Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/c9035d-e57b-43f3-93d1-c27d1a85569b/1/W8VDKeAy2osQ0ZGL6fMahX-LEfY.roa
File:                     W8VDKeAy2osQ0ZGL6fMahX-LEfY.roa (raw, json)
Hash identifier:          FbgzQF6i0XaPz0OWaLZUUe/Jp4kc2WdYG4vu+rq/ijg=
Subject key identifier:   5B:C5:43:29:E0:32:DA:8B:10:D1:91:8B:E9:F3:1A:85:7F:8B:11:F6
Certificate issuer:       /CN=48fec1af2f321b1d1b8287a1fd05513ce66e4cfd
Certificate serial:       018CC3B72A6EA8BAE06FBA34C8F277BBE522
Authority key identifier: 48:FE:C1:AF:2F:32:1B:1D:1B:82:87:A1:FD:05:51:3C:E6:6E:4C:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SP7Bry8yGx0bgoeh_QVRPOZuTP0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/c9035d-e57b-43f3-93d1-c27d1a85569b/1/W8VDKeAy2osQ0ZGL6fMahX-LEfY.roa
Signing time:             Mon 01 Jan 2024 06:30:10 +0000
ROA not before:           Mon 01 Jan 2024 06:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197752
IP address blocks:        176.100.200.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/c9035d-e57b-43f3-93d1-c27d1a85569b/1/SP7Bry8yGx0bgoeh_QVRPOZuTP0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/c9035d-e57b-43f3-93d1-c27d1a85569b/1/SP7Bry8yGx0bgoeh_QVRPOZuTP0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SP7Bry8yGx0bgoeh_QVRPOZuTP0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Jun 2024 06:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:2a:6e:a8:ba:e0:6f:ba:34:c8:f2:77:bb:e5:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=48fec1af2f321b1d1b8287a1fd05513ce66e4cfd
        Validity
            Not Before: Jan  1 06:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5bc54329e032da8b10d1918be9f31a857f8b11f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:7e:46:e6:5f:7c:bc:20:1e:58:5a:4d:b8:21:
                    9c:58:64:01:d2:e7:d6:df:48:a8:8d:86:1e:b1:e3:
                    59:a2:97:5d:68:00:b5:e2:15:0d:d1:d3:ae:fa:01:
                    b7:30:e3:2f:5a:f2:d6:9b:90:1a:39:bc:89:c3:62:
                    56:f9:07:9f:a8:48:1b:05:a8:a9:b0:af:47:80:39:
                    50:cc:5d:36:35:aa:c7:f7:f0:0e:c4:89:27:92:67:
                    50:00:49:b5:1f:26:ba:33:60:22:da:13:7f:10:31:
                    3c:0d:13:5a:92:74:62:2a:84:f3:58:0d:a1:96:31:
                    67:10:cd:bf:d5:3f:7c:93:c7:44:bd:1e:66:41:43:
                    d7:86:87:22:0e:f0:01:bf:e7:cc:db:d2:b3:f5:b2:
                    52:99:a8:87:48:05:ca:78:8c:16:d1:f9:b8:dc:64:
                    e3:b9:67:c5:d6:30:e7:8e:bd:93:18:92:41:45:43:
                    d7:e6:fc:d5:79:5a:1e:cb:df:50:4c:72:d1:eb:82:
                    89:7d:91:d7:8d:3f:42:a9:e6:9c:a4:47:6f:fc:92:
                    20:dc:a2:b8:b5:fe:c1:3e:36:f9:cb:34:40:4b:bd:
                    f9:08:04:21:ef:58:1f:34:f2:64:65:d0:cc:f0:4a:
                    46:c3:0e:46:d0:38:09:b1:7f:cd:28:48:cc:14:c5:
                    9b:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:C5:43:29:E0:32:DA:8B:10:D1:91:8B:E9:F3:1A:85:7F:8B:11:F6
            X509v3 Authority Key Identifier:
                keyid:48:FE:C1:AF:2F:32:1B:1D:1B:82:87:A1:FD:05:51:3C:E6:6E:4C:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SP7Bry8yGx0bgoeh_QVRPOZuTP0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c9035d-e57b-43f3-93d1-c27d1a85569b/1/W8VDKeAy2osQ0ZGL6fMahX-LEfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c9035d-e57b-43f3-93d1-c27d1a85569b/1/SP7Bry8yGx0bgoeh_QVRPOZuTP0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.100.200.0/21

    Signature Algorithm: sha256WithRSAEncryption
         0e:4b:ef:45:c8:45:a2:74:bf:5b:59:99:95:86:a1:8f:d5:50:
         92:8c:8e:60:6b:87:e9:db:c3:50:fd:dc:b9:fe:6d:a4:b7:81:
         51:cf:8a:2d:c7:a6:13:90:24:a2:61:3c:e1:63:2f:73:ff:fc:
         b7:7b:82:3f:05:df:0e:8c:a6:10:29:fd:5c:f8:af:f6:d6:72:
         63:77:73:9b:c0:ae:93:e1:cb:2d:07:f1:88:24:32:3c:6a:44:
         e0:86:3b:e1:d6:88:d2:f8:d0:7c:6d:03:5e:58:0b:6d:b3:e1:
         92:44:d5:13:06:0a:b1:da:4a:f4:90:ce:82:d9:29:14:4e:ea:
         d9:0e:a6:aa:6a:99:8d:de:70:14:4c:51:02:63:d8:84:90:54:
         2e:42:47:81:8d:3c:eb:ab:ae:8c:a5:9a:59:d1:8e:a4:7f:34:
         8b:ac:64:81:4a:c6:4f:4b:1b:fc:a5:b7:42:77:cb:bd:ae:05:
         a4:01:62:ef:42:14:3e:f2:cc:7b:78:2e:fc:7c:04:55:39:71:
         94:71:f4:e4:63:4c:8c:a6:f1:6d:78:68:be:58:5f:23:c7:9b:
         8d:f7:ad:1d:2e:ec:bb:b9:e0:8f:5d:e5:df:3c:16:c6:86:9b:
         bd:dc:0e:0b:9c:a0:82:aa:93:c7:35:f0:a7:cc:68:b7:08:15:
         87:4e:c1:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtypuqLrgb7o0yPJ3u+UiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4ZmVjMWFmMmYzMjFiMWQxYjgyODdhMWZkMDU1MTNjZTY2
ZTRjZmQwHhcNMjQwMTAxMDYzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmM1NDMyOWUwMzJkYThiMTBkMTkxOGJlOWYzMWE4NTdmOGIxMWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiX5G5l98vCAeWFpNuCGcWGQB0ufW
30iojYYeseNZopddaAC14hUN0dOu+gG3MOMvWvLWm5AaObyJw2JW+QefqEgbBaip
sK9HgDlQzF02NarH9/AOxIknkmdQAEm1Hya6M2Ai2hN/EDE8DRNaknRiKoTzWA2h
ljFnEM2/1T98k8dEvR5mQUPXhociDvABv+fM29Kz9bJSmaiHSAXKeIwW0fm43GTj
uWfF1jDnjr2TGJJBRUPX5vzVeVoey99QTHLR64KJfZHXjT9CqeacpEdv/JIg3KK4
tf7BPjb5yzRAS735CAQh71gfNPJkZdDM8EpGww5G0DgJsX/NKEjMFMWbewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFvFQyngMtqLENGRi+nzGoV/ixH2MB8GA1UdIwQY
MBaAFEj+wa8vMhsdG4KHof0FUTzmbkz9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1A3QnJ5OHlHeDBiZ29laF9RVlJQT1p1VFAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9jOTAzNWQtZTU3Yi00M2YzLTkzZDEt
YzI3ZDFhODU1NjliLzEvVzhWREtlQXkyb3NRMFpHTDZmTWFoWC1MRWZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9jOTAzNWQtZTU3Yi00M2YzLTkzZDEtYzI3ZDFhODU1Njli
LzEvU1A3QnJ5OHlHeDBiZ29laF9RVlJQT1p1VFAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDsGTIMA0G
CSqGSIb3DQEBCwUAA4IBAQAOS+9FyEWidL9bWZmVhqGP1VCSjI5ga4fp28NQ/dy5
/m2kt4FRz4otx6YTkCSiYTzhYy9z//y3e4I/Bd8OjKYQKf1c+K/21nJjd3ObwK6T
4cstB/GIJDI8akTghjvh1ojS+NB8bQNeWAtts+GSRNUTBgqx2kr0kM6C2SkUTurZ
DqaqapmN3nAUTFECY9iEkFQuQkeBjTzrq66MpZpZ0Y6kfzSLrGSBSsZPSxv8pbdC
d8u9rgWkAWLvQhQ+8sx7eC78fARVOXGUcfTkY0yMpvFteGi+WF8jx5uN960dLuy7
ueCPXeXfPBbGhpu93A4LnKCCqpPHNfCnzGi3CBWHTsEJ
-----END CERTIFICATE-----