Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/c62c7f-f462-4348-b068-f049c66ef811/1/w7fKGyws839YkhMKOM7yB4sIwvU.roa
File:                     w7fKGyws839YkhMKOM7yB4sIwvU.roa (raw, json)
Hash identifier:          q0n2CccpNTYtI823rSafe63gvL+dPwiuncY/wG42BYU=
Subject key identifier:   C3:B7:CA:1B:2C:2C:F3:7F:58:92:13:0A:38:CE:F2:07:8B:08:C2:F5
Certificate issuer:       /CN=ae682c4f0a2940eea872542a6215e354991deb4b
Certificate serial:       018CC5DC02226D3A320B7D4AF42B4588AB7C
Authority key identifier: AE:68:2C:4F:0A:29:40:EE:A8:72:54:2A:62:15:E3:54:99:1D:EB:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rmgsTwopQO6oclQqYhXjVJkd60s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/c62c7f-f462-4348-b068-f049c66ef811/1/w7fKGyws839YkhMKOM7yB4sIwvU.roa
Signing time:             Mon 01 Jan 2024 16:29:39 +0000
ROA not before:           Mon 01 Jan 2024 16:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60156
IP address blocks:        185.47.76.0/22 maxlen: 22
                          2a04:ad40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/c62c7f-f462-4348-b068-f049c66ef811/1/rmgsTwopQO6oclQqYhXjVJkd60s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/c62c7f-f462-4348-b068-f049c66ef811/1/rmgsTwopQO6oclQqYhXjVJkd60s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rmgsTwopQO6oclQqYhXjVJkd60s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:02:22:6d:3a:32:0b:7d:4a:f4:2b:45:88:ab:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae682c4f0a2940eea872542a6215e354991deb4b
        Validity
            Not Before: Jan  1 16:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c3b7ca1b2c2cf37f5892130a38cef2078b08c2f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:87:a6:3a:f4:d6:65:ef:62:1c:7e:c0:98:f7:
                    0b:0a:a3:91:d7:84:13:e6:93:09:33:cf:d4:91:4c:
                    40:29:32:c0:8f:3b:43:63:a2:a9:36:0b:ea:f7:ef:
                    77:62:89:54:37:40:02:a4:5c:5a:ea:c6:73:f0:df:
                    69:79:d6:e5:b9:f0:31:be:cd:e1:8a:9e:f1:01:86:
                    eb:6e:e0:10:b8:8f:95:12:32:af:38:0d:6d:9b:0d:
                    fe:93:6a:52:2f:ea:06:30:4c:28:95:0b:26:e3:2d:
                    54:3d:2f:b5:c5:4c:f6:a7:f5:f6:80:a6:0a:c8:61:
                    f1:cd:12:2b:e0:95:c8:79:e8:1e:73:94:48:35:4d:
                    0d:cd:e3:38:14:f9:7d:4e:e4:42:41:2a:f5:09:ff:
                    1f:88:2e:1a:82:8f:12:67:79:a0:88:05:ee:23:ba:
                    62:3b:ec:2c:7e:09:7c:82:f1:50:e7:36:be:68:b3:
                    9d:db:b1:5f:ae:3e:e7:f2:88:fd:c6:4f:e8:3a:c8:
                    ee:05:b7:2e:8e:f4:fe:80:77:c7:8d:37:ac:78:a1:
                    4f:f9:7e:e6:2b:d5:d8:80:cb:8d:cf:fd:d6:76:f4:
                    8a:b4:82:5e:45:59:81:5b:83:74:fe:87:8f:b4:5c:
                    74:ef:cb:75:01:95:38:5d:95:52:e0:4c:5d:2d:47:
                    55:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:B7:CA:1B:2C:2C:F3:7F:58:92:13:0A:38:CE:F2:07:8B:08:C2:F5
            X509v3 Authority Key Identifier:
                keyid:AE:68:2C:4F:0A:29:40:EE:A8:72:54:2A:62:15:E3:54:99:1D:EB:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rmgsTwopQO6oclQqYhXjVJkd60s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/c62c7f-f462-4348-b068-f049c66ef811/1/w7fKGyws839YkhMKOM7yB4sIwvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/c62c7f-f462-4348-b068-f049c66ef811/1/rmgsTwopQO6oclQqYhXjVJkd60s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.47.76.0/22
                IPv6:
                  2a04:ad40::/29

    Signature Algorithm: sha256WithRSAEncryption
         8b:89:71:7e:14:6e:53:89:99:4d:93:27:aa:45:be:a1:06:14:
         a4:62:49:f1:3f:05:39:e9:b3:f7:d5:99:31:0b:95:a6:dc:38:
         1e:74:2c:88:98:fb:a6:1c:18:7a:31:df:bc:bd:37:c8:27:dc:
         f3:f0:d7:93:54:10:41:43:28:c7:1b:12:79:83:2a:ea:2d:89:
         37:6f:4a:c6:2b:e1:89:e2:27:fc:db:b9:11:b0:5a:82:87:ed:
         e9:95:98:1d:27:d8:75:90:70:60:0a:ff:b8:fa:2b:ce:67:2f:
         c3:45:f5:f4:b7:81:de:84:12:71:23:0e:cd:dd:16:a6:14:c2:
         16:83:36:19:6c:2c:a7:d4:1d:21:c1:0e:fa:35:af:3e:bf:31:
         1c:72:7a:a7:6e:14:36:5b:c9:d7:07:cb:92:1e:25:33:96:b3:
         b8:bf:7d:81:de:29:2d:d6:64:0c:a3:d7:ca:71:c8:a2:72:a2:
         dc:55:4a:e3:47:b4:7b:d0:bb:75:16:3d:5a:bd:45:09:67:05:
         59:56:54:d6:50:2c:a1:ef:34:80:2f:9c:cd:f8:19:59:27:50:
         8d:97:a1:7d:28:e7:ed:40:75:cd:2f:85:8c:e1:b7:91:4d:83:
         ef:28:81:68:6b:98:9d:a1:89:85:3e:f2:8e:bb:dd:e6:dd:76:
         c3:62:6d:17
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3AIibToyC31K9CtFiKt8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlNjgyYzRmMGEyOTQwZWVhODcyNTQyYTYyMTVlMzU0OTkx
ZGViNGIwHhcNMjQwMTAxMTYyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2I3Y2ExYjJjMmNmMzdmNTg5MjEzMGEzOGNlZjIwNzhiMDhjMmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoYemOvTWZe9iHH7AmPcLCqOR14QT
5pMJM8/UkUxAKTLAjztDY6KpNgvq9+93YolUN0ACpFxa6sZz8N9pedblufAxvs3h
ip7xAYbrbuAQuI+VEjKvOA1tmw3+k2pSL+oGMEwolQsm4y1UPS+1xUz2p/X2gKYK
yGHxzRIr4JXIeegec5RINU0NzeM4FPl9TuRCQSr1Cf8fiC4ago8SZ3mgiAXuI7pi
O+wsfgl8gvFQ5za+aLOd27Ffrj7n8oj9xk/oOsjuBbcujvT+gHfHjTeseKFP+X7m
K9XYgMuNz/3WdvSKtIJeRVmBW4N0/oePtFx078t1AZU4XZVS4ExdLUdV9QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMO3yhssLPN/WJITCjjO8geLCML1MB8GA1UdIwQY
MBaAFK5oLE8KKUDuqHJUKmIV41SZHetLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcm1nc1R3b3BRTzZvY2xRcVloWGpWSmtkNjBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9jNjJjN2YtZjQ2Mi00MzQ4LWIwNjgt
ZjA0OWM2NmVmODExLzEvdzdmS0d5d3M4MzlZa2hNS09NN3lCNHNJd3ZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9jNjJjN2YtZjQ2Mi00MzQ4LWIwNjgtZjA0OWM2NmVmODEx
LzEvcm1nc1R3b3BRTzZvY2xRcVloWGpWSmtkNjBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuS9MMA0E
AgACMAcDBQMqBK1AMA0GCSqGSIb3DQEBCwUAA4IBAQCLiXF+FG5TiZlNkyeqRb6h
BhSkYknxPwU56bP31ZkxC5Wm3DgedCyImPumHBh6Md+8vTfIJ9zz8NeTVBBBQyjH
GxJ5gyrqLYk3b0rGK+GJ4if827kRsFqCh+3plZgdJ9h1kHBgCv+4+ivOZy/DRfX0
t4HehBJxIw7N3RamFMIWgzYZbCyn1B0hwQ76Na8+vzEccnqnbhQ2W8nXB8uSHiUz
lrO4v32B3ikt1mQMo9fKcciicqLcVUrjR7R70Lt1Fj1avUUJZwVZVlTWUCyh7zSA
L5zN+BlZJ1CNl6F9KOftQHXNL4WM4beRTYPvKIFoa5idoYmFPvKOu93m3XbDYm0X
-----END CERTIFICATE-----