Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/617715-9484-40f9-896c-724b1a0212d4/1/wQBAZKiXfAq_q_jpfHmZjtTn55A.roa
File:                     wQBAZKiXfAq_q_jpfHmZjtTn55A.roa (raw, json)
Hash identifier:          dYtF6fRIhEGo8P9NvnzqkjfHpLNqaBR943xpr8PpkEo=
Subject key identifier:   C1:00:40:64:A8:97:7C:0A:BF:AB:F8:E9:7C:79:99:8E:D4:E7:E7:90
Certificate issuer:       /CN=ea1c951d61b87da19439784d23667a89cb3290a4
Certificate serial:       018CC50025D3380313B80191C634761D0330
Authority key identifier: EA:1C:95:1D:61:B8:7D:A1:94:39:78:4D:23:66:7A:89:CB:32:90:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6hyVHWG4faGUOXhNI2Z6icsykKQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/617715-9484-40f9-896c-724b1a0212d4/1/wQBAZKiXfAq_q_jpfHmZjtTn55A.roa
Signing time:             Mon 01 Jan 2024 12:29:30 +0000
ROA not before:           Mon 01 Jan 2024 12:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200845
IP address blocks:        185.113.239.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/617715-9484-40f9-896c-724b1a0212d4/1/6hyVHWG4faGUOXhNI2Z6icsykKQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/617715-9484-40f9-896c-724b1a0212d4/1/6hyVHWG4faGUOXhNI2Z6icsykKQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6hyVHWG4faGUOXhNI2Z6icsykKQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:25:d3:38:03:13:b8:01:91:c6:34:76:1d:03:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea1c951d61b87da19439784d23667a89cb3290a4
        Validity
            Not Before: Jan  1 12:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1004064a8977c0abfabf8e97c79998ed4e7e790
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:20:5d:eb:bd:5f:bd:f3:6c:c4:77:bf:d6:db:
                    79:e5:06:6c:fa:14:a4:36:bd:68:ae:bc:9b:bd:d1:
                    7f:07:31:75:bd:cf:76:58:f4:09:aa:96:2f:e2:d8:
                    cc:b6:4c:58:af:22:c0:f7:b8:dc:4c:1e:f4:dc:82:
                    9d:6d:e9:3d:61:37:e5:3a:4d:0a:24:c7:e3:1d:ce:
                    ae:5c:cd:55:f4:6d:4b:96:58:26:72:9b:08:c1:c6:
                    d7:e1:8d:2a:2b:18:d4:50:0c:38:ef:28:90:71:11:
                    3f:db:bf:70:34:65:24:e3:7c:2d:65:8a:ad:04:4c:
                    8b:14:3e:17:56:3d:71:c0:f2:c4:5d:1d:68:2d:1f:
                    73:77:2a:c4:86:b4:4b:3b:95:2b:5c:fe:69:89:30:
                    75:68:d9:62:5b:be:b4:2b:31:f7:d3:4f:55:70:cf:
                    19:c3:46:fb:b3:b4:4d:7d:62:af:8e:8b:3a:d4:1f:
                    e8:8f:14:95:32:13:bd:50:f2:42:59:05:eb:51:e0:
                    bf:41:b6:ea:5d:31:49:ce:72:ad:a5:90:b2:6f:df:
                    08:7e:81:67:e4:f1:9a:7f:f7:06:b3:46:59:97:d5:
                    06:8c:34:52:73:22:43:4b:77:11:7a:bc:53:d4:18:
                    e7:08:9f:03:99:e6:52:75:2a:ba:35:3d:d1:6a:6f:
                    d1:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:00:40:64:A8:97:7C:0A:BF:AB:F8:E9:7C:79:99:8E:D4:E7:E7:90
            X509v3 Authority Key Identifier:
                keyid:EA:1C:95:1D:61:B8:7D:A1:94:39:78:4D:23:66:7A:89:CB:32:90:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6hyVHWG4faGUOXhNI2Z6icsykKQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/617715-9484-40f9-896c-724b1a0212d4/1/wQBAZKiXfAq_q_jpfHmZjtTn55A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/617715-9484-40f9-896c-724b1a0212d4/1/6hyVHWG4faGUOXhNI2Z6icsykKQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.113.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:d5:51:87:51:5e:60:f2:9d:ee:21:ec:c6:0b:10:aa:02:8e:
         e9:70:99:54:e8:94:72:55:3c:68:0f:2f:ff:f1:8e:75:c4:fd:
         01:6d:b0:ae:fb:f9:89:fc:82:e2:ae:ef:70:29:48:4c:f8:27:
         68:06:97:a1:64:e5:df:42:0c:03:b9:c1:34:fc:1a:99:1e:70:
         88:ca:4a:38:3c:a4:d1:ba:7d:11:a4:38:40:c0:b8:b5:22:65:
         02:28:1e:80:15:0a:3a:bf:82:91:9f:c0:4a:6e:b9:35:fb:72:
         c2:16:21:0b:c4:5d:a7:15:69:02:30:9d:43:3c:8b:c2:2e:5e:
         d0:2b:2d:2f:c2:f6:d4:7b:3a:3c:42:e4:c3:3b:21:fa:d9:e4:
         c3:83:7e:af:2d:9f:b6:b4:da:95:6e:d0:74:c4:fe:08:d4:92:
         31:b4:4a:6a:fc:98:10:35:c0:74:e3:40:68:df:ef:57:d3:63:
         93:e0:0c:2c:6c:47:5e:20:1a:27:23:87:00:bc:9e:36:ae:13:
         8a:e8:d3:63:c8:60:dc:50:b8:9d:3a:2b:5a:8f:d0:d8:ac:2b:
         fb:bd:72:08:81:1b:66:b3:07:e4:96:69:90:6b:97:ea:eb:7a:
         a9:4e:69:02:ba:31:58:1b:40:ad:73:b7:1f:87:b5:dc:02:3c:
         0d:ac:d8:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFACXTOAMTuAGRxjR2HQMwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhMWM5NTFkNjFiODdkYTE5NDM5Nzg0ZDIzNjY3YTg5Y2Iz
MjkwYTQwHhcNMjQwMTAxMTIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTAwNDA2NGE4OTc3YzBhYmZhYmY4ZTk3Yzc5OTk4ZWQ0ZTdlNzkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoiBd671fvfNsxHe/1tt55QZs+hSk
Nr1orrybvdF/BzF1vc92WPQJqpYv4tjMtkxYryLA97jcTB703IKdbek9YTflOk0K
JMfjHc6uXM1V9G1LllgmcpsIwcbX4Y0qKxjUUAw47yiQcRE/279wNGUk43wtZYqt
BEyLFD4XVj1xwPLEXR1oLR9zdyrEhrRLO5UrXP5piTB1aNliW760KzH3009VcM8Z
w0b7s7RNfWKvjos61B/ojxSVMhO9UPJCWQXrUeC/QbbqXTFJznKtpZCyb98IfoFn
5PGaf/cGs0ZZl9UGjDRScyJDS3cRerxT1BjnCJ8DmeZSdSq6NT3Ram/RhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMEAQGSol3wKv6v46Xx5mY7U5+eQMB8GA1UdIwQY
MBaAFOoclR1huH2hlDl4TSNmeonLMpCkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmh5VkhXRzRmYUdVT1hoTkkyWjZpY3N5a0tRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS82MTc3MTUtOTQ4NC00MGY5LTg5NmMt
NzI0YjFhMDIxMmQ0LzEvd1FCQVpLaVhmQXFfcV9qcGZIbVpqdFRuNTVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS82MTc3MTUtOTQ4NC00MGY5LTg5NmMtNzI0YjFhMDIxMmQ0
LzEvNmh5VkhXRzRmYUdVT1hoTkkyWjZpY3N5a0tRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXHvMA0G
CSqGSIb3DQEBCwUAA4IBAQAf1VGHUV5g8p3uIezGCxCqAo7pcJlU6JRyVTxoDy//
8Y51xP0BbbCu+/mJ/ILiru9wKUhM+CdoBpehZOXfQgwDucE0/BqZHnCIyko4PKTR
un0RpDhAwLi1ImUCKB6AFQo6v4KRn8BKbrk1+3LCFiELxF2nFWkCMJ1DPIvCLl7Q
Ky0vwvbUezo8QuTDOyH62eTDg36vLZ+2tNqVbtB0xP4I1JIxtEpq/JgQNcB040Bo
3+9X02OT4AwsbEdeIBonI4cAvJ42rhOK6NNjyGDcULidOitaj9DYrCv7vXIIgRtm
swfklmmQa5fq63qpTmkCujFYG0Ctc7cfh7XcAjwNrNjb
-----END CERTIFICATE-----