Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/wMb00c-3zb1fl1Fj_CYLrI_oWM4.roa
File:                     wMb00c-3zb1fl1Fj_CYLrI_oWM4.roa (raw, json)
Hash identifier:          wJCTegj2h4jE94vFa+TMT0ByETGpMvMusGQPUsX/dd4=
Subject key identifier:   C0:C6:F4:D1:CF:B7:CD:BD:5F:97:51:63:FC:26:0B:AC:8F:E8:58:CE
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018E6259070FE9851CB89AA5905424B34B54
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/wMb00c-3zb1fl1Fj_CYLrI_oWM4.roa
Signing time:             Thu 21 Mar 2024 18:49:45 +0000
ROA not before:           Thu 21 Mar 2024 18:49:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51088
IP address blocks:        185.217.118.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 01:03:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:62:59:07:0f:e9:85:1c:b8:9a:a5:90:54:24:b3:4b:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Mar 21 18:49:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c0c6f4d1cfb7cdbd5f975163fc260bac8fe858ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:7d:82:44:4e:b5:8d:e1:d6:50:4e:d0:0f:ff:
                    22:41:3b:7c:d8:7b:b1:01:4b:45:bf:69:2c:43:e0:
                    f7:25:da:6e:96:45:2e:18:86:22:df:63:ad:de:9e:
                    33:93:f0:b3:d3:3a:1f:75:4e:69:49:d1:3d:1c:df:
                    36:19:31:b1:2e:11:d9:ee:fd:2b:34:47:7b:60:73:
                    9a:9a:19:5a:3e:64:9e:36:d5:2a:d8:02:5c:19:65:
                    44:07:a9:b9:01:d3:ec:58:51:ff:98:a5:fd:3f:7a:
                    2f:41:91:51:b9:2f:46:87:ae:64:93:ff:e9:da:e2:
                    c7:d6:89:4e:5a:5e:21:ec:0a:94:3f:86:ac:82:f2:
                    e2:74:d2:87:24:cf:43:cc:0b:e5:37:34:72:7f:83:
                    07:11:d4:af:0b:89:8d:3a:0d:47:b0:f5:65:3e:26:
                    6a:2d:43:df:1b:71:01:2d:a4:3b:c1:aa:28:f9:4f:
                    7d:b5:0d:11:2c:ca:e5:71:d7:7d:40:a4:92:23:e2:
                    ca:f4:9b:41:b3:5a:14:13:0f:ea:06:c7:31:a1:dd:
                    6b:0d:6d:79:91:7b:00:f0:c8:ab:1f:d1:2a:d6:f8:
                    ef:76:a6:ec:92:4f:33:08:03:ec:05:5c:71:0a:de:
                    f8:32:f4:f9:11:3a:70:76:85:db:1e:34:f0:9a:2c:
                    ba:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:C6:F4:D1:CF:B7:CD:BD:5F:97:51:63:FC:26:0B:AC:8F:E8:58:CE
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/wMb00c-3zb1fl1Fj_CYLrI_oWM4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:a6:e1:9c:e9:be:2e:5e:2a:14:89:8c:ca:f4:8f:9f:c6:a8:
         af:c6:fd:69:0f:a5:bf:c0:97:88:e3:05:f1:31:bf:a5:04:08:
         aa:cb:04:70:17:da:ff:0c:84:6c:34:32:21:d2:3e:fa:73:3c:
         8f:dd:8f:9d:d5:62:ca:d9:91:fc:6e:04:af:58:44:27:4a:bf:
         3b:46:fe:4c:a3:40:d3:11:04:c1:11:ff:5a:7a:11:63:a3:d3:
         aa:93:88:19:ab:de:66:14:90:2c:a1:72:61:cc:32:c3:96:c1:
         72:36:77:2d:04:27:17:5a:2c:09:7b:ea:64:5c:d1:6d:df:5d:
         95:a2:b8:8f:47:ab:25:70:19:d7:5a:48:1e:77:05:cc:cc:2f:
         8f:2d:1c:f3:e1:b2:27:a1:b2:b6:2f:98:15:33:2b:a0:c6:86:
         7b:2e:46:db:78:2c:e7:55:46:7a:6c:30:7f:7a:d2:51:6d:f7:
         8f:24:e3:30:ad:75:6b:f6:ac:46:74:78:47:5d:6f:03:38:f5:
         3f:b4:00:26:20:09:56:e6:64:d0:71:d3:94:6d:ba:4a:0e:10:
         f4:b4:19:f4:71:8c:5c:c9:8a:54:0e:81:dc:bf:7e:88:6d:f9:
         1c:bc:ba:73:bb:a0:49:6a:72:0a:d7:bc:22:3f:79:81:10:ae:
         e1:1e:bc:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5iWQcP6YUcuJqlkFQks0tUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMzIxMTg0OTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGM2ZjRkMWNmYjdjZGJkNWY5NzUxNjNmYzI2MGJhYzhmZTg1OGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp32CRE61jeHWUE7QD/8iQTt82Hux
AUtFv2ksQ+D3JdpulkUuGIYi32Ot3p4zk/Cz0zofdU5pSdE9HN82GTGxLhHZ7v0r
NEd7YHOamhlaPmSeNtUq2AJcGWVEB6m5AdPsWFH/mKX9P3ovQZFRuS9Gh65kk//p
2uLH1olOWl4h7AqUP4asgvLidNKHJM9DzAvlNzRyf4MHEdSvC4mNOg1HsPVlPiZq
LUPfG3EBLaQ7waoo+U99tQ0RLMrlcdd9QKSSI+LK9JtBs1oUEw/qBscxod1rDW15
kXsA8MirH9Eq1vjvdqbskk8zCAPsBVxxCt74MvT5ETpwdoXbHjTwmiy6VQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMDG9NHPt829X5dRY/wmC6yP6FjOMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvd01iMDBjLTN6YjFmbDFGal9DWUxySV9vV000LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudl2MA0G
CSqGSIb3DQEBCwUAA4IBAQCWpuGc6b4uXioUiYzK9I+fxqivxv1pD6W/wJeI4wXx
Mb+lBAiqywRwF9r/DIRsNDIh0j76czyP3Y+d1WLK2ZH8bgSvWEQnSr87Rv5Mo0DT
EQTBEf9aehFjo9Oqk4gZq95mFJAsoXJhzDLDlsFyNnctBCcXWiwJe+pkXNFt312V
oriPR6slcBnXWkgedwXMzC+PLRzz4bInobK2L5gVMyugxoZ7LkbbeCznVUZ6bDB/
etJRbfePJOMwrXVr9qxGdHhHXW8DOPU/tAAmIAlW5mTQcdOUbbpKDhD0tBn0cYxc
yYpUDoHcv36IbfkcvLpzu6BJanIK17wiP3mBEK7hHrwv
-----END CERTIFICATE-----