Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/ad1216-b71d-4557-a086-efea63d06f80/1/wRmBVNq4SuoYg9dcKHhpfeRj7aY.roa
File:                     wRmBVNq4SuoYg9dcKHhpfeRj7aY.roa (raw, json)
Hash identifier:          sNRpqX/JzPTTZMrBK701JR5MnGSxwYGIwJ6vq9nAoKI=
Subject key identifier:   C1:19:81:54:DA:B8:4A:EA:18:83:D7:5C:28:78:69:7D:E4:63:ED:A6
Certificate issuer:       /CN=e19cbb88d2b1a896658506778662e75c732a67e7
Certificate serial:       018CCA2BA6F6504063D9F45255F182B0E61D
Authority key identifier: E1:9C:BB:88:D2:B1:A8:96:65:85:06:77:86:62:E7:5C:73:2A:67:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4Zy7iNKxqJZlhQZ3hmLnXHMqZ-c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/ad1216-b71d-4557-a086-efea63d06f80/1/wRmBVNq4SuoYg9dcKHhpfeRj7aY.roa
Signing time:             Tue 02 Jan 2024 12:35:07 +0000
ROA not before:           Tue 02 Jan 2024 12:35:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48954
IP address blocks:        185.220.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/ad1216-b71d-4557-a086-efea63d06f80/1/4Zy7iNKxqJZlhQZ3hmLnXHMqZ-c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/ad1216-b71d-4557-a086-efea63d06f80/1/4Zy7iNKxqJZlhQZ3hmLnXHMqZ-c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4Zy7iNKxqJZlhQZ3hmLnXHMqZ-c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:a6:f6:50:40:63:d9:f4:52:55:f1:82:b0:e6:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e19cbb88d2b1a896658506778662e75c732a67e7
        Validity
            Not Before: Jan  2 12:35:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1198154dab84aea1883d75c2878697de463eda6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:11:d5:4b:84:7f:d5:30:6d:19:64:ad:44:47:
                    dd:3d:03:fd:c6:42:e3:5f:e7:1e:af:87:fa:f9:8f:
                    d2:84:1e:94:df:1d:49:4c:16:14:65:f6:f3:bb:08:
                    c1:d8:88:3e:3f:e1:2c:59:e9:ce:86:af:a8:8e:e1:
                    84:72:2c:fa:3a:8c:46:0d:17:6b:65:a8:69:37:16:
                    eb:38:9c:e4:6f:fc:47:66:a0:49:7a:38:9c:b3:b0:
                    b8:6e:0d:3e:12:de:46:2f:16:01:30:21:f4:fa:2f:
                    3e:8b:af:40:49:78:a3:ea:dc:87:37:bc:21:62:c8:
                    e2:17:27:d9:f7:96:75:7f:cf:4a:73:17:23:44:a0:
                    f1:a4:aa:a9:9a:c2:59:72:86:9a:17:ae:f5:4f:27:
                    15:71:c0:a9:1d:fc:85:8b:ca:0a:0c:36:05:85:20:
                    d8:9d:30:8d:38:92:8c:f3:f0:73:c6:1e:85:a2:86:
                    f2:ae:fc:41:4c:86:c2:f1:92:24:ab:31:a7:29:f9:
                    d1:37:8f:64:0b:4e:b9:94:54:c0:c1:0b:1a:02:66:
                    14:cd:17:14:63:4e:86:83:b9:67:70:a8:13:d9:18:
                    ad:f1:74:70:b2:82:d0:70:12:c8:2a:52:65:01:be:
                    ba:bf:a2:2d:fd:aa:2b:1d:ac:6c:ec:0b:ea:a1:75:
                    29:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:19:81:54:DA:B8:4A:EA:18:83:D7:5C:28:78:69:7D:E4:63:ED:A6
            X509v3 Authority Key Identifier:
                keyid:E1:9C:BB:88:D2:B1:A8:96:65:85:06:77:86:62:E7:5C:73:2A:67:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4Zy7iNKxqJZlhQZ3hmLnXHMqZ-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/ad1216-b71d-4557-a086-efea63d06f80/1/wRmBVNq4SuoYg9dcKHhpfeRj7aY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/ad1216-b71d-4557-a086-efea63d06f80/1/4Zy7iNKxqJZlhQZ3hmLnXHMqZ-c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.220.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:5c:ba:68:a7:e7:66:3f:d0:d2:04:aa:2d:9d:1c:f0:6a:46:
         90:32:4a:43:a1:7b:ad:a1:0f:1f:29:1a:b6:e5:59:e4:44:49:
         aa:bc:14:56:7f:22:8d:f8:36:11:10:d1:aa:14:14:c1:4d:4f:
         2f:55:e2:22:ad:e8:75:ea:06:00:b5:eb:2d:83:64:b0:7b:36:
         c3:ce:03:3b:62:d3:3d:5b:d3:64:54:c3:58:af:49:4b:98:91:
         0e:8f:6b:97:16:a1:19:03:a5:25:83:ef:29:83:dd:e7:d9:0a:
         4b:28:0c:7d:65:60:67:58:1e:56:8d:c9:bb:46:23:4f:5d:c0:
         f4:a6:14:e1:ae:7c:17:e5:68:7d:b8:37:c5:b3:b3:fa:26:ed:
         da:7b:31:96:97:f9:b4:ed:22:d3:84:0c:41:7f:88:cc:29:6c:
         21:69:1c:58:80:e7:ae:e0:f4:2d:94:ab:8c:8f:66:4d:5c:54:
         f0:ab:cd:af:d9:9a:e6:77:ba:84:7f:72:c1:af:19:d5:48:71:
         73:b6:6f:0a:01:78:ef:20:c2:1f:42:e5:14:a9:f5:b3:b0:93:
         5c:a3:dc:a7:4c:5e:ec:f8:89:c8:67:46:3d:d6:df:09:66:10:
         29:5a:69:54:cf:87:94:16:09:47:2d:6c:77:3f:d3:d8:86:69:
         50:c4:b3:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK6b2UEBj2fRSVfGCsOYdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxOWNiYjg4ZDJiMWE4OTY2NTg1MDY3Nzg2NjJlNzVjNzMy
YTY3ZTcwHhcNMjQwMTAyMTIzNTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTE5ODE1NGRhYjg0YWVhMTg4M2Q3NWMyODc4Njk3ZGU0NjNlZGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlBHVS4R/1TBtGWStREfdPQP9xkLj
X+cer4f6+Y/ShB6U3x1JTBYUZfbzuwjB2Ig+P+EsWenOhq+ojuGEciz6OoxGDRdr
ZahpNxbrOJzkb/xHZqBJejics7C4bg0+Et5GLxYBMCH0+i8+i69ASXij6tyHN7wh
YsjiFyfZ95Z1f89KcxcjRKDxpKqpmsJZcoaaF671TycVccCpHfyFi8oKDDYFhSDY
nTCNOJKM8/Bzxh6FoobyrvxBTIbC8ZIkqzGnKfnRN49kC065lFTAwQsaAmYUzRcU
Y06Gg7lncKgT2Rit8XRwsoLQcBLIKlJlAb66v6It/aorHaxs7AvqoXUplwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMEZgVTauErqGIPXXCh4aX3kY+2mMB8GA1UdIwQY
MBaAFOGcu4jSsaiWZYUGd4Zi51xzKmfnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFp5N2lOS3hxSlpsaFFaM2htTG5YSE1xWi1jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9hZDEyMTYtYjcxZC00NTU3LWEwODYt
ZWZlYTYzZDA2ZjgwLzEvd1JtQlZOcTRTdW9ZZzlkY0tIaHBmZVJqN2FZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9hZDEyMTYtYjcxZC00NTU3LWEwODYtZWZlYTYzZDA2Zjgw
LzEvNFp5N2lOS3hxSlpsaFFaM2htTG5YSE1xWi1jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudxbMA0G
CSqGSIb3DQEBCwUAA4IBAQAjXLpop+dmP9DSBKotnRzwakaQMkpDoXutoQ8fKRq2
5VnkREmqvBRWfyKN+DYRENGqFBTBTU8vVeIireh16gYAtestg2SwezbDzgM7YtM9
W9NkVMNYr0lLmJEOj2uXFqEZA6Ulg+8pg93n2QpLKAx9ZWBnWB5Wjcm7RiNPXcD0
phThrnwX5Wh9uDfFs7P6Ju3aezGWl/m07SLThAxBf4jMKWwhaRxYgOeu4PQtlKuM
j2ZNXFTwq82v2Zrmd7qEf3LBrxnVSHFztm8KAXjvIMIfQuUUqfWzsJNco9ynTF7s
+InIZ0Y91t8JZhApWmlUz4eUFglHLWx3P9PYhmlQxLOb
-----END CERTIFICATE-----