Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/e6e15c-12b0-40be-8bc1-5708f580e36a/1/WpWAWNcYds_fdl6PzeRewgUyWNo.roa
File:                     WpWAWNcYds_fdl6PzeRewgUyWNo.roa (raw, json)
Hash identifier:          W3BpQohrrZGICSjPWZ7cwZ5ue7ZwnYGzSF2LzSDJ8wI=
Subject key identifier:   5A:95:80:58:D7:18:76:CF:DF:76:5E:8F:CD:E4:5E:C2:05:32:58:DA
Certificate issuer:       /CN=0a73778fb1bec28c9982652aede86a004c2682f1
Certificate serial:       018CC50058A3AA98A1B82547974B314AF9A4
Authority key identifier: 0A:73:77:8F:B1:BE:C2:8C:99:82:65:2A:ED:E8:6A:00:4C:26:82:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CnN3j7G-woyZgmUq7ehqAEwmgvE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/e6e15c-12b0-40be-8bc1-5708f580e36a/1/WpWAWNcYds_fdl6PzeRewgUyWNo.roa
Signing time:             Mon 01 Jan 2024 12:29:43 +0000
ROA not before:           Mon 01 Jan 2024 12:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202192
IP address blocks:        185.30.28.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/e6e15c-12b0-40be-8bc1-5708f580e36a/1/CnN3j7G-woyZgmUq7ehqAEwmgvE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/e6e15c-12b0-40be-8bc1-5708f580e36a/1/CnN3j7G-woyZgmUq7ehqAEwmgvE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CnN3j7G-woyZgmUq7ehqAEwmgvE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:58:a3:aa:98:a1:b8:25:47:97:4b:31:4a:f9:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a73778fb1bec28c9982652aede86a004c2682f1
        Validity
            Not Before: Jan  1 12:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a958058d71876cfdf765e8fcde45ec2053258da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:e4:64:ab:85:6a:70:88:6e:dd:76:9a:d2:fd:
                    98:cf:49:d6:51:2c:52:cc:ba:8b:91:12:37:d7:a3:
                    43:c5:30:db:77:4f:b2:51:95:5d:d8:89:ec:6c:b4:
                    da:15:31:de:5d:63:64:94:0d:73:c8:ad:b2:19:fc:
                    2a:ea:85:24:dc:21:e1:80:46:4b:f3:14:45:72:14:
                    9d:b8:30:ba:17:d3:71:1c:72:a4:3a:68:70:2c:4f:
                    a0:a4:6c:58:c2:46:6d:7b:f1:b5:bf:4f:ed:e4:f5:
                    08:cf:2c:21:a6:6e:28:8d:1d:35:55:8c:3e:c3:6b:
                    44:b1:6a:2f:9e:f5:b6:42:af:d1:b9:a1:5a:ef:be:
                    67:5f:0c:7d:01:0e:f0:11:87:90:30:f7:38:cb:9e:
                    a1:4d:0d:99:5b:cf:70:30:1c:b3:97:c3:53:ec:72:
                    b0:c3:d5:c3:ef:23:e8:aa:37:56:84:cc:94:90:53:
                    74:49:a5:37:76:48:2d:92:fd:e5:dc:c9:65:fe:c6:
                    09:8b:9f:d9:f9:67:82:c7:b6:ee:1c:5d:fc:c3:21:
                    88:9e:b6:bc:41:95:fe:da:6f:a0:2f:26:bc:0c:cc:
                    e7:27:fd:86:92:56:1b:fc:85:85:f2:a3:fe:6e:f9:
                    df:bd:4a:7e:87:d5:77:ef:08:ac:33:33:67:97:fa:
                    0a:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:95:80:58:D7:18:76:CF:DF:76:5E:8F:CD:E4:5E:C2:05:32:58:DA
            X509v3 Authority Key Identifier:
                keyid:0A:73:77:8F:B1:BE:C2:8C:99:82:65:2A:ED:E8:6A:00:4C:26:82:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CnN3j7G-woyZgmUq7ehqAEwmgvE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/e6e15c-12b0-40be-8bc1-5708f580e36a/1/WpWAWNcYds_fdl6PzeRewgUyWNo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/e6e15c-12b0-40be-8bc1-5708f580e36a/1/CnN3j7G-woyZgmUq7ehqAEwmgvE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.30.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7c:c4:1b:dc:25:da:14:18:64:b3:02:3a:e1:ab:7e:f0:24:b4:
         d1:5e:49:ef:c0:ac:32:36:37:b8:4c:c9:ba:96:73:a2:e1:7d:
         25:e6:6c:55:09:ee:81:28:dd:aa:53:23:32:f1:ce:a2:73:29:
         00:2c:f5:d7:cb:79:1f:de:3f:a2:3c:5f:bd:79:c3:ce:bc:b7:
         e0:f3:87:9f:49:b1:76:41:56:e6:25:f0:63:cf:51:e7:eb:bf:
         eb:6d:b5:bd:22:15:d6:b0:06:63:e5:e0:6f:c6:95:eb:4a:bf:
         8e:20:d1:4e:28:5d:11:05:33:4b:e1:73:b3:15:d1:41:c9:f8:
         ee:76:ff:8d:21:e5:2e:7f:a9:35:5d:4a:87:65:95:74:b1:69:
         60:cc:d0:99:aa:06:85:3a:77:18:fc:f9:ed:f8:31:03:20:f6:
         85:c6:52:84:b4:84:bd:7a:ef:46:67:2e:2e:d7:f2:b8:d0:8f:
         d2:f9:24:e9:ae:80:ae:66:48:8b:7a:24:2b:4c:d7:64:5b:d5:
         29:ba:7d:74:86:dc:7e:8b:47:e5:b5:e7:aa:70:36:f3:10:04:
         26:b8:21:d0:67:27:11:97:46:9b:14:60:68:93:bf:9e:74:52:
         39:2f:86:dc:9e:ba:28:c5:b5:9f:b5:23:c8:fd:56:f4:89:71:
         f5:f6:63:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAFijqpihuCVHl0sxSvmkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNzM3NzhmYjFiZWMyOGM5OTgyNjUyYWVkZTg2YTAwNGMy
NjgyZjEwHhcNMjQwMTAxMTIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTk1ODA1OGQ3MTg3NmNmZGY3NjVlOGZjZGU0NWVjMjA1MzI1OGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgORkq4VqcIhu3Xaa0v2Yz0nWUSxS
zLqLkRI316NDxTDbd0+yUZVd2InsbLTaFTHeXWNklA1zyK2yGfwq6oUk3CHhgEZL
8xRFchSduDC6F9NxHHKkOmhwLE+gpGxYwkZte/G1v0/t5PUIzywhpm4ojR01VYw+
w2tEsWovnvW2Qq/RuaFa775nXwx9AQ7wEYeQMPc4y56hTQ2ZW89wMByzl8NT7HKw
w9XD7yPoqjdWhMyUkFN0SaU3dkgtkv3l3Mll/sYJi5/Z+WeCx7buHF38wyGInra8
QZX+2m+gLya8DMznJ/2GklYb/IWF8qP+bvnfvUp+h9V37wisMzNnl/oKBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFqVgFjXGHbP33Zej83kXsIFMljaMB8GA1UdIwQY
MBaAFApzd4+xvsKMmYJlKu3oagBMJoLxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ25OM2o3Ry13b3laZ21VcTdlaHFBRXdtZ3ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni9lNmUxNWMtMTJiMC00MGJlLThiYzEt
NTcwOGY1ODBlMzZhLzEvV3BXQVdOY1lkc19mZGw2UHplUmV3Z1V5V05vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni9lNmUxNWMtMTJiMC00MGJlLThiYzEtNTcwOGY1ODBlMzZh
LzEvQ25OM2o3Ry13b3laZ21VcTdlaHFBRXdtZ3ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuR4cMA0G
CSqGSIb3DQEBCwUAA4IBAQB8xBvcJdoUGGSzAjrhq37wJLTRXknvwKwyNje4TMm6
lnOi4X0l5mxVCe6BKN2qUyMy8c6icykALPXXy3kf3j+iPF+9ecPOvLfg84efSbF2
QVbmJfBjz1Hn67/rbbW9IhXWsAZj5eBvxpXrSr+OINFOKF0RBTNL4XOzFdFByfju
dv+NIeUuf6k1XUqHZZV0sWlgzNCZqgaFOncY/Pnt+DEDIPaFxlKEtIS9eu9GZy4u
1/K40I/S+STproCuZkiLeiQrTNdkW9Upun10htx+i0flteeqcDbzEAQmuCHQZycR
l0abFGBok7+edFI5L4bcnrooxbWftSPI/Vb0iXH19mNq
-----END CERTIFICATE-----