Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/f499cd-fad6-4fb0-9be7-4a7904ffc8e1/1/wcVl30ZLLoLnoOb0LVTaQxXR0Ts.roa
File:                     wcVl30ZLLoLnoOb0LVTaQxXR0Ts.roa (raw, json)
Hash identifier:          dNRLkbkwXyOQzFJc7pZXooPQigK0mjK/xe2jbf1/WjA=
Subject key identifier:   C1:C5:65:DF:46:4B:2E:82:E7:A0:E6:F4:2D:54:DA:43:15:D1:D1:3B
Certificate issuer:       /CN=b1e8cf7386200dfda9b067db9c77d30660d74cda
Certificate serial:       018CCA2A4FC1F2FA596351684F74B08D40F2
Authority key identifier: B1:E8:CF:73:86:20:0D:FD:A9:B0:67:DB:9C:77:D3:06:60:D7:4C:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sejPc4YgDf2psGfbnHfTBmDXTNo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/f499cd-fad6-4fb0-9be7-4a7904ffc8e1/1/wcVl30ZLLoLnoOb0LVTaQxXR0Ts.roa
Signing time:             Tue 02 Jan 2024 12:33:39 +0000
ROA not before:           Tue 02 Jan 2024 12:33:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12384
IP address blocks:        185.173.196.0/22 maxlen: 22
                          77.235.224.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/f499cd-fad6-4fb0-9be7-4a7904ffc8e1/1/sejPc4YgDf2psGfbnHfTBmDXTNo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/f499cd-fad6-4fb0-9be7-4a7904ffc8e1/1/sejPc4YgDf2psGfbnHfTBmDXTNo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sejPc4YgDf2psGfbnHfTBmDXTNo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 30 Jun 2024 01:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:4f:c1:f2:fa:59:63:51:68:4f:74:b0:8d:40:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1e8cf7386200dfda9b067db9c77d30660d74cda
        Validity
            Not Before: Jan  2 12:33:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1c565df464b2e82e7a0e6f42d54da4315d1d13b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:dc:1a:46:b1:58:21:b2:3c:af:40:7a:43:f7:
                    c8:92:ee:3e:6c:fa:61:d4:f6:a2:d7:02:d6:14:22:
                    4b:6d:8f:a1:3f:c8:ac:16:75:9d:7c:c5:3d:ba:30:
                    ad:1f:e0:23:8b:86:60:f0:25:61:95:61:ef:d7:91:
                    b9:e9:8f:d8:bc:57:51:6c:b6:a0:4f:36:0f:75:61:
                    d8:8a:70:31:8e:f1:d8:2d:2d:01:e6:2e:d4:25:74:
                    d9:5d:63:fc:c5:e6:d8:f3:a2:9b:0e:32:62:10:e5:
                    20:9d:5f:e5:a3:e1:5d:1e:0f:1c:16:0c:1d:be:79:
                    df:1e:7a:d1:67:64:b2:aa:45:f4:8d:2f:96:63:9f:
                    53:fb:f5:1b:cb:3c:63:b3:a6:c0:84:30:df:34:1f:
                    a4:b8:de:75:9a:44:cf:62:54:61:95:f0:f4:71:8a:
                    0e:ae:9a:c1:0d:bf:a5:d9:da:40:7c:c6:f3:bf:9b:
                    fd:4d:49:67:49:a3:01:06:51:2c:47:3d:cf:5e:12:
                    3b:fd:00:eb:d2:b1:b6:37:d4:b1:82:9e:20:05:97:
                    3e:74:ba:6b:b1:98:f2:87:34:bb:13:cb:da:1b:f1:
                    3d:92:af:82:ac:bf:19:d1:b4:67:91:ba:2f:a8:76:
                    65:4c:7d:b5:95:d3:02:a8:fd:38:44:a8:61:fa:14:
                    df:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:C5:65:DF:46:4B:2E:82:E7:A0:E6:F4:2D:54:DA:43:15:D1:D1:3B
            X509v3 Authority Key Identifier:
                keyid:B1:E8:CF:73:86:20:0D:FD:A9:B0:67:DB:9C:77:D3:06:60:D7:4C:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sejPc4YgDf2psGfbnHfTBmDXTNo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/f499cd-fad6-4fb0-9be7-4a7904ffc8e1/1/wcVl30ZLLoLnoOb0LVTaQxXR0Ts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/f499cd-fad6-4fb0-9be7-4a7904ffc8e1/1/sejPc4YgDf2psGfbnHfTBmDXTNo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.235.224.0/19
                  185.173.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6f:4e:61:ea:41:ca:b0:cf:38:7e:db:d8:3c:af:df:98:77:13:
         be:5f:74:e5:c2:3c:ad:ed:87:45:2f:0c:c8:d1:7a:f0:db:54:
         9d:d9:b5:32:68:bf:ea:c8:9d:2d:e9:b8:20:ec:c0:8b:f3:1e:
         80:5e:96:58:16:36:05:f4:c5:95:0c:5b:6e:f0:23:37:65:61:
         ac:37:cf:f3:a3:9a:41:f6:dd:78:6e:6a:93:7a:43:ec:6f:81:
         b4:c2:3a:ac:a5:9f:60:de:50:b9:cf:a1:c2:4c:ae:f2:fb:33:
         00:d1:84:3d:59:a2:65:90:40:84:ce:e0:cc:40:7a:10:e1:34:
         b2:01:19:58:84:b9:17:4c:83:04:66:bc:68:1c:74:6c:e7:2c:
         f5:36:63:5b:a1:2f:71:98:f3:dd:e6:f2:bb:5d:5f:c7:ca:10:
         1a:cf:3a:c2:8b:63:42:05:cb:8f:96:e4:06:b4:1b:b1:23:9f:
         ae:2f:ef:b8:e0:bd:6a:46:36:7a:78:03:be:8f:64:e7:2c:b6:
         f7:0b:65:4a:40:b3:c3:2e:15:01:97:79:80:29:e4:07:67:89:
         21:16:c9:b5:c1:cb:66:e7:3b:c5:f2:b9:99:4b:f7:7b:a9:88:
         2f:28:22:5c:8f:ca:2b:58:07:03:0f:d1:e4:3d:7b:50:80:87:
         68:e4:46:13
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKk/B8vpZY1FoT3SwjUDyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxZThjZjczODYyMDBkZmRhOWIwNjdkYjljNzdkMzA2NjBk
NzRjZGEwHhcNMjQwMTAyMTIzMzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWM1NjVkZjQ2NGIyZTgyZTdhMGU2ZjQyZDU0ZGE0MzE1ZDFkMTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmtwaRrFYIbI8r0B6Q/fIku4+bPph
1Pai1wLWFCJLbY+hP8isFnWdfMU9ujCtH+Aji4Zg8CVhlWHv15G56Y/YvFdRbLag
TzYPdWHYinAxjvHYLS0B5i7UJXTZXWP8xebY86KbDjJiEOUgnV/lo+FdHg8cFgwd
vnnfHnrRZ2SyqkX0jS+WY59T+/Ubyzxjs6bAhDDfNB+kuN51mkTPYlRhlfD0cYoO
rprBDb+l2dpAfMbzv5v9TUlnSaMBBlEsRz3PXhI7/QDr0rG2N9Sxgp4gBZc+dLpr
sZjyhzS7E8vaG/E9kq+CrL8Z0bRnkbovqHZlTH21ldMCqP04RKhh+hTfRwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMHFZd9GSy6C56Dm9C1U2kMV0dE7MB8GA1UdIwQY
MBaAFLHoz3OGIA39qbBn25x30wZg10zaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2VqUGM0WWdEZjJwc0dmYm5IZlRCbURYVE5vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mNDk5Y2QtZmFkNi00ZmIwLTliZTct
NGE3OTA0ZmZjOGUxLzEvd2NWbDMwWkxMb0xub09iMExWVGFReFhSMFRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mNDk5Y2QtZmFkNi00ZmIwLTliZTctNGE3OTA0ZmZjOGUx
LzEvc2VqUGM0WWdEZjJwc0dmYm5IZlRCbURYVE5vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFTevgAwQC
ua3EMA0GCSqGSIb3DQEBCwUAA4IBAQBvTmHqQcqwzzh+29g8r9+YdxO+X3Tlwjyt
7YdFLwzI0Xrw21Sd2bUyaL/qyJ0t6bgg7MCL8x6AXpZYFjYF9MWVDFtu8CM3ZWGs
N8/zo5pB9t14bmqTekPsb4G0wjqspZ9g3lC5z6HCTK7y+zMA0YQ9WaJlkECEzuDM
QHoQ4TSyARlYhLkXTIMEZrxoHHRs5yz1NmNboS9xmPPd5vK7XV/HyhAazzrCi2NC
BcuPluQGtBuxI5+uL++44L1qRjZ6eAO+j2TnLLb3C2VKQLPDLhUBl3mAKeQHZ4kh
Fsm1wctm5zvF8rmZS/d7qYgvKCJcj8orWAcDD9HkPXtQgIdo5EYT
-----END CERTIFICATE-----