Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/b7cd45-1f03-4158-8297-a3f61e30b514/1/wEIK2angHs_dmoZBMDWDHreiupQ.roa
File:                     wEIK2angHs_dmoZBMDWDHreiupQ.roa (raw, json)
Hash identifier:          haqqgAnWNf/VXNb6UwR+CDEkoWmIIT+AFycmmdKLKq4=
Subject key identifier:   C0:42:0A:D9:A9:E0:1E:CF:DD:9A:86:41:30:35:83:1E:B7:A2:BA:94
Certificate issuer:       /CN=c33fadd127e65cd90de3e9568e5cbcfb48c9b24a
Certificate serial:       018CC4253175FB42B9448A342A7C7363CC3A
Authority key identifier: C3:3F:AD:D1:27:E6:5C:D9:0D:E3:E9:56:8E:5C:BC:FB:48:C9:B2:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wz-t0SfmXNkN4-lWjly8-0jJsko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/b7cd45-1f03-4158-8297-a3f61e30b514/1/wEIK2angHs_dmoZBMDWDHreiupQ.roa
Signing time:             Mon 01 Jan 2024 08:30:20 +0000
ROA not before:           Mon 01 Jan 2024 08:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205105
IP address blocks:        185.230.169.0/24 maxlen: 24
                          185.230.168.0/22 maxlen: 22
                          185.230.170.0/24 maxlen: 24
                          185.230.171.0/24 maxlen: 24
                          185.230.168.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/b7cd45-1f03-4158-8297-a3f61e30b514/1/wz-t0SfmXNkN4-lWjly8-0jJsko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/b7cd45-1f03-4158-8297-a3f61e30b514/1/wz-t0SfmXNkN4-lWjly8-0jJsko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wz-t0SfmXNkN4-lWjly8-0jJsko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:03:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:31:75:fb:42:b9:44:8a:34:2a:7c:73:63:cc:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c33fadd127e65cd90de3e9568e5cbcfb48c9b24a
        Validity
            Not Before: Jan  1 08:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c0420ad9a9e01ecfdd9a86413035831eb7a2ba94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:87:91:9c:97:41:cc:27:e5:cf:95:33:6d:dd:
                    21:26:b6:b3:bf:36:86:db:a8:60:15:9b:66:8c:02:
                    e2:49:1e:ac:6f:44:77:78:d9:76:a1:c1:c8:90:46:
                    26:c7:d4:80:8c:a0:5d:db:dd:83:a4:41:c0:04:3b:
                    18:c8:4d:ae:59:ea:e2:be:f3:39:ed:74:86:8b:20:
                    7e:4f:d4:5a:16:cf:1e:f0:8e:af:cb:ed:98:10:ce:
                    aa:99:e7:2b:2c:15:58:ac:7d:62:85:25:ac:88:ad:
                    08:f6:56:77:07:c8:bc:a6:b3:51:ef:d9:9b:4e:df:
                    01:cb:4f:4b:01:4d:0b:16:19:c9:89:4c:48:34:fd:
                    f4:ca:bc:1a:64:d5:27:33:c9:1e:50:a8:50:6c:cf:
                    a2:f9:60:90:80:8b:8c:2a:78:dc:e7:4d:ce:3f:61:
                    86:f3:cf:8a:dc:c5:7e:88:2c:ca:b3:2d:db:f5:d2:
                    93:46:39:fe:6d:16:30:78:19:a1:e7:c2:5f:3f:53:
                    cb:57:f0:34:e4:77:8a:82:6c:56:55:8e:4a:80:8b:
                    9c:6a:f0:61:0b:84:57:9b:20:ad:5e:86:08:51:38:
                    65:d9:1e:df:f8:b4:64:d7:d4:24:20:77:98:33:5f:
                    a2:17:e7:1e:87:4e:b2:73:b0:7b:5c:b0:a2:13:b0:
                    be:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:42:0A:D9:A9:E0:1E:CF:DD:9A:86:41:30:35:83:1E:B7:A2:BA:94
            X509v3 Authority Key Identifier:
                keyid:C3:3F:AD:D1:27:E6:5C:D9:0D:E3:E9:56:8E:5C:BC:FB:48:C9:B2:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wz-t0SfmXNkN4-lWjly8-0jJsko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/b7cd45-1f03-4158-8297-a3f61e30b514/1/wEIK2angHs_dmoZBMDWDHreiupQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/b7cd45-1f03-4158-8297-a3f61e30b514/1/wz-t0SfmXNkN4-lWjly8-0jJsko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.230.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1e:d4:74:fe:26:79:82:4b:0d:73:80:5d:e7:66:55:a7:0f:0e:
         56:f5:b6:71:a8:cd:6a:17:e4:a4:bd:81:2c:85:88:9d:d6:a0:
         4c:32:e6:af:15:ec:37:a0:03:5d:0a:31:25:4b:47:76:03:48:
         e0:cc:c6:1c:46:42:cb:4f:3a:c4:c4:1d:02:d6:a1:8f:e8:75:
         b7:2e:45:e4:05:40:ff:a0:8a:73:f9:ae:48:37:ea:19:94:2b:
         85:56:3d:1f:dc:ea:8c:e9:16:fb:c6:c6:23:68:39:4c:a6:90:
         1d:97:d4:0a:72:2f:59:99:02:8a:e7:b5:00:88:5c:17:21:23:
         cd:49:c3:e3:20:cd:05:ef:5f:b1:8d:dc:7e:d5:5a:ef:07:27:
         50:d8:95:55:2b:cc:8f:95:fb:ad:96:d3:7a:7b:a7:08:9f:7d:
         84:52:93:da:f2:ae:f4:51:85:28:f1:30:6d:e7:f0:55:29:63:
         d1:46:d8:e1:be:bd:05:73:10:d7:d8:9d:1f:ff:00:e2:22:49:
         03:14:de:fb:3c:da:77:c2:bc:40:f4:8c:f1:24:ce:fb:e3:29:
         bb:a5:66:d7:97:41:5e:eb:d5:d9:32:bc:80:b8:f2:c1:b5:75:
         f5:05:59:cf:f1:ca:a5:cb:bf:a5:d7:99:2f:dc:79:d8:0f:80:
         85:a3:ad:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJTF1+0K5RIo0KnxzY8w6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzM2ZhZGQxMjdlNjVjZDkwZGUzZTk1NjhlNWNiY2ZiNDhj
OWIyNGEwHhcNMjQwMTAxMDgzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDQyMGFkOWE5ZTAxZWNmZGQ5YTg2NDEzMDM1ODMxZWI3YTJiYTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgoeRnJdBzCflz5Uzbd0hJrazvzaG
26hgFZtmjALiSR6sb0R3eNl2ocHIkEYmx9SAjKBd292DpEHABDsYyE2uWerivvM5
7XSGiyB+T9RaFs8e8I6vy+2YEM6qmecrLBVYrH1ihSWsiK0I9lZ3B8i8prNR79mb
Tt8By09LAU0LFhnJiUxINP30yrwaZNUnM8keUKhQbM+i+WCQgIuMKnjc503OP2GG
88+K3MV+iCzKsy3b9dKTRjn+bRYweBmh58JfP1PLV/A05HeKgmxWVY5KgIucavBh
C4RXmyCtXoYIUThl2R7f+LRk19QkIHeYM1+iF+ceh06yc7B7XLCiE7C+BQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMBCCtmp4B7P3ZqGQTA1gx63orqUMB8GA1UdIwQY
MBaAFMM/rdEn5lzZDePpVo5cvPtIybJKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3otdDBTZm1YTmtONC1sV2pseTgtMGpKc2tvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9iN2NkNDUtMWYwMy00MTU4LTgyOTct
YTNmNjFlMzBiNTE0LzEvd0VJSzJhbmdIc19kbW9aQk1EV0RIcmVpdXBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9iN2NkNDUtMWYwMy00MTU4LTgyOTctYTNmNjFlMzBiNTE0
LzEvd3otdDBTZm1YTmtONC1sV2pseTgtMGpKc2tvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueaoMA0G
CSqGSIb3DQEBCwUAA4IBAQAe1HT+JnmCSw1zgF3nZlWnDw5W9bZxqM1qF+SkvYEs
hYid1qBMMuavFew3oANdCjElS0d2A0jgzMYcRkLLTzrExB0C1qGP6HW3LkXkBUD/
oIpz+a5IN+oZlCuFVj0f3OqM6Rb7xsYjaDlMppAdl9QKci9ZmQKK57UAiFwXISPN
ScPjIM0F71+xjdx+1VrvBydQ2JVVK8yPlfutltN6e6cIn32EUpPa8q70UYUo8TBt
5/BVKWPRRtjhvr0FcxDX2J0f/wDiIkkDFN77PNp3wrxA9IzxJM774ym7pWbXl0Fe
69XZMryAuPLBtXX1BVnP8cqly7+l15kv3HnYD4CFo62K
-----END CERTIFICATE-----