Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/bcccb8-6c74-4d0a-895f-01d19a74be23/1/wWzeCArBBdH3VatbD7rupVHZrVk.roa
File:                     wWzeCArBBdH3VatbD7rupVHZrVk.roa (raw, json)
Hash identifier:          d43o/2cJmCLJiSidnlIWehuYL3lGdMjd9gi6sBSD10w=
Subject key identifier:   C1:6C:DE:08:0A:C1:05:D1:F7:55:AB:5B:0F:BA:EE:A5:51:D9:AD:59
Certificate issuer:       /CN=bfa5f0e76547575957bc92c6dddd084d3ea7f863
Certificate serial:       018CC500C3C14A68423764588B36C034F15A
Authority key identifier: BF:A5:F0:E7:65:47:57:59:57:BC:92:C6:DD:DD:08:4D:3E:A7:F8:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v6Xw52VHV1lXvJLG3d0ITT6n-GM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/bcccb8-6c74-4d0a-895f-01d19a74be23/1/wWzeCArBBdH3VatbD7rupVHZrVk.roa
Signing time:             Mon 01 Jan 2024 12:30:10 +0000
ROA not before:           Mon 01 Jan 2024 12:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     134512
IP address blocks:        185.63.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/bcccb8-6c74-4d0a-895f-01d19a74be23/1/v6Xw52VHV1lXvJLG3d0ITT6n-GM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/bcccb8-6c74-4d0a-895f-01d19a74be23/1/v6Xw52VHV1lXvJLG3d0ITT6n-GM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v6Xw52VHV1lXvJLG3d0ITT6n-GM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:c3:c1:4a:68:42:37:64:58:8b:36:c0:34:f1:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfa5f0e76547575957bc92c6dddd084d3ea7f863
        Validity
            Not Before: Jan  1 12:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c16cde080ac105d1f755ab5b0fbaeea551d9ad59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:20:ff:98:91:e8:ba:79:23:03:bc:79:ec:ed:
                    24:17:c0:f2:80:91:5c:b8:1c:fe:7b:d1:ae:63:df:
                    e9:74:51:fb:fd:a4:c3:ac:9e:18:e9:31:fb:1e:48:
                    51:ca:8b:50:00:bf:99:62:d6:27:46:e5:20:4b:7f:
                    64:c7:23:88:c5:14:55:63:af:e4:a9:77:a3:5d:bc:
                    5b:2e:a2:12:fb:ec:c1:31:0f:dd:18:46:f5:35:dd:
                    3c:3e:57:e3:01:14:81:e1:c2:17:2f:c7:83:fc:fd:
                    c3:e4:22:77:a5:1e:ef:0b:a4:33:89:f2:d7:d1:ee:
                    03:a5:ba:b4:90:35:16:bb:91:f9:a0:a0:b1:5e:73:
                    ad:80:62:93:50:cf:75:b6:76:a3:40:8c:4e:7e:c4:
                    c6:fa:63:57:83:68:fb:7a:ca:20:c2:2d:50:a2:93:
                    0f:51:8e:bf:fe:a5:16:fa:23:09:fa:2a:f8:57:6b:
                    09:72:3d:dd:d4:67:31:7a:f6:f0:f2:dd:5c:f0:ac:
                    c4:09:65:1d:a9:80:66:28:e6:96:5e:de:82:e8:42:
                    fa:08:14:03:be:ff:c0:50:0a:5a:de:64:93:80:42:
                    21:94:28:f2:b0:b8:ef:9a:7d:ab:24:84:47:9f:76:
                    a7:dc:60:b5:37:f5:e4:8a:90:a9:96:09:ae:e7:43:
                    a4:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:6C:DE:08:0A:C1:05:D1:F7:55:AB:5B:0F:BA:EE:A5:51:D9:AD:59
            X509v3 Authority Key Identifier:
                keyid:BF:A5:F0:E7:65:47:57:59:57:BC:92:C6:DD:DD:08:4D:3E:A7:F8:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v6Xw52VHV1lXvJLG3d0ITT6n-GM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/bcccb8-6c74-4d0a-895f-01d19a74be23/1/wWzeCArBBdH3VatbD7rupVHZrVk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/bcccb8-6c74-4d0a-895f-01d19a74be23/1/v6Xw52VHV1lXvJLG3d0ITT6n-GM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.63.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:25:44:d3:da:52:34:3d:2a:ca:d7:81:39:18:a8:1d:c3:8d:
         65:01:cf:44:a7:ed:93:b0:9d:05:05:05:f1:8a:03:41:99:39:
         b3:bf:23:c6:f6:a3:f2:15:e6:c1:7d:3b:ad:78:3b:3a:3a:33:
         39:70:b3:6d:bb:d3:49:0c:b3:fe:2b:5e:0b:14:b5:e4:e4:73:
         a0:b9:df:78:12:6f:c6:db:23:a4:ad:96:8c:22:90:7d:28:65:
         d4:f7:25:29:ee:22:b2:90:2a:c3:2d:83:52:6d:e8:c1:92:78:
         07:86:ae:07:66:f0:3d:34:c2:1a:27:08:4c:bc:cc:39:fc:55:
         5b:2c:88:0c:de:1e:cb:d0:d6:d2:03:e4:cd:bb:f2:fb:0e:b1:
         d8:04:a0:28:1f:54:76:1c:2e:69:6d:78:d4:de:92:92:42:de:
         98:fc:b1:80:ce:61:47:da:0d:ce:e3:32:f9:76:f3:33:f3:b9:
         cf:f6:a7:fd:3a:02:e5:53:c8:1c:04:00:f5:d7:01:bb:48:26:
         0e:a2:2a:0a:c3:c8:1d:2b:32:02:b5:d4:81:8f:d0:55:e4:19:
         06:5e:d1:b3:88:a1:41:01:ca:d6:8f:ea:31:3d:79:c7:03:fd:
         18:40:e1:a2:3d:e1:62:01:72:68:b5:36:27:46:b7:95:0d:a4:
         9a:70:e2:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAMPBSmhCN2RYizbANPFaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYTVmMGU3NjU0NzU3NTk1N2JjOTJjNmRkZGQwODRkM2Vh
N2Y4NjMwHhcNMjQwMTAxMTIzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTZjZGUwODBhYzEwNWQxZjc1NWFiNWIwZmJhZWVhNTUxZDlhZDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmCD/mJHounkjA7x57O0kF8DygJFc
uBz+e9GuY9/pdFH7/aTDrJ4Y6TH7HkhRyotQAL+ZYtYnRuUgS39kxyOIxRRVY6/k
qXejXbxbLqIS++zBMQ/dGEb1Nd08PlfjARSB4cIXL8eD/P3D5CJ3pR7vC6QzifLX
0e4Dpbq0kDUWu5H5oKCxXnOtgGKTUM91tnajQIxOfsTG+mNXg2j7esogwi1QopMP
UY6//qUW+iMJ+ir4V2sJcj3d1Gcxevbw8t1c8KzECWUdqYBmKOaWXt6C6EL6CBQD
vv/AUApa3mSTgEIhlCjysLjvmn2rJIRHn3an3GC1N/XkipCplgmu50OkMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMFs3ggKwQXR91WrWw+67qVR2a1ZMB8GA1UdIwQY
MBaAFL+l8OdlR1dZV7ySxt3dCE0+p/hjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjZYdzUyVkhWMWxYdkpMRzNkMElUVDZuLUdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi9iY2NjYjgtNmM3NC00ZDBhLTg5NWYt
MDFkMTlhNzRiZTIzLzEvd1d6ZUNBckJCZEgzVmF0YkQ3cnVwVkhaclZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi9iY2NjYjgtNmM3NC00ZDBhLTg5NWYtMDFkMTlhNzRiZTIz
LzEvdjZYdzUyVkhWMWxYdkpMRzNkMElUVDZuLUdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuT/8MA0G
CSqGSIb3DQEBCwUAA4IBAQBvJUTT2lI0PSrK14E5GKgdw41lAc9Ep+2TsJ0FBQXx
igNBmTmzvyPG9qPyFebBfTuteDs6OjM5cLNtu9NJDLP+K14LFLXk5HOgud94Em/G
2yOkrZaMIpB9KGXU9yUp7iKykCrDLYNSbejBkngHhq4HZvA9NMIaJwhMvMw5/FVb
LIgM3h7L0NbSA+TNu/L7DrHYBKAoH1R2HC5pbXjU3pKSQt6Y/LGAzmFH2g3O4zL5
dvMz87nP9qf9OgLlU8gcBAD11wG7SCYOoioKw8gdKzICtdSBj9BV5BkGXtGziKFB
AcrWj+oxPXnHA/0YQOGiPeFiAXJotTYnRreVDaSacOJ3
-----END CERTIFICATE-----