Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/3dc222-1206-4922-8890-455b19f766cc/1/wdWBYsX97xSggayvWwgWPDmETG4.roa
File:                     wdWBYsX97xSggayvWwgWPDmETG4.roa (raw, json)
Hash identifier:          6WBkcqD5FJq11YdP972XDmHaJ0RthZ+48R2S4iVgBEE=
Subject key identifier:   C1:D5:81:62:C5:FD:EF:14:A0:81:AC:AF:5B:08:16:3C:39:84:4C:6E
Certificate issuer:       /CN=4f0e77d9c6ff68dca68f05df8f4675ee7bdcb0bc
Certificate serial:       018CC5DC2659B8B5A1A6406165C11CFD160E
Authority key identifier: 4F:0E:77:D9:C6:FF:68:DC:A6:8F:05:DF:8F:46:75:EE:7B:DC:B0:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tw532cb_aNymjwXfj0Z17nvcsLw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/3dc222-1206-4922-8890-455b19f766cc/1/wdWBYsX97xSggayvWwgWPDmETG4.roa
Signing time:             Mon 01 Jan 2024 16:29:48 +0000
ROA not before:           Mon 01 Jan 2024 16:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206207
IP address blocks:        185.190.208.0/22 maxlen: 24
                          2a0a:d40::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/3dc222-1206-4922-8890-455b19f766cc/1/Tw532cb_aNymjwXfj0Z17nvcsLw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/3dc222-1206-4922-8890-455b19f766cc/1/Tw532cb_aNymjwXfj0Z17nvcsLw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tw532cb_aNymjwXfj0Z17nvcsLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:26:59:b8:b5:a1:a6:40:61:65:c1:1c:fd:16:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f0e77d9c6ff68dca68f05df8f4675ee7bdcb0bc
        Validity
            Not Before: Jan  1 16:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1d58162c5fdef14a081acaf5b08163c39844c6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:47:3e:07:10:ec:10:70:50:91:94:c4:c1:d3:
                    3c:26:55:fb:a1:3f:8b:af:4c:3f:f6:d9:b9:50:87:
                    41:a7:85:d5:ef:4e:e9:16:a4:76:6b:a6:e4:d4:46:
                    42:15:47:60:6d:fe:4b:e3:07:02:b1:8b:54:2f:e0:
                    b6:5a:17:b3:5f:eb:89:06:82:bb:d3:25:0b:b3:d9:
                    72:36:da:14:5f:c1:9c:23:a3:62:7b:26:cc:1c:ef:
                    e9:d3:92:5e:2e:9d:86:1a:5b:73:9d:ba:a3:96:f4:
                    b2:da:f0:26:fb:ca:bf:f0:36:a0:de:39:49:e3:9a:
                    a6:6b:36:50:02:0f:39:b6:a7:f3:8d:51:9f:f8:63:
                    49:e5:ef:67:0c:ea:09:28:1b:3c:d5:58:97:ff:aa:
                    0d:ee:3b:bf:0e:4b:dc:7a:12:33:aa:f9:0b:98:5c:
                    e0:a5:f0:a8:d9:16:ff:cc:00:a5:ab:c2:40:ab:12:
                    b6:82:22:d4:04:00:f8:df:49:54:18:83:e5:09:d8:
                    da:ca:f4:5e:fb:90:6a:c4:46:46:6c:c2:93:88:63:
                    37:6a:e7:4f:15:30:a7:79:72:95:8c:e6:a9:d6:6d:
                    d7:03:cc:fa:0b:49:90:fe:95:30:63:93:8c:52:e7:
                    bc:fa:ac:54:a3:42:d7:73:f1:c3:c8:f1:b1:36:45:
                    26:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:D5:81:62:C5:FD:EF:14:A0:81:AC:AF:5B:08:16:3C:39:84:4C:6E
            X509v3 Authority Key Identifier:
                keyid:4F:0E:77:D9:C6:FF:68:DC:A6:8F:05:DF:8F:46:75:EE:7B:DC:B0:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tw532cb_aNymjwXfj0Z17nvcsLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/3dc222-1206-4922-8890-455b19f766cc/1/wdWBYsX97xSggayvWwgWPDmETG4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/3dc222-1206-4922-8890-455b19f766cc/1/Tw532cb_aNymjwXfj0Z17nvcsLw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.190.208.0/22
                IPv6:
                  2a0a:d40::/32

    Signature Algorithm: sha256WithRSAEncryption
         69:6c:b6:ce:50:b7:89:fe:3a:49:33:ae:41:1f:77:0f:ec:e9:
         e2:80:a2:07:db:25:18:75:31:30:0b:5b:1e:a3:ac:2c:22:e9:
         b7:5c:cf:d9:bc:ef:b5:5c:07:92:a1:c7:ff:d6:31:00:15:a5:
         89:16:58:78:60:7a:19:82:d7:07:12:f6:00:0b:9f:33:19:5b:
         a4:90:75:fb:9f:bc:c8:7e:d3:2e:de:c8:c1:ce:f3:89:49:46:
         9f:3d:39:38:78:c9:d8:96:49:5c:4e:71:a4:37:37:cb:e9:2f:
         dd:32:e9:b2:f4:d0:04:bc:e3:2e:d1:f4:e4:be:9f:d8:e4:6c:
         65:21:39:8e:e3:6c:d0:40:d6:48:f7:fc:dc:8c:2c:2a:7d:92:
         64:db:76:2a:03:07:5f:90:08:14:98:5e:7a:18:c8:5b:0b:80:
         b7:e6:4f:f3:1a:57:c7:29:96:f8:5e:12:6e:14:51:f1:55:dd:
         79:29:d0:ba:67:fa:f2:38:77:40:60:93:39:e0:5a:f1:24:41:
         bf:6f:61:9d:e7:63:bb:58:16:e6:cb:91:6b:c4:21:b3:d2:da:
         03:9d:e1:9d:ae:aa:24:23:35:7d:c8:76:79:61:75:7d:b1:3e:
         d4:8a:8c:18:1f:04:a9:b4:18:3f:f3:af:09:d0:52:b3:dc:17:
         62:97:e8:f3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3CZZuLWhpkBhZcEc/RYOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMGU3N2Q5YzZmZjY4ZGNhNjhmMDVkZjhmNDY3NWVlN2Jk
Y2IwYmMwHhcNMjQwMTAxMTYyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWQ1ODE2MmM1ZmRlZjE0YTA4MWFjYWY1YjA4MTYzYzM5ODQ0YzZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4kc+BxDsEHBQkZTEwdM8JlX7oT+L
r0w/9tm5UIdBp4XV707pFqR2a6bk1EZCFUdgbf5L4wcCsYtUL+C2WhezX+uJBoK7
0yULs9lyNtoUX8GcI6NieybMHO/p05JeLp2GGltznbqjlvSy2vAm+8q/8Dag3jlJ
45qmazZQAg85tqfzjVGf+GNJ5e9nDOoJKBs81ViX/6oN7ju/DkvcehIzqvkLmFzg
pfCo2Rb/zAClq8JAqxK2giLUBAD430lUGIPlCdjayvRe+5BqxEZGbMKTiGM3audP
FTCneXKVjOap1m3XA8z6C0mQ/pUwY5OMUue8+qxUo0LXc/HDyPGxNkUmGQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMHVgWLF/e8UoIGsr1sIFjw5hExuMB8GA1UdIwQY
MBaAFE8Od9nG/2jcpo8F349Gde573LC8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHc1MzJjYl9hTnltandYZmowWjE3bnZjc0x3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS8zZGMyMjItMTIwNi00OTIyLTg4OTAt
NDU1YjE5Zjc2NmNjLzEvd2RXQllzWDk3eFNnZ2F5dld3Z1dQRG1FVEc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS8zZGMyMjItMTIwNi00OTIyLTg4OTAtNDU1YjE5Zjc2NmNj
LzEvVHc1MzJjYl9hTnltandYZmowWjE3bnZjc0x3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCub7QMA0E
AgACMAcDBQAqCg1AMA0GCSqGSIb3DQEBCwUAA4IBAQBpbLbOULeJ/jpJM65BH3cP
7OnigKIH2yUYdTEwC1seo6wsIum3XM/ZvO+1XAeSocf/1jEAFaWJFlh4YHoZgtcH
EvYAC58zGVukkHX7n7zIftMu3sjBzvOJSUafPTk4eMnYlklcTnGkNzfL6S/dMumy
9NAEvOMu0fTkvp/Y5GxlITmO42zQQNZI9/zcjCwqfZJk23YqAwdfkAgUmF56GMhb
C4C35k/zGlfHKZb4XhJuFFHxVd15KdC6Z/ryOHdAYJM54FrxJEG/b2Gd52O7WBbm
y5FrxCGz0toDneGdrqokIzV9yHZ5YXV9sT7UiowYHwSptBg/868J0FKz3Bdil+jz
-----END CERTIFICATE-----