Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/d158e1-512b-4486-af87-b490a6d6be25/1/wC2OMdfhEbYfpN8DPaLcDGbxAPw.roa
File:                     wC2OMdfhEbYfpN8DPaLcDGbxAPw.roa (raw, json)
Hash identifier:          FOw4UeMfqVOudjA9LdPG1Jf7zb5B88w/ukM/3QV+DUE=
Subject key identifier:   C0:2D:8E:31:D7:E1:11:B6:1F:A4:DF:03:3D:A2:DC:0C:66:F1:00:FC
Certificate issuer:       /CN=5577b4b87ab86aca577e56e38d5b8a5813cccc3d
Certificate serial:       018CC424E63D630D8F3CD3F01189C5D53E83
Authority key identifier: 55:77:B4:B8:7A:B8:6A:CA:57:7E:56:E3:8D:5B:8A:58:13:CC:CC:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VXe0uHq4aspXflbjjVuKWBPMzD0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/d158e1-512b-4486-af87-b490a6d6be25/1/wC2OMdfhEbYfpN8DPaLcDGbxAPw.roa
Signing time:             Mon 01 Jan 2024 08:30:01 +0000
ROA not before:           Mon 01 Jan 2024 08:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211458
IP address blocks:        185.23.110.0/24 maxlen: 24
                          2a10:df40::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/d158e1-512b-4486-af87-b490a6d6be25/1/VXe0uHq4aspXflbjjVuKWBPMzD0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/d158e1-512b-4486-af87-b490a6d6be25/1/VXe0uHq4aspXflbjjVuKWBPMzD0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VXe0uHq4aspXflbjjVuKWBPMzD0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:e6:3d:63:0d:8f:3c:d3:f0:11:89:c5:d5:3e:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5577b4b87ab86aca577e56e38d5b8a5813cccc3d
        Validity
            Not Before: Jan  1 08:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c02d8e31d7e111b61fa4df033da2dc0c66f100fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:1d:1c:2d:20:07:e5:e1:43:46:c2:4c:a7:56:
                    cc:f2:32:9e:1f:46:fe:98:ed:bc:e2:25:c1:92:b1:
                    1f:d1:d1:d4:a0:61:46:a2:fc:d9:42:89:cb:12:57:
                    61:2d:af:8e:79:6b:40:cd:e2:53:77:47:90:52:5a:
                    96:fe:4d:d5:e8:79:6a:e1:f8:75:ee:7a:74:26:b9:
                    1c:02:20:60:1c:0b:41:92:ca:47:9f:2a:9e:af:c5:
                    1a:f2:99:b3:09:06:a1:3e:98:9c:7b:5f:42:61:57:
                    78:f7:53:34:19:a3:e8:28:fd:86:c4:9f:75:91:41:
                    de:d3:2f:93:50:07:db:28:bb:84:85:44:a3:9b:e6:
                    63:3e:34:af:c1:6b:06:af:e6:13:ee:68:a7:d2:7f:
                    92:e1:99:14:93:68:92:ff:c3:2f:82:71:09:1d:0f:
                    b7:27:80:6e:39:5a:da:70:ab:55:c5:1b:74:26:c9:
                    f7:8d:08:ae:49:15:ea:e4:f8:7b:b9:00:6d:8f:94:
                    af:c7:b8:7e:d5:54:d2:e2:86:67:9d:c6:1c:52:ff:
                    ab:73:24:53:25:bb:73:b3:10:c4:39:47:18:22:4b:
                    40:da:c0:d0:9b:38:11:17:34:43:a8:b4:ff:54:49:
                    4f:75:ee:45:2f:af:9a:06:17:56:f3:31:21:ec:48:
                    fa:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:2D:8E:31:D7:E1:11:B6:1F:A4:DF:03:3D:A2:DC:0C:66:F1:00:FC
            X509v3 Authority Key Identifier:
                keyid:55:77:B4:B8:7A:B8:6A:CA:57:7E:56:E3:8D:5B:8A:58:13:CC:CC:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VXe0uHq4aspXflbjjVuKWBPMzD0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/d158e1-512b-4486-af87-b490a6d6be25/1/wC2OMdfhEbYfpN8DPaLcDGbxAPw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/d158e1-512b-4486-af87-b490a6d6be25/1/VXe0uHq4aspXflbjjVuKWBPMzD0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.23.110.0/24
                IPv6:
                  2a10:df40::/29

    Signature Algorithm: sha256WithRSAEncryption
         8a:1a:b6:85:8a:0b:e2:72:85:c9:63:88:63:0a:7c:e0:77:03:
         76:0b:a0:fb:84:07:1e:7f:18:99:a0:7d:e3:39:13:04:9c:5c:
         a9:2e:2b:7d:79:b2:6c:60:60:34:a3:fd:33:a6:55:76:8a:55:
         59:2e:2b:1c:ce:19:d7:1c:8d:f4:78:02:93:57:41:36:8a:7a:
         46:86:72:13:de:96:d1:06:8f:86:06:59:9e:05:10:75:35:35:
         a8:4b:e1:98:0d:6a:78:6d:d9:41:37:8f:34:3e:12:9d:63:6d:
         1f:15:73:32:3d:a6:3c:84:61:d0:12:78:cd:6b:47:9e:19:83:
         16:38:a5:ce:b1:8d:de:9b:73:8e:a1:5a:d6:ec:24:5c:c0:ad:
         2e:7e:d9:da:98:a7:76:a2:9d:41:24:17:34:f5:44:fc:6b:c2:
         bc:fc:d1:82:d7:a4:7b:c6:26:5e:df:04:b2:48:85:a0:ea:4e:
         47:9f:36:07:3e:44:6f:68:2f:8d:bc:d4:a1:bf:f9:99:1f:7c:
         6d:df:a1:14:2e:a9:2f:c8:e8:38:00:22:56:0f:e4:52:20:aa:
         21:ae:e8:b1:40:ca:03:45:96:85:27:28:f8:c5:79:90:68:63:
         fe:04:1b:f2:b0:b1:ea:1e:00:42:27:3c:c9:43:4e:7b:a9:58:
         93:74:5a:18
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJOY9Yw2PPNPwEYnF1T6DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1NzdiNGI4N2FiODZhY2E1NzdlNTZlMzhkNWI4YTU4MTNj
Y2NjM2QwHhcNMjQwMTAxMDgzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDJkOGUzMWQ3ZTExMWI2MWZhNGRmMDMzZGEyZGMwYzY2ZjEwMGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmR0cLSAH5eFDRsJMp1bM8jKeH0b+
mO284iXBkrEf0dHUoGFGovzZQonLEldhLa+OeWtAzeJTd0eQUlqW/k3V6Hlq4fh1
7np0JrkcAiBgHAtBkspHnyqer8Ua8pmzCQahPpice19CYVd491M0GaPoKP2GxJ91
kUHe0y+TUAfbKLuEhUSjm+ZjPjSvwWsGr+YT7min0n+S4ZkUk2iS/8MvgnEJHQ+3
J4BuOVracKtVxRt0Jsn3jQiuSRXq5Ph7uQBtj5Svx7h+1VTS4oZnncYcUv+rcyRT
JbtzsxDEOUcYIktA2sDQmzgRFzRDqLT/VElPde5FL6+aBhdW8zEh7Ej64wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMAtjjHX4RG2H6TfAz2i3Axm8QD8MB8GA1UdIwQY
MBaAFFV3tLh6uGrKV35W441bilgTzMw9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlhlMHVIcTRhc3BYZmxiampWdUtXQlBNekQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9kMTU4ZTEtNTEyYi00NDg2LWFmODct
YjQ5MGE2ZDZiZTI1LzEvd0MyT01kZmhFYllmcE44RFBhTGNER2J4QVB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9kMTU4ZTEtNTEyYi00NDg2LWFmODctYjQ5MGE2ZDZiZTI1
LzEvVlhlMHVIcTRhc3BYZmxiampWdUtXQlBNekQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuRduMA0E
AgACMAcDBQMqEN9AMA0GCSqGSIb3DQEBCwUAA4IBAQCKGraFigvicoXJY4hjCnzg
dwN2C6D7hAcefxiZoH3jORMEnFypLit9ebJsYGA0o/0zplV2ilVZLisczhnXHI30
eAKTV0E2inpGhnIT3pbRBo+GBlmeBRB1NTWoS+GYDWp4bdlBN480PhKdY20fFXMy
PaY8hGHQEnjNa0eeGYMWOKXOsY3em3OOoVrW7CRcwK0uftnamKd2op1BJBc09UT8
a8K8/NGC16R7xiZe3wSySIWg6k5HnzYHPkRvaC+NvNShv/mZH3xt36EULqkvyOg4
ACJWD+RSIKohruixQMoDRZaFJyj4xXmQaGP+BBvysLHqHgBCJzzJQ057qViTdFoY
-----END CERTIFICATE-----