Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/wq1bxnzgQZsYi9P4l5ABwvnmt3E.roa
File:                     wq1bxnzgQZsYi9P4l5ABwvnmt3E.roa (raw, json)
Hash identifier:          QG6CFJ+68kdk//lq9EATWHwyJVYM7WGJe69Cm+xNH28=
Subject key identifier:   C2:AD:5B:C6:7C:E0:41:9B:18:8B:D3:F8:97:90:01:C2:F9:E6:B7:71
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018CC56E1957C9A9CC7B7FC4103B1124FF3E
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/wq1bxnzgQZsYi9P4l5ABwvnmt3E.roa
Signing time:             Mon 01 Jan 2024 14:29:36 +0000
ROA not before:           Mon 01 Jan 2024 14:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207766
IP address blocks:        178.19.32.0/24 maxlen: 24
                          178.19.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:19:57:c9:a9:cc:7b:7f:c4:10:3b:11:24:ff:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 14:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2ad5bc67ce0419b188bd3f8979001c2f9e6b771
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:65:0c:d1:a0:cb:2a:6c:ec:2c:74:7f:bf:af:
                    82:b8:1a:48:d1:08:5b:fa:57:ea:f4:5d:f1:e8:8b:
                    3c:da:40:18:67:57:92:98:95:74:cd:99:b8:3f:f6:
                    81:9c:73:ed:eb:a1:ab:d8:59:88:af:cf:75:dc:64:
                    70:b5:f6:34:c4:c5:ef:0b:5c:e0:23:3e:f4:3c:a1:
                    b8:4b:59:f8:e9:ce:20:20:05:09:02:10:9c:7b:71:
                    b7:8e:d1:25:57:56:a8:fc:87:4b:ea:64:9b:2a:d3:
                    8c:b9:50:77:3f:9b:15:84:41:79:8c:1e:70:ce:0d:
                    c8:0b:85:c1:bc:5e:0c:02:9f:62:7a:e3:34:4e:68:
                    ef:fd:91:7f:9e:9a:18:12:e4:fa:b8:de:a5:ee:5a:
                    8f:57:9e:18:70:b6:79:8f:f5:81:35:55:e4:71:f1:
                    a8:ac:19:ba:a9:de:5f:8d:7a:05:a9:05:35:a7:e1:
                    1d:f0:db:c0:5e:2d:36:c5:4f:78:05:cf:6b:53:b8:
                    8f:8a:2e:21:b4:31:a1:0b:ea:71:16:87:86:5e:c2:
                    fd:72:43:7d:59:17:28:82:aa:39:b2:c5:94:4e:bb:
                    d7:9a:45:95:bf:34:d2:92:bb:93:9d:c7:e1:59:86:
                    3e:6d:45:35:95:e3:dd:5d:36:52:d8:89:17:6e:46:
                    8a:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:AD:5B:C6:7C:E0:41:9B:18:8B:D3:F8:97:90:01:C2:F9:E6:B7:71
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/wq1bxnzgQZsYi9P4l5ABwvnmt3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.19.32.0/23

    Signature Algorithm: sha256WithRSAEncryption
         04:19:bf:c8:be:ec:0a:4c:0f:9d:fd:ca:6c:4f:61:5d:32:8b:
         46:98:43:3b:bf:2e:a6:92:c3:ef:79:e3:47:4b:9d:95:b6:d8:
         b9:6f:72:06:04:98:cb:99:03:e5:62:11:78:ae:93:1e:a9:8a:
         1f:50:3b:9f:60:bb:3b:7f:0f:df:7e:83:5d:6e:73:50:ee:b3:
         ba:11:23:b4:64:5f:e3:12:59:db:d9:dd:2b:03:a6:f7:36:c9:
         51:8a:8b:d8:e8:32:9e:72:a3:47:07:80:2f:cd:6c:66:cc:55:
         7b:fa:19:b5:1b:95:57:05:66:49:4e:91:83:23:20:8f:27:ee:
         59:bc:66:6b:97:30:77:44:1a:08:63:72:34:d8:37:c5:10:2e:
         98:59:5b:b9:89:e1:e1:47:89:a9:7d:53:04:f9:d2:05:64:4a:
         bb:07:7e:cd:a6:ab:3f:55:43:66:18:76:8d:61:22:23:f6:84:
         e7:2a:1b:bb:9b:45:7d:d4:c8:7d:96:51:1d:51:10:84:23:ca:
         a8:af:0b:67:6c:7c:13:b4:be:27:38:94:f9:e5:01:4d:40:fb:
         5a:b9:91:61:31:fc:b7:a3:3f:03:c7:25:e6:7b:7c:ed:d1:86:
         f4:19:91:5c:ff:c0:90:9f:f7:2e:e6:4c:85:34:3f:3e:b0:ed:
         59:db:9b:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhlXyanMe3/EEDsRJP8+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMTAxMTQyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmFkNWJjNjdjZTA0MTliMTg4YmQzZjg5NzkwMDFjMmY5ZTZiNzcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnGUM0aDLKmzsLHR/v6+CuBpI0Qhb
+lfq9F3x6Is82kAYZ1eSmJV0zZm4P/aBnHPt66Gr2FmIr8913GRwtfY0xMXvC1zg
Iz70PKG4S1n46c4gIAUJAhCce3G3jtElV1ao/IdL6mSbKtOMuVB3P5sVhEF5jB5w
zg3IC4XBvF4MAp9ieuM0Tmjv/ZF/npoYEuT6uN6l7lqPV54YcLZ5j/WBNVXkcfGo
rBm6qd5fjXoFqQU1p+Ed8NvAXi02xU94Bc9rU7iPii4htDGhC+pxFoeGXsL9ckN9
WRcogqo5ssWUTrvXmkWVvzTSkruTncfhWYY+bUU1lePdXTZS2IkXbkaKcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMKtW8Z84EGbGIvT+JeQAcL55rdxMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvd3ExYnhuemdRWnNZaTlQNGw1QUJ3dm5tdDNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBshMgMA0G
CSqGSIb3DQEBCwUAA4IBAQAEGb/IvuwKTA+d/cpsT2FdMotGmEM7vy6mksPveeNH
S52Vtti5b3IGBJjLmQPlYhF4rpMeqYofUDufYLs7fw/ffoNdbnNQ7rO6ESO0ZF/j
Elnb2d0rA6b3NslRiovY6DKecqNHB4AvzWxmzFV7+hm1G5VXBWZJTpGDIyCPJ+5Z
vGZrlzB3RBoIY3I02DfFEC6YWVu5ieHhR4mpfVME+dIFZEq7B37Npqs/VUNmGHaN
YSIj9oTnKhu7m0V91Mh9llEdURCEI8qorwtnbHwTtL4nOJT55QFNQPtauZFhMfy3
oz8DxyXme3zt0Yb0GZFc/8CQn/cu5kyFND8+sO1Z25tB
-----END CERTIFICATE-----