Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/9073ba-88e2-4a45-9daf-5a0a1d0ac58c/1/1wukbEM_Z2cOLmS317mkgQWPtlY.roa
File:                     1wukbEM_Z2cOLmS317mkgQWPtlY.roa (raw, json)
Hash identifier:          mynvXYceF8nnYoZdEmhOk8iYDpjkXUz62HUCHGcK8Wc=
Subject key identifier:   D7:0B:A4:6C:43:3F:67:67:0E:2E:64:B7:D7:B9:A4:81:05:8F:B6:56
Certificate issuer:       /CN=8846405bfcc78066c5192cb3ebe72c443c557288
Certificate serial:       019420D5A3B8C2950845CF9FAB659ABC075B
Authority key identifier: 88:46:40:5B:FC:C7:80:66:C5:19:2C:B3:EB:E7:2C:44:3C:55:72:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iEZAW_zHgGbFGSyz6-csRDxVcog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/9073ba-88e2-4a45-9daf-5a0a1d0ac58c/1/1wukbEM_Z2cOLmS317mkgQWPtlY.roa
Signing time:             Wed 01 Jan 2025 07:47:39 +0000
ROA not before:           Wed 01 Jan 2025 07:47:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205644
IP address blocks:        185.68.182.0/24 maxlen: 24
                          2a13:8b00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/9073ba-88e2-4a45-9daf-5a0a1d0ac58c/1/iEZAW_zHgGbFGSyz6-csRDxVcog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/9073ba-88e2-4a45-9daf-5a0a1d0ac58c/1/iEZAW_zHgGbFGSyz6-csRDxVcog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iEZAW_zHgGbFGSyz6-csRDxVcog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:a3:b8:c2:95:08:45:cf:9f:ab:65:9a:bc:07:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8846405bfcc78066c5192cb3ebe72c443c557288
        Validity
            Not Before: Jan  1 07:47:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d70ba46c433f67670e2e64b7d7b9a481058fb656
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:26:60:9a:6f:26:b3:95:30:6a:11:39:dc:1a:
                    49:f5:5c:cc:fc:de:2d:f0:a7:59:23:2d:4a:0c:9a:
                    3b:0e:1a:8a:d8:13:a4:48:3c:de:7c:22:d2:74:df:
                    dc:31:53:88:79:5c:10:1d:c9:f4:49:20:b3:e8:eb:
                    32:db:80:ea:57:4a:7d:5c:91:6e:a4:a6:e3:38:cd:
                    f6:d1:47:33:e2:a5:12:c7:0a:3f:5c:a1:95:ac:31:
                    25:48:1a:83:40:ce:a9:1c:fc:97:d4:55:5e:e0:13:
                    bc:41:66:9f:32:b1:5d:73:85:33:ee:8f:77:e4:44:
                    d3:dd:64:29:38:32:bd:ad:f7:6b:8b:a2:05:fa:de:
                    c9:de:49:43:61:37:21:d8:3c:82:c2:a0:09:94:13:
                    01:7d:40:fd:00:96:de:5f:0a:3a:40:56:f7:e6:25:
                    9f:9e:b1:da:e2:59:83:30:44:0d:f0:9c:ea:2d:c9:
                    38:4f:a3:ab:8f:a4:aa:27:aa:e8:d0:f4:df:97:45:
                    35:90:70:a1:e0:da:af:8b:20:55:64:ad:1d:9d:fa:
                    e5:70:36:51:43:1a:18:1c:76:67:77:93:0f:16:f9:
                    57:38:44:3c:92:65:ad:8c:2e:f9:c8:f1:a5:5f:bc:
                    3e:66:be:ac:7f:df:72:9b:60:eb:58:ba:1b:50:cf:
                    5e:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:0B:A4:6C:43:3F:67:67:0E:2E:64:B7:D7:B9:A4:81:05:8F:B6:56
            X509v3 Authority Key Identifier:
                keyid:88:46:40:5B:FC:C7:80:66:C5:19:2C:B3:EB:E7:2C:44:3C:55:72:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iEZAW_zHgGbFGSyz6-csRDxVcog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/9073ba-88e2-4a45-9daf-5a0a1d0ac58c/1/1wukbEM_Z2cOLmS317mkgQWPtlY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/9073ba-88e2-4a45-9daf-5a0a1d0ac58c/1/iEZAW_zHgGbFGSyz6-csRDxVcog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.68.182.0/24
                IPv6:
                  2a13:8b00::/29

    Signature Algorithm: sha256WithRSAEncryption
         39:72:90:cc:11:ee:0c:d8:5d:fc:a3:ce:f8:26:6c:be:3b:2b:
         d8:50:36:d6:29:c8:5d:97:d4:88:dd:33:70:4a:b0:fa:00:7d:
         06:04:4a:01:47:91:6c:b5:fa:eb:bf:68:3d:4c:5a:c7:14:05:
         b5:06:01:be:5c:f4:f9:15:b7:25:3e:37:ec:e0:da:32:f6:90:
         59:1c:65:1c:01:b1:27:6d:b7:8c:5c:00:4c:db:45:80:a2:14:
         e7:ef:fd:05:ad:35:30:8c:1b:7b:7d:8a:e4:fc:3b:15:b9:b9:
         3a:f3:40:65:bf:01:0a:ba:49:bf:5e:ab:f5:62:8b:38:ec:95:
         9d:94:51:77:05:5d:16:a6:95:ad:b3:be:c7:24:7f:23:f7:82:
         5d:ed:38:37:1b:a5:9b:43:c0:20:b5:be:a6:03:d9:29:1c:4e:
         2b:e4:d8:9b:99:56:f0:f3:16:56:72:0e:52:ad:03:1c:86:d0:
         59:92:f1:4e:91:6c:0a:a9:4e:70:fb:a3:c9:01:ff:6b:18:63:
         9d:43:fa:17:9f:a2:28:d1:ef:0e:73:a0:7e:42:bc:66:97:a4:
         d3:d4:cf:d7:26:18:89:01:62:ac:8d:27:f7:77:bf:30:44:be:
         00:90:6c:07:e0:5a:1c:84:6b:4d:bb:e6:b1:5b:2a:3b:9a:dc:
         96:58:88:d3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQg1aO4wpUIRc+fq2WavAdbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NDY0MDViZmNjNzgwNjZjNTE5MmNiM2ViZTcyYzQ0M2M1
NTcyODgwHhcNMjUwMTAxMDc0NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzBiYTQ2YzQzM2Y2NzY3MGUyZTY0YjdkN2I5YTQ4MTA1OGZiNjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5CZgmm8ms5UwahE53BpJ9VzM/N4t
8KdZIy1KDJo7DhqK2BOkSDzefCLSdN/cMVOIeVwQHcn0SSCz6Osy24DqV0p9XJFu
pKbjOM320Ucz4qUSxwo/XKGVrDElSBqDQM6pHPyX1FVe4BO8QWafMrFdc4Uz7o93
5ETT3WQpODK9rfdri6IF+t7J3klDYTch2DyCwqAJlBMBfUD9AJbeXwo6QFb35iWf
nrHa4lmDMEQN8JzqLck4T6Orj6SqJ6ro0PTfl0U1kHCh4NqviyBVZK0dnfrlcDZR
QxoYHHZnd5MPFvlXOEQ8kmWtjC75yPGlX7w+Zr6sf99ym2DrWLobUM9eTQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNcLpGxDP2dnDi5kt9e5pIEFj7ZWMB8GA1UdIwQY
MBaAFIhGQFv8x4BmxRkss+vnLEQ8VXKIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUVaQVdfekhnR2JGR1N5ejYtY3NSRHhWY29nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy85MDczYmEtODhlMi00YTQ1LTlkYWYt
NWEwYTFkMGFjNThjLzEvMXd1a2JFTV9aMmNPTG1TMzE3bWtnUVdQdGxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy85MDczYmEtODhlMi00YTQ1LTlkYWYtNWEwYTFkMGFjNThj
LzEvaUVaQVdfekhnR2JGR1N5ejYtY3NSRHhWY29nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuUS2MA0E
AgACMAcDBQMqE4sAMA0GCSqGSIb3DQEBCwUAA4IBAQA5cpDMEe4M2F38o874Jmy+
OyvYUDbWKchdl9SI3TNwSrD6AH0GBEoBR5Fstfrrv2g9TFrHFAW1BgG+XPT5Fbcl
Pjfs4Noy9pBZHGUcAbEnbbeMXABM20WAohTn7/0FrTUwjBt7fYrk/DsVubk680Bl
vwEKukm/Xqv1Yos47JWdlFF3BV0WppWts77HJH8j94Jd7Tg3G6WbQ8Agtb6mA9kp
HE4r5NibmVbw8xZWcg5SrQMchtBZkvFOkWwKqU5w+6PJAf9rGGOdQ/oXn6Io0e8O
c6B+Qrxml6TT1M/XJhiJAWKsjSf3d78wRL4AkGwH4FochGtNu+axWyo7mtyWWIjT
-----END CERTIFICATE-----