Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/1202e2-0b54-42ee-933a-2b1dc992eca2/1/WnvRC50CZwPUnRmKZ8efQKxmA9k.roa
File:                     WnvRC50CZwPUnRmKZ8efQKxmA9k.roa (raw, json)
Hash identifier:          VkMal+MKGWYm2xGX1uO+3HVAxTsZVtVPFuAaHEwHH2E=
Subject key identifier:   5A:7B:D1:0B:9D:02:67:03:D4:9D:19:8A:67:C7:9F:40:AC:66:03:D9
Certificate issuer:       /CN=a7e70a05b98639cd7ae57feb1a40b367ec9c43ad
Certificate serial:       018CC3B68D55BAD02597200D63CAEF8DAFED
Authority key identifier: A7:E7:0A:05:B9:86:39:CD:7A:E5:7F:EB:1A:40:B3:67:EC:9C:43:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p-cKBbmGOc165X_rGkCzZ-ycQ60.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/1202e2-0b54-42ee-933a-2b1dc992eca2/1/WnvRC50CZwPUnRmKZ8efQKxmA9k.roa
Signing time:             Mon 01 Jan 2024 06:29:30 +0000
ROA not before:           Mon 01 Jan 2024 06:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205222
IP address blocks:        185.225.58.0/24 maxlen: 24
                          185.225.57.0/24 maxlen: 24
                          185.225.56.0/22 maxlen: 22
                          185.225.56.0/24 maxlen: 24
                          185.225.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/1202e2-0b54-42ee-933a-2b1dc992eca2/1/p-cKBbmGOc165X_rGkCzZ-ycQ60.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/1202e2-0b54-42ee-933a-2b1dc992eca2/1/p-cKBbmGOc165X_rGkCzZ-ycQ60.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p-cKBbmGOc165X_rGkCzZ-ycQ60.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:8d:55:ba:d0:25:97:20:0d:63:ca:ef:8d:af:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7e70a05b98639cd7ae57feb1a40b367ec9c43ad
        Validity
            Not Before: Jan  1 06:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a7bd10b9d026703d49d198a67c79f40ac6603d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:bd:1f:b6:1e:8f:5b:ce:18:a9:36:86:7f:dd:
                    04:e1:04:86:dc:81:ee:ff:b4:78:46:e8:45:96:9a:
                    0f:40:16:2e:aa:80:99:15:d7:de:9f:20:02:b8:93:
                    4d:c4:5e:3d:0d:36:94:0d:8b:72:4e:f1:8c:b2:09:
                    08:6b:30:0d:7e:f9:ba:18:36:b6:8c:9f:cd:d5:02:
                    17:b0:53:6a:2e:69:ab:2c:6e:95:dc:06:9d:dd:31:
                    da:3b:a1:45:51:53:fc:be:bf:b0:6b:d7:7d:16:92:
                    3f:06:1c:e3:a1:db:67:e1:85:2a:86:12:e6:31:b0:
                    d5:b4:89:a2:f8:72:7e:98:44:29:0a:a9:ad:be:30:
                    73:d5:0c:17:63:35:aa:ac:dc:db:31:f2:7f:1b:22:
                    91:31:5b:24:79:c5:58:19:ce:fc:0b:19:ae:ca:a1:
                    03:5c:8a:bc:2c:8c:62:67:50:3c:1a:74:b4:7a:8f:
                    01:5d:bd:9f:c1:a7:b7:da:ac:2f:71:74:17:b5:d2:
                    30:b2:04:00:0a:67:f7:16:10:6b:4d:73:1b:cf:dc:
                    db:a1:46:39:28:b0:3d:4e:cb:25:77:ad:60:98:a1:
                    ee:7b:a2:c8:b0:f0:2a:f1:60:ef:6b:c5:07:33:5c:
                    84:2e:47:51:32:a3:f4:f2:ca:45:27:30:d0:d1:d8:
                    11:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:7B:D1:0B:9D:02:67:03:D4:9D:19:8A:67:C7:9F:40:AC:66:03:D9
            X509v3 Authority Key Identifier:
                keyid:A7:E7:0A:05:B9:86:39:CD:7A:E5:7F:EB:1A:40:B3:67:EC:9C:43:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p-cKBbmGOc165X_rGkCzZ-ycQ60.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/1202e2-0b54-42ee-933a-2b1dc992eca2/1/WnvRC50CZwPUnRmKZ8efQKxmA9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/1202e2-0b54-42ee-933a-2b1dc992eca2/1/p-cKBbmGOc165X_rGkCzZ-ycQ60.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         60:73:69:b7:fd:7c:19:11:23:1a:b4:14:4f:c4:36:cf:a5:e9:
         0e:87:7f:3c:be:50:bf:d5:f8:1f:06:a6:f0:bb:d8:d6:21:cd:
         b3:5a:45:08:18:40:9e:2b:29:a7:2f:f3:87:c9:11:95:63:19:
         99:1c:8c:df:1a:74:52:d4:f9:e2:d9:6b:61:f4:de:bc:f7:5f:
         b2:a2:80:f3:7e:15:14:e2:93:3d:5a:97:d9:8a:22:4e:73:19:
         5f:97:59:79:4e:a8:c4:85:a2:cc:43:e2:71:b6:ad:10:33:6d:
         e6:d9:48:53:12:88:4e:68:d5:24:da:f4:61:f0:80:b7:94:78:
         14:3d:0e:62:97:e9:7b:ef:0a:7d:0c:02:b1:d2:5c:cf:bc:bc:
         11:ab:db:75:94:e6:0b:84:97:57:4b:82:d5:48:8c:4f:26:0e:
         96:4f:a9:b8:17:50:a0:10:0b:4c:48:d3:60:43:ae:f5:71:ed:
         8a:e6:e3:fa:98:bd:c5:50:1a:4f:3c:04:5c:c7:08:86:36:70:
         ab:35:08:f7:b7:e1:46:35:af:64:e8:cd:43:04:3d:15:62:2a:
         7f:97:e5:10:2c:b0:a5:34:62:8f:36:92:c5:cb:53:39:1a:28:
         cd:b3:36:12:73:11:13:7f:49:f5:ce:c9:61:18:fa:3e:ed:f7:
         28:7d:fd:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDto1VutAllyANY8rvja/tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZTcwYTA1Yjk4NjM5Y2Q3YWU1N2ZlYjFhNDBiMzY3ZWM5
YzQzYWQwHhcNMjQwMTAxMDYyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTdiZDEwYjlkMDI2NzAzZDQ5ZDE5OGE2N2M3OWY0MGFjNjYwM2Q5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgL0fth6PW84YqTaGf90E4QSG3IHu
/7R4RuhFlpoPQBYuqoCZFdfenyACuJNNxF49DTaUDYtyTvGMsgkIazANfvm6GDa2
jJ/N1QIXsFNqLmmrLG6V3Aad3THaO6FFUVP8vr+wa9d9FpI/Bhzjodtn4YUqhhLm
MbDVtImi+HJ+mEQpCqmtvjBz1QwXYzWqrNzbMfJ/GyKRMVskecVYGc78CxmuyqED
XIq8LIxiZ1A8GnS0eo8BXb2fwae32qwvcXQXtdIwsgQACmf3FhBrTXMbz9zboUY5
KLA9Tssld61gmKHue6LIsPAq8WDva8UHM1yELkdRMqP08spFJzDQ0dgRXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFp70QudAmcD1J0ZimfHn0CsZgPZMB8GA1UdIwQY
MBaAFKfnCgW5hjnNeuV/6xpAs2fsnEOtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcC1jS0JibUdPYzE2NVhfckdrQ3paLXljUTYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8xMjAyZTItMGI1NC00MmVlLTkzM2Et
MmIxZGM5OTJlY2EyLzEvV252UkM1MENad1BVblJtS1o4ZWZRS3htQTlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8xMjAyZTItMGI1NC00MmVlLTkzM2EtMmIxZGM5OTJlY2Ey
LzEvcC1jS0JibUdPYzE2NVhfckdrQ3paLXljUTYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueE4MA0G
CSqGSIb3DQEBCwUAA4IBAQBgc2m3/XwZESMatBRPxDbPpekOh388vlC/1fgfBqbw
u9jWIc2zWkUIGECeKymnL/OHyRGVYxmZHIzfGnRS1Pni2Wth9N6891+yooDzfhUU
4pM9WpfZiiJOcxlfl1l5TqjEhaLMQ+Jxtq0QM23m2UhTEohOaNUk2vRh8IC3lHgU
PQ5il+l77wp9DAKx0lzPvLwRq9t1lOYLhJdXS4LVSIxPJg6WT6m4F1CgEAtMSNNg
Q671ce2K5uP6mL3FUBpPPARcxwiGNnCrNQj3t+FGNa9k6M1DBD0VYip/l+UQLLCl
NGKPNpLFy1M5GijNszYScxETf0n1zslhGPo+7fcoff2f
-----END CERTIFICATE-----