Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/ede4a3-8f20-400a-b876-f78c2206575a/1/WZ4Gn0rnKBWc6LxNKNnja42sBIw.roa
File:                     WZ4Gn0rnKBWc6LxNKNnja42sBIw.roa (raw, json)
Hash identifier:          mpOA4YiYSOSVNA8jLZVq2O4h3W0rOE7HYtKv+G/3z2Y=
Subject key identifier:   59:9E:06:9F:4A:E7:28:15:9C:E8:BC:4D:28:D9:E3:6B:8D:AC:04:8C
Certificate issuer:       /CN=8ce735129f777a25bf84727206bf978d9a1db200
Certificate serial:       018CC94BFDA4ADA1BA2547BE44C8EEB7344A
Authority key identifier: 8C:E7:35:12:9F:77:7A:25:BF:84:72:72:06:BF:97:8D:9A:1D:B2:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jOc1Ep93eiW_hHJyBr-XjZodsgA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/ede4a3-8f20-400a-b876-f78c2206575a/1/WZ4Gn0rnKBWc6LxNKNnja42sBIw.roa
Signing time:             Tue 02 Jan 2024 08:30:49 +0000
ROA not before:           Tue 02 Jan 2024 08:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201786
IP address blocks:        185.63.196.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/ede4a3-8f20-400a-b876-f78c2206575a/1/jOc1Ep93eiW_hHJyBr-XjZodsgA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/ede4a3-8f20-400a-b876-f78c2206575a/1/jOc1Ep93eiW_hHJyBr-XjZodsgA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jOc1Ep93eiW_hHJyBr-XjZodsgA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4b:fd:a4:ad:a1:ba:25:47:be:44:c8:ee:b7:34:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ce735129f777a25bf84727206bf978d9a1db200
        Validity
            Not Before: Jan  2 08:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=599e069f4ae728159ce8bc4d28d9e36b8dac048c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:b7:23:38:2f:4f:cd:0c:5e:cf:68:f6:7c:d2:
                    73:fd:c7:9c:dc:c6:6d:2f:7b:b4:40:c4:db:aa:f8:
                    6e:9a:6c:96:d2:54:8c:ec:4e:f4:09:aa:17:47:d7:
                    39:75:8b:74:2c:e2:00:61:5f:b4:f0:52:9b:fa:e2:
                    a8:08:6c:90:09:7f:90:17:89:0f:84:43:d5:6e:21:
                    bb:5e:51:6d:db:25:9d:7e:44:32:f9:9d:7f:2c:63:
                    cd:cc:4a:91:94:dd:6d:c2:d5:77:77:ff:70:56:b3:
                    b2:75:39:cd:a9:ed:3a:a6:fd:12:6b:3a:76:93:ce:
                    f0:5c:d0:2c:86:a8:87:18:7b:7e:93:e4:92:de:91:
                    a7:be:8e:56:0c:4d:a0:8b:7e:8d:5c:11:cb:04:f6:
                    96:c7:0e:ba:6a:8e:bd:3d:2d:3b:cb:ca:9b:5f:84:
                    77:64:5b:04:38:55:ab:ba:97:31:ba:1c:14:90:fe:
                    3b:51:fc:b9:fb:66:db:33:08:be:bb:e6:6f:52:52:
                    e4:f7:2e:e1:5d:0b:73:46:e3:f5:0f:87:90:ea:e3:
                    cf:95:9d:fe:3d:62:32:4f:79:f8:3c:8b:fc:54:a3:
                    7b:8f:9a:35:04:fb:52:6d:d6:c1:d2:87:35:ab:01:
                    ce:d6:6e:6d:1a:d8:69:08:e5:af:f4:96:8f:d0:03:
                    77:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:9E:06:9F:4A:E7:28:15:9C:E8:BC:4D:28:D9:E3:6B:8D:AC:04:8C
            X509v3 Authority Key Identifier:
                keyid:8C:E7:35:12:9F:77:7A:25:BF:84:72:72:06:BF:97:8D:9A:1D:B2:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jOc1Ep93eiW_hHJyBr-XjZodsgA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/ede4a3-8f20-400a-b876-f78c2206575a/1/WZ4Gn0rnKBWc6LxNKNnja42sBIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/ede4a3-8f20-400a-b876-f78c2206575a/1/jOc1Ep93eiW_hHJyBr-XjZodsgA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.63.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6d:5b:e0:88:c8:54:30:40:b7:f6:05:ce:72:ce:a6:32:af:8b:
         bf:cf:32:cd:2a:62:26:b1:74:d8:94:70:6b:c0:04:75:2a:df:
         c2:47:b4:97:e4:46:80:0c:60:b4:1a:c3:6b:5e:6e:1f:57:1a:
         85:9b:c1:70:3e:91:1d:47:c2:1f:b7:22:57:2b:2a:ca:34:8d:
         47:d2:a9:fa:d9:64:65:57:78:94:cd:ac:0b:7a:8f:c5:e3:f0:
         04:e7:30:a3:49:58:ae:cf:1b:23:84:17:d6:ea:75:dd:97:d4:
         a8:62:39:06:f3:63:8e:bf:80:2b:d0:93:d9:e3:88:c0:dc:b4:
         16:39:41:1e:e7:a9:f8:7e:3c:66:80:56:8d:94:24:7b:33:83:
         68:80:ac:8b:9b:30:cd:3c:d8:9e:e4:27:53:57:62:0e:4b:f5:
         07:eb:4f:20:a2:26:36:ee:a2:db:35:d7:a0:3e:33:8d:46:72:
         76:a8:06:a4:da:ea:7c:2f:f2:6e:61:b6:ac:f2:eb:37:5f:e8:
         d2:ee:a8:74:50:f7:6f:f1:18:0d:a6:34:67:95:1c:41:c9:93:
         e2:4a:49:e2:d7:d6:86:1b:19:ee:32:8c:44:66:fd:b0:e9:cc:
         ad:3a:1c:57:39:45:44:b2:1d:06:2c:25:79:0f:62:ff:d0:6c:
         8d:09:dc:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJS/2kraG6JUe+RMjutzRKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjZTczNTEyOWY3NzdhMjViZjg0NzI3MjA2YmY5NzhkOWEx
ZGIyMDAwHhcNMjQwMTAyMDgzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTllMDY5ZjRhZTcyODE1OWNlOGJjNGQyOGQ5ZTM2YjhkYWMwNDhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrcjOC9PzQxez2j2fNJz/cec3MZt
L3u0QMTbqvhummyW0lSM7E70CaoXR9c5dYt0LOIAYV+08FKb+uKoCGyQCX+QF4kP
hEPVbiG7XlFt2yWdfkQy+Z1/LGPNzEqRlN1twtV3d/9wVrOydTnNqe06pv0Sazp2
k87wXNAshqiHGHt+k+SS3pGnvo5WDE2gi36NXBHLBPaWxw66ao69PS07y8qbX4R3
ZFsEOFWrupcxuhwUkP47Ufy5+2bbMwi+u+ZvUlLk9y7hXQtzRuP1D4eQ6uPPlZ3+
PWIyT3n4PIv8VKN7j5o1BPtSbdbB0oc1qwHO1m5tGthpCOWv9JaP0AN3EQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFmeBp9K5ygVnOi8TSjZ42uNrASMMB8GA1UdIwQY
MBaAFIznNRKfd3olv4Rycga/l42aHbIAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvak9jMUVwOTNlaVdfaEhKeUJyLVhqWm9kc2dBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9lZGU0YTMtOGYyMC00MDBhLWI4NzYt
Zjc4YzIyMDY1NzVhLzEvV1o0R24wcm5LQldjNkx4TktObmphNDJzQkl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9lZGU0YTMtOGYyMC00MDBhLWI4NzYtZjc4YzIyMDY1NzVh
LzEvak9jMUVwOTNlaVdfaEhKeUJyLVhqWm9kc2dBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuT/EMA0G
CSqGSIb3DQEBCwUAA4IBAQBtW+CIyFQwQLf2Bc5yzqYyr4u/zzLNKmImsXTYlHBr
wAR1Kt/CR7SX5EaADGC0GsNrXm4fVxqFm8FwPpEdR8IftyJXKyrKNI1H0qn62WRl
V3iUzawLeo/F4/AE5zCjSViuzxsjhBfW6nXdl9SoYjkG82OOv4Ar0JPZ44jA3LQW
OUEe56n4fjxmgFaNlCR7M4NogKyLmzDNPNie5CdTV2IOS/UH608goiY27qLbNdeg
PjONRnJ2qAak2up8L/JuYbas8us3X+jS7qh0UPdv8RgNpjRnlRxByZPiSkni19aG
GxnuMoxEZv2w6cytOhxXOUVEsh0GLCV5D2L/0GyNCdw9
-----END CERTIFICATE-----