Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/33154b-2941-4f70-8133-d48450521dd9/1/w7uiPF3-_L4c71VEhCyzIcAWxSk.roa
File:                     w7uiPF3-_L4c71VEhCyzIcAWxSk.roa (raw, json)
Hash identifier:          k6dzRYERhueErKZ5pJ5XMtRJNTZjOQ48Ecov/UOfA1g=
Subject key identifier:   C3:BB:A2:3C:5D:FE:FC:BE:1C:EF:55:44:84:2C:B3:21:C0:16:C5:29
Certificate issuer:       /CN=b2cd035fab18a4b7826144563f60e7898a4ef0f1
Certificate serial:       018CC8DE63C5643A459D7E8E6D37FA4DDA50
Authority key identifier: B2:CD:03:5F:AB:18:A4:B7:82:61:44:56:3F:60:E7:89:8A:4E:F0:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ss0DX6sYpLeCYURWP2DniYpO8PE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/33154b-2941-4f70-8133-d48450521dd9/1/w7uiPF3-_L4c71VEhCyzIcAWxSk.roa
Signing time:             Tue 02 Jan 2024 06:31:06 +0000
ROA not before:           Tue 02 Jan 2024 06:31:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212731
IP address blocks:        185.49.230.0/24 maxlen: 24
                          2a10:56c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/33154b-2941-4f70-8133-d48450521dd9/1/ss0DX6sYpLeCYURWP2DniYpO8PE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/33154b-2941-4f70-8133-d48450521dd9/1/ss0DX6sYpLeCYURWP2DniYpO8PE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ss0DX6sYpLeCYURWP2DniYpO8PE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:63:c5:64:3a:45:9d:7e:8e:6d:37:fa:4d:da:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2cd035fab18a4b7826144563f60e7898a4ef0f1
        Validity
            Not Before: Jan  2 06:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c3bba23c5dfefcbe1cef5544842cb321c016c529
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:14:fe:1a:ca:d3:10:9a:e6:f8:ea:f8:6d:4a:
                    b4:93:d1:a8:00:ab:81:ab:d5:f1:80:7c:d3:f7:85:
                    20:66:50:63:f0:18:b6:29:40:a2:61:9c:ea:04:a4:
                    d9:0a:0c:a9:d1:e4:98:f0:2a:47:52:d7:e8:e7:d7:
                    bd:9e:e7:fd:33:11:5f:2e:6b:07:3f:e6:63:26:f1:
                    57:23:4c:0b:ca:8f:ae:17:98:cd:7e:46:c5:e0:be:
                    62:82:89:a8:cc:e5:e7:71:a6:d1:47:5f:e7:20:0e:
                    b9:5b:f0:ef:52:06:fe:10:df:bc:19:06:4a:31:73:
                    85:da:86:01:d9:80:75:d3:f2:1f:2d:46:fc:6d:2e:
                    b7:13:d2:70:cd:63:1d:3d:51:aa:ee:50:dc:2c:ae:
                    f2:1f:76:ed:29:82:7f:63:3f:6a:b1:d0:c5:e1:67:
                    3d:cb:8e:24:b7:3f:a5:93:8e:00:bf:77:ec:88:bd:
                    57:0d:a7:5e:c0:45:42:f2:e4:a5:3d:f2:9a:c7:06:
                    5a:cc:4b:6d:aa:dc:50:c4:26:83:d6:e6:a8:f4:55:
                    e7:14:9d:53:c7:6a:47:8c:06:2b:ac:4f:f4:99:91:
                    59:49:f9:85:76:0a:56:37:6b:36:23:3a:ce:f5:d2:
                    b1:f4:8e:9e:5f:4d:71:35:20:08:c9:60:f0:e6:c9:
                    5f:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:BB:A2:3C:5D:FE:FC:BE:1C:EF:55:44:84:2C:B3:21:C0:16:C5:29
            X509v3 Authority Key Identifier:
                keyid:B2:CD:03:5F:AB:18:A4:B7:82:61:44:56:3F:60:E7:89:8A:4E:F0:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ss0DX6sYpLeCYURWP2DniYpO8PE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/33154b-2941-4f70-8133-d48450521dd9/1/w7uiPF3-_L4c71VEhCyzIcAWxSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/33154b-2941-4f70-8133-d48450521dd9/1/ss0DX6sYpLeCYURWP2DniYpO8PE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.49.230.0/24
                IPv6:
                  2a10:56c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         b0:3e:7a:13:71:5a:f0:18:00:94:87:41:2d:4b:0b:5e:0b:a5:
         4b:c7:a5:2c:8b:69:12:a5:8f:9c:20:5c:d9:9f:4d:70:8e:31:
         a5:41:53:4c:33:d5:49:6d:ab:17:7f:b6:18:bc:39:42:e9:58:
         12:dc:19:55:83:fc:90:94:76:8f:fc:51:1f:74:02:bf:53:f0:
         45:27:3e:4a:c8:5a:bd:ff:66:36:49:91:6a:48:68:fc:4b:65:
         4c:38:a6:66:66:ae:b2:ea:98:ba:6a:23:cd:4b:48:8b:ce:c7:
         17:41:09:d9:55:0c:70:11:e2:ff:62:5f:53:66:cc:ff:f3:79:
         50:8c:20:7a:a1:cf:94:6d:70:31:e7:7d:4e:30:45:93:35:2b:
         b8:bc:84:6e:b3:6b:61:8b:77:96:2c:ca:01:07:5b:1c:99:5f:
         fb:c1:27:cc:5b:11:cb:4a:d4:43:52:dc:3c:68:9d:b5:86:29:
         1a:7e:2d:9a:d3:1b:69:a4:95:f9:3f:b2:07:72:5c:45:33:c7:
         60:2e:4b:ad:23:ad:0d:47:e7:cf:d4:c2:5c:2d:a6:af:03:32:
         18:40:31:0e:c8:ad:dd:ee:b4:1b:26:0b:4e:bf:b4:76:8e:d5:
         0b:df:65:1a:0d:2a:cb:e4:bc:85:a2:1f:cb:c8:fb:51:05:26:
         ed:34:55:2a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3mPFZDpFnX6ObTf6TdpQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyY2QwMzVmYWIxOGE0Yjc4MjYxNDQ1NjNmNjBlNzg5OGE0
ZWYwZjEwHhcNMjQwMTAyMDYzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2JiYTIzYzVkZmVmY2JlMWNlZjU1NDQ4NDJjYjMyMWMwMTZjNTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjhT+GsrTEJrm+Or4bUq0k9GoAKuB
q9XxgHzT94UgZlBj8Bi2KUCiYZzqBKTZCgyp0eSY8CpHUtfo59e9nuf9MxFfLmsH
P+ZjJvFXI0wLyo+uF5jNfkbF4L5igomozOXncabRR1/nIA65W/DvUgb+EN+8GQZK
MXOF2oYB2YB10/IfLUb8bS63E9JwzWMdPVGq7lDcLK7yH3btKYJ/Yz9qsdDF4Wc9
y44ktz+lk44Av3fsiL1XDadewEVC8uSlPfKaxwZazEttqtxQxCaD1uao9FXnFJ1T
x2pHjAYrrE/0mZFZSfmFdgpWN2s2IzrO9dKx9I6eX01xNSAIyWDw5slf1wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMO7ojxd/vy+HO9VRIQssyHAFsUpMB8GA1UdIwQY
MBaAFLLNA1+rGKS3gmFEVj9g54mKTvDxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3MwRFg2c1lwTGVDWVVSV1AyRG5pWXBPOFBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zMzE1NGItMjk0MS00ZjcwLTgxMzMt
ZDQ4NDUwNTIxZGQ5LzEvdzd1aVBGMy1fTDRjNzFWRWhDeXpJY0FXeFNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zMzE1NGItMjk0MS00ZjcwLTgxMzMtZDQ4NDUwNTIxZGQ5
LzEvc3MwRFg2c1lwTGVDWVVSV1AyRG5pWXBPOFBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuTHmMA0E
AgACMAcDBQMqEFbAMA0GCSqGSIb3DQEBCwUAA4IBAQCwPnoTcVrwGACUh0EtSwte
C6VLx6Usi2kSpY+cIFzZn01wjjGlQVNMM9VJbasXf7YYvDlC6VgS3BlVg/yQlHaP
/FEfdAK/U/BFJz5KyFq9/2Y2SZFqSGj8S2VMOKZmZq6y6pi6aiPNS0iLzscXQQnZ
VQxwEeL/Yl9TZsz/83lQjCB6oc+UbXAx531OMEWTNSu4vIRus2thi3eWLMoBB1sc
mV/7wSfMWxHLStRDUtw8aJ21hikafi2a0xtppJX5P7IHclxFM8dgLkutI60NR+fP
1MJcLaavAzIYQDEOyK3d7rQbJgtOv7R2jtUL32UaDSrL5LyFoh/LyPtRBSbtNFUq
-----END CERTIFICATE-----