Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/e5e3fa-99ee-45cf-bd9a-0e6c1fe9d015/1/wF5xWukF7dSS0fTX7kuwdsf1n1k.roa
File:                     wF5xWukF7dSS0fTX7kuwdsf1n1k.roa (raw, json)
Hash identifier:          kPj5oLMci+uQ7JHI8zeSyq+jzI8AWX4oJrqUpZJovwE=
Subject key identifier:   C0:5E:71:5A:E9:05:ED:D4:92:D1:F4:D7:EE:4B:B0:76:C7:F5:9F:59
Certificate issuer:       /CN=a7436375fb0322756b55daff64e265ef72c0da52
Certificate serial:       018CC348DF77D156FAEFA8E2C3FBC50265D7
Authority key identifier: A7:43:63:75:FB:03:22:75:6B:55:DA:FF:64:E2:65:EF:72:C0:DA:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p0NjdfsDInVrVdr_ZOJl73LA2lI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/e5e3fa-99ee-45cf-bd9a-0e6c1fe9d015/1/wF5xWukF7dSS0fTX7kuwdsf1n1k.roa
Signing time:             Mon 01 Jan 2024 04:29:42 +0000
ROA not before:           Mon 01 Jan 2024 04:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198785
IP address blocks:        185.155.226.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/e5e3fa-99ee-45cf-bd9a-0e6c1fe9d015/1/p0NjdfsDInVrVdr_ZOJl73LA2lI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/e5e3fa-99ee-45cf-bd9a-0e6c1fe9d015/1/p0NjdfsDInVrVdr_ZOJl73LA2lI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p0NjdfsDInVrVdr_ZOJl73LA2lI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:df:77:d1:56:fa:ef:a8:e2:c3:fb:c5:02:65:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7436375fb0322756b55daff64e265ef72c0da52
        Validity
            Not Before: Jan  1 04:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c05e715ae905edd492d1f4d7ee4bb076c7f59f59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:93:e2:a5:95:16:54:f4:89:8b:d9:75:23:72:
                    90:7b:26:27:2d:82:c0:9d:b0:4f:eb:fb:51:1c:c7:
                    28:a0:6c:1f:d5:a4:0a:b9:1a:86:70:63:32:09:b1:
                    69:aa:54:9e:66:73:ad:19:43:5a:a2:06:44:91:43:
                    5a:4c:8b:02:5c:7a:96:55:7b:ca:5f:25:5e:a3:11:
                    05:c6:2d:35:57:22:a3:0b:49:6a:5a:a6:02:9a:2d:
                    ee:38:b9:42:5f:c3:8b:6d:33:e8:a8:3e:92:a6:f3:
                    af:14:d6:b9:2b:04:81:fd:99:c3:67:0d:1d:ba:28:
                    c6:94:8e:bf:53:bd:9c:07:d4:d5:65:c1:79:03:2f:
                    77:ef:d8:80:35:a4:1b:05:5e:b0:de:08:d6:2f:45:
                    1b:ef:22:08:e8:6b:64:61:99:aa:95:f5:f7:d0:73:
                    22:13:b3:7b:63:62:91:41:0d:08:8a:4c:bd:e7:01:
                    61:34:09:0b:fd:1f:aa:44:8d:fa:4b:46:64:46:47:
                    20:b1:28:95:4f:0a:ed:13:db:86:de:bd:ec:bf:12:
                    c9:01:82:3b:7b:26:18:30:7b:80:09:16:13:d8:37:
                    64:27:ca:6c:04:98:57:f8:c9:d0:9d:d3:b1:62:67:
                    87:85:08:cf:ca:a4:97:84:77:ad:84:3d:c3:49:75:
                    81:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:5E:71:5A:E9:05:ED:D4:92:D1:F4:D7:EE:4B:B0:76:C7:F5:9F:59
            X509v3 Authority Key Identifier:
                keyid:A7:43:63:75:FB:03:22:75:6B:55:DA:FF:64:E2:65:EF:72:C0:DA:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p0NjdfsDInVrVdr_ZOJl73LA2lI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/e5e3fa-99ee-45cf-bd9a-0e6c1fe9d015/1/wF5xWukF7dSS0fTX7kuwdsf1n1k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/e5e3fa-99ee-45cf-bd9a-0e6c1fe9d015/1/p0NjdfsDInVrVdr_ZOJl73LA2lI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.226.0/23

    Signature Algorithm: sha256WithRSAEncryption
         16:a1:6a:3d:d0:7e:05:e7:20:cd:d5:8b:23:50:29:ce:61:85:
         16:35:1c:b7:44:22:75:6c:f0:75:08:af:3f:c6:88:e9:1d:7d:
         45:1a:79:01:97:ba:a9:55:62:b5:65:e4:c1:bf:8e:ab:ba:68:
         93:c4:5a:56:7d:8a:e4:a0:b8:64:d6:1f:a6:22:96:c0:67:03:
         2a:c2:af:07:0f:b0:dd:5b:6a:96:4c:5a:2a:ea:33:9e:df:6e:
         d4:33:e5:fc:8e:f6:e8:85:26:e4:eb:b4:3f:bd:1d:75:41:8c:
         13:22:20:2f:c5:ea:9a:61:b6:48:cb:ee:b0:9a:72:81:ce:86:
         1d:76:0b:30:d8:05:71:63:6d:f0:a3:5e:3d:39:67:71:68:2d:
         f2:09:52:81:24:34:86:f0:67:6c:a4:cd:12:2c:ab:2e:da:ee:
         38:65:7f:be:63:c1:01:1f:6d:b8:45:1e:df:e3:ef:56:9b:e5:
         7f:f1:1c:95:38:83:54:a9:cf:1c:70:78:8a:c9:63:35:cd:f2:
         e8:c6:ea:f0:54:82:b3:94:2d:a2:e2:af:bc:97:1f:e9:2e:ce:
         e1:50:a5:03:c9:71:26:40:20:61:12:5d:cd:bc:a8:7e:34:bc:
         77:1c:bf:c6:11:7c:a5:81:7f:fb:d2:a4:51:9e:a2:95:da:ac:
         00:ad:69:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSN930Vb676jiw/vFAmXXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3NDM2Mzc1ZmIwMzIyNzU2YjU1ZGFmZjY0ZTI2NWVmNzJj
MGRhNTIwHhcNMjQwMTAxMDQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDVlNzE1YWU5MDVlZGQ0OTJkMWY0ZDdlZTRiYjA3NmM3ZjU5ZjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZPipZUWVPSJi9l1I3KQeyYnLYLA
nbBP6/tRHMcooGwf1aQKuRqGcGMyCbFpqlSeZnOtGUNaogZEkUNaTIsCXHqWVXvK
XyVeoxEFxi01VyKjC0lqWqYCmi3uOLlCX8OLbTPoqD6SpvOvFNa5KwSB/ZnDZw0d
uijGlI6/U72cB9TVZcF5Ay9379iANaQbBV6w3gjWL0Ub7yII6GtkYZmqlfX30HMi
E7N7Y2KRQQ0Iiky95wFhNAkL/R+qRI36S0ZkRkcgsSiVTwrtE9uG3r3svxLJAYI7
eyYYMHuACRYT2DdkJ8psBJhX+MnQndOxYmeHhQjPyqSXhHethD3DSXWBAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMBecVrpBe3UktH01+5LsHbH9Z9ZMB8GA1UdIwQY
MBaAFKdDY3X7AyJ1a1Xa/2TiZe9ywNpSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDBOamRmc0RJblZyVmRyX1pPSmw3M0xBMmxJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9lNWUzZmEtOTllZS00NWNmLWJkOWEt
MGU2YzFmZTlkMDE1LzEvd0Y1eFd1a0Y3ZFNTMGZUWDdrdXdkc2YxbjFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9lNWUzZmEtOTllZS00NWNmLWJkOWEtMGU2YzFmZTlkMDE1
LzEvcDBOamRmc0RJblZyVmRyX1pPSmw3M0xBMmxJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuZviMA0G
CSqGSIb3DQEBCwUAA4IBAQAWoWo90H4F5yDN1YsjUCnOYYUWNRy3RCJ1bPB1CK8/
xojpHX1FGnkBl7qpVWK1ZeTBv46rumiTxFpWfYrkoLhk1h+mIpbAZwMqwq8HD7Dd
W2qWTFoq6jOe327UM+X8jvbohSbk67Q/vR11QYwTIiAvxeqaYbZIy+6wmnKBzoYd
dgsw2AVxY23wo149OWdxaC3yCVKBJDSG8GdspM0SLKsu2u44ZX++Y8EBH224RR7f
4+9Wm+V/8RyVOINUqc8ccHiKyWM1zfLoxurwVIKzlC2i4q+8lx/pLs7hUKUDyXEm
QCBhEl3NvKh+NLx3HL/GEXylgX/70qRRnqKV2qwArWk+
-----END CERTIFICATE-----