Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/ac124c-5bd3-4b15-b088-a18a0512776c/1/WhWQtaasnXhce4uUgLMkfia6_fo.roa
File:                     WhWQtaasnXhce4uUgLMkfia6_fo.roa (raw, json)
Hash identifier:          D7trmdSCq7r/k8TYb50IMju8s2o1usQc52do6qxrWBY=
Subject key identifier:   5A:15:90:B5:A6:AC:9D:78:5C:7B:8B:94:80:B3:24:7E:26:BA:FD:FA
Certificate issuer:       /CN=406e906f82b3d5155659dae4d086769ef12a8214
Certificate serial:       019422FB3CF4CD04C31F99B8E9EE8EF9E1A2
Authority key identifier: 40:6E:90:6F:82:B3:D5:15:56:59:DA:E4:D0:86:76:9E:F1:2A:82:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QG6Qb4Kz1RVWWdrk0IZ2nvEqghQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/ac124c-5bd3-4b15-b088-a18a0512776c/1/WhWQtaasnXhce4uUgLMkfia6_fo.roa
Signing time:             Wed 01 Jan 2025 17:47:58 +0000
ROA not before:           Wed 01 Jan 2025 17:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206372
IP address blocks:        185.175.36.0/22 maxlen: 24
                          2a0b:cd00::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/ac124c-5bd3-4b15-b088-a18a0512776c/1/QG6Qb4Kz1RVWWdrk0IZ2nvEqghQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/ac124c-5bd3-4b15-b088-a18a0512776c/1/QG6Qb4Kz1RVWWdrk0IZ2nvEqghQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QG6Qb4Kz1RVWWdrk0IZ2nvEqghQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 20:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:3c:f4:cd:04:c3:1f:99:b8:e9:ee:8e:f9:e1:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=406e906f82b3d5155659dae4d086769ef12a8214
        Validity
            Not Before: Jan  1 17:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5a1590b5a6ac9d785c7b8b9480b3247e26bafdfa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:17:08:00:1d:ca:72:23:f8:1a:8c:c6:29:66:
                    ca:4c:35:55:fa:ff:0c:e2:f6:2f:69:39:24:1e:3b:
                    00:aa:bc:f4:93:60:d6:6d:8e:92:e2:db:df:9d:f5:
                    d4:d0:18:c4:4d:0a:0d:f9:d4:08:c0:66:3d:a1:6c:
                    dc:a6:87:36:8c:5e:59:e8:27:c1:fd:25:88:23:8a:
                    8c:0d:dc:43:1d:33:0a:72:b8:55:a4:e7:39:2b:36:
                    e4:9f:a2:2e:eb:78:87:a4:09:3b:19:04:b6:08:23:
                    df:04:34:6f:05:08:df:8a:47:e5:3f:3c:8f:57:7c:
                    45:d9:97:92:40:96:fa:48:6e:85:fd:a7:75:66:6b:
                    2e:fe:56:c7:2c:f4:50:77:0b:a3:61:76:53:ac:e8:
                    f1:da:08:f2:f8:37:8e:de:86:91:ea:79:1d:e7:0d:
                    c7:6f:4d:37:bc:e0:dc:9f:4a:00:98:50:9a:8b:c1:
                    87:fa:22:fb:78:e6:d4:37:b2:ba:32:0d:f1:70:40:
                    4c:d8:08:66:77:47:e2:c1:6d:c5:90:ef:45:2d:f0:
                    e7:fd:7c:e7:8e:78:85:a6:26:28:74:e5:52:27:58:
                    98:02:5c:03:51:0c:b6:1f:72:70:01:a9:f8:85:ef:
                    59:b4:f7:82:4e:fc:e0:a2:6c:b1:96:12:38:e8:19:
                    6a:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:15:90:B5:A6:AC:9D:78:5C:7B:8B:94:80:B3:24:7E:26:BA:FD:FA
            X509v3 Authority Key Identifier:
                keyid:40:6E:90:6F:82:B3:D5:15:56:59:DA:E4:D0:86:76:9E:F1:2A:82:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QG6Qb4Kz1RVWWdrk0IZ2nvEqghQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/ac124c-5bd3-4b15-b088-a18a0512776c/1/WhWQtaasnXhce4uUgLMkfia6_fo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/ac124c-5bd3-4b15-b088-a18a0512776c/1/QG6Qb4Kz1RVWWdrk0IZ2nvEqghQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.175.36.0/22
                IPv6:
                  2a0b:cd00::/29

    Signature Algorithm: sha256WithRSAEncryption
         69:bc:29:7f:40:c0:87:62:be:92:48:ab:f9:ce:01:9e:46:43:
         ab:90:ad:16:aa:b8:e4:2e:09:43:79:b4:75:9b:9b:6c:11:ef:
         d1:6d:b6:8f:b2:56:d9:31:e5:92:ef:74:5e:80:55:79:ff:c3:
         f0:82:ef:9c:d9:68:f7:0c:5c:28:27:86:33:37:dc:0b:0d:f9:
         e7:f9:2d:78:20:ac:24:34:a5:78:1b:22:30:1e:9b:42:1c:f0:
         25:8d:c3:46:f3:5c:d8:92:ac:0a:4f:90:a4:07:3d:9b:76:35:
         1c:67:1d:73:71:65:01:5e:ff:97:45:88:74:c4:3e:b2:16:c3:
         b5:01:28:f8:3d:86:25:ba:b4:8c:4b:6c:55:c6:61:38:4b:57:
         4c:4d:a6:d0:bf:46:41:3b:23:f3:21:28:04:d2:53:be:a5:b6:
         d6:94:74:13:00:67:82:80:02:e8:1f:27:2f:5c:75:33:71:11:
         ea:dd:c6:7f:c8:bb:eb:2a:c2:9f:fd:78:e1:23:83:af:89:e7:
         be:46:94:50:e3:a3:69:a3:98:27:9c:3b:b1:8d:c7:08:27:21:
         0a:b6:eb:b7:a2:5d:20:e5:37:87:e6:96:63:08:ca:c2:4d:e1:
         85:bc:9d:b7:09:eb:d9:3c:6c:4e:c8:36:d3:4c:6e:23:c3:94:
         5f:12:24:cb
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQi+zz0zQTDH5m46e6O+eGiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwNmU5MDZmODJiM2Q1MTU1NjU5ZGFlNGQwODY3NjllZjEy
YTgyMTQwHhcNMjUwMTAxMTc0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTE1OTBiNWE2YWM5ZDc4NWM3YjhiOTQ4MGIzMjQ3ZTI2YmFmZGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxxcIAB3KciP4GozGKWbKTDVV+v8M
4vYvaTkkHjsAqrz0k2DWbY6S4tvfnfXU0BjETQoN+dQIwGY9oWzcpoc2jF5Z6CfB
/SWII4qMDdxDHTMKcrhVpOc5Kzbkn6Iu63iHpAk7GQS2CCPfBDRvBQjfikflPzyP
V3xF2ZeSQJb6SG6F/ad1Zmsu/lbHLPRQdwujYXZTrOjx2gjy+DeO3oaR6nkd5w3H
b003vODcn0oAmFCai8GH+iL7eObUN7K6Mg3xcEBM2Ahmd0fiwW3FkO9FLfDn/Xzn
jniFpiYodOVSJ1iYAlwDUQy2H3JwAan4he9ZtPeCTvzgomyxlhI46BlqzwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFoVkLWmrJ14XHuLlICzJH4muv36MB8GA1UdIwQY
MBaAFEBukG+Cs9UVVlna5NCGdp7xKoIUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUc2UWI0S3oxUlZXV2RyazBJWjJudkVxZ2hRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9hYzEyNGMtNWJkMy00YjE1LWIwODgt
YTE4YTA1MTI3NzZjLzEvV2hXUXRhYXNuWGhjZTR1VWdMTWtmaWE2X2ZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9hYzEyNGMtNWJkMy00YjE1LWIwODgtYTE4YTA1MTI3NzZj
LzEvUUc2UWI0S3oxUlZXV2RyazBJWjJudkVxZ2hRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCua8kMA0E
AgACMAcDBQMqC80AMA0GCSqGSIb3DQEBCwUAA4IBAQBpvCl/QMCHYr6SSKv5zgGe
RkOrkK0WqrjkLglDebR1m5tsEe/RbbaPslbZMeWS73RegFV5/8Pwgu+c2Wj3DFwo
J4YzN9wLDfnn+S14IKwkNKV4GyIwHptCHPAljcNG81zYkqwKT5CkBz2bdjUcZx1z
cWUBXv+XRYh0xD6yFsO1ASj4PYYlurSMS2xVxmE4S1dMTabQv0ZBOyPzISgE0lO+
pbbWlHQTAGeCgALoHycvXHUzcRHq3cZ/yLvrKsKf/XjhI4Oviee+RpRQ46Npo5gn
nDuxjccIJyEKtuu3ol0g5TeH5pZjCMrCTeGFvJ23CevZPGxOyDbTTG4jw5RfEiTL
-----END CERTIFICATE-----