Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/b67eb7-e496-4c31-9f67-97902d8a7fa6/1/wRew0_7uJJnsW-wA2z9MIcR1yAE.roa
File:                     wRew0_7uJJnsW-wA2z9MIcR1yAE.roa (raw, json)
Hash identifier:          OslDVbURcyavypb3pjZIFK/vrgxlUIEvu03Iialq8y4=
Subject key identifier:   C1:17:B0:D3:FE:EE:24:99:EC:5B:EC:00:DB:3F:4C:21:C4:75:C8:01
Certificate issuer:       /CN=84bbaeb70b3f1d06716358ad9a2ecfef7d2126fb
Certificate serial:       018CC794E413E95E664EBF24D0DE78D681CC
Authority key identifier: 84:BB:AE:B7:0B:3F:1D:06:71:63:58:AD:9A:2E:CF:EF:7D:21:26:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLuutws_HQZxY1itmi7P730hJvs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/b67eb7-e496-4c31-9f67-97902d8a7fa6/1/wRew0_7uJJnsW-wA2z9MIcR1yAE.roa
Signing time:             Tue 02 Jan 2024 00:31:12 +0000
ROA not before:           Tue 02 Jan 2024 00:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59674
IP address blocks:        185.179.24.0/24 maxlen: 24
                          185.179.26.0/24 maxlen: 24
                          185.179.27.0/24 maxlen: 24
                          185.179.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/b67eb7-e496-4c31-9f67-97902d8a7fa6/1/hLuutws_HQZxY1itmi7P730hJvs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/b67eb7-e496-4c31-9f67-97902d8a7fa6/1/hLuutws_HQZxY1itmi7P730hJvs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLuutws_HQZxY1itmi7P730hJvs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:e4:13:e9:5e:66:4e:bf:24:d0:de:78:d6:81:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84bbaeb70b3f1d06716358ad9a2ecfef7d2126fb
        Validity
            Not Before: Jan  2 00:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c117b0d3feee2499ec5bec00db3f4c21c475c801
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:45:81:14:c1:e7:c6:a2:99:41:57:9d:95:34:
                    a7:9b:49:c4:ad:46:78:64:f6:03:fd:ec:e7:13:28:
                    a6:40:97:63:23:dd:17:c2:ea:69:b1:20:41:e9:24:
                    b3:dd:cd:7d:b6:13:32:a3:ed:d7:e2:4f:d0:5d:c6:
                    5f:7d:b5:b2:de:c6:5e:42:17:70:88:f7:03:77:8d:
                    2a:fc:56:2d:dd:dc:ac:29:c4:48:2c:0c:60:90:ca:
                    07:02:f2:f7:0d:3b:13:42:d3:a0:08:c5:cc:10:11:
                    f7:72:9f:c0:92:e3:f9:93:4c:64:2e:be:bb:57:85:
                    79:22:0a:ff:35:7e:28:e5:68:41:1b:e7:00:19:51:
                    5b:ca:08:92:f3:d7:fe:fa:bc:98:dc:03:a1:c1:22:
                    c9:23:04:b9:13:c4:bc:57:b0:8a:46:74:4a:98:c0:
                    2b:17:26:07:d9:5e:e8:6b:82:b1:fa:d1:3c:d9:1e:
                    f3:bc:65:f1:ca:88:1f:39:c1:39:e7:f5:cf:5e:86:
                    62:91:87:d3:ef:73:c1:e2:cf:e4:46:64:5e:aa:b2:
                    96:ac:39:6d:c8:90:b6:63:bf:72:fe:a9:31:4a:e6:
                    60:6a:43:32:9a:43:1e:5b:36:a4:cb:e5:02:b1:b5:
                    a4:05:37:ed:0f:68:54:00:45:1c:06:00:53:c1:97:
                    67:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:17:B0:D3:FE:EE:24:99:EC:5B:EC:00:DB:3F:4C:21:C4:75:C8:01
            X509v3 Authority Key Identifier:
                keyid:84:BB:AE:B7:0B:3F:1D:06:71:63:58:AD:9A:2E:CF:EF:7D:21:26:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLuutws_HQZxY1itmi7P730hJvs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/b67eb7-e496-4c31-9f67-97902d8a7fa6/1/wRew0_7uJJnsW-wA2z9MIcR1yAE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/b67eb7-e496-4c31-9f67-97902d8a7fa6/1/hLuutws_HQZxY1itmi7P730hJvs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.179.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         30:da:52:59:22:c2:c4:9e:69:3d:6b:1e:c7:c4:3b:1a:ac:5f:
         7a:e4:13:58:ae:1a:99:93:36:b5:f5:c7:27:0b:1a:c5:ee:3c:
         56:4d:a2:5d:b3:4e:21:47:fe:24:52:7e:78:69:03:06:0a:95:
         8a:e4:05:0e:4a:8a:8d:a0:d4:60:6b:45:29:77:b6:fe:8b:de:
         6a:83:30:0e:cb:20:53:5d:6e:08:a1:19:c4:d8:dd:d5:cd:27:
         48:44:53:d4:b9:f3:9f:d2:69:6d:39:2d:8b:f5:b8:54:f0:83:
         bb:d5:98:ac:9f:ba:8b:4d:eb:0c:bc:48:7b:69:73:b2:3d:36:
         11:e9:71:9b:4e:c8:77:e6:b7:f6:65:43:1f:ee:e2:76:f1:e3:
         49:77:21:a2:74:bb:81:79:92:e2:a8:4c:1b:6f:ad:12:9d:6a:
         b0:d8:e1:ff:8d:59:a8:61:db:c0:da:1d:ec:75:b9:18:dc:1c:
         27:60:45:d7:bd:92:c7:20:ed:e6:9a:51:ae:36:e4:a0:1a:6f:
         2f:47:10:db:7d:aa:82:f4:a2:4b:6f:aa:9e:e3:69:08:1e:23:
         f7:87:09:78:f7:8f:01:1b:00:24:79:80:d5:cd:00:ec:54:7e:
         c4:0b:7a:30:85:79:6c:f6:c0:17:e4:22:08:35:d6:e3:d0:cc:
         11:15:20:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlOQT6V5mTr8k0N541oHMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YmJhZWI3MGIzZjFkMDY3MTYzNThhZDlhMmVjZmVmN2Qy
MTI2ZmIwHhcNMjQwMTAyMDAzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTE3YjBkM2ZlZWUyNDk5ZWM1YmVjMDBkYjNmNGMyMWM0NzVjODAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgkWBFMHnxqKZQVedlTSnm0nErUZ4
ZPYD/eznEyimQJdjI90XwuppsSBB6SSz3c19thMyo+3X4k/QXcZffbWy3sZeQhdw
iPcDd40q/FYt3dysKcRILAxgkMoHAvL3DTsTQtOgCMXMEBH3cp/AkuP5k0xkLr67
V4V5Igr/NX4o5WhBG+cAGVFbygiS89f++ryY3AOhwSLJIwS5E8S8V7CKRnRKmMAr
FyYH2V7oa4Kx+tE82R7zvGXxyogfOcE55/XPXoZikYfT73PB4s/kRmReqrKWrDlt
yJC2Y79y/qkxSuZgakMymkMeWzaky+UCsbWkBTftD2hUAEUcBgBTwZdnpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMEXsNP+7iSZ7FvsANs/TCHEdcgBMB8GA1UdIwQY
MBaAFIS7rrcLPx0GcWNYrZouz+99ISb7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEx1dXR3c19IUVp4WTFpdG1pN1A3MzBoSnZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9iNjdlYjctZTQ5Ni00YzMxLTlmNjct
OTc5MDJkOGE3ZmE2LzEvd1JldzBfN3VKSm5zVy13QTJ6OU1JY1IxeUFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9iNjdlYjctZTQ5Ni00YzMxLTlmNjctOTc5MDJkOGE3ZmE2
LzEvaEx1dXR3c19IUVp4WTFpdG1pN1A3MzBoSnZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubMYMA0G
CSqGSIb3DQEBCwUAA4IBAQAw2lJZIsLEnmk9ax7HxDsarF965BNYrhqZkza19ccn
CxrF7jxWTaJds04hR/4kUn54aQMGCpWK5AUOSoqNoNRga0Upd7b+i95qgzAOyyBT
XW4IoRnE2N3VzSdIRFPUufOf0mltOS2L9bhU8IO71Zisn7qLTesMvEh7aXOyPTYR
6XGbTsh35rf2ZUMf7uJ28eNJdyGidLuBeZLiqEwbb60SnWqw2OH/jVmoYdvA2h3s
dbkY3BwnYEXXvZLHIO3mmlGuNuSgGm8vRxDbfaqC9KJLb6qe42kIHiP3hwl4948B
GwAkeYDVzQDsVH7EC3owhXls9sAX5CIINdbj0MwRFSBV
-----END CERTIFICATE-----