Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/4f3d1b-8361-411e-a148-8858a559f251/1/wRqIibDxIzrYoN4yJEwme2GC6mg.roa
File:                     wRqIibDxIzrYoN4yJEwme2GC6mg.roa (raw, json)
Hash identifier:          MqiDqNe6KNcMmpCYXz+9U6b1l37S0AhZ/HldXj6afko=
Subject key identifier:   C1:1A:88:89:B0:F1:23:3A:D8:A0:DE:32:24:4C:26:7B:61:82:EA:68
Certificate issuer:       /CN=99dcbdf0632a101613a8f6c9449b29ed45c1a872
Certificate serial:       018CC8DEFEA7FA1FEDA6B88C70D668809F4F
Authority key identifier: 99:DC:BD:F0:63:2A:10:16:13:A8:F6:C9:44:9B:29:ED:45:C1:A8:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mdy98GMqEBYTqPbJRJsp7UXBqHI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/4f3d1b-8361-411e-a148-8858a559f251/1/wRqIibDxIzrYoN4yJEwme2GC6mg.roa
Signing time:             Tue 02 Jan 2024 06:31:46 +0000
ROA not before:           Tue 02 Jan 2024 06:31:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137409
IP address blocks:        185.248.0.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/4f3d1b-8361-411e-a148-8858a559f251/1/mdy98GMqEBYTqPbJRJsp7UXBqHI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/4f3d1b-8361-411e-a148-8858a559f251/1/mdy98GMqEBYTqPbJRJsp7UXBqHI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mdy98GMqEBYTqPbJRJsp7UXBqHI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 12:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:fe:a7:fa:1f:ed:a6:b8:8c:70:d6:68:80:9f:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99dcbdf0632a101613a8f6c9449b29ed45c1a872
        Validity
            Not Before: Jan  2 06:31:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c11a8889b0f1233ad8a0de32244c267b6182ea68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:b5:cb:8d:22:47:2a:f0:47:05:f3:2e:06:14:
                    70:43:d7:be:f2:fc:f2:ac:6e:bd:57:66:9b:fa:ed:
                    20:1e:dd:21:ac:d8:ee:fa:79:a2:d5:6b:d6:47:93:
                    27:ef:ff:94:76:c9:8e:d3:ae:2f:78:fb:ed:e5:0f:
                    31:01:01:7b:f1:9a:3b:be:5e:59:c6:36:ae:77:20:
                    0a:a6:81:62:86:e0:9c:31:70:96:2b:d9:23:14:56:
                    44:50:1e:e1:c0:76:34:00:40:65:48:d0:4a:bb:24:
                    bd:82:32:88:5d:c5:e8:ad:37:56:41:37:f9:d9:d2:
                    07:a4:d9:88:f5:a3:7b:c0:e3:76:f2:ff:14:7c:13:
                    ea:d7:66:65:ef:b8:b5:47:90:66:c2:05:5c:70:a4:
                    43:96:eb:d0:3b:98:ee:e5:98:48:80:9a:0e:7f:2b:
                    63:68:9f:dd:26:8a:b0:79:b1:fd:0e:77:23:2b:e0:
                    43:64:e2:84:f8:e6:b8:a3:cd:ba:74:d7:ea:b5:d7:
                    64:79:db:72:54:20:c9:00:f0:20:52:4e:af:9b:0b:
                    53:c0:a5:f7:3e:11:74:28:44:23:7d:d2:37:31:c5:
                    8a:4a:bf:91:26:d1:0c:3f:80:f6:cb:ec:f0:f7:f3:
                    0a:be:d4:b1:4b:39:ff:7b:12:a1:47:01:fb:b0:2e:
                    94:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:1A:88:89:B0:F1:23:3A:D8:A0:DE:32:24:4C:26:7B:61:82:EA:68
            X509v3 Authority Key Identifier:
                keyid:99:DC:BD:F0:63:2A:10:16:13:A8:F6:C9:44:9B:29:ED:45:C1:A8:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mdy98GMqEBYTqPbJRJsp7UXBqHI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/4f3d1b-8361-411e-a148-8858a559f251/1/wRqIibDxIzrYoN4yJEwme2GC6mg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/4f3d1b-8361-411e-a148-8858a559f251/1/mdy98GMqEBYTqPbJRJsp7UXBqHI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.248.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8c:7e:80:5f:0a:90:bf:1d:b5:d8:16:2f:f2:ac:89:72:c5:0c:
         3f:4d:a4:78:04:6f:97:40:29:5d:38:9b:40:f5:e6:de:5c:91:
         43:be:a2:fa:b6:77:29:03:2a:0b:6d:5a:02:72:24:c9:7b:a0:
         6b:93:10:a6:b6:f6:3d:b7:0b:5e:2c:31:69:44:94:37:0a:dd:
         cf:29:bc:32:cf:f6:cf:e5:93:b6:91:b2:09:e6:b9:d4:db:15:
         87:2c:9a:49:dc:fc:6a:8e:79:82:bc:c5:aa:f7:02:93:64:9c:
         3b:25:be:e2:6a:13:4d:1c:cf:28:c5:46:1d:f3:e4:64:1a:ea:
         0a:88:dc:0b:9f:29:ce:30:c5:f1:e3:04:fe:fe:09:51:c6:ba:
         28:9a:c4:0f:9b:a1:b3:1b:d0:25:22:49:df:2e:b2:84:05:58:
         dd:f1:9a:c3:37:ef:ca:a7:01:a1:f9:b3:b8:c1:14:41:cb:75:
         0d:52:05:60:da:58:ab:ec:83:b4:bd:7b:c0:90:a6:cb:2b:a0:
         f7:34:4f:55:50:1d:61:22:f7:93:d2:d9:2c:36:89:60:3d:e4:
         3e:8b:fc:2c:ed:93:cd:56:37:6c:4c:72:21:d5:9e:ba:86:c3:
         ec:91:d1:a5:d3:8e:05:17:a4:8e:57:5d:0c:11:81:fe:de:be:
         a9:66:f7:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3v6n+h/tpriMcNZogJ9PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5ZGNiZGYwNjMyYTEwMTYxM2E4ZjZjOTQ0OWIyOWVkNDVj
MWE4NzIwHhcNMjQwMTAyMDYzMTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTFhODg4OWIwZjEyMzNhZDhhMGRlMzIyNDRjMjY3YjYxODJlYTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsLXLjSJHKvBHBfMuBhRwQ9e+8vzy
rG69V2ab+u0gHt0hrNju+nmi1WvWR5Mn7/+UdsmO064vePvt5Q8xAQF78Zo7vl5Z
xjaudyAKpoFihuCcMXCWK9kjFFZEUB7hwHY0AEBlSNBKuyS9gjKIXcXorTdWQTf5
2dIHpNmI9aN7wON28v8UfBPq12Zl77i1R5BmwgVccKRDluvQO5ju5ZhIgJoOfytj
aJ/dJoqwebH9DncjK+BDZOKE+Oa4o826dNfqtddkedtyVCDJAPAgUk6vmwtTwKX3
PhF0KEQjfdI3McWKSr+RJtEMP4D2y+zw9/MKvtSxSzn/exKhRwH7sC6UfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMEaiImw8SM62KDeMiRMJnthgupoMB8GA1UdIwQY
MBaAFJncvfBjKhAWE6j2yUSbKe1FwahyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWR5OThHTXFFQllUcVBiSlJKc3A3VVhCcUhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My80ZjNkMWItODM2MS00MTFlLWExNDgt
ODg1OGE1NTlmMjUxLzEvd1JxSWliRHhJenJZb040eUpFd21lMkdDNm1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My80ZjNkMWItODM2MS00MTFlLWExNDgtODg1OGE1NTlmMjUx
LzEvbWR5OThHTXFFQllUcVBiSlJKc3A3VVhCcUhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBufgAMA0G
CSqGSIb3DQEBCwUAA4IBAQCMfoBfCpC/HbXYFi/yrIlyxQw/TaR4BG+XQCldOJtA
9ebeXJFDvqL6tncpAyoLbVoCciTJe6BrkxCmtvY9twteLDFpRJQ3Ct3PKbwyz/bP
5ZO2kbIJ5rnU2xWHLJpJ3PxqjnmCvMWq9wKTZJw7Jb7iahNNHM8oxUYd8+RkGuoK
iNwLnynOMMXx4wT+/glRxroomsQPm6GzG9AlIknfLrKEBVjd8ZrDN+/KpwGh+bO4
wRRBy3UNUgVg2lir7IO0vXvAkKbLK6D3NE9VUB1hIveT0tksNolgPeQ+i/ws7ZPN
VjdsTHIh1Z66hsPskdGl044FF6SOV10MEYH+3r6pZvfd
-----END CERTIFICATE-----