:
                    b5:43:32:9b:ff:ac:1a:c0:78:3b:66:67:9f:cc:ef:
                    4e:10:1f:91:05:92:2b:d5:5f:9c:1a:b3:14:02:b0:
                    c0:a1:2d:eb:6e:20:7c:63:e7:5d:00:39:87:00:d5:
                    1a:b9:ed:c5:a7:e3:b0:3a:71:76:fa:de:ea:cf:69:
                    9a:10:32:d5:69:d7:2e:fd:0a:b7:ce:32:99:2b:ef:
                    db:74:20:22:95:4d:91:19:7f:66:11:ba:aa:3b:66:
                    02:a6:46:8d:c3:5e:ac:fd:bb:82:fa:0a:7d:56:69:
                    bc:6c:91:0a:d9:4d:e2:af:37:11:32:70:ba:45:ee:
                    02:c6:04:f2:6c:38:cf:e8:30:95:6f:1f:5f:33:af:
                    12:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:E4:7F:B5:F0:42:89:7D:BC:D2:52:1C:2B:CC:16:5D:E7:94:EC:93
            X509v3 Authority Key Identifier:
                keyid:1D:15:78:24:C6:38:C7:18:A0:7B:53:5E:0D:82:4C:B2:4A:FC:07:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HRV4JMY4xxige1NeDYJMskr8Bww.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/e6ac01-8bfb-4ef3-bfa7-e57440260be0/1/WuR_tfBCiX280lIcK8wWXeeU7JM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/e6ac01-8bfb-4ef3-bfa7-e57440260be0/1/HRV4JMY4xxige1NeDYJMskr8Bww.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.218.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:a8:a7:ec:a8:ac:52:7a:8e:49:6b:3c:bf:e8:71:2f:a5:c0:
         00:d7:be:2e:04:f0:0f:da:00:f3:db:e4:b7:e4:f1:bd:93:fd:
         48:3d:14:7b:4b:7d:f4:a5:15:5d:05:84:e2:72:21:12:a8:db:
         af:8e:7e:70:b2:e9:a9:fe:7e:3d:7f:94:0f:3a:36:d2:ac:52:
         11:a2:eb:aa:17:fe:18:49:19:94:10:eb:a4:14:7a:de:3a:0a:
         61:6e:01:15:5b:88:82:8f:84:3e:d9:c4:39:80:9f:70:d3:14:
         e0:12:aa:09:c0:7e:29:5d:38:a2:6e:08:f2:aa:5e:f6:2b:d2:
         41:49:76:09:aa:b7:79:5f:2e:7a:c3:20:98:8c:3b:fa:9b:65:
         cd:bc:ea:69:65:89:66:11:b2:0d:ab:f7:14:1f:f4:10:e2:eb:
         c3:a1:0e:57:ac:66:61:92:30:2a:d8:23:95:e9:83:87:f9:9f:
         0a:e9:13:16:9d:39:b0:5d:19:2a:09:dc:72:b7:eb:b1:e4:de:
         c4:f3:18:80:9d:91:be:7b:36:9f:cb:ba:31:a4:bc:45:a4:4f:
         dc:72:01:80:a6:4b:1a:84:18:5b:70:80:6b:38:b3:53:7d:b4:
         1e:2f:63:a3:ed:30:45:ff:14:80:c1:02:c3:36:5a:5c:fd:33:
         54:97:ab:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJbMFIjSa/kCepD4HBHq2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMTU3ODI0YzYzOGM3MThhMDdiNTM1ZTBkODI0Y2IyNGFm
YzA3MGMwHhcNMjQwMTAxMjIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWU0N2ZiNWYwNDI4OTdkYmNkMjUyMWMyYmNjMTY1ZGU3OTRlYzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjdctL7TTN8PvzftgPidP3bNRhjB2
BU8iczNMVgUoazdKGyD7+SkvlW95JSp/Ueq28M9yr4h9LFEQsDvDE5OhOhty8mn3
sMdyHR4KprhaUtEOSSVoR33Oox1McWPyDECVe16IuZPmqCJHaarKYO6xoz+OadVZ
IWK1QzKb/6wawHg7ZmefzO9OEB+RBZIr1V+cGrMUArDAoS3rbiB8Y+ddADmHANUa
ue3Fp+OwOnF2+t7qz2maEDLVadcu/Qq3zjKZK+/bdCAilU2RGX9mEbqqO2YCpkaN
w16s/buC+gp9Vmm8bJEK2U3irzcRMnC6Re4CxgTybDjP6DCVbx9fM68SwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFrkf7XwQol9vNJSHCvMFl3nlOyTMB8GA1UdIwQY
MBaAFB0VeCTGOMcYoHtTXg2CTLJK/AcMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFJWNEpNWTR4eGlnZTFOZURZSk1za3I4Qnd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC9lNmFjMDEtOGJmYi00ZWYzLWJmYTct
ZTU3NDQwMjYwYmUwLzEvV3VSX3RmQkNpWDI4MGxJY0s4d1dYZWVVN0pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC9lNmFjMDEtOGJmYi00ZWYzLWJmYTctZTU3NDQwMjYwYmUw
LzEvSFJWNEpNWTR4eGlnZTFOZURZSk1za3I4Qnd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNreMA0G
CSqGSIb3DQEBCwUAA4IBAQBMqKfsqKxSeo5Jazy/6HEvpcAA174uBPAP2gDz2+S3
5PG9k/1IPRR7S330pRVdBYTiciESqNuvjn5wsump/n49f5QPOjbSrFIRouuqF/4Y
SRmUEOukFHreOgphbgEVW4iCj4Q+2cQ5gJ9w0xTgEqoJwH4pXTiibgjyql72K9JB
SXYJqrd5Xy56wyCYjDv6m2XNvOppZYlmEbINq/cUH/QQ4uvDoQ5XrGZhkjAq2COV
6YOH+Z8K6RMWnTmwXRkqCdxyt+ux5N7E8xiAnZG+ezafy7oxpLxFpE/ccgGApksa
hBhbcIBrOLNTfbQeL2Oj7TBF/xSAwQLDNlpc/TNUl6vj
-----END CERTIFICATE-----