Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/fc1bef-e72b-4a45-9463-8fd394b5357c/1/wbQu2dug3Anajnt0EaRWvWccGMw.roa
File:                     wbQu2dug3Anajnt0EaRWvWccGMw.roa (raw, json)
Hash identifier:          rTW+uoaJc0WwqrTJSX3gWjS3QlnoRESyetkM99ifefc=
Subject key identifier:   C1:B4:2E:D9:DB:A0:DC:09:DA:8E:7B:74:11:A4:56:BD:67:1C:18:CC
Certificate issuer:       /CN=cfeace714c29568ef197007b141d12758cc415d5
Certificate serial:       018CCA993F6C13E061A9539834B83D26FB34
Authority key identifier: CF:EA:CE:71:4C:29:56:8E:F1:97:00:7B:14:1D:12:75:8C:C4:15:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z-rOcUwpVo7xlwB7FB0SdYzEFdU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/fc1bef-e72b-4a45-9463-8fd394b5357c/1/wbQu2dug3Anajnt0EaRWvWccGMw.roa
Signing time:             Tue 02 Jan 2024 14:34:49 +0000
ROA not before:           Tue 02 Jan 2024 14:34:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41175
IP address blocks:        185.114.104.0/22 maxlen: 24
                          81.201.208.0/20 maxlen: 24
                          2a00:e900::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/fc1bef-e72b-4a45-9463-8fd394b5357c/1/z-rOcUwpVo7xlwB7FB0SdYzEFdU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/fc1bef-e72b-4a45-9463-8fd394b5357c/1/z-rOcUwpVo7xlwB7FB0SdYzEFdU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z-rOcUwpVo7xlwB7FB0SdYzEFdU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:3f:6c:13:e0:61:a9:53:98:34:b8:3d:26:fb:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfeace714c29568ef197007b141d12758cc415d5
        Validity
            Not Before: Jan  2 14:34:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1b42ed9dba0dc09da8e7b7411a456bd671c18cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:35:5c:31:53:51:ac:0c:fa:22:9d:f2:d6:b2:
                    9a:49:58:99:c2:f3:59:ce:23:11:6e:7b:c0:89:29:
                    f4:72:a8:eb:9f:db:81:98:3f:a5:02:f9:bc:00:4e:
                    26:88:d6:e5:0b:36:f5:6e:60:4a:68:85:c1:0b:58:
                    68:b1:5e:d5:2e:a5:80:9a:60:f6:d6:2b:a0:fe:29:
                    bf:9b:fe:73:79:a4:69:05:5b:79:07:90:be:f7:2b:
                    a3:d7:ec:a2:15:3f:5b:c8:4e:61:69:0c:92:17:f5:
                    f7:21:05:39:b3:90:d9:f8:bc:36:0b:29:0f:eb:a2:
                    a0:3b:32:ee:a4:df:99:14:e6:ea:cc:eb:2e:cb:53:
                    07:5c:52:0d:f0:f6:e4:80:d0:c0:7b:6c:e8:fe:49:
                    b6:78:ae:25:0c:99:7c:c0:1a:31:1e:fd:95:9d:be:
                    b7:1e:fa:c6:a1:ef:9b:0f:d2:3a:cb:c5:6c:c3:4e:
                    a8:28:17:dc:6d:48:38:02:48:3e:d0:2c:90:20:c8:
                    9d:e7:7c:43:8e:e5:3c:22:8e:fd:a4:ca:80:7c:38:
                    42:e7:6c:c4:70:ab:76:f0:9d:93:b8:60:07:be:d5:
                    97:96:dc:bd:3a:df:90:ad:f9:fa:56:20:24:8b:e2:
                    bd:a5:35:55:5a:b8:ef:93:e8:6b:8d:01:3a:46:85:
                    19:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:B4:2E:D9:DB:A0:DC:09:DA:8E:7B:74:11:A4:56:BD:67:1C:18:CC
            X509v3 Authority Key Identifier:
                keyid:CF:EA:CE:71:4C:29:56:8E:F1:97:00:7B:14:1D:12:75:8C:C4:15:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z-rOcUwpVo7xlwB7FB0SdYzEFdU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/fc1bef-e72b-4a45-9463-8fd394b5357c/1/wbQu2dug3Anajnt0EaRWvWccGMw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/fc1bef-e72b-4a45-9463-8fd394b5357c/1/z-rOcUwpVo7xlwB7FB0SdYzEFdU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.201.208.0/20
                  185.114.104.0/22
                IPv6:
                  2a00:e900::/29

    Signature Algorithm: sha256WithRSAEncryption
         22:9d:4e:22:a0:69:9c:b3:89:2e:90:af:94:df:59:92:03:4a:
         d8:ad:84:41:18:17:49:08:41:4b:a4:fb:66:eb:6d:43:3a:07:
         8c:6c:cd:c3:d9:fe:18:bf:94:06:9c:8e:23:54:c7:7e:1b:dd:
         51:08:ad:ce:48:63:1b:d4:54:4b:ee:7c:19:45:c1:66:c6:36:
         88:d8:29:0f:8e:7a:4d:cb:a2:10:e1:f9:96:c4:70:a9:93:06:
         1e:52:5b:f6:c7:6f:c0:e3:a9:c4:e6:cc:a6:a4:1b:b1:dd:de:
         e3:89:9e:56:10:48:2f:4f:00:55:18:14:90:bb:1b:0f:0f:37:
         b4:f2:43:ff:06:47:16:17:9f:70:36:4c:79:5b:e9:27:71:9c:
         b8:aa:d6:5d:c0:00:8c:2e:7b:d3:fc:7c:d3:62:ff:77:22:8a:
         5c:c1:bc:49:79:6c:53:85:c4:a9:b6:7d:64:67:e3:4e:50:36:
         f7:f1:86:b5:25:21:92:da:e3:80:6d:d3:66:aa:2a:86:47:3e:
         c3:13:70:43:d8:4b:fb:51:77:23:ff:28:04:8c:4c:1f:b2:d1:
         4a:d0:ae:a4:26:b5:8e:e8:f2:7c:33:57:ba:26:f5:18:e0:d0:
         b0:fe:95:3c:d7:04:70:63:74:df:d7:28:58:c1:d1:f6:4d:01:
         de:40:3d:9d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzKmT9sE+BhqVOYNLg9Jvs0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmZWFjZTcxNGMyOTU2OGVmMTk3MDA3YjE0MWQxMjc1OGNj
NDE1ZDUwHhcNMjQwMTAyMTQzNDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWI0MmVkOWRiYTBkYzA5ZGE4ZTdiNzQxMWE0NTZiZDY3MWMxOGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoTVcMVNRrAz6Ip3y1rKaSViZwvNZ
ziMRbnvAiSn0cqjrn9uBmD+lAvm8AE4miNblCzb1bmBKaIXBC1hosV7VLqWAmmD2
1iug/im/m/5zeaRpBVt5B5C+9yuj1+yiFT9byE5haQySF/X3IQU5s5DZ+Lw2CykP
66KgOzLupN+ZFObqzOsuy1MHXFIN8PbkgNDAe2zo/km2eK4lDJl8wBoxHv2Vnb63
HvrGoe+bD9I6y8Vsw06oKBfcbUg4Akg+0CyQIMid53xDjuU8Io79pMqAfDhC52zE
cKt28J2TuGAHvtWXlty9Ot+Qrfn6ViAki+K9pTVVWrjvk+hrjQE6RoUZIwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMG0LtnboNwJ2o57dBGkVr1nHBjMMB8GA1UdIwQY
MBaAFM/qznFMKVaO8ZcAexQdEnWMxBXVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvei1yT2NVd3BWbzd4bHdCN0ZCMFNkWXpFRmRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9mYzFiZWYtZTcyYi00YTQ1LTk0NjMt
OGZkMzk0YjUzNTdjLzEvd2JRdTJkdWczQW5ham50MEVhUld2V2NjR013LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9mYzFiZWYtZTcyYi00YTQ1LTk0NjMtOGZkMzk0YjUzNTdj
LzEvei1yT2NVd3BWbzd4bHdCN0ZCMFNkWXpFRmRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEUcnQAwQC
uXJoMA0EAgACMAcDBQMqAOkAMA0GCSqGSIb3DQEBCwUAA4IBAQAinU4ioGmcs4ku
kK+U31mSA0rYrYRBGBdJCEFLpPtm621DOgeMbM3D2f4Yv5QGnI4jVMd+G91RCK3O
SGMb1FRL7nwZRcFmxjaI2CkPjnpNy6IQ4fmWxHCpkwYeUlv2x2/A46nE5sympBux
3d7jiZ5WEEgvTwBVGBSQuxsPDze08kP/BkcWF59wNkx5W+kncZy4qtZdwACMLnvT
/HzTYv93IopcwbxJeWxThcSptn1kZ+NOUDb38Ya1JSGS2uOAbdNmqiqGRz7DE3BD
2Ev7UXcj/ygEjEwfstFK0K6kJrWO6PJ8M1e6JvUY4NCw/pU81wRwY3Tf1yhYwdH2
TQHeQD2d
-----END CERTIFICATE-----