Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fb0032-bc45-458f-ab2b-2936aa227765/1/wrcIAOIjlNbbRpSqREXw2nARpFQ.roa
File:                     wrcIAOIjlNbbRpSqREXw2nARpFQ.roa (raw, json)
Hash identifier:          TobuQCiRT1qOWg4Pbddn2M7I1r4NzjXjPB+6M4rS+gk=
Subject key identifier:   C2:B7:08:00:E2:23:94:D6:DB:46:94:AA:44:45:F0:DA:70:11:A4:54
Certificate issuer:       /CN=62dfe53884b95a09f66a416e14f56c6b0f789afc
Certificate serial:       018CC94D20A43ADAAC52EE90A9557AEECC26
Authority key identifier: 62:DF:E5:38:84:B9:5A:09:F6:6A:41:6E:14:F5:6C:6B:0F:78:9A:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yt_lOIS5Wgn2akFuFPVsaw94mvw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fb0032-bc45-458f-ab2b-2936aa227765/1/wrcIAOIjlNbbRpSqREXw2nARpFQ.roa
Signing time:             Tue 02 Jan 2024 08:32:04 +0000
ROA not before:           Tue 02 Jan 2024 08:32:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205345
IP address blocks:        185.221.124.0/22 maxlen: 22
                          2a0d:c000::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fb0032-bc45-458f-ab2b-2936aa227765/1/Yt_lOIS5Wgn2akFuFPVsaw94mvw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fb0032-bc45-458f-ab2b-2936aa227765/1/Yt_lOIS5Wgn2akFuFPVsaw94mvw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yt_lOIS5Wgn2akFuFPVsaw94mvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:20:a4:3a:da:ac:52:ee:90:a9:55:7a:ee:cc:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62dfe53884b95a09f66a416e14f56c6b0f789afc
        Validity
            Not Before: Jan  2 08:32:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2b70800e22394d6db4694aa4445f0da7011a454
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:02:5c:5f:3d:22:c2:9e:b6:4e:fe:90:52:d4:
                    73:6b:ba:d4:bc:88:48:7a:cc:bf:e0:7d:cf:0e:1c:
                    5c:a1:a9:3c:b0:ec:18:e6:e3:64:42:06:a6:f5:58:
                    b4:f2:ca:b9:c7:b3:0b:bf:c7:d8:8c:02:1c:7f:99:
                    f3:01:61:55:57:0d:c2:33:58:a4:84:b6:d0:ce:d4:
                    d4:57:c1:4f:6e:51:34:96:88:a7:f7:94:58:fb:77:
                    cd:98:cc:a5:2d:32:75:95:47:6f:66:04:7c:c0:30:
                    c2:61:cb:9f:1c:30:a9:be:61:af:6c:d8:15:f2:31:
                    ad:0d:3e:d7:19:5b:e0:2e:4d:d5:5c:d3:6d:52:d7:
                    6f:c6:57:ee:58:eb:2a:4f:d7:c1:cb:b0:6a:69:06:
                    e8:8e:d5:30:ef:9b:31:3d:77:cb:a4:36:68:32:5c:
                    82:0b:80:b4:05:d2:ca:16:9d:fc:8f:10:70:48:20:
                    e5:95:9a:13:f0:71:f1:69:b5:97:24:e5:87:11:dc:
                    8d:c2:ef:60:c6:78:fa:c3:0d:78:74:9b:d6:2a:04:
                    9f:d3:22:7d:4d:98:12:55:98:ce:7b:e6:9f:9a:7b:
                    8b:15:ff:10:19:0a:0e:f4:da:a3:4d:dc:ec:59:ec:
                    56:31:09:58:37:18:e1:ec:c2:8e:ff:0a:61:31:3b:
                    46:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:B7:08:00:E2:23:94:D6:DB:46:94:AA:44:45:F0:DA:70:11:A4:54
            X509v3 Authority Key Identifier:
                keyid:62:DF:E5:38:84:B9:5A:09:F6:6A:41:6E:14:F5:6C:6B:0F:78:9A:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yt_lOIS5Wgn2akFuFPVsaw94mvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fb0032-bc45-458f-ab2b-2936aa227765/1/wrcIAOIjlNbbRpSqREXw2nARpFQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fb0032-bc45-458f-ab2b-2936aa227765/1/Yt_lOIS5Wgn2akFuFPVsaw94mvw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.124.0/22
                IPv6:
                  2a0d:c000::/29

    Signature Algorithm: sha256WithRSAEncryption
         3d:a2:2b:65:90:c5:20:f1:e4:38:0a:6d:de:2c:51:85:c0:86:
         87:09:73:de:29:ce:e6:15:5d:ae:da:a6:7c:5a:64:dc:60:5b:
         5c:2d:85:d4:df:c2:2a:90:7b:46:05:1f:78:92:1c:f1:36:aa:
         09:c7:88:da:e8:56:e9:0f:a6:ef:c0:63:c4:8b:5c:63:40:06:
         0e:4b:3e:01:3a:69:ec:9a:5b:81:cf:8e:94:2f:6f:8c:d3:eb:
         ef:ea:5d:51:22:e8:26:6d:54:ed:76:3d:33:b8:47:c5:ec:6e:
         ab:ea:3d:42:e0:90:1f:6d:28:c7:a0:ee:3b:57:b9:5b:4d:3a:
         9e:84:1a:11:b8:3b:01:2b:b0:55:37:9b:85:60:75:65:31:4c:
         b4:81:94:fa:66:03:08:d2:56:42:45:d4:ab:0a:c8:12:41:e3:
         e5:66:1f:83:11:2c:a1:09:4f:74:14:53:ee:75:ff:98:6c:1c:
         b1:be:17:d4:bb:73:89:ea:45:55:5b:b9:b8:3e:78:12:d0:56:
         ed:57:b6:a6:ba:4d:73:14:d9:f9:05:3d:44:32:13:a2:6a:23:
         64:dc:7b:d5:c1:c0:d7:25:bc:8c:03:a6:9c:b3:8b:de:d8:d6:
         ac:92:0d:3b:af:89:52:f3:fa:71:52:2a:a4:83:e1:2c:5e:6d:
         0e:fb:b5:04
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTSCkOtqsUu6QqVV67swmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZGZlNTM4ODRiOTVhMDlmNjZhNDE2ZTE0ZjU2YzZiMGY3
ODlhZmMwHhcNMjQwMTAyMDgzMjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmI3MDgwMGUyMjM5NGQ2ZGI0Njk0YWE0NDQ1ZjBkYTcwMTFhNDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQJcXz0iwp62Tv6QUtRza7rUvIhI
esy/4H3PDhxcoak8sOwY5uNkQgam9Vi08sq5x7MLv8fYjAIcf5nzAWFVVw3CM1ik
hLbQztTUV8FPblE0loin95RY+3fNmMylLTJ1lUdvZgR8wDDCYcufHDCpvmGvbNgV
8jGtDT7XGVvgLk3VXNNtUtdvxlfuWOsqT9fBy7BqaQbojtUw75sxPXfLpDZoMlyC
C4C0BdLKFp38jxBwSCDllZoT8HHxabWXJOWHEdyNwu9gxnj6ww14dJvWKgSf0yJ9
TZgSVZjOe+afmnuLFf8QGQoO9NqjTdzsWexWMQlYNxjh7MKO/wphMTtGtwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMK3CADiI5TW20aUqkRF8NpwEaRUMB8GA1UdIwQY
MBaAFGLf5TiEuVoJ9mpBbhT1bGsPeJr8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXRfbE9JUzVXZ24yYWtGdUZQVnNhdzk0bXZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mYjAwMzItYmM0NS00NThmLWFiMmIt
MjkzNmFhMjI3NzY1LzEvd3JjSUFPSWpsTmJiUnBTcVJFWHcybkFScEZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mYjAwMzItYmM0NS00NThmLWFiMmItMjkzNmFhMjI3NzY1
LzEvWXRfbE9JUzVXZ24yYWtGdUZQVnNhdzk0bXZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCud18MA0E
AgACMAcDBQMqDcAAMA0GCSqGSIb3DQEBCwUAA4IBAQA9oitlkMUg8eQ4Cm3eLFGF
wIaHCXPeKc7mFV2u2qZ8WmTcYFtcLYXU38IqkHtGBR94khzxNqoJx4ja6FbpD6bv
wGPEi1xjQAYOSz4BOmnsmluBz46UL2+M0+vv6l1RIugmbVTtdj0zuEfF7G6r6j1C
4JAfbSjHoO47V7lbTTqehBoRuDsBK7BVN5uFYHVlMUy0gZT6ZgMI0lZCRdSrCsgS
QePlZh+DESyhCU90FFPudf+YbByxvhfUu3OJ6kVVW7m4PngS0FbtV7amuk1zFNn5
BT1EMhOiaiNk3HvVwcDXJbyMA6acs4ve2Naskg07r4lS8/pxUiqkg+EsXm0O+7UE
-----END CERTIFICATE-----