Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/7def13-c4cd-46a6-825f-42ea5514e722/1/WhnQOZGjUQpKET5r00_Alc-1jFs.roa
File:                     WhnQOZGjUQpKET5r00_Alc-1jFs.roa (raw, json)
Hash identifier:          KObK9MeirlWw5Sz1xgr7nJOUDxeuld9tBNALw5iAX/M=
Subject key identifier:   5A:19:D0:39:91:A3:51:0A:4A:11:3E:6B:D3:4F:C0:95:CF:B5:8C:5B
Certificate issuer:       /CN=c556bccbdc9f2e4badc0a057ea08f7c748188b1f
Certificate serial:       018CC7275DB26ED44D3B6D4AB726FE63131F
Authority key identifier: C5:56:BC:CB:DC:9F:2E:4B:AD:C0:A0:57:EA:08:F7:C7:48:18:8B:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xVa8y9yfLkutwKBX6gj3x0gYix8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/7def13-c4cd-46a6-825f-42ea5514e722/1/WhnQOZGjUQpKET5r00_Alc-1jFs.roa
Signing time:             Mon 01 Jan 2024 22:31:35 +0000
ROA not before:           Mon 01 Jan 2024 22:31:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        185.203.86.0/24 maxlen: 24
                          185.203.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/7def13-c4cd-46a6-825f-42ea5514e722/1/xVa8y9yfLkutwKBX6gj3x0gYix8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/7def13-c4cd-46a6-825f-42ea5514e722/1/xVa8y9yfLkutwKBX6gj3x0gYix8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xVa8y9yfLkutwKBX6gj3x0gYix8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:5d:b2:6e:d4:4d:3b:6d:4a:b7:26:fe:63:13:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c556bccbdc9f2e4badc0a057ea08f7c748188b1f
        Validity
            Not Before: Jan  1 22:31:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a19d03991a3510a4a113e6bd34fc095cfb58c5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:27:94:8b:4f:de:10:5d:53:b9:f2:85:ab:6f:
                    53:01:64:e2:f0:f5:be:cc:67:24:27:68:02:9e:bf:
                    bc:7f:2e:73:2d:b3:51:c6:91:6c:22:43:2a:43:24:
                    2e:7b:97:9d:e2:3d:1b:fa:df:06:d5:8f:25:a9:63:
                    af:36:06:4d:63:44:0b:39:87:57:ef:db:d0:67:53:
                    64:6b:40:81:40:21:c4:1b:de:21:d7:ff:88:df:a9:
                    af:bb:ad:14:a2:16:1b:76:f3:c3:86:e1:db:b3:60:
                    d3:62:da:2a:92:5e:28:9a:13:9a:12:e3:15:12:34:
                    76:ea:d1:0e:b2:a3:1b:cc:25:69:d2:35:92:ec:6c:
                    c6:41:21:14:d5:d0:14:cb:a9:a0:25:bd:54:9a:ff:
                    9a:7d:d6:96:27:c8:b8:b3:e4:4b:b5:b5:f5:89:12:
                    58:06:be:66:24:d5:1c:e5:41:84:3e:4f:8f:ea:20:
                    a3:eb:68:93:95:a7:b1:c1:ec:20:22:dc:56:57:d0:
                    ea:5c:c2:63:c0:e3:3d:6e:5d:a0:4a:eb:9c:88:49:
                    e7:23:fb:b1:fb:4a:06:70:7e:84:e3:01:9e:46:23:
                    05:a8:0e:15:d7:3d:18:d9:77:5b:76:0e:83:da:c1:
                    6f:a1:ae:8a:c8:91:af:d2:52:b7:93:2b:0a:51:fa:
                    03:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:19:D0:39:91:A3:51:0A:4A:11:3E:6B:D3:4F:C0:95:CF:B5:8C:5B
            X509v3 Authority Key Identifier:
                keyid:C5:56:BC:CB:DC:9F:2E:4B:AD:C0:A0:57:EA:08:F7:C7:48:18:8B:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xVa8y9yfLkutwKBX6gj3x0gYix8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/7def13-c4cd-46a6-825f-42ea5514e722/1/WhnQOZGjUQpKET5r00_Alc-1jFs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/7def13-c4cd-46a6-825f-42ea5514e722/1/xVa8y9yfLkutwKBX6gj3x0gYix8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.203.86.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1d:0d:e1:ac:d2:3c:84:5e:73:32:76:83:4f:d6:7d:c8:04:1d:
         31:b0:36:98:99:21:16:81:d0:81:3f:dd:4a:4c:80:a5:68:b9:
         75:50:10:ea:48:77:5a:43:65:c9:fe:fc:16:7d:79:e2:39:08:
         69:e6:10:08:96:b9:0b:c0:00:ce:ef:3d:e8:37:9d:2c:f6:7a:
         2e:45:7d:3c:29:28:97:92:0d:8d:04:7d:38:f6:ba:b8:3e:fe:
         25:1c:94:8b:1a:0f:df:0f:cd:28:62:65:2c:fd:48:a1:e6:1f:
         90:6e:95:60:ba:fa:46:0f:0b:76:2f:01:a3:77:ae:5c:56:04:
         ab:b7:d9:5f:36:78:c8:c9:92:8b:fc:bb:ec:50:4a:47:3e:2f:
         c5:a9:d0:c7:44:6a:58:33:2b:a7:14:a9:ac:b9:38:1f:1f:ac:
         45:49:e2:45:6d:14:d6:6c:4e:7a:6b:fb:a8:6e:12:3b:6b:e3:
         15:4a:b7:55:d2:70:d8:c0:ef:78:32:f9:e5:1b:89:ef:43:ba:
         b0:90:06:b7:60:74:5a:ff:b1:d0:e6:5a:e6:32:f6:c4:e7:32:
         91:6c:5e:01:bc:5f:0d:c3:23:d9:79:a7:8a:79:27:f9:aa:0e:
         95:73:bd:c6:89:54:7e:e8:1e:48:c5:95:69:1c:2c:f1:c4:3f:
         96:38:95:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ12ybtRNO21Ktyb+YxMfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1NTZiY2NiZGM5ZjJlNGJhZGMwYTA1N2VhMDhmN2M3NDgx
ODhiMWYwHhcNMjQwMTAxMjIzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTE5ZDAzOTkxYTM1MTBhNGExMTNlNmJkMzRmYzA5NWNmYjU4YzViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ieUi0/eEF1TufKFq29TAWTi8PW+
zGckJ2gCnr+8fy5zLbNRxpFsIkMqQyQue5ed4j0b+t8G1Y8lqWOvNgZNY0QLOYdX
79vQZ1Nka0CBQCHEG94h1/+I36mvu60UohYbdvPDhuHbs2DTYtoqkl4omhOaEuMV
EjR26tEOsqMbzCVp0jWS7GzGQSEU1dAUy6mgJb1Umv+afdaWJ8i4s+RLtbX1iRJY
Br5mJNUc5UGEPk+P6iCj62iTlaexwewgItxWV9DqXMJjwOM9bl2gSuuciEnnI/ux
+0oGcH6E4wGeRiMFqA4V1z0Y2Xdbdg6D2sFvoa6KyJGv0lK3kysKUfoDWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFoZ0DmRo1EKShE+a9NPwJXPtYxbMB8GA1UdIwQY
MBaAFMVWvMvcny5LrcCgV+oI98dIGIsfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFZhOHk5eWZMa3V0d0tCWDZnajN4MGdZaXg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS83ZGVmMTMtYzRjZC00NmE2LTgyNWYt
NDJlYTU1MTRlNzIyLzEvV2huUU9aR2pVUXBLRVQ1cjAwX0FsYy0xakZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS83ZGVmMTMtYzRjZC00NmE2LTgyNWYtNDJlYTU1MTRlNzIy
LzEveFZhOHk5eWZMa3V0d0tCWDZnajN4MGdZaXg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuctWMA0G
CSqGSIb3DQEBCwUAA4IBAQAdDeGs0jyEXnMydoNP1n3IBB0xsDaYmSEWgdCBP91K
TIClaLl1UBDqSHdaQ2XJ/vwWfXniOQhp5hAIlrkLwADO7z3oN50s9nouRX08KSiX
kg2NBH049rq4Pv4lHJSLGg/fD80oYmUs/Uih5h+QbpVguvpGDwt2LwGjd65cVgSr
t9lfNnjIyZKL/LvsUEpHPi/FqdDHRGpYMyunFKmsuTgfH6xFSeJFbRTWbE56a/uo
bhI7a+MVSrdV0nDYwO94MvnlG4nvQ7qwkAa3YHRa/7HQ5lrmMvbE5zKRbF4BvF8N
wyPZeaeKeSf5qg6Vc73GiVR+6B5IxZVpHCzxxD+WOJUy
-----END CERTIFICATE-----