Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/bb5ece-012e-4194-9980-7e21db5a2ef9/1/wtD3A5nqgPuINcHPwfBUsSrTs40.roa
File:                     wtD3A5nqgPuINcHPwfBUsSrTs40.roa (raw, json)
Hash identifier:          ZyK161H/BvxjlJx/6MNIPo9aU4W0KXn3HckeyTr+Dbg=
Subject key identifier:   C2:D0:F7:03:99:EA:80:FB:88:35:C1:CF:C1:F0:54:B1:2A:D3:B3:8D
Certificate issuer:       /CN=4214088c77bd12687fd4ba9fe3159ea805888ed2
Certificate serial:       018CC4937A92F8A7940562DCB8E4672D2647
Authority key identifier: 42:14:08:8C:77:BD:12:68:7F:D4:BA:9F:E3:15:9E:A8:05:88:8E:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QhQIjHe9Emh_1Lqf4xWeqAWIjtI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/bb5ece-012e-4194-9980-7e21db5a2ef9/1/wtD3A5nqgPuINcHPwfBUsSrTs40.roa
Signing time:             Mon 01 Jan 2024 10:30:48 +0000
ROA not before:           Mon 01 Jan 2024 10:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     38916
IP address blocks:        185.237.18.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/bb5ece-012e-4194-9980-7e21db5a2ef9/1/QhQIjHe9Emh_1Lqf4xWeqAWIjtI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/bb5ece-012e-4194-9980-7e21db5a2ef9/1/QhQIjHe9Emh_1Lqf4xWeqAWIjtI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QhQIjHe9Emh_1Lqf4xWeqAWIjtI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:7a:92:f8:a7:94:05:62:dc:b8:e4:67:2d:26:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4214088c77bd12687fd4ba9fe3159ea805888ed2
        Validity
            Not Before: Jan  1 10:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2d0f70399ea80fb8835c1cfc1f054b12ad3b38d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:f2:a4:a5:79:30:09:ba:c8:44:6a:a1:31:9d:
                    ed:d4:3c:ef:e2:13:90:01:a6:63:b0:62:d3:e9:3d:
                    45:c8:2c:cb:98:3a:be:25:d1:9b:53:c4:b5:67:24:
                    ec:74:e7:97:11:5b:f2:6f:e8:db:c4:9f:eb:7e:f6:
                    58:94:4e:63:ff:f3:1b:a5:2a:17:19:f4:4e:dd:5e:
                    bc:44:fb:d7:29:bf:10:da:af:ec:b2:ca:31:d5:93:
                    ef:c3:d8:1e:c8:34:41:da:13:2a:f8:63:80:e9:ea:
                    52:14:5b:18:0c:81:b5:73:c4:3a:d6:dd:b6:ed:bc:
                    ad:dd:20:e5:6e:c0:6e:d7:b4:46:36:ed:aa:64:ef:
                    50:c7:b1:a1:ff:e4:02:c2:b6:ed:69:e9:34:65:46:
                    91:16:6d:34:c5:e7:9f:fc:e7:f0:6a:d3:52:4a:af:
                    7d:a6:cc:17:6c:e7:61:a1:e0:44:23:82:4d:11:c9:
                    bc:03:c4:d1:b8:d9:d7:2a:6b:da:47:17:e3:8c:f8:
                    4f:b0:b2:84:d9:d4:32:55:96:da:0d:ae:49:33:d0:
                    02:d0:be:97:48:f3:bd:35:d5:a8:5d:78:9a:1c:f5:
                    0a:f4:22:eb:29:41:45:e8:18:e7:1e:78:36:11:eb:
                    91:aa:e8:60:68:8d:dc:d6:2b:c5:9b:c5:2c:e6:1a:
                    5e:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:D0:F7:03:99:EA:80:FB:88:35:C1:CF:C1:F0:54:B1:2A:D3:B3:8D
            X509v3 Authority Key Identifier:
                keyid:42:14:08:8C:77:BD:12:68:7F:D4:BA:9F:E3:15:9E:A8:05:88:8E:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QhQIjHe9Emh_1Lqf4xWeqAWIjtI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/bb5ece-012e-4194-9980-7e21db5a2ef9/1/wtD3A5nqgPuINcHPwfBUsSrTs40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/bb5ece-012e-4194-9980-7e21db5a2ef9/1/QhQIjHe9Emh_1Lqf4xWeqAWIjtI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.237.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ad:31:88:96:47:25:06:38:4b:27:80:c1:7e:bf:01:5e:fe:02:
         fd:9a:1b:06:af:4a:01:5b:73:0e:ba:b8:f0:6f:02:a3:ed:0e:
         37:80:90:5b:13:3b:d5:5e:f7:b9:21:c0:4b:52:17:3e:4f:05:
         d9:d9:de:d0:6c:51:19:98:98:1c:8a:f4:5c:6c:64:d9:5b:8b:
         0c:95:55:02:83:9b:a7:d7:4b:1e:d4:5d:42:87:73:04:2c:4c:
         eb:82:09:99:ef:99:a1:d5:c6:92:1c:ed:5f:45:ff:39:99:ce:
         83:c2:01:c0:d4:15:7c:91:f1:38:63:09:4d:20:c4:83:f0:2d:
         79:73:90:39:ad:c3:28:18:a9:ba:ff:42:05:40:9c:1e:3b:67:
         f8:ce:fa:7e:cd:83:b2:36:e8:01:e7:41:69:19:39:74:b1:6f:
         f6:29:e0:cf:06:1d:c4:de:3d:ea:b9:7e:d9:73:1e:25:29:41:
         6c:a8:cb:6c:07:4d:1f:24:6f:8a:d4:be:f4:04:57:f0:77:de:
         69:0c:f5:7f:13:0e:cf:b0:ca:23:36:de:61:ed:81:e3:ab:e2:
         c4:69:6f:f2:79:f2:1e:a5:99:40:2f:f4:aa:54:5f:4b:fb:82:
         a4:35:9a:1e:a7:68:b6:f5:e1:9d:93:b1:64:f5:5e:00:bb:19:
         ac:7c:ba:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk3qS+KeUBWLcuORnLSZHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyMTQwODhjNzdiZDEyNjg3ZmQ0YmE5ZmUzMTU5ZWE4MDU4
ODhlZDIwHhcNMjQwMTAxMTAzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmQwZjcwMzk5ZWE4MGZiODgzNWMxY2ZjMWYwNTRiMTJhZDNiMzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuvKkpXkwCbrIRGqhMZ3t1Dzv4hOQ
AaZjsGLT6T1FyCzLmDq+JdGbU8S1ZyTsdOeXEVvyb+jbxJ/rfvZYlE5j//MbpSoX
GfRO3V68RPvXKb8Q2q/sssox1ZPvw9geyDRB2hMq+GOA6epSFFsYDIG1c8Q61t22
7byt3SDlbsBu17RGNu2qZO9Qx7Gh/+QCwrbtaek0ZUaRFm00xeef/OfwatNSSq99
pswXbOdhoeBEI4JNEcm8A8TRuNnXKmvaRxfjjPhPsLKE2dQyVZbaDa5JM9AC0L6X
SPO9NdWoXXiaHPUK9CLrKUFF6BjnHng2EeuRquhgaI3c1ivFm8Us5hpeGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMLQ9wOZ6oD7iDXBz8HwVLEq07ONMB8GA1UdIwQY
MBaAFEIUCIx3vRJof9S6n+MVnqgFiI7SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWhRSWpIZTlFbWhfMUxxZjR4V2VxQVdJanRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9iYjVlY2UtMDEyZS00MTk0LTk5ODAt
N2UyMWRiNWEyZWY5LzEvd3REM0E1bnFnUHVJTmNIUHdmQlVzU3JUczQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9iYjVlY2UtMDEyZS00MTk0LTk5ODAtN2UyMWRiNWEyZWY5
LzEvUWhRSWpIZTlFbWhfMUxxZjR4V2VxQVdJanRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBue0SMA0G
CSqGSIb3DQEBCwUAA4IBAQCtMYiWRyUGOEsngMF+vwFe/gL9mhsGr0oBW3MOurjw
bwKj7Q43gJBbEzvVXve5IcBLUhc+TwXZ2d7QbFEZmJgcivRcbGTZW4sMlVUCg5un
10se1F1Ch3MELEzrggmZ75mh1caSHO1fRf85mc6DwgHA1BV8kfE4YwlNIMSD8C15
c5A5rcMoGKm6/0IFQJweO2f4zvp+zYOyNugB50FpGTl0sW/2KeDPBh3E3j3quX7Z
cx4lKUFsqMtsB00fJG+K1L70BFfwd95pDPV/Ew7PsMojNt5h7YHjq+LEaW/yefIe
pZlAL/SqVF9L+4KkNZoep2i29eGdk7Fk9V4AuxmsfLpq
-----END CERTIFICATE-----