Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/Wo1SbWj4uIj2VYAk9L8zjvnKfYg.roa
File:                     Wo1SbWj4uIj2VYAk9L8zjvnKfYg.roa (raw, json)
Hash identifier:          Isba/EFENs9w9xAI9cJ6bNzZvJSwvJZ/kezAG6TZI54=
Subject key identifier:   5A:8D:52:6D:68:F8:B8:88:F6:55:80:24:F4:BF:33:8E:F9:CA:7D:88
Certificate issuer:       /CN=588b1024ea056e5ed498f6e9ddc20632bdf6c9c5
Certificate serial:       018CC56EF5E21379D0F98CB2B67B42B6DF55
Authority key identifier: 58:8B:10:24:EA:05:6E:5E:D4:98:F6:E9:DD:C2:06:32:BD:F6:C9:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIsQJOoFbl7UmPbp3cIGMr32ycU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/Wo1SbWj4uIj2VYAk9L8zjvnKfYg.roa
Signing time:             Mon 01 Jan 2024 14:30:32 +0000
ROA not before:           Mon 01 Jan 2024 14:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211094
IP address blocks:        185.240.240.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/WIsQJOoFbl7UmPbp3cIGMr32ycU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/WIsQJOoFbl7UmPbp3cIGMr32ycU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIsQJOoFbl7UmPbp3cIGMr32ycU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:f5:e2:13:79:d0:f9:8c:b2:b6:7b:42:b6:df:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=588b1024ea056e5ed498f6e9ddc20632bdf6c9c5
        Validity
            Not Before: Jan  1 14:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a8d526d68f8b888f6558024f4bf338ef9ca7d88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:51:bf:81:66:f9:76:44:b9:cd:cd:95:b8:53:
                    96:1b:37:4d:9a:e3:1d:08:68:66:f2:0c:8d:3b:ec:
                    a7:c0:5d:66:6d:ef:92:d7:58:1c:e2:22:02:f1:15:
                    d4:f1:a8:af:74:c0:b6:2d:75:53:d2:f1:64:10:9d:
                    95:b3:bb:36:61:f2:b6:74:5c:d5:b5:cd:32:72:e8:
                    25:bf:d9:50:a6:cc:03:71:95:d9:8a:ca:bc:c8:aa:
                    eb:04:bc:b5:6d:c4:66:23:93:1b:3c:56:d4:f4:38:
                    25:fa:f4:b2:43:a0:d3:21:ef:46:8b:7e:a1:7b:cd:
                    87:30:ba:8b:3c:57:36:93:2c:5b:8f:06:11:f1:db:
                    2e:42:c7:d8:b5:10:8c:12:ea:78:b4:6c:96:75:6c:
                    34:2f:8d:91:a2:1a:4e:f4:9b:01:16:c0:1c:66:0a:
                    a6:da:2d:aa:ac:60:6c:ce:b3:31:d5:07:ab:76:ff:
                    34:2e:c9:94:47:bd:2f:10:de:58:f5:c8:a9:2b:d2:
                    7a:df:64:aa:2d:d7:3e:47:0b:2a:6a:46:2b:c7:14:
                    19:55:33:1c:6e:f0:1c:74:f3:97:c3:42:2f:f8:d5:
                    b8:17:f5:36:cf:f6:03:a2:c0:a9:2f:f7:c6:48:2d:
                    d7:3e:dc:75:43:c6:ad:68:b4:62:4e:85:77:fb:c3:
                    cf:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:8D:52:6D:68:F8:B8:88:F6:55:80:24:F4:BF:33:8E:F9:CA:7D:88
            X509v3 Authority Key Identifier:
                keyid:58:8B:10:24:EA:05:6E:5E:D4:98:F6:E9:DD:C2:06:32:BD:F6:C9:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIsQJOoFbl7UmPbp3cIGMr32ycU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/Wo1SbWj4uIj2VYAk9L8zjvnKfYg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/WIsQJOoFbl7UmPbp3cIGMr32ycU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.240.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:3b:50:24:ab:5e:74:e3:a6:d3:45:80:79:ca:d6:69:b3:92:
         51:aa:b5:f3:d8:c0:c4:81:b9:d4:87:53:3d:df:c2:b8:ca:ac:
         1b:f2:77:33:c9:21:fa:b3:2c:4f:03:ae:34:71:2a:1d:ac:47:
         fc:19:21:ba:df:78:8b:37:d0:21:e6:64:2a:43:1d:ee:59:1e:
         84:28:1a:31:bd:fd:b8:ce:80:bc:48:4d:ec:c8:34:c9:06:bb:
         65:53:8f:e5:31:fd:ee:af:a5:6e:ae:5c:93:dd:37:41:5d:4e:
         1c:84:8c:4d:b1:64:2a:1a:7a:d6:87:2a:ae:e8:46:fd:f2:31:
         b3:89:4d:ed:a0:62:09:78:69:9e:e8:13:5f:24:f8:0b:37:51:
         3b:d8:1d:6d:b8:18:c0:36:60:a5:73:f9:e4:e5:28:31:e4:d9:
         38:2b:df:7c:d8:11:d2:49:c4:8e:cc:12:a7:b0:96:9a:c0:1b:
         b9:81:dd:92:e3:15:78:0b:23:bb:65:6c:ef:dd:1b:a7:c7:df:
         e0:5a:1f:9e:7e:59:f8:cc:56:aa:82:f2:69:8f:e4:b1:17:0c:
         1b:b2:2d:54:ef:2d:12:e2:d2:ba:b5:ab:06:fb:f9:3d:e6:c2:
         44:6c:7c:4b:4b:0c:80:48:7c:14:34:94:19:8b:85:bd:68:6e:
         81:8d:58:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbvXiE3nQ+YyytntCtt9VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4OGIxMDI0ZWEwNTZlNWVkNDk4ZjZlOWRkYzIwNjMyYmRm
NmM5YzUwHhcNMjQwMTAxMTQzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YThkNTI2ZDY4ZjhiODg4ZjY1NTgwMjRmNGJmMzM4ZWY5Y2E3ZDg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAulG/gWb5dkS5zc2VuFOWGzdNmuMd
CGhm8gyNO+ynwF1mbe+S11gc4iIC8RXU8aivdMC2LXVT0vFkEJ2Vs7s2YfK2dFzV
tc0ycuglv9lQpswDcZXZisq8yKrrBLy1bcRmI5MbPFbU9Dgl+vSyQ6DTIe9Gi36h
e82HMLqLPFc2kyxbjwYR8dsuQsfYtRCMEup4tGyWdWw0L42RohpO9JsBFsAcZgqm
2i2qrGBszrMx1Qerdv80LsmUR70vEN5Y9cipK9J632SqLdc+RwsqakYrxxQZVTMc
bvAcdPOXw0Iv+NW4F/U2z/YDosCpL/fGSC3XPtx1Q8ataLRiToV3+8PPjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFqNUm1o+LiI9lWAJPS/M475yn2IMB8GA1UdIwQY
MBaAFFiLECTqBW5e1Jj26d3CBjK99snFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lzUUpPb0ZibDdVbVBicDNjSUdNcjMyeWNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9kMzRhNzQtZDdjZC00Zjk5LTg0Y2Qt
NTY2MjhhNDZkZjQwLzEvV28xU2JXajR1SWoyVllBazlMOHpqdm5LZllnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9kMzRhNzQtZDdjZC00Zjk5LTg0Y2QtNTY2MjhhNDZkZjQw
LzEvV0lzUUpPb0ZibDdVbVBicDNjSUdNcjMyeWNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufDwMA0G
CSqGSIb3DQEBCwUAA4IBAQA/O1Akq15046bTRYB5ytZps5JRqrXz2MDEgbnUh1M9
38K4yqwb8nczySH6syxPA640cSodrEf8GSG633iLN9Ah5mQqQx3uWR6EKBoxvf24
zoC8SE3syDTJBrtlU4/lMf3ur6VurlyT3TdBXU4chIxNsWQqGnrWhyqu6Eb98jGz
iU3toGIJeGme6BNfJPgLN1E72B1tuBjANmClc/nk5Sgx5Nk4K9982BHSScSOzBKn
sJaawBu5gd2S4xV4CyO7ZWzv3Runx9/gWh+efln4zFaqgvJpj+SxFwwbsi1U7y0S
4tK6tasG+/k95sJEbHxLSwyASHwUNJQZi4W9aG6BjVg5
-----END CERTIFICATE-----