Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/c70928-cede-4b62-89a7-60f6fa9110e2/1/wbLN85o6j3HSYrs2mArZe0402pk.roa
File:                     wbLN85o6j3HSYrs2mArZe0402pk.roa (raw, json)
Hash identifier:          OAQ+unEBJ//gX/kBHaqHyouGmCawJQ1ebO99e3sSWOs=
Subject key identifier:   C1:B2:CD:F3:9A:3A:8F:71:D2:62:BB:36:98:0A:D9:7B:4E:34:DA:99
Certificate issuer:       /CN=4f9d5fbaaf76a80a65e0e92c02061e895b2b8117
Certificate serial:       018CC7942F97B877B73B69148A3F8E139219
Authority key identifier: 4F:9D:5F:BA:AF:76:A8:0A:65:E0:E9:2C:02:06:1E:89:5B:2B:81:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T51fuq92qApl4OksAgYeiVsrgRc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/c70928-cede-4b62-89a7-60f6fa9110e2/1/wbLN85o6j3HSYrs2mArZe0402pk.roa
Signing time:             Tue 02 Jan 2024 00:30:26 +0000
ROA not before:           Tue 02 Jan 2024 00:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205832
IP address blocks:        185.204.32.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/c70928-cede-4b62-89a7-60f6fa9110e2/1/T51fuq92qApl4OksAgYeiVsrgRc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/c70928-cede-4b62-89a7-60f6fa9110e2/1/T51fuq92qApl4OksAgYeiVsrgRc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T51fuq92qApl4OksAgYeiVsrgRc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 06:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:2f:97:b8:77:b7:3b:69:14:8a:3f:8e:13:92:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9d5fbaaf76a80a65e0e92c02061e895b2b8117
        Validity
            Not Before: Jan  2 00:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1b2cdf39a3a8f71d262bb36980ad97b4e34da99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:2e:cb:3c:cf:f6:5d:e4:48:5e:58:d7:4a:f2:
                    76:ed:af:51:6a:b1:93:7b:6b:ce:99:c3:bf:d2:a6:
                    8a:2b:74:cb:6f:c1:7b:df:ba:b4:6c:e3:07:9c:2b:
                    56:29:cc:3d:cc:d9:c1:20:69:ce:1c:be:29:c1:0c:
                    b9:17:08:8e:a9:75:1a:b5:7e:70:98:cb:35:44:62:
                    b1:74:fa:ba:fe:14:1a:6b:ef:14:3c:e9:f5:36:7c:
                    f8:38:19:da:4f:0a:5a:fc:f6:d8:87:10:37:52:22:
                    5f:17:20:bb:a6:da:78:f8:f7:3a:19:ca:60:51:a6:
                    63:cf:e6:8e:90:b0:04:29:65:d0:60:51:21:64:9c:
                    aa:9c:64:4e:bb:07:b5:ed:44:d4:8e:15:ec:02:f5:
                    08:a6:6f:13:48:a4:c0:cb:5c:7a:f0:20:98:15:46:
                    a3:04:07:aa:54:fa:44:0c:c9:bc:0e:a6:39:59:a6:
                    c7:da:34:da:25:95:45:8f:5d:81:27:03:a6:e3:c7:
                    84:7f:d2:97:3c:83:1e:de:32:45:e3:78:3b:58:ca:
                    e6:8c:e8:a4:27:b3:e1:45:90:ed:7d:2d:7c:35:6d:
                    70:ed:91:58:5a:74:9a:85:dd:6b:69:a9:90:5b:f4:
                    ea:3e:24:5e:ad:e2:d3:82:95:0d:b3:3a:94:82:66:
                    49:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:B2:CD:F3:9A:3A:8F:71:D2:62:BB:36:98:0A:D9:7B:4E:34:DA:99
            X509v3 Authority Key Identifier:
                keyid:4F:9D:5F:BA:AF:76:A8:0A:65:E0:E9:2C:02:06:1E:89:5B:2B:81:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T51fuq92qApl4OksAgYeiVsrgRc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/c70928-cede-4b62-89a7-60f6fa9110e2/1/wbLN85o6j3HSYrs2mArZe0402pk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/c70928-cede-4b62-89a7-60f6fa9110e2/1/T51fuq92qApl4OksAgYeiVsrgRc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.204.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7f:9d:08:5f:fd:90:37:62:53:72:4e:e0:e4:42:9d:74:73:e3:
         c5:c0:76:7d:e8:91:f6:c5:b4:6a:ba:7d:c4:88:1c:02:79:07:
         81:48:02:ba:b5:a8:63:ca:4e:19:0b:9d:49:39:ce:72:e7:58:
         a5:1a:59:b8:34:9d:6c:40:a6:2a:59:14:a3:32:dc:ac:af:ac:
         78:79:ed:57:20:43:1a:d9:e0:15:2e:62:35:23:a4:07:47:46:
         9d:90:d3:be:e2:6e:87:2a:4b:17:48:ec:5d:13:50:d6:e1:92:
         32:5c:5c:77:71:b1:6c:c9:7a:29:50:7d:34:3c:c4:1d:c7:26:
         39:81:5d:66:d9:6e:f4:bd:14:08:44:f2:d4:bc:34:c8:28:b7:
         2b:dc:2f:e1:21:17:fe:e6:c8:6d:ee:32:07:bb:e2:76:5f:de:
         31:ad:21:24:89:9f:38:cd:b2:aa:64:bf:35:75:b7:f4:2b:a6:
         7d:4f:6b:a1:70:5c:4b:bf:32:d4:41:23:96:b4:86:28:62:4d:
         61:4c:ad:d9:4e:fb:b3:f3:97:4a:70:a4:f0:2b:44:c2:ef:a1:
         9b:9e:bc:bb:6e:09:47:07:2c:5e:44:91:d5:5d:05:b8:3b:b7:
         a1:11:be:b2:a5:e5:ba:b4:c2:38:39:53:dc:cc:70:5c:01:4a:
         80:00:45:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlC+XuHe3O2kUij+OE5IZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOWQ1ZmJhYWY3NmE4MGE2NWUwZTkyYzAyMDYxZTg5NWIy
YjgxMTcwHhcNMjQwMTAyMDAzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWIyY2RmMzlhM2E4ZjcxZDI2MmJiMzY5ODBhZDk3YjRlMzRkYTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwS7LPM/2XeRIXljXSvJ27a9RarGT
e2vOmcO/0qaKK3TLb8F737q0bOMHnCtWKcw9zNnBIGnOHL4pwQy5FwiOqXUatX5w
mMs1RGKxdPq6/hQaa+8UPOn1Nnz4OBnaTwpa/PbYhxA3UiJfFyC7ptp4+Pc6Gcpg
UaZjz+aOkLAEKWXQYFEhZJyqnGROuwe17UTUjhXsAvUIpm8TSKTAy1x68CCYFUaj
BAeqVPpEDMm8DqY5WabH2jTaJZVFj12BJwOm48eEf9KXPIMe3jJF43g7WMrmjOik
J7PhRZDtfS18NW1w7ZFYWnSahd1raamQW/TqPiRereLTgpUNszqUgmZJXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMGyzfOaOo9x0mK7NpgK2XtONNqZMB8GA1UdIwQY
MBaAFE+dX7qvdqgKZeDpLAIGHolbK4EXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDUxZnVxOTJxQXBsNE9rc0FnWWVpVnNyZ1JjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9jNzA5MjgtY2VkZS00YjYyLTg5YTct
NjBmNmZhOTExMGUyLzEvd2JMTjg1bzZqM0hTWXJzMm1BclplMDQwMnBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9jNzA5MjgtY2VkZS00YjYyLTg5YTctNjBmNmZhOTExMGUy
LzEvVDUxZnVxOTJxQXBsNE9rc0FnWWVpVnNyZ1JjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucwgMA0G
CSqGSIb3DQEBCwUAA4IBAQB/nQhf/ZA3YlNyTuDkQp10c+PFwHZ96JH2xbRqun3E
iBwCeQeBSAK6tahjyk4ZC51JOc5y51ilGlm4NJ1sQKYqWRSjMtysr6x4ee1XIEMa
2eAVLmI1I6QHR0adkNO+4m6HKksXSOxdE1DW4ZIyXFx3cbFsyXopUH00PMQdxyY5
gV1m2W70vRQIRPLUvDTIKLcr3C/hIRf+5sht7jIHu+J2X94xrSEkiZ84zbKqZL81
dbf0K6Z9T2uhcFxLvzLUQSOWtIYoYk1hTK3ZTvuz85dKcKTwK0TC76Gbnry7bglH
ByxeRJHVXQW4O7ehEb6ypeW6tMI4OVPczHBcAUqAAEXo
-----END CERTIFICATE-----