Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/wDivuVtF4ZlarCLWhTxi7mlMgfg.roa
File:                     wDivuVtF4ZlarCLWhTxi7mlMgfg.roa (raw, json)
Hash identifier:          jlze6m6UfFOKshbpZ4bVM8048TUbLfRO5Dc7G7dPPqE=
Subject key identifier:   C0:38:AF:B9:5B:45:E1:99:5A:AC:22:D6:85:3C:62:EE:69:4C:81:F8
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       018CC801D99B0D53D2649408F797526E1479
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/wDivuVtF4ZlarCLWhTxi7mlMgfg.roa
Signing time:             Tue 02 Jan 2024 02:30:13 +0000
ROA not before:           Tue 02 Jan 2024 02:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47553
IP address blocks:        185.254.72.0/24 maxlen: 24
                          185.213.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:d9:9b:0d:53:d2:64:94:08:f7:97:52:6e:14:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jan  2 02:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c038afb95b45e1995aac22d6853c62ee694c81f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:2c:f7:c7:e7:3b:b9:50:77:65:2a:74:69:37:
                    d0:cb:94:6d:f6:6d:c6:f7:97:74:ae:a3:22:32:96:
                    2a:92:12:75:72:41:3c:48:ee:4e:9e:dc:d9:b9:2e:
                    2b:5e:c6:0f:c5:13:58:66:5b:37:25:95:1f:d7:5c:
                    54:78:fb:46:a1:c5:81:d6:7a:1f:21:36:63:3e:cb:
                    ed:05:2b:fd:cd:bf:63:a4:4f:17:b2:a9:63:21:7d:
                    64:52:a2:75:54:d7:57:28:b0:8e:89:bf:74:0e:cd:
                    46:5f:78:fd:61:d2:f0:1c:69:59:b3:33:07:ba:54:
                    f8:5f:37:b7:27:74:e9:6c:c9:5a:4e:9e:78:c9:e3:
                    09:87:49:13:92:48:87:7e:b9:0f:c9:b0:b9:13:26:
                    9a:e9:cd:3c:ff:00:0d:9d:9f:d9:37:08:50:a0:f2:
                    55:26:05:50:48:6a:e1:a4:56:32:40:01:06:65:c3:
                    ad:c2:35:e1:31:ba:4b:01:d2:51:8a:ea:44:38:f6:
                    e5:3c:16:df:a1:23:67:e2:cf:cc:e1:20:8b:d9:bf:
                    68:3e:13:14:e3:5c:bb:ac:24:0b:e6:09:f8:8d:fe:
                    8b:90:ab:c3:1e:be:42:5a:b3:ab:48:1f:1e:6c:b7:
                    17:37:09:1c:69:c2:38:31:f9:0a:fa:75:e8:c6:ba:
                    0f:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:38:AF:B9:5B:45:E1:99:5A:AC:22:D6:85:3C:62:EE:69:4C:81:F8
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/wDivuVtF4ZlarCLWhTxi7mlMgfg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.213.150.0/24
                  185.254.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:d3:2c:94:a2:a7:ea:21:4a:86:38:7e:3d:e4:32:91:2d:0b:
         cc:cb:6a:63:2a:39:15:0f:6c:5a:43:12:13:4d:1f:9d:be:3a:
         90:75:56:de:8a:e2:d2:4b:9b:a9:e9:a6:f8:88:08:33:14:59:
         b0:38:3e:fe:c8:ce:1b:8f:87:7b:78:49:2f:32:50:9e:e2:63:
         05:40:39:a0:b4:a8:fd:78:f5:39:06:bb:57:8c:3d:f6:83:bb:
         e0:48:c2:c0:76:80:16:da:60:23:04:74:68:62:53:1d:4e:35:
         66:bc:09:82:0c:55:fc:f7:c8:19:cb:7f:16:96:20:32:59:cc:
         12:17:3b:25:c8:ad:ca:ab:15:da:67:90:b2:70:76:a3:b6:2e:
         c6:b1:79:90:43:52:c2:f7:87:63:b1:b2:f2:54:0a:51:6a:0b:
         38:da:a1:ce:f0:f4:ee:a6:2c:f1:af:25:4a:d2:2f:30:98:87:
         ec:cd:d4:8f:ed:9e:dc:0e:15:41:af:0f:0d:1d:7e:63:bd:e0:
         15:89:5f:22:7b:67:89:61:23:c6:20:d5:dd:2b:79:00:a6:4a:
         e3:2c:6c:f9:b1:97:be:ae:bf:4a:43:a5:aa:7a:ac:12:a6:29:
         d9:12:1a:f0:6d:3b:63:01:73:6e:3b:c2:ce:1e:ad:5d:21:35:
         10:8c:3c:42
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAdmbDVPSZJQI95dSbhR5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjQwMTAyMDIzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDM4YWZiOTViNDVlMTk5NWFhYzIyZDY4NTNjNjJlZTY5NGM4MWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCz3x+c7uVB3ZSp0aTfQy5Rt9m3G
95d0rqMiMpYqkhJ1ckE8SO5OntzZuS4rXsYPxRNYZls3JZUf11xUePtGocWB1nof
ITZjPsvtBSv9zb9jpE8XsqljIX1kUqJ1VNdXKLCOib90Ds1GX3j9YdLwHGlZszMH
ulT4Xze3J3TpbMlaTp54yeMJh0kTkkiHfrkPybC5Eyaa6c08/wANnZ/ZNwhQoPJV
JgVQSGrhpFYyQAEGZcOtwjXhMbpLAdJRiupEOPblPBbfoSNn4s/M4SCL2b9oPhMU
41y7rCQL5gn4jf6LkKvDHr5CWrOrSB8ebLcXNwkcacI4MfkK+nXoxroPpQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMA4r7lbReGZWqwi1oU8Yu5pTIH4MB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvd0RpdnVWdEY0WmxhckNMV2hUeGk3bWxNZ2ZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAudWWAwQA
uf5IMA0GCSqGSIb3DQEBCwUAA4IBAQA60yyUoqfqIUqGOH495DKRLQvMy2pjKjkV
D2xaQxITTR+dvjqQdVbeiuLSS5up6ab4iAgzFFmwOD7+yM4bj4d7eEkvMlCe4mMF
QDmgtKj9ePU5BrtXjD32g7vgSMLAdoAW2mAjBHRoYlMdTjVmvAmCDFX898gZy38W
liAyWcwSFzslyK3KqxXaZ5CycHajti7GsXmQQ1LC94djsbLyVApRags42qHO8PTu
pizxryVK0i8wmIfszdSP7Z7cDhVBrw8NHX5jveAViV8ie2eJYSPGINXdK3kApkrj
LGz5sZe+rr9KQ6WqeqwSpinZEhrwbTtjAXNuO8LOHq1dITUQjDxC
-----END CERTIFICATE-----