Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/e485e1-a65f-43d4-b572-d3326c59bcd2/1/WfS7bea6SwkcZ2Vzm9bXyrtXPuM.roa
File:                     WfS7bea6SwkcZ2Vzm9bXyrtXPuM.roa (raw, json)
Hash identifier:          KZ7kZIg6iwv83zF7zxXmG+RRGYXUxs8hxFQh6JvYz00=
Subject key identifier:   59:F4:BB:6D:E6:BA:4B:09:1C:67:65:73:9B:D6:D7:CA:BB:57:3E:E3
Certificate issuer:       /CN=fc282a794b3f7ab4cd6feb6c5fd6b3d256afc461
Certificate serial:       018CC64B82915A37D83BE30D48606D252344
Authority key identifier: FC:28:2A:79:4B:3F:7A:B4:CD:6F:EB:6C:5F:D6:B3:D2:56:AF:C4:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_CgqeUs_erTNb-tsX9az0lavxGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/e485e1-a65f-43d4-b572-d3326c59bcd2/1/WfS7bea6SwkcZ2Vzm9bXyrtXPuM.roa
Signing time:             Mon 01 Jan 2024 18:31:26 +0000
ROA not before:           Mon 01 Jan 2024 18:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.144.236.0/22 maxlen: 24
                          2a07:4407::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/e485e1-a65f-43d4-b572-d3326c59bcd2/1/_CgqeUs_erTNb-tsX9az0lavxGE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/e485e1-a65f-43d4-b572-d3326c59bcd2/1/_CgqeUs_erTNb-tsX9az0lavxGE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_CgqeUs_erTNb-tsX9az0lavxGE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:82:91:5a:37:d8:3b:e3:0d:48:60:6d:25:23:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc282a794b3f7ab4cd6feb6c5fd6b3d256afc461
        Validity
            Not Before: Jan  1 18:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59f4bb6de6ba4b091c6765739bd6d7cabb573ee3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:d1:a1:46:c4:b0:df:c3:c0:dd:53:e7:42:4f:
                    62:ca:c9:09:4f:96:00:32:a3:26:bd:1c:b3:68:a7:
                    7e:08:8b:03:1b:13:7e:5b:10:d9:a8:f7:21:7b:13:
                    ed:ad:b6:f1:ca:fd:2a:65:73:2e:b5:e9:79:53:a6:
                    cb:8b:95:08:ef:47:3e:8b:8b:88:b0:74:41:9a:d7:
                    47:0c:ea:8a:7f:fe:41:7e:f3:bb:54:b5:af:9a:f2:
                    22:64:a5:1b:ce:30:33:22:13:78:40:86:1d:98:ee:
                    27:2c:61:9c:ff:1d:45:ec:c3:48:bf:70:4a:7a:a3:
                    d4:7a:6f:9d:47:96:b3:f7:9c:99:fc:49:7d:17:9b:
                    e4:87:c1:44:6c:58:d6:05:06:bd:83:66:40:58:a0:
                    b8:53:3a:0e:14:46:eb:fa:02:f2:20:90:c1:78:ab:
                    68:90:91:fa:c0:0d:54:f4:3d:a7:62:ea:d4:31:04:
                    0b:87:5e:03:e9:ec:32:c8:cb:44:2f:06:da:8e:57:
                    ac:18:d1:c8:f9:81:79:a2:b1:1f:76:8f:da:53:1c:
                    16:c9:80:a9:2c:e6:55:35:42:09:2a:08:a8:a7:e0:
                    e7:d4:68:90:9e:59:23:12:45:9b:cb:f7:a5:88:e7:
                    2c:f4:ba:6c:80:64:39:71:f7:ed:8f:7b:b0:c4:2c:
                    41:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:F4:BB:6D:E6:BA:4B:09:1C:67:65:73:9B:D6:D7:CA:BB:57:3E:E3
            X509v3 Authority Key Identifier:
                keyid:FC:28:2A:79:4B:3F:7A:B4:CD:6F:EB:6C:5F:D6:B3:D2:56:AF:C4:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_CgqeUs_erTNb-tsX9az0lavxGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/e485e1-a65f-43d4-b572-d3326c59bcd2/1/WfS7bea6SwkcZ2Vzm9bXyrtXPuM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/e485e1-a65f-43d4-b572-d3326c59bcd2/1/_CgqeUs_erTNb-tsX9az0lavxGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.144.236.0/22
                IPv6:
                  2a07:4407::/32

    Signature Algorithm: sha256WithRSAEncryption
         8a:e7:3a:78:46:3f:4a:fa:66:43:f6:3a:80:58:3e:3c:de:52:
         67:d1:0f:12:a7:2e:32:c9:7b:65:79:d7:70:16:9c:98:64:2d:
         87:b5:1e:bd:93:56:64:cc:b5:cb:0e:b6:c9:2d:1d:40:1a:e7:
         2c:c4:8b:49:2e:68:ea:c1:74:f5:bf:9f:2b:59:68:80:a5:57:
         c2:f9:d5:cf:33:50:88:42:dd:23:5c:c6:c2:19:8d:58:e7:95:
         21:9d:51:b4:f2:2a:48:1c:2b:b0:7f:8a:97:7a:eb:eb:1e:9b:
         a9:fb:1b:19:53:73:f7:88:ef:09:a5:c5:4d:68:c0:46:19:9e:
         ab:77:21:67:f2:c6:06:13:75:4f:91:d1:ad:53:e9:41:25:6c:
         80:15:35:eb:4b:76:28:dd:f6:43:44:80:7e:08:36:6d:76:f7:
         61:c7:dc:2e:8f:e7:2e:e0:41:4e:fc:f5:3f:af:4f:17:3b:3b:
         c6:1f:27:bb:0d:d8:01:6e:9f:ee:17:21:4e:e6:7e:c5:6c:c2:
         d9:0e:8f:b3:32:06:51:f9:dc:21:fd:73:bc:0f:9f:b6:19:3c:
         09:14:e3:ba:ff:9f:ab:85:36:38:99:9c:a8:f2:83:50:13:15:
         60:23:25:4d:3f:87:6f:e8:aa:bb:74:93:1a:50:09:a7:c3:6c:
         06:92:d4:5c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGS4KRWjfYO+MNSGBtJSNEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjMjgyYTc5NGIzZjdhYjRjZDZmZWI2YzVmZDZiM2QyNTZh
ZmM0NjEwHhcNMjQwMTAxMTgzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWY0YmI2ZGU2YmE0YjA5MWM2NzY1NzM5YmQ2ZDdjYWJiNTczZWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAptGhRsSw38PA3VPnQk9iyskJT5YA
MqMmvRyzaKd+CIsDGxN+WxDZqPchexPtrbbxyv0qZXMutel5U6bLi5UI70c+i4uI
sHRBmtdHDOqKf/5BfvO7VLWvmvIiZKUbzjAzIhN4QIYdmO4nLGGc/x1F7MNIv3BK
eqPUem+dR5az95yZ/El9F5vkh8FEbFjWBQa9g2ZAWKC4UzoOFEbr+gLyIJDBeKto
kJH6wA1U9D2nYurUMQQLh14D6ewyyMtELwbajlesGNHI+YF5orEfdo/aUxwWyYCp
LOZVNUIJKgiop+Dn1GiQnlkjEkWby/eliOcs9LpsgGQ5cfftj3uwxCxBiwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFn0u23muksJHGdlc5vW18q7Vz7jMB8GA1UdIwQY
MBaAFPwoKnlLP3q0zW/rbF/Ws9JWr8RhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0NncWVVc19lclROYi10c1g5YXowbGF2eEdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My9lNDg1ZTEtYTY1Zi00M2Q0LWI1NzIt
ZDMzMjZjNTliY2QyLzEvV2ZTN2JlYTZTd2tjWjJWem05Ylh5cnRYUHVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My9lNDg1ZTEtYTY1Zi00M2Q0LWI1NzItZDMzMjZjNTliY2Qy
LzEvX0NncWVVc19lclROYi10c1g5YXowbGF2eEdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZDsMA0E
AgACMAcDBQAqB0QHMA0GCSqGSIb3DQEBCwUAA4IBAQCK5zp4Rj9K+mZD9jqAWD48
3lJn0Q8Spy4yyXtleddwFpyYZC2HtR69k1ZkzLXLDrbJLR1AGucsxItJLmjqwXT1
v58rWWiApVfC+dXPM1CIQt0jXMbCGY1Y55UhnVG08ipIHCuwf4qXeuvrHpup+xsZ
U3P3iO8JpcVNaMBGGZ6rdyFn8sYGE3VPkdGtU+lBJWyAFTXrS3Yo3fZDRIB+CDZt
dvdhx9wuj+cu4EFO/PU/r08XOzvGHye7DdgBbp/uFyFO5n7FbMLZDo+zMgZR+dwh
/XO8D5+2GTwJFOO6/5+rhTY4mZyo8oNQExVgIyVNP4dv6Kq7dJMaUAmnw2wGktRc
-----END CERTIFICATE-----