Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/f9e9a1-fe52-451a-a154-33f73d9fddb5/1/WUoUDAuSYtgIZl8cCLgwN9YrFdw.roa
File:                     WUoUDAuSYtgIZl8cCLgwN9YrFdw.roa (raw, json)
Hash identifier:          66LHWIYDS0yX9w9x5mzF70E+Df7HQu9Qm6KNaMxt9H8=
Subject key identifier:   59:4A:14:0C:0B:92:62:D8:08:66:5F:1C:08:B8:30:37:D6:2B:15:DC
Certificate issuer:       /CN=74722f16a87cffd78fd79050568a1b4c959b1224
Certificate serial:       018DA5F744397AEBEB9D743F9DC4E41A73B4
Authority key identifier: 74:72:2F:16:A8:7C:FF:D7:8F:D7:90:50:56:8A:1B:4C:95:9B:12:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dHIvFqh8_9eP15BQVoobTJWbEiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/f9e9a1-fe52-451a-a154-33f73d9fddb5/1/WUoUDAuSYtgIZl8cCLgwN9YrFdw.roa
Signing time:             Wed 14 Feb 2024 04:54:21 +0000
ROA not before:           Wed 14 Feb 2024 04:54:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206908
IP address blocks:        185.172.118.0/24 maxlen: 24
                          185.172.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/f9e9a1-fe52-451a-a154-33f73d9fddb5/1/dHIvFqh8_9eP15BQVoobTJWbEiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/f9e9a1-fe52-451a-a154-33f73d9fddb5/1/dHIvFqh8_9eP15BQVoobTJWbEiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dHIvFqh8_9eP15BQVoobTJWbEiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 13:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a5:f7:44:39:7a:eb:eb:9d:74:3f:9d:c4:e4:1a:73:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74722f16a87cffd78fd79050568a1b4c959b1224
        Validity
            Not Before: Feb 14 04:54:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=594a140c0b9262d808665f1c08b83037d62b15dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:bc:d8:25:33:79:5d:95:79:8c:3f:97:aa:04:
                    bc:81:75:00:34:08:c1:36:c2:3e:c5:d5:ac:02:c2:
                    31:c9:cd:e3:19:9c:cb:04:66:fc:4f:59:61:ab:63:
                    5b:f3:2a:c8:55:09:69:d4:c5:9f:32:47:ce:11:7e:
                    40:a1:7e:cd:14:ef:e3:78:16:72:90:8b:37:8a:83:
                    1b:39:54:db:51:36:e8:57:9f:3b:54:8f:7e:c2:82:
                    ca:ac:b0:25:a0:b3:df:9e:4d:b9:03:aa:b6:f1:6b:
                    ee:64:41:66:ed:af:e1:69:fb:e7:32:84:5a:ac:e0:
                    77:d2:f7:fe:7f:1b:06:3f:6b:b5:be:0f:dc:f6:0f:
                    72:61:49:55:04:70:32:32:ad:3e:49:6c:87:67:b4:
                    c9:ae:54:19:51:c4:bf:f3:f4:05:c6:57:76:d0:bd:
                    4e:db:44:02:51:59:df:cc:35:02:a3:58:de:8f:50:
                    97:7e:40:10:0d:00:dc:22:d9:99:50:75:8c:34:a4:
                    37:a7:29:c5:09:84:b1:72:a0:48:a1:69:da:b1:8b:
                    88:24:94:bc:81:57:4f:ea:c1:86:51:9d:e0:4d:9d:
                    03:f5:c5:d2:88:8c:62:ee:e3:ff:56:01:79:bc:8c:
                    78:51:cf:72:d7:0a:9b:43:f2:23:d8:ba:7f:80:0c:
                    f6:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:4A:14:0C:0B:92:62:D8:08:66:5F:1C:08:B8:30:37:D6:2B:15:DC
            X509v3 Authority Key Identifier:
                keyid:74:72:2F:16:A8:7C:FF:D7:8F:D7:90:50:56:8A:1B:4C:95:9B:12:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dHIvFqh8_9eP15BQVoobTJWbEiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/f9e9a1-fe52-451a-a154-33f73d9fddb5/1/WUoUDAuSYtgIZl8cCLgwN9YrFdw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/f9e9a1-fe52-451a-a154-33f73d9fddb5/1/dHIvFqh8_9eP15BQVoobTJWbEiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.172.118.0/23

    Signature Algorithm: sha256WithRSAEncryption
         77:97:f6:23:67:7f:a1:16:84:98:c6:8f:49:58:c9:e3:bc:05:
         67:d8:bf:83:e7:52:b2:db:b1:15:96:b7:fe:5e:51:c5:3c:5e:
         8c:68:15:a1:99:29:f2:27:96:18:5f:8c:0a:b1:8c:29:1f:8d:
         af:27:d5:3c:13:55:16:bf:c0:96:c1:be:97:31:44:cf:0a:57:
         14:13:cd:f2:3c:9c:2c:2c:47:14:0c:0a:2b:8c:02:48:0d:67:
         d9:2a:b8:30:48:5d:57:13:7a:66:41:6b:98:e3:8d:db:80:83:
         97:23:ba:05:08:a2:f6:ba:6c:fa:26:9b:1a:bc:46:da:05:38:
         d4:fa:99:e4:95:df:cf:03:a3:c7:02:85:eb:fc:b0:49:1f:58:
         a8:4a:ce:06:9d:f0:46:ba:db:be:08:84:07:cc:c1:07:67:c5:
         a8:74:e7:5b:8e:ce:c3:c4:9e:1c:0b:ae:26:72:bd:fe:68:fd:
         d8:31:0c:8a:81:77:f8:86:0b:9a:d9:4a:78:45:d6:13:da:96:
         11:62:6a:ae:fa:b7:bf:98:86:4e:3f:28:f2:0b:57:9b:52:f7:
         06:5e:34:d9:97:d1:6d:45:9e:30:f1:b4:7d:b5:2a:9f:ef:a5:
         92:3a:9f:55:9e:7e:53:9a:87:33:45:d0:f8:06:04:a0:54:3d:
         31:bb:43:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2l90Q5euvrnXQ/ncTkGnO0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NzIyZjE2YTg3Y2ZmZDc4ZmQ3OTA1MDU2OGExYjRjOTU5
YjEyMjQwHhcNMjQwMjE0MDQ1NDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTRhMTQwYzBiOTI2MmQ4MDg2NjVmMWMwOGI4MzAzN2Q2MmIxNWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhrzYJTN5XZV5jD+XqgS8gXUANAjB
NsI+xdWsAsIxyc3jGZzLBGb8T1lhq2Nb8yrIVQlp1MWfMkfOEX5AoX7NFO/jeBZy
kIs3ioMbOVTbUTboV587VI9+woLKrLAloLPfnk25A6q28WvuZEFm7a/hafvnMoRa
rOB30vf+fxsGP2u1vg/c9g9yYUlVBHAyMq0+SWyHZ7TJrlQZUcS/8/QFxld20L1O
20QCUVnfzDUCo1jej1CXfkAQDQDcItmZUHWMNKQ3pynFCYSxcqBIoWnasYuIJJS8
gVdP6sGGUZ3gTZ0D9cXSiIxi7uP/VgF5vIx4Uc9y1wqbQ/Ij2Lp/gAz22QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFlKFAwLkmLYCGZfHAi4MDfWKxXcMB8GA1UdIwQY
MBaAFHRyLxaofP/Xj9eQUFaKG0yVmxIkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEhJdkZxaDhfOWVQMTVCUVZvb2JUSldiRWlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9mOWU5YTEtZmU1Mi00NTFhLWExNTQt
MzNmNzNkOWZkZGI1LzEvV1VvVURBdVNZdGdJWmw4Y0NMZ3dOOVlyRmR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9mOWU5YTEtZmU1Mi00NTFhLWExNTQtMzNmNzNkOWZkZGI1
LzEvZEhJdkZxaDhfOWVQMTVCUVZvb2JUSldiRWlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuax2MA0G
CSqGSIb3DQEBCwUAA4IBAQB3l/YjZ3+hFoSYxo9JWMnjvAVn2L+D51Ky27EVlrf+
XlHFPF6MaBWhmSnyJ5YYX4wKsYwpH42vJ9U8E1UWv8CWwb6XMUTPClcUE83yPJws
LEcUDAorjAJIDWfZKrgwSF1XE3pmQWuY443bgIOXI7oFCKL2umz6JpsavEbaBTjU
+pnkld/PA6PHAoXr/LBJH1ioSs4GnfBGutu+CIQHzMEHZ8WodOdbjs7DxJ4cC64m
cr3+aP3YMQyKgXf4hgua2Up4RdYT2pYRYmqu+re/mIZOPyjyC1ebUvcGXjTZl9Ft
RZ4w8bR9tSqf76WSOp9Vnn5TmoczRdD4BgSgVD0xu0M1
-----END CERTIFICATE-----