Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/e485e1-a65f-43d4-b572-d3326c59bcd2/1/wcRPz9jhL3-KwlMfnQblijqrGgU.roa
File:                     wcRPz9jhL3-KwlMfnQblijqrGgU.roa (raw, json)
Hash identifier:          LNDukXa+yYpwCT6lB4B6dklKt1cevYtsLSQWXQw1l6I=
Subject key identifier:   C1:C4:4F:CF:D8:E1:2F:7F:8A:C2:53:1F:9D:06:E5:8A:3A:AB:1A:05
Certificate issuer:       /CN=fc282a794b3f7ab4cd6feb6c5fd6b3d256afc461
Certificate serial:       018CC64B8309FCE5F1FD729058780DBD7701
Authority key identifier: FC:28:2A:79:4B:3F:7A:B4:CD:6F:EB:6C:5F:D6:B3:D2:56:AF:C4:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_CgqeUs_erTNb-tsX9az0lavxGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/e485e1-a65f-43d4-b572-d3326c59bcd2/1/wcRPz9jhL3-KwlMfnQblijqrGgU.roa
Signing time:             Mon 01 Jan 2024 18:31:26 +0000
ROA not before:           Mon 01 Jan 2024 18:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.144.236.0/22 maxlen: 24
                          2a07:4407::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/e485e1-a65f-43d4-b572-d3326c59bcd2/1/_CgqeUs_erTNb-tsX9az0lavxGE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/e485e1-a65f-43d4-b572-d3326c59bcd2/1/_CgqeUs_erTNb-tsX9az0lavxGE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_CgqeUs_erTNb-tsX9az0lavxGE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:83:09:fc:e5:f1:fd:72:90:58:78:0d:bd:77:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc282a794b3f7ab4cd6feb6c5fd6b3d256afc461
        Validity
            Not Before: Jan  1 18:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1c44fcfd8e12f7f8ac2531f9d06e58a3aab1a05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:5e:2d:17:37:e2:a9:98:ec:06:97:9f:90:6e:
                    93:dc:cf:5e:53:63:8c:3e:78:90:9f:cb:65:1c:29:
                    01:8f:d5:fa:a2:7f:43:75:2d:f5:83:e8:36:55:8a:
                    17:a4:86:f2:2c:d3:b1:7b:d4:7a:d7:15:11:fa:f1:
                    be:ef:46:71:eb:2f:d9:7b:3c:34:3e:20:5f:59:ad:
                    f7:ef:f0:20:8b:f0:bb:95:17:e3:be:be:4e:22:ce:
                    d3:f3:b4:81:09:45:7c:8d:45:8f:0e:e7:a6:3a:d8:
                    33:0b:e0:42:2f:49:e5:86:fe:8a:e5:1d:0f:73:e5:
                    63:e3:5f:6b:eb:c4:8d:22:47:a3:6c:87:cc:50:45:
                    10:d6:de:19:3a:ca:61:75:7d:03:86:c2:58:d2:16:
                    8a:49:05:26:96:41:00:69:23:17:31:72:34:4c:22:
                    eb:b3:23:1d:fd:fe:ea:95:c4:d2:77:60:de:25:42:
                    7c:84:0f:23:c4:b7:0a:5c:a0:cc:b3:0c:00:d6:f9:
                    94:96:86:1a:36:b3:e8:e0:66:27:05:36:a8:1a:e5:
                    34:fb:9d:ba:c9:4c:d3:ea:34:35:9c:93:f2:df:65:
                    4a:65:f2:0e:f8:ba:b3:b1:42:62:ca:f6:4f:b4:1b:
                    a0:ac:09:a1:d8:96:d8:cc:15:bf:57:61:3c:cb:d9:
                    32:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:C4:4F:CF:D8:E1:2F:7F:8A:C2:53:1F:9D:06:E5:8A:3A:AB:1A:05
            X509v3 Authority Key Identifier:
                keyid:FC:28:2A:79:4B:3F:7A:B4:CD:6F:EB:6C:5F:D6:B3:D2:56:AF:C4:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_CgqeUs_erTNb-tsX9az0lavxGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/e485e1-a65f-43d4-b572-d3326c59bcd2/1/wcRPz9jhL3-KwlMfnQblijqrGgU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/e485e1-a65f-43d4-b572-d3326c59bcd2/1/_CgqeUs_erTNb-tsX9az0lavxGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.144.236.0/22
                IPv6:
                  2a07:4407::/32

    Signature Algorithm: sha256WithRSAEncryption
         bc:e9:b3:00:fb:5c:a3:47:ec:96:1e:a7:4f:51:6c:63:94:b4:
         86:db:92:a1:2a:3c:42:5b:67:be:5e:eb:da:d0:58:b3:97:89:
         d0:78:d8:33:85:26:1d:cb:ad:a3:d2:70:1b:25:7c:53:ab:2a:
         65:02:ed:f8:c3:63:19:c2:67:0c:5a:ee:08:29:29:26:17:e6:
         9a:e9:22:4d:4d:87:42:19:14:b0:60:e6:fb:55:c6:65:83:33:
         6f:a0:de:2d:30:80:db:77:b9:4d:a3:c8:d9:a6:f9:64:a9:ae:
         a0:0a:4b:38:96:63:29:33:7c:e2:fa:85:49:48:d1:be:76:aa:
         5a:d5:ff:5f:ad:68:20:89:21:fe:ea:9c:4e:80:23:51:10:aa:
         df:9e:91:66:fc:2e:7c:59:08:87:3f:f9:bc:1e:69:03:18:46:
         ea:e9:1c:2b:cb:e2:42:84:40:85:9e:73:8a:16:89:b4:38:bf:
         37:60:c7:42:04:8e:0d:15:82:f3:22:da:ef:cc:d8:8f:43:07:
         39:f9:22:d2:78:d0:09:67:8a:5d:91:7e:bb:de:de:38:ec:e1:
         2d:53:0b:ec:0f:3e:81:f7:a8:90:4e:26:8a:a6:a3:d2:41:23:
         4b:e7:85:ad:05:a2:e3:34:ac:50:fc:6d:52:c1:a1:e2:bb:0a:
         11:c3:67:2a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGS4MJ/OXx/XKQWHgNvXcBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjMjgyYTc5NGIzZjdhYjRjZDZmZWI2YzVmZDZiM2QyNTZh
ZmM0NjEwHhcNMjQwMTAxMTgzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWM0NGZjZmQ4ZTEyZjdmOGFjMjUzMWY5ZDA2ZTU4YTNhYWIxYTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo14tFzfiqZjsBpefkG6T3M9eU2OM
PniQn8tlHCkBj9X6on9DdS31g+g2VYoXpIbyLNOxe9R61xUR+vG+70Zx6y/Zezw0
PiBfWa337/Agi/C7lRfjvr5OIs7T87SBCUV8jUWPDuemOtgzC+BCL0nlhv6K5R0P
c+Vj419r68SNIkejbIfMUEUQ1t4ZOsphdX0DhsJY0haKSQUmlkEAaSMXMXI0TCLr
syMd/f7qlcTSd2DeJUJ8hA8jxLcKXKDMswwA1vmUloYaNrPo4GYnBTaoGuU0+526
yUzT6jQ1nJPy32VKZfIO+LqzsUJiyvZPtBugrAmh2JbYzBW/V2E8y9ky+QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMHET8/Y4S9/isJTH50G5Yo6qxoFMB8GA1UdIwQY
MBaAFPwoKnlLP3q0zW/rbF/Ws9JWr8RhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0NncWVVc19lclROYi10c1g5YXowbGF2eEdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My9lNDg1ZTEtYTY1Zi00M2Q0LWI1NzIt
ZDMzMjZjNTliY2QyLzEvd2NSUHo5amhMMy1Ld2xNZm5RYmxpanFyR2dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My9lNDg1ZTEtYTY1Zi00M2Q0LWI1NzItZDMzMjZjNTliY2Qy
LzEvX0NncWVVc19lclROYi10c1g5YXowbGF2eEdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZDsMA0E
AgACMAcDBQAqB0QHMA0GCSqGSIb3DQEBCwUAA4IBAQC86bMA+1yjR+yWHqdPUWxj
lLSG25KhKjxCW2e+Xuva0Fizl4nQeNgzhSYdy62j0nAbJXxTqyplAu34w2MZwmcM
Wu4IKSkmF+aa6SJNTYdCGRSwYOb7VcZlgzNvoN4tMIDbd7lNo8jZpvlkqa6gCks4
lmMpM3zi+oVJSNG+dqpa1f9frWggiSH+6pxOgCNREKrfnpFm/C58WQiHP/m8HmkD
GEbq6Rwry+JChECFnnOKFom0OL83YMdCBI4NFYLzItrvzNiPQwc5+SLSeNAJZ4pd
kX673t447OEtUwvsDz6B96iQTiaKpqPSQSNL54WtBaLjNKxQ/G1SwaHiuwoRw2cq
-----END CERTIFICATE-----