Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/w0i3WhmDiBAorR5V74p3DfgPofw.roa
File:                     w0i3WhmDiBAorR5V74p3DfgPofw.roa (raw, json)
Hash identifier:          vRJzYeAClGlypwsSsXCpILTOzlZFlocJdP9Tzs2eSiQ=
Subject key identifier:   C3:48:B7:5A:19:83:88:10:28:AD:1E:55:EF:8A:77:0D:F8:0F:A1:FC
Certificate issuer:       /CN=583d76051017d0afa915fcfb790a00f4667b0a88
Certificate serial:       018CCA2B812065B0A22B668592E217B46941
Authority key identifier: 58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/w0i3WhmDiBAorR5V74p3DfgPofw.roa
Signing time:             Tue 02 Jan 2024 12:34:57 +0000
ROA not before:           Tue 02 Jan 2024 12:34:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48555
IP address blocks:        194.225.240.0/21 maxlen: 24
                          194.225.248.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:81:20:65:b0:a2:2b:66:85:92:e2:17:b4:69:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=583d76051017d0afa915fcfb790a00f4667b0a88
        Validity
            Not Before: Jan  2 12:34:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c348b75a1983881028ad1e55ef8a770df80fa1fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:b9:82:d2:04:43:c2:48:de:b0:f5:74:68:d3:
                    9a:f5:14:82:c2:5b:b9:43:b6:f6:5b:b3:73:ea:d7:
                    04:dd:33:4a:70:7c:91:a8:fe:c9:7e:eb:14:66:59:
                    74:55:a9:32:fe:90:7b:f8:59:eb:05:cf:c4:0d:46:
                    70:f3:a5:bf:50:32:15:08:05:b9:e4:4f:2a:2a:ab:
                    8b:86:cd:ff:88:88:f4:64:cf:e7:8e:17:5d:4f:fe:
                    13:56:69:a0:1d:24:98:32:d4:96:46:e6:32:0b:be:
                    ee:97:93:b6:94:d7:33:85:63:98:97:9f:02:45:e2:
                    60:4f:ec:6f:98:7f:5e:6e:a7:01:90:53:05:fb:98:
                    a2:06:37:4c:2d:ac:ea:45:1f:72:4f:8b:29:0b:da:
                    be:08:c0:52:53:ae:78:88:1a:e4:5d:1e:2c:b4:16:
                    5d:0c:e2:61:6e:c5:5b:d6:69:cd:cb:0b:2f:48:db:
                    d8:6e:3b:d4:51:f4:77:73:4b:0e:60:c3:27:a1:94:
                    ff:82:c4:44:6c:66:c9:8b:57:72:e0:d7:13:5d:cc:
                    d5:5f:19:37:c9:33:b3:8f:4e:32:85:0f:b6:cc:00:
                    d8:c6:3d:79:f6:24:2c:4c:59:ca:53:d7:00:17:93:
                    53:d4:62:6c:b8:23:d4:be:05:b8:41:c6:27:db:e8:
                    93:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:48:B7:5A:19:83:88:10:28:AD:1E:55:EF:8A:77:0D:F8:0F:A1:FC
            X509v3 Authority Key Identifier:
                keyid:58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/w0i3WhmDiBAorR5V74p3DfgPofw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.225.240.0-194.225.251.255

    Signature Algorithm: sha256WithRSAEncryption
         7d:bc:11:20:87:04:5a:d5:ed:ab:cc:d3:94:89:1e:9c:41:93:
         8e:bd:25:c9:cc:45:e1:2d:5e:93:5a:56:a2:cc:62:af:57:ed:
         8c:00:28:16:c8:c9:57:10:76:7b:bc:83:1f:e7:ea:53:73:cc:
         bc:52:8e:87:54:ff:d2:55:20:04:76:4f:fb:72:91:72:f7:c7:
         40:af:fa:f7:a2:3e:9b:35:75:c8:da:60:23:ae:20:21:f0:bc:
         82:50:38:46:ef:98:02:7b:2e:ba:dc:0a:8a:ae:bf:e9:78:ab:
         6f:92:4c:af:4e:b2:6e:64:29:6b:ae:60:35:2a:df:28:66:31:
         3b:28:46:b7:24:83:59:f2:d5:df:3a:ca:fd:01:a0:a6:c0:2a:
         ff:9d:00:e5:2f:c0:f0:06:c8:28:78:f5:14:b8:46:16:58:0c:
         4b:71:d0:92:5c:32:be:5e:a0:9f:76:ff:45:b2:d6:59:61:ed:
         a3:0a:20:6d:90:42:af:29:31:66:cd:5b:c6:15:cf:78:3b:93:
         59:7f:2e:38:2d:65:0f:69:4b:4c:27:e9:1a:b1:ea:4b:2e:21:
         eb:14:6f:64:19:76:69:ac:fc:d5:92:a9:86:87:31:d3:a1:9a:
         51:d2:74:47:e6:20:78:5d:10:1c:b8:bc:cb:1e:dc:b0:03:35:
         51:af:12:d1
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzKK4EgZbCiK2aFkuIXtGlBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4M2Q3NjA1MTAxN2QwYWZhOTE1ZmNmYjc5MGEwMGY0NjY3
YjBhODgwHhcNMjQwMTAyMTIzNDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzQ4Yjc1YTE5ODM4ODEwMjhhZDFlNTVlZjhhNzcwZGY4MGZhMWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh7mC0gRDwkjesPV0aNOa9RSCwlu5
Q7b2W7Nz6tcE3TNKcHyRqP7JfusUZll0Vaky/pB7+FnrBc/EDUZw86W/UDIVCAW5
5E8qKquLhs3/iIj0ZM/njhddT/4TVmmgHSSYMtSWRuYyC77ul5O2lNczhWOYl58C
ReJgT+xvmH9ebqcBkFMF+5iiBjdMLazqRR9yT4spC9q+CMBSU654iBrkXR4stBZd
DOJhbsVb1mnNywsvSNvYbjvUUfR3c0sOYMMnoZT/gsREbGbJi1dy4NcTXczVXxk3
yTOzj04yhQ+2zADYxj159iQsTFnKU9cAF5NT1GJsuCPUvgW4QcYn2+iT2wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMNIt1oZg4gQKK0eVe+Kdw34D6H8MB8GA1UdIwQY
MBaAFFg9dgUQF9CvqRX8+3kKAPRmewqIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGIt
ZGE2MTUzODg1ZjNiLzEvdzBpM1dobURpQkFvclI1Vjc0cDNEZmdQb2Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGItZGE2MTUzODg1ZjNi
LzEvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBATC4fAD
BALC4fgwDQYJKoZIhvcNAQELBQADggEBAH28ESCHBFrV7avM05SJHpxBk469JcnM
ReEtXpNaVqLMYq9X7YwAKBbIyVcQdnu8gx/n6lNzzLxSjodU/9JVIAR2T/tykXL3
x0Cv+veiPps1dcjaYCOuICHwvIJQOEbvmAJ7LrrcCoquv+l4q2+STK9Osm5kKWuu
YDUq3yhmMTsoRrckg1ny1d86yv0BoKbAKv+dAOUvwPAGyCh49RS4RhZYDEtx0JJc
Mr5eoJ92/0Wy1llh7aMKIG2QQq8pMWbNW8YVz3g7k1l/LjgtZQ9pS0wn6Rqx6ksu
IesUb2QZdmms/NWSqYaHMdOhmlHSdEfmIHhdEBy4vMse3LADNVGvEtE=
-----END CERTIFICATE-----