Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/aeeea4-651f-4d1a-ab52-23fcc524ea88/1/WjCdVaJCFqlaafBE5DCKQJGUfeA.roa
File:                     WjCdVaJCFqlaafBE5DCKQJGUfeA.roa (raw, json)
Hash identifier:          8YmqQXkyaN9cnZwzuDTZET9z//RslE8q5nbkAoOMORQ=
Subject key identifier:   5A:30:9D:55:A2:42:16:A9:5A:69:F0:44:E4:30:8A:40:91:94:7D:E0
Certificate issuer:       /CN=0bea0ecdd634a3c075e35db9dca5768e4f76cd85
Certificate serial:       018CC8DF104C47FD543C837BE4DE3EDFE42D
Authority key identifier: 0B:EA:0E:CD:D6:34:A3:C0:75:E3:5D:B9:DC:A5:76:8E:4F:76:CD:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C-oOzdY0o8B141253KV2jk92zYU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/aeeea4-651f-4d1a-ab52-23fcc524ea88/1/WjCdVaJCFqlaafBE5DCKQJGUfeA.roa
Signing time:             Tue 02 Jan 2024 06:31:51 +0000
ROA not before:           Tue 02 Jan 2024 06:31:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201703
IP address blocks:        185.206.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/aeeea4-651f-4d1a-ab52-23fcc524ea88/1/C-oOzdY0o8B141253KV2jk92zYU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/aeeea4-651f-4d1a-ab52-23fcc524ea88/1/C-oOzdY0o8B141253KV2jk92zYU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C-oOzdY0o8B141253KV2jk92zYU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:10:4c:47:fd:54:3c:83:7b:e4:de:3e:df:e4:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bea0ecdd634a3c075e35db9dca5768e4f76cd85
        Validity
            Not Before: Jan  2 06:31:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a309d55a24216a95a69f044e4308a4091947de0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:2a:08:bd:07:82:20:98:a5:61:26:9a:66:34:
                    df:07:cd:cf:4c:fc:1d:3e:e1:ed:bf:05:91:bf:a5:
                    4b:01:89:b1:8b:e5:cf:8c:35:84:9f:f2:bc:6f:70:
                    b2:cf:71:b4:c9:4f:3a:fa:9a:6a:51:f9:cf:16:7f:
                    9d:58:7b:4a:6d:28:a2:5a:c5:66:d2:84:81:7c:2b:
                    cc:21:af:96:24:46:8d:42:81:8a:1a:33:85:72:15:
                    2f:10:8a:ad:ce:ee:09:cc:14:be:7d:0f:24:81:cb:
                    a6:0f:65:9a:d0:e9:8c:11:3a:76:44:ac:2f:a9:16:
                    cd:8c:e4:7b:84:30:2f:85:03:ed:1d:b1:92:9f:75:
                    2e:7c:60:83:31:2b:49:8a:66:f7:bd:f7:db:88:9c:
                    68:f4:16:ad:e3:c7:69:a1:ce:2e:26:e0:4d:14:94:
                    d4:aa:3b:80:01:1d:01:8d:67:ac:d8:ae:8e:d2:01:
                    77:89:03:4c:df:35:ce:45:2d:f6:bc:b2:ee:a3:30:
                    6b:6d:f7:17:e5:55:97:f9:fd:05:85:7f:58:79:c7:
                    bc:2d:eb:51:d5:f7:43:8b:30:8c:50:08:13:43:bf:
                    c9:40:99:f2:e2:e6:79:24:69:7e:9a:1e:48:ed:1a:
                    39:54:9e:ee:49:43:77:a4:b9:18:6c:8d:f7:00:56:
                    43:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:30:9D:55:A2:42:16:A9:5A:69:F0:44:E4:30:8A:40:91:94:7D:E0
            X509v3 Authority Key Identifier:
                keyid:0B:EA:0E:CD:D6:34:A3:C0:75:E3:5D:B9:DC:A5:76:8E:4F:76:CD:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C-oOzdY0o8B141253KV2jk92zYU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/aeeea4-651f-4d1a-ab52-23fcc524ea88/1/WjCdVaJCFqlaafBE5DCKQJGUfeA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/aeeea4-651f-4d1a-ab52-23fcc524ea88/1/C-oOzdY0o8B141253KV2jk92zYU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.206.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:85:4a:4e:01:d8:e8:3b:03:d9:c7:c6:0c:8d:f0:fc:24:62:
         01:5e:d3:e4:ba:96:75:d1:15:f5:89:cb:6f:bd:88:fe:96:c1:
         a6:6b:5a:f3:2c:e9:63:d7:64:0f:f4:f2:4d:45:85:91:f0:a3:
         ce:cf:91:11:3e:f4:a3:52:7d:cf:08:7f:d5:b8:f2:26:fb:91:
         e4:f8:09:ec:88:45:34:8a:01:37:bd:79:cc:62:7b:96:2f:40:
         bd:01:d4:d2:14:92:40:9d:e8:a8:19:9c:0d:aa:9b:68:02:cd:
         02:0e:23:31:35:3a:25:48:8d:24:30:89:b1:47:9b:8b:cf:d6:
         77:2e:0a:af:9a:ea:60:49:e3:b2:83:91:57:d8:64:e0:ce:ae:
         60:e8:c0:77:ae:ef:16:f5:fc:c6:2b:6e:38:56:60:b5:61:73:
         58:a6:bb:72:b5:82:f5:d1:df:7d:2d:9c:c0:92:0d:ee:2e:90:
         a4:bf:84:f1:6d:71:3d:cf:59:ff:ed:75:1c:de:ad:8b:19:da:
         c1:16:79:19:2e:d1:fc:c0:79:c5:cd:f4:aa:cf:a0:68:dd:34:
         3c:0b:8c:e5:36:c5:c4:a0:98:4e:06:4d:f0:b9:70:0e:85:cc:
         38:63:10:b4:7a:45:38:64:39:b5:45:27:c8:9a:7a:81:53:ba:
         8d:b4:0a:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3xBMR/1UPIN75N4+3+QtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiZWEwZWNkZDYzNGEzYzA3NWUzNWRiOWRjYTU3NjhlNGY3
NmNkODUwHhcNMjQwMTAyMDYzMTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTMwOWQ1NWEyNDIxNmE5NWE2OWYwNDRlNDMwOGE0MDkxOTQ3ZGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCoIvQeCIJilYSaaZjTfB83PTPwd
PuHtvwWRv6VLAYmxi+XPjDWEn/K8b3Cyz3G0yU86+ppqUfnPFn+dWHtKbSiiWsVm
0oSBfCvMIa+WJEaNQoGKGjOFchUvEIqtzu4JzBS+fQ8kgcumD2Wa0OmMETp2RKwv
qRbNjOR7hDAvhQPtHbGSn3UufGCDMStJimb3vffbiJxo9Bat48dpoc4uJuBNFJTU
qjuAAR0BjWes2K6O0gF3iQNM3zXORS32vLLuozBrbfcX5VWX+f0FhX9Yece8LetR
1fdDizCMUAgTQ7/JQJny4uZ5JGl+mh5I7Ro5VJ7uSUN3pLkYbI33AFZD/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFownVWiQhapWmnwROQwikCRlH3gMB8GA1UdIwQY
MBaAFAvqDs3WNKPAdeNdudyldo5Pds2FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQy1vT3pkWTBvOEIxNDEyNTNLVjJqazkyellVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9hZWVlYTQtNjUxZi00ZDFhLWFiNTIt
MjNmY2M1MjRlYTg4LzEvV2pDZFZhSkNGcWxhYWZCRTVEQ0tRSkdVZmVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9hZWVlYTQtNjUxZi00ZDFhLWFiNTItMjNmY2M1MjRlYTg4
LzEvQy1vT3pkWTBvOEIxNDEyNTNLVjJqazkyellVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuc7lMA0G
CSqGSIb3DQEBCwUAA4IBAQBahUpOAdjoOwPZx8YMjfD8JGIBXtPkupZ10RX1ictv
vYj+lsGma1rzLOlj12QP9PJNRYWR8KPOz5ERPvSjUn3PCH/VuPIm+5Hk+AnsiEU0
igE3vXnMYnuWL0C9AdTSFJJAneioGZwNqptoAs0CDiMxNTolSI0kMImxR5uLz9Z3
LgqvmupgSeOyg5FX2GTgzq5g6MB3ru8W9fzGK244VmC1YXNYprtytYL10d99LZzA
kg3uLpCkv4TxbXE9z1n/7XUc3q2LGdrBFnkZLtH8wHnFzfSqz6Bo3TQ8C4zlNsXE
oJhOBk3wuXAOhcw4YxC0ekU4ZDm1RSfImnqBU7qNtApc
-----END CERTIFICATE-----