Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/107d3e-fcdc-4767-9cca-e4f2cdc7a411/1/W8xOKYuUrB4yQ5Ra5wc31x2a0Ac.roa
File:                     W8xOKYuUrB4yQ5Ra5wc31x2a0Ac.roa (raw, json)
Hash identifier:          zMogPsn0mV3FICmDXJYqruTSL90bxHMmbz3E9GwqU6E=
Subject key identifier:   5B:CC:4E:29:8B:94:AC:1E:32:43:94:5A:E7:07:37:D7:1D:9A:D0:07
Certificate issuer:       /CN=63fa5e2bec0a3ec795f8f19cd47fecc680678b08
Certificate serial:       018D312569AE007BDF5B4330D2426AED6239
Authority key identifier: 63:FA:5E:2B:EC:0A:3E:C7:95:F8:F1:9C:D4:7F:EC:C6:80:67:8B:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y_peK-wKPseV-PGc1H_sxoBniwg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/107d3e-fcdc-4767-9cca-e4f2cdc7a411/1/W8xOKYuUrB4yQ5Ra5wc31x2a0Ac.roa
Signing time:             Mon 22 Jan 2024 12:29:11 +0000
ROA not before:           Mon 22 Jan 2024 12:29:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197677
IP address blocks:        185.227.4.0/24 maxlen: 24
                          2a13:c0::/48 maxlen: 48
                          2a13:c0:3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/107d3e-fcdc-4767-9cca-e4f2cdc7a411/1/Y_peK-wKPseV-PGc1H_sxoBniwg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/107d3e-fcdc-4767-9cca-e4f2cdc7a411/1/Y_peK-wKPseV-PGc1H_sxoBniwg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y_peK-wKPseV-PGc1H_sxoBniwg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:31:25:69:ae:00:7b:df:5b:43:30:d2:42:6a:ed:62:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63fa5e2bec0a3ec795f8f19cd47fecc680678b08
        Validity
            Not Before: Jan 22 12:29:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5bcc4e298b94ac1e3243945ae70737d71d9ad007
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:cb:bd:22:a5:4c:6c:3e:f0:ed:a4:ba:5b:11:
                    bd:af:5c:62:76:da:23:dd:b1:aa:13:62:59:b7:21:
                    85:1d:9b:3a:52:5e:bc:f3:0f:88:25:3c:f6:63:00:
                    38:53:9b:93:ed:26:30:da:68:73:44:29:39:99:0d:
                    8d:03:98:23:16:47:c4:aa:b5:4c:5d:07:cf:2c:cb:
                    e0:7b:07:1e:ce:34:a4:75:3d:f9:75:9d:04:b2:25:
                    05:29:de:d9:b9:f7:2c:d1:02:d0:27:b7:8c:06:11:
                    da:73:0b:1e:db:f1:2b:77:3b:25:b6:c3:dc:ff:14:
                    bd:f4:c8:2d:f3:a5:3e:25:25:39:23:8e:bf:ec:3f:
                    5d:20:ea:b2:a0:5e:a9:8f:a6:ea:cb:d4:70:77:5a:
                    84:f5:b9:1c:99:7c:01:9e:5a:d3:67:9b:e4:d1:c1:
                    19:ae:ae:94:ed:d5:2a:07:b1:44:fd:e6:be:cf:06:
                    1f:a2:85:b9:f6:b3:3e:9f:10:9a:e1:7b:0a:e8:99:
                    22:db:3e:90:95:de:69:c3:83:a5:06:f9:2b:22:af:
                    9d:a6:06:77:1e:76:e1:dc:d6:b9:27:ce:64:97:dd:
                    6a:b7:91:db:c1:94:1b:61:22:1b:9c:39:92:a1:0b:
                    45:0a:de:b0:40:ef:01:00:8c:e3:36:49:fe:55:6d:
                    ea:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:CC:4E:29:8B:94:AC:1E:32:43:94:5A:E7:07:37:D7:1D:9A:D0:07
            X509v3 Authority Key Identifier:
                keyid:63:FA:5E:2B:EC:0A:3E:C7:95:F8:F1:9C:D4:7F:EC:C6:80:67:8B:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y_peK-wKPseV-PGc1H_sxoBniwg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/107d3e-fcdc-4767-9cca-e4f2cdc7a411/1/W8xOKYuUrB4yQ5Ra5wc31x2a0Ac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/107d3e-fcdc-4767-9cca-e4f2cdc7a411/1/Y_peK-wKPseV-PGc1H_sxoBniwg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.227.4.0/24
                IPv6:
                  2a13:c0::/48
                  2a13:c0:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         91:f5:77:46:a1:c4:46:93:b1:f6:a1:9d:92:11:b4:ce:80:75:
         8e:a1:c6:5b:9d:80:39:ba:11:7d:09:21:69:77:3b:01:d5:9a:
         d5:ed:6a:ed:70:ed:18:5c:99:e7:1a:b7:43:c7:7a:2c:24:cb:
         da:4c:c1:66:95:c0:24:66:86:d7:66:f5:42:e8:cc:0f:78:09:
         d8:c4:3c:14:52:29:c0:47:81:db:10:3d:60:ae:d8:bc:91:67:
         3e:65:97:2b:97:4e:84:11:7a:92:51:68:8d:e9:73:6e:44:5d:
         d3:90:41:de:62:e3:b6:93:5e:8a:15:8d:64:4f:50:d7:5d:4c:
         e8:1c:36:9d:20:8f:89:62:b2:b8:53:2a:71:ef:3a:e6:84:56:
         d0:d5:2b:ec:a3:78:56:cb:fa:26:2b:31:83:2e:52:e2:ac:ad:
         a0:aa:34:72:c4:37:ea:d7:40:d8:60:78:3a:62:95:fa:f1:11:
         c2:a8:2f:d0:6c:ef:51:59:30:ae:b9:5a:b8:5f:5d:01:4c:90:
         d7:24:aa:0c:1b:24:69:c1:5b:9a:f6:75:b2:c2:5b:81:5f:e4:
         67:9a:e5:a9:76:1e:37:33:ad:c7:44:47:ee:bb:24:6d:40:ef:
         86:a0:0f:15:fc:be:c8:aa:6b:bc:eb:eb:6d:ba:13:d9:c9:c6:
         9a:6e:c2:a2
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAY0xJWmuAHvfW0Mw0kJq7WI5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZmE1ZTJiZWMwYTNlYzc5NWY4ZjE5Y2Q0N2ZlY2M2ODA2
NzhiMDgwHhcNMjQwMTIyMTIyOTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmNjNGUyOThiOTRhYzFlMzI0Mzk0NWFlNzA3MzdkNzFkOWFkMDA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv8u9IqVMbD7w7aS6WxG9r1xidtoj
3bGqE2JZtyGFHZs6Ul688w+IJTz2YwA4U5uT7SYw2mhzRCk5mQ2NA5gjFkfEqrVM
XQfPLMvgewcezjSkdT35dZ0EsiUFKd7Zufcs0QLQJ7eMBhHacwse2/ErdzsltsPc
/xS99Mgt86U+JSU5I46/7D9dIOqyoF6pj6bqy9Rwd1qE9bkcmXwBnlrTZ5vk0cEZ
rq6U7dUqB7FE/ea+zwYfooW59rM+nxCa4XsK6Jki2z6Qld5pw4OlBvkrIq+dpgZ3
Hnbh3Na5J85kl91qt5HbwZQbYSIbnDmSoQtFCt6wQO8BAIzjNkn+VW3qkwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFFvMTimLlKweMkOUWucHN9cdmtAHMB8GA1UdIwQY
MBaAFGP6XivsCj7HlfjxnNR/7MaAZ4sIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWV9wZUstd0tQc2VWLVBHYzFIX3N4b0JuaXdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8xMDdkM2UtZmNkYy00NzY3LTljY2Et
ZTRmMmNkYzdhNDExLzEvVzh4T0tZdVVyQjR5UTVSYTV3YzMxeDJhMEFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8xMDdkM2UtZmNkYy00NzY3LTljY2EtZTRmMmNkYzdhNDEx
LzEvWV9wZUstd0tQc2VWLVBHYzFIX3N4b0JuaXdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAMBAIAATAGAwQAueMEMBgE
AgACMBIDBwAqEwDAAAADBwAqEwDAAAMwDQYJKoZIhvcNAQELBQADggEBAJH1d0ah
xEaTsfahnZIRtM6AdY6hxludgDm6EX0JIWl3OwHVmtXtau1w7Rhcmecat0PHeiwk
y9pMwWaVwCRmhtdm9ULozA94CdjEPBRSKcBHgdsQPWCu2LyRZz5llyuXToQRepJR
aI3pc25EXdOQQd5i47aTXooVjWRPUNddTOgcNp0gj4lisrhTKnHvOuaEVtDVK+yj
eFbL+iYrMYMuUuKsraCqNHLEN+rXQNhgeDpilfrxEcKoL9Bs71FZMK65WrhfXQFM
kNckqgwbJGnBW5r2dbLCW4Ff5Gea5al2HjczrcdER+67JG1A74agDxX8vsiqa7zr
6226E9nJxppuwqI=
-----END CERTIFICATE-----