Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/fc5af5-0b50-4531-9374-ebeb9a991488/1/W7c5034DAF53w8qreV1Dvti4I7Q.roa
File:                     W7c5034DAF53w8qreV1Dvti4I7Q.roa (raw, json)
Hash identifier:          xQ8Y8UvPp64OPYksn7Xr35tS9zcQzgllc/epWw61wjE=
Subject key identifier:   5B:B7:39:D3:7E:03:00:5E:77:C3:CA:AB:79:5D:43:BE:D8:B8:23:B4
Certificate issuer:       /CN=06b8ed985ef2034e8e307c447f3496c32adad2c8
Certificate serial:       018CC9BC1152C6763C2792195B1F53A0C6AE
Authority key identifier: 06:B8:ED:98:5E:F2:03:4E:8E:30:7C:44:7F:34:96:C3:2A:DA:D2:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BrjtmF7yA06OMHxEfzSWwyra0sg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/fc5af5-0b50-4531-9374-ebeb9a991488/1/W7c5034DAF53w8qreV1Dvti4I7Q.roa
Signing time:             Tue 02 Jan 2024 10:33:14 +0000
ROA not before:           Tue 02 Jan 2024 10:33:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39605
IP address blocks:        185.99.148.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/fc5af5-0b50-4531-9374-ebeb9a991488/1/BrjtmF7yA06OMHxEfzSWwyra0sg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/fc5af5-0b50-4531-9374-ebeb9a991488/1/BrjtmF7yA06OMHxEfzSWwyra0sg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BrjtmF7yA06OMHxEfzSWwyra0sg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 01:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:11:52:c6:76:3c:27:92:19:5b:1f:53:a0:c6:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06b8ed985ef2034e8e307c447f3496c32adad2c8
        Validity
            Not Before: Jan  2 10:33:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5bb739d37e03005e77c3caab795d43bed8b823b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:a7:1c:36:9a:ba:99:d1:f0:91:fc:5e:a3:52:
                    ae:d7:0c:c6:a0:ad:a2:53:bf:fe:03:b4:e5:94:05:
                    2a:43:ec:fc:5d:fb:bf:31:37:0d:fe:c1:49:36:b5:
                    24:69:60:d4:c6:b5:96:1c:6b:15:4f:7e:77:66:7d:
                    d4:f4:0b:ad:c2:1d:f5:ea:ff:b1:94:3e:7d:47:ef:
                    83:49:aa:66:5b:af:af:1b:ea:16:ea:ed:7d:76:dd:
                    bb:1b:98:6d:13:53:84:58:88:89:59:f6:c6:b3:dc:
                    f2:88:9a:e5:9a:56:0c:23:20:7f:e2:a4:dd:ba:d6:
                    a9:0a:37:0b:84:92:be:7f:22:ca:6c:2f:4e:0b:4b:
                    09:13:d5:51:68:a0:d2:3d:f9:20:2f:a7:25:99:fe:
                    a4:18:50:2c:d9:1d:38:fd:ad:2c:36:4c:ba:db:67:
                    eb:e0:db:d0:52:69:6e:52:fd:25:51:39:97:f9:53:
                    98:b7:3c:41:4e:53:e4:6a:d2:f6:f4:2e:70:53:74:
                    00:5d:60:c4:ec:3b:bb:37:55:37:6a:74:5a:9d:53:
                    ba:75:7b:22:10:e8:c0:5d:ac:a6:70:70:ed:68:0f:
                    cc:56:c7:4d:f5:3c:01:a8:ef:84:a3:ba:51:14:2b:
                    f8:59:fc:74:e6:8f:5d:a3:92:9c:48:ed:43:d4:b2:
                    5f:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:B7:39:D3:7E:03:00:5E:77:C3:CA:AB:79:5D:43:BE:D8:B8:23:B4
            X509v3 Authority Key Identifier:
                keyid:06:B8:ED:98:5E:F2:03:4E:8E:30:7C:44:7F:34:96:C3:2A:DA:D2:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BrjtmF7yA06OMHxEfzSWwyra0sg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/fc5af5-0b50-4531-9374-ebeb9a991488/1/W7c5034DAF53w8qreV1Dvti4I7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/fc5af5-0b50-4531-9374-ebeb9a991488/1/BrjtmF7yA06OMHxEfzSWwyra0sg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.99.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3d:2a:5a:18:b1:58:b9:a5:37:da:39:c9:42:60:6e:30:99:08:
         92:f3:9a:4d:f0:e6:2e:3e:4b:16:8e:ad:ca:31:9c:1d:bd:ee:
         84:16:71:36:f2:f8:f3:78:08:bd:72:4e:e4:0f:b5:04:87:ec:
         d6:a9:24:6c:33:a7:ed:00:56:6c:01:d7:0d:6b:b4:73:87:e8:
         c5:b5:d8:39:d0:c6:2b:de:68:2d:23:fc:ba:42:b2:54:79:ee:
         de:8b:64:ad:07:91:6c:bc:9f:73:ed:b6:2f:c9:75:f1:81:af:
         6a:e3:c6:52:38:e7:68:bc:a9:86:b7:a0:53:6b:95:df:af:85:
         67:b6:2e:d3:23:bd:59:4f:09:27:f5:1b:85:ec:78:3a:a4:c1:
         c7:35:6c:e8:d0:30:e0:98:0b:d4:66:2a:1d:91:0e:1e:d2:ea:
         78:a1:ba:e9:27:c1:e6:ee:f5:eb:e8:6d:37:75:06:85:40:b1:
         cc:32:33:ba:af:18:47:e1:98:3d:1d:98:a7:e0:ed:fa:94:46:
         8d:ff:d5:1c:66:78:d7:12:25:6d:33:9a:52:4d:b2:2c:ab:7a:
         1a:f9:4a:94:4b:3e:f5:3d:f8:c2:ab:d4:ad:a5:6f:f6:7b:91:
         10:fd:d5:1c:2f:7b:64:27:4b:bc:44:0c:8e:7a:84:d5:dc:8b:
         a6:c5:14:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvBFSxnY8J5IZWx9ToMauMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2YjhlZDk4NWVmMjAzNGU4ZTMwN2M0NDdmMzQ5NmMzMmFk
YWQyYzgwHhcNMjQwMTAyMTAzMzE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmI3MzlkMzdlMDMwMDVlNzdjM2NhYWI3OTVkNDNiZWQ4YjgyM2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp6ccNpq6mdHwkfxeo1Ku1wzGoK2i
U7/+A7TllAUqQ+z8Xfu/MTcN/sFJNrUkaWDUxrWWHGsVT353Zn3U9Autwh316v+x
lD59R++DSapmW6+vG+oW6u19dt27G5htE1OEWIiJWfbGs9zyiJrlmlYMIyB/4qTd
utapCjcLhJK+fyLKbC9OC0sJE9VRaKDSPfkgL6clmf6kGFAs2R04/a0sNky622fr
4NvQUmluUv0lUTmX+VOYtzxBTlPkatL29C5wU3QAXWDE7Du7N1U3anRanVO6dXsi
EOjAXaymcHDtaA/MVsdN9TwBqO+Eo7pRFCv4Wfx05o9do5KcSO1D1LJfQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFu3OdN+AwBed8PKq3ldQ77YuCO0MB8GA1UdIwQY
MBaAFAa47Zhe8gNOjjB8RH80lsMq2tLIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnJqdG1GN3lBMDZPTUh4RWZ6U1d3eXJhMHNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mYzVhZjUtMGI1MC00NTMxLTkzNzQt
ZWJlYjlhOTkxNDg4LzEvVzdjNTAzNERBRjUzdzhxcmVWMUR2dGk0STdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mYzVhZjUtMGI1MC00NTMxLTkzNzQtZWJlYjlhOTkxNDg4
LzEvQnJqdG1GN3lBMDZPTUh4RWZ6U1d3eXJhMHNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWOUMA0G
CSqGSIb3DQEBCwUAA4IBAQA9KloYsVi5pTfaOclCYG4wmQiS85pN8OYuPksWjq3K
MZwdve6EFnE28vjzeAi9ck7kD7UEh+zWqSRsM6ftAFZsAdcNa7Rzh+jFtdg50MYr
3mgtI/y6QrJUee7ei2StB5FsvJ9z7bYvyXXxga9q48ZSOOdovKmGt6BTa5Xfr4Vn
ti7TI71ZTwkn9RuF7Hg6pMHHNWzo0DDgmAvUZiodkQ4e0up4obrpJ8Hm7vXr6G03
dQaFQLHMMjO6rxhH4Zg9HZin4O36lEaN/9UcZnjXEiVtM5pSTbIsq3oa+UqUSz71
PfjCq9StpW/2e5EQ/dUcL3tkJ0u8RAyOeoTV3IumxRQe
-----END CERTIFICATE-----