Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/w5j608_2d4CuWu9JPKmxbNR6qyM.roa
File:                     w5j608_2d4CuWu9JPKmxbNR6qyM.roa (raw, json)
Hash identifier:          6er/h1D5qh4vFjhwksVsxcNz4MTBtenWeVQfOjWpacA=
Subject key identifier:   C3:98:FA:D3:CF:F6:77:80:AE:5A:EF:49:3C:A9:B1:6C:D4:7A:AB:23
Certificate issuer:       /CN=826605b4d27f13968e8794e6ef091223748817d8
Certificate serial:       018CC7946E010CB5F9800B324F180189CA75
Authority key identifier: 82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/w5j608_2d4CuWu9JPKmxbNR6qyM.roa
Signing time:             Tue 02 Jan 2024 00:30:42 +0000
ROA not before:           Tue 02 Jan 2024 00:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201838
IP address blocks:        168.199.64.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 04:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:6e:01:0c:b5:f9:80:0b:32:4f:18:01:89:ca:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=826605b4d27f13968e8794e6ef091223748817d8
        Validity
            Not Before: Jan  2 00:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c398fad3cff67780ae5aef493ca9b16cd47aab23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:66:d7:4f:88:76:a2:b1:50:fe:bd:d4:e6:09:
                    c3:72:ad:5b:85:35:8f:e3:bd:d7:15:fe:74:bb:8f:
                    64:a1:84:7f:c2:85:e6:b6:50:17:c0:14:9e:7b:96:
                    e9:e0:be:ad:c3:ab:ee:5e:fa:da:06:b3:bd:07:74:
                    37:4f:5b:63:4b:27:59:f4:52:de:03:7e:28:d1:b9:
                    52:2b:c2:87:b1:be:4e:bd:f9:f3:de:88:2e:81:03:
                    31:46:b1:4b:28:55:39:5e:12:07:d6:04:8a:b7:b9:
                    16:96:a1:17:78:6c:a2:f1:1d:e5:e0:92:ad:9c:19:
                    8b:a2:a2:0f:2c:15:6d:49:b3:57:8a:34:13:8f:ab:
                    b0:e4:ac:24:83:04:88:b9:dd:fb:b8:57:1a:69:16:
                    67:96:16:6f:96:b5:a5:5a:4c:5e:b6:80:40:c2:20:
                    24:b0:95:e3:83:fa:8c:47:59:79:83:2c:9e:73:bb:
                    0f:91:ac:df:df:f3:05:98:a2:ff:ff:e5:2f:90:53:
                    85:c0:59:5f:2a:e7:c7:25:c6:67:c1:6c:0f:22:c4:
                    16:04:cc:9e:99:2e:5d:59:dd:b5:54:8b:38:e2:f4:
                    fa:3a:f7:8a:a6:1c:63:35:b8:ef:89:e2:03:7a:40:
                    ed:69:68:3f:63:c5:06:23:6a:e4:e1:6d:cd:ab:da:
                    c5:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:98:FA:D3:CF:F6:77:80:AE:5A:EF:49:3C:A9:B1:6C:D4:7A:AB:23
            X509v3 Authority Key Identifier:
                keyid:82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/w5j608_2d4CuWu9JPKmxbNR6qyM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.199.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         1e:99:99:58:ad:2d:d4:a5:77:ba:e3:52:9c:9c:40:05:55:b0:
         3e:6c:2d:f9:36:bd:cd:85:ae:e8:53:d4:b2:ef:2f:6a:5d:a3:
         cd:bc:12:7d:f3:a9:5e:c5:8a:8e:62:b3:a2:52:fa:9d:81:bd:
         39:6a:bc:1c:f7:6a:dc:26:01:2c:e3:d7:bf:c8:11:15:c8:70:
         b8:f8:a3:c7:e2:d9:91:d8:6d:d2:41:02:08:88:84:8c:2b:f9:
         ab:04:d2:e1:17:8a:ae:de:d6:a6:b7:7b:20:a4:60:4a:8c:db:
         76:1b:1d:8b:f3:15:f9:08:c9:d0:6f:3f:fb:88:7a:8b:dc:b3:
         27:f8:5c:eb:96:5a:54:18:e5:1f:c5:c8:94:43:a7:99:92:bf:
         79:f6:96:f3:6d:2f:4f:91:c9:09:f4:46:a7:19:25:9f:e4:49:
         f9:45:b0:55:50:54:11:da:8f:74:a1:04:fa:df:e0:2e:03:ea:
         ca:23:78:94:c1:af:df:c5:4a:76:7a:1c:d6:ce:fa:e7:d8:2f:
         ee:17:aa:51:b1:84:69:5c:f2:40:30:ca:51:27:93:e4:7e:92:
         59:86:39:6d:08:74:42:99:d1:66:95:b8:cc:52:a9:80:21:95:
         77:e8:8c:78:ec:a4:37:b1:79:e9:47:d3:fb:a6:12:92:db:f7:
         0b:52:0b:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlG4BDLX5gAsyTxgBicp1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNjYwNWI0ZDI3ZjEzOTY4ZTg3OTRlNmVmMDkxMjIzNzQ4
ODE3ZDgwHhcNMjQwMTAyMDAzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzk4ZmFkM2NmZjY3NzgwYWU1YWVmNDkzY2E5YjE2Y2Q0N2FhYjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmbXT4h2orFQ/r3U5gnDcq1bhTWP
473XFf50u49koYR/woXmtlAXwBSee5bp4L6tw6vuXvraBrO9B3Q3T1tjSydZ9FLe
A34o0blSK8KHsb5Ovfnz3ogugQMxRrFLKFU5XhIH1gSKt7kWlqEXeGyi8R3l4JKt
nBmLoqIPLBVtSbNXijQTj6uw5KwkgwSIud37uFcaaRZnlhZvlrWlWkxetoBAwiAk
sJXjg/qMR1l5gyyec7sPkazf3/MFmKL//+UvkFOFwFlfKufHJcZnwWwPIsQWBMye
mS5dWd21VIs44vT6OveKphxjNbjvieIDekDtaWg/Y8UGI2rk4W3Nq9rFMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMOY+tPP9neArlrvSTypsWzUeqsjMB8GA1UdIwQY
MBaAFIJmBbTSfxOWjoeU5u8JEiN0iBfYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEt
MmQxOTE4YmExYzBlLzEvdzVqNjA4XzJkNEN1V3U5SlBLbXhiTlI2cXlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEtMmQxOTE4YmExYzBl
LzEvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFqMdAMA0G
CSqGSIb3DQEBCwUAA4IBAQAemZlYrS3UpXe641KcnEAFVbA+bC35Nr3Nha7oU9Sy
7y9qXaPNvBJ986lexYqOYrOiUvqdgb05arwc92rcJgEs49e/yBEVyHC4+KPH4tmR
2G3SQQIIiISMK/mrBNLhF4qu3tamt3sgpGBKjNt2Gx2L8xX5CMnQbz/7iHqL3LMn
+FzrllpUGOUfxciUQ6eZkr959pbzbS9PkckJ9EanGSWf5En5RbBVUFQR2o90oQT6
3+AuA+rKI3iUwa/fxUp2ehzWzvrn2C/uF6pRsYRpXPJAMMpRJ5PkfpJZhjltCHRC
mdFmlbjMUqmAIZV36Ix47KQ3sXnpR9P7phKS2/cLUgvN
-----END CERTIFICATE-----