Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/86cc47-f0c0-473a-b11b-f5c09ff38a00/1/W0rGtsHSbD1y10TcVpfeSn3yCFE.roa
File:                     W0rGtsHSbD1y10TcVpfeSn3yCFE.roa (raw, json)
Hash identifier:          gDwF2oj/O+KNG+IEqmR0mtQ9RcIHRGT8mTdMfBqV8hw=
Subject key identifier:   5B:4A:C6:B6:C1:D2:6C:3D:72:D7:44:DC:56:97:DE:4A:7D:F2:08:51
Certificate issuer:       /CN=e7cc8626138bf1e9cb3fd1fec26c68c4a634096b
Certificate serial:       018CC3494D772289403DF0A2B325B25CB8E7
Authority key identifier: E7:CC:86:26:13:8B:F1:E9:CB:3F:D1:FE:C2:6C:68:C4:A6:34:09:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/58yGJhOL8enLP9H-wmxoxKY0CWs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/86cc47-f0c0-473a-b11b-f5c09ff38a00/1/W0rGtsHSbD1y10TcVpfeSn3yCFE.roa
Signing time:             Mon 01 Jan 2024 04:30:10 +0000
ROA not before:           Mon 01 Jan 2024 04:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199424
IP address blocks:        195.2.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/86cc47-f0c0-473a-b11b-f5c09ff38a00/1/58yGJhOL8enLP9H-wmxoxKY0CWs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/86cc47-f0c0-473a-b11b-f5c09ff38a00/1/58yGJhOL8enLP9H-wmxoxKY0CWs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/58yGJhOL8enLP9H-wmxoxKY0CWs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 13:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:4d:77:22:89:40:3d:f0:a2:b3:25:b2:5c:b8:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7cc8626138bf1e9cb3fd1fec26c68c4a634096b
        Validity
            Not Before: Jan  1 04:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b4ac6b6c1d26c3d72d744dc5697de4a7df20851
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:84:6e:2d:3d:5e:5a:bd:62:e1:f4:f0:e9:f2:
                    bc:6e:fa:db:7c:26:51:05:dc:91:73:a2:56:76:7f:
                    c3:b1:d1:be:cc:11:df:d6:cf:23:1d:2e:66:b5:68:
                    94:64:c2:29:c7:6a:d9:53:23:ca:39:86:52:60:b7:
                    b9:42:33:89:82:8c:9d:d8:e3:7c:4f:b9:da:8b:5d:
                    72:ec:80:fd:ab:f5:e8:51:d5:38:1b:c9:5a:e9:b2:
                    99:57:b5:a7:da:6b:3f:a5:18:c4:52:c9:ac:75:c8:
                    8c:6a:a5:b3:35:d2:8c:f6:da:37:f3:94:b9:60:f0:
                    9a:fc:18:dc:7b:3d:fa:b8:70:2a:98:12:a8:f9:5c:
                    73:56:4c:a7:ee:b7:f7:6a:d5:69:d0:42:e6:b2:2d:
                    00:69:42:ee:93:b9:a6:0a:5f:6d:a9:c8:dc:f0:52:
                    5b:32:3d:e7:aa:4b:a1:f4:58:67:a6:cf:7f:97:15:
                    a0:2a:c4:1f:22:c6:d5:0b:f8:56:16:6d:1b:2a:37:
                    e6:3d:84:5d:fd:c8:17:50:72:41:c1:e1:35:f8:d9:
                    8a:0f:96:bd:8c:0c:66:34:eb:a3:a8:ff:bc:b1:7c:
                    b8:28:de:ca:df:5b:38:48:81:46:e4:e9:51:ec:34:
                    c9:83:2f:a4:ce:44:c8:ef:4f:cd:08:63:bc:8a:a9:
                    a7:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:4A:C6:B6:C1:D2:6C:3D:72:D7:44:DC:56:97:DE:4A:7D:F2:08:51
            X509v3 Authority Key Identifier:
                keyid:E7:CC:86:26:13:8B:F1:E9:CB:3F:D1:FE:C2:6C:68:C4:A6:34:09:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/58yGJhOL8enLP9H-wmxoxKY0CWs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/86cc47-f0c0-473a-b11b-f5c09ff38a00/1/W0rGtsHSbD1y10TcVpfeSn3yCFE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/86cc47-f0c0-473a-b11b-f5c09ff38a00/1/58yGJhOL8enLP9H-wmxoxKY0CWs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.2.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:8d:09:ea:3d:f5:42:68:65:2c:40:30:8b:8e:97:80:8d:d7:
         77:1c:6a:99:40:47:86:f5:47:f0:e3:f7:ca:bc:96:7f:ab:06:
         d1:bb:c9:12:9e:66:3e:71:e8:3c:fd:e6:46:3b:46:91:51:3e:
         a2:20:d3:59:58:79:d5:76:f1:6d:16:07:52:b6:66:91:7a:47:
         f8:22:4a:12:07:97:a1:58:7b:78:57:2d:a2:0f:67:46:2a:9e:
         2c:95:f1:a8:22:4c:91:3c:89:11:87:e5:20:ba:a4:0b:c1:8f:
         02:a8:fb:08:b7:9a:4f:0c:ef:83:7a:76:75:a0:08:d1:6d:48:
         af:97:1b:0c:f6:37:60:d7:39:d1:f6:10:9d:e3:5a:60:75:52:
         41:67:32:63:39:4b:59:7d:01:99:f9:05:69:fa:b0:e0:30:0c:
         80:95:d2:34:0f:89:dc:ff:03:c3:fa:7d:b5:96:09:05:4e:97:
         90:8a:7f:d8:2b:d8:48:84:eb:12:50:dc:d4:14:97:ad:c6:9c:
         96:30:a3:a0:52:d0:e1:c7:1a:34:33:d3:c8:c6:93:2d:b6:1c:
         ff:7d:26:0c:b3:29:76:ee:91:8c:6f:eb:fc:80:bf:6c:7f:c1:
         39:fe:72:3c:19:58:03:6a:3c:83:b8:0c:e4:26:ae:23:ba:4e:
         c8:49:e2:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSU13IolAPfCisyWyXLjnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3Y2M4NjI2MTM4YmYxZTljYjNmZDFmZWMyNmM2OGM0YTYz
NDA5NmIwHhcNMjQwMTAxMDQzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjRhYzZiNmMxZDI2YzNkNzJkNzQ0ZGM1Njk3ZGU0YTdkZjIwODUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoRuLT1eWr1i4fTw6fK8bvrbfCZR
BdyRc6JWdn/DsdG+zBHf1s8jHS5mtWiUZMIpx2rZUyPKOYZSYLe5QjOJgoyd2ON8
T7nai11y7ID9q/XoUdU4G8la6bKZV7Wn2ms/pRjEUsmsdciMaqWzNdKM9to385S5
YPCa/Bjcez36uHAqmBKo+VxzVkyn7rf3atVp0ELmsi0AaULuk7mmCl9tqcjc8FJb
Mj3nqkuh9Fhnps9/lxWgKsQfIsbVC/hWFm0bKjfmPYRd/cgXUHJBweE1+NmKD5a9
jAxmNOujqP+8sXy4KN7K31s4SIFG5OlR7DTJgy+kzkTI70/NCGO8iqmn0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFtKxrbB0mw9ctdE3FaX3kp98ghRMB8GA1UdIwQY
MBaAFOfMhiYTi/Hpyz/R/sJsaMSmNAlrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTh5R0poT0w4ZW5MUDlILXdteG94S1kwQ1dzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny84NmNjNDctZjBjMC00NzNhLWIxMWIt
ZjVjMDlmZjM4YTAwLzEvVzByR3RzSFNiRDF5MTBUY1ZwZmVTbjN5Q0ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny84NmNjNDctZjBjMC00NzNhLWIxMWItZjVjMDlmZjM4YTAw
LzEvNTh5R0poT0w4ZW5MUDlILXdteG94S1kwQ1dzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwLiMA0G
CSqGSIb3DQEBCwUAA4IBAQCXjQnqPfVCaGUsQDCLjpeAjdd3HGqZQEeG9Ufw4/fK
vJZ/qwbRu8kSnmY+ceg8/eZGO0aRUT6iINNZWHnVdvFtFgdStmaRekf4IkoSB5eh
WHt4Vy2iD2dGKp4slfGoIkyRPIkRh+UguqQLwY8CqPsIt5pPDO+DenZ1oAjRbUiv
lxsM9jdg1znR9hCd41pgdVJBZzJjOUtZfQGZ+QVp+rDgMAyAldI0D4nc/wPD+n21
lgkFTpeQin/YK9hIhOsSUNzUFJetxpyWMKOgUtDhxxo0M9PIxpMtthz/fSYMsyl2
7pGMb+v8gL9sf8E5/nI8GVgDajyDuAzkJq4juk7ISeJb
-----END CERTIFICATE-----