Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/02d3f6-4301-4be5-8c37-0375a9c32b00/1/W4eF4du5uCkxQjCLv0X5A7cFREg.roa
File:                     W4eF4du5uCkxQjCLv0X5A7cFREg.roa (raw, json)
Hash identifier:          xAmcu59dsPDeMijNA3kQmO0PG9yhwH8GBf28ru2BEZY=
Subject key identifier:   5B:87:85:E1:DB:B9:B8:29:31:42:30:8B:BF:45:F9:03:B7:05:44:48
Certificate issuer:       /CN=67e24c7284ef4887e45d4ccd9bde679cd9ab4f00
Certificate serial:       0193211AD005B7A6F9AC53D2968C39DC75EE
Authority key identifier: 67:E2:4C:72:84:EF:48:87:E4:5D:4C:CD:9B:DE:67:9C:D9:AB:4F:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z-JMcoTvSIfkXUzNm95nnNmrTwA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/02d3f6-4301-4be5-8c37-0375a9c32b00/1/W4eF4du5uCkxQjCLv0X5A7cFREg.roa
Signing time:             Tue 12 Nov 2024 16:00:25 +0000
ROA not before:           Tue 12 Nov 2024 16:00:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215915
IP address blocks:        185.136.232.0/22 maxlen: 24
                          2a10:c885::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/02d3f6-4301-4be5-8c37-0375a9c32b00/1/Z-JMcoTvSIfkXUzNm95nnNmrTwA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/02d3f6-4301-4be5-8c37-0375a9c32b00/1/Z-JMcoTvSIfkXUzNm95nnNmrTwA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z-JMcoTvSIfkXUzNm95nnNmrTwA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:21:1a:d0:05:b7:a6:f9:ac:53:d2:96:8c:39:dc:75:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67e24c7284ef4887e45d4ccd9bde679cd9ab4f00
        Validity
            Not Before: Nov 12 16:00:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b8785e1dbb9b8293142308bbf45f903b7054448
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:1b:d3:25:40:bc:88:b7:75:0e:01:85:96:3d:
                    e6:ca:1d:32:0c:f6:dc:9d:a3:48:57:1b:e1:0d:2c:
                    59:77:a2:26:03:96:cc:fb:85:60:c9:30:6c:30:f9:
                    31:af:98:24:68:7e:48:e4:a6:da:70:2b:59:00:d2:
                    bb:2d:bf:f0:9a:c8:36:26:a2:32:37:6b:80:d6:99:
                    40:04:d5:2f:66:7d:46:16:87:f8:10:84:ee:c5:6a:
                    68:93:55:ef:03:19:84:9e:77:aa:11:09:33:e1:07:
                    b6:cc:72:bb:19:0a:36:6e:09:22:cd:90:b2:1f:7b:
                    38:f9:1f:65:98:ee:a2:9e:f3:67:d6:90:87:25:62:
                    5d:98:0f:a6:59:e3:60:cf:d7:07:53:65:5b:e1:3a:
                    81:17:98:ad:28:05:b3:e2:fb:da:e0:4a:d0:b7:f8:
                    73:f3:9d:f2:36:36:01:98:80:b4:a3:93:82:8d:f9:
                    a1:29:cf:d6:f2:17:f1:d9:9a:6b:6e:24:74:e7:ba:
                    07:93:5e:83:22:7a:be:3d:df:21:a3:d9:e4:2f:09:
                    c8:ff:5d:f3:62:40:2f:4c:70:9a:9d:94:4c:0c:7b:
                    ee:87:32:bb:8f:ae:d7:23:1d:86:b1:c0:de:ba:3d:
                    96:bb:79:d1:57:22:fb:24:20:bf:51:38:cf:f5:f1:
                    d5:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:87:85:E1:DB:B9:B8:29:31:42:30:8B:BF:45:F9:03:B7:05:44:48
            X509v3 Authority Key Identifier:
                keyid:67:E2:4C:72:84:EF:48:87:E4:5D:4C:CD:9B:DE:67:9C:D9:AB:4F:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z-JMcoTvSIfkXUzNm95nnNmrTwA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/02d3f6-4301-4be5-8c37-0375a9c32b00/1/W4eF4du5uCkxQjCLv0X5A7cFREg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/02d3f6-4301-4be5-8c37-0375a9c32b00/1/Z-JMcoTvSIfkXUzNm95nnNmrTwA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.136.232.0/22
                IPv6:
                  2a10:c885::/32

    Signature Algorithm: sha256WithRSAEncryption
         0e:81:ab:d6:dc:35:ef:f0:1d:99:7f:48:b1:2a:30:2c:44:0b:
         77:20:f4:62:81:69:84:d0:b7:1d:1f:d7:df:63:5c:09:2c:e5:
         30:ec:02:d6:b7:0c:4b:50:3a:16:af:0c:bd:01:0f:52:ec:e8:
         20:40:bc:83:ac:3a:9a:f5:79:37:3d:99:5d:2d:62:c1:b6:67:
         c5:e5:16:ca:56:7e:10:63:66:fa:33:a5:40:db:55:fd:33:6c:
         20:a3:b3:21:0a:d6:23:cc:48:36:77:39:58:3c:9d:22:f9:8d:
         b4:c0:a7:c6:d7:f6:78:a3:0b:3f:80:05:98:ec:95:47:18:b0:
         f9:e0:f4:6d:f8:b1:d2:3b:88:7c:35:28:6c:2c:b0:76:04:42:
         12:29:69:e6:06:93:5f:8a:57:08:68:b9:4e:34:a9:4a:84:4a:
         87:d1:05:06:fd:90:86:13:7b:02:3a:09:2f:d2:c6:67:25:17:
         a4:d1:48:9c:5e:8c:cf:25:3a:58:65:92:6a:11:6e:62:bd:f2:
         cd:f9:f9:f6:15:d3:34:a9:f7:55:d8:d5:aa:1d:45:ac:03:ab:
         0f:fa:64:06:3d:97:ac:18:89:9f:d7:dc:36:ad:04:71:29:6f:
         f3:e9:51:cf:82:af:c4:84:83:ad:99:c6:a4:fb:39:fa:8f:f2:
         88:ae:6b:84
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZMhGtAFt6b5rFPSlow53HXuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZTI0YzcyODRlZjQ4ODdlNDVkNGNjZDliZGU2NzljZDlh
YjRmMDAwHhcNMjQxMTEyMTYwMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Yjg3ODVlMWRiYjliODI5MzE0MjMwOGJiZjQ1ZjkwM2I3MDU0NDQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuBvTJUC8iLd1DgGFlj3myh0yDPbc
naNIVxvhDSxZd6ImA5bM+4VgyTBsMPkxr5gkaH5I5KbacCtZANK7Lb/wmsg2JqIy
N2uA1plABNUvZn1GFof4EITuxWpok1XvAxmEnneqEQkz4Qe2zHK7GQo2bgkizZCy
H3s4+R9lmO6invNn1pCHJWJdmA+mWeNgz9cHU2Vb4TqBF5itKAWz4vva4ErQt/hz
853yNjYBmIC0o5OCjfmhKc/W8hfx2ZprbiR057oHk16DInq+Pd8ho9nkLwnI/13z
YkAvTHCanZRMDHvuhzK7j67XIx2GscDeuj2Wu3nRVyL7JCC/UTjP9fHV8wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFuHheHbubgpMUIwi79F+QO3BURIMB8GA1UdIwQY
MBaAFGfiTHKE70iH5F1MzZveZ5zZq08AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWi1KTWNvVHZTSWZrWFV6Tm05NW5uTm1yVHdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC8wMmQzZjYtNDMwMS00YmU1LThjMzct
MDM3NWE5YzMyYjAwLzEvVzRlRjRkdTV1Q2t4UWpDTHYwWDVBN2NGUkVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC8wMmQzZjYtNDMwMS00YmU1LThjMzctMDM3NWE5YzMyYjAw
LzEvWi1KTWNvVHZTSWZrWFV6Tm05NW5uTm1yVHdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYjoMA0E
AgACMAcDBQAqEMiFMA0GCSqGSIb3DQEBCwUAA4IBAQAOgavW3DXv8B2Zf0ixKjAs
RAt3IPRigWmE0LcdH9ffY1wJLOUw7ALWtwxLUDoWrwy9AQ9S7OggQLyDrDqa9Xk3
PZldLWLBtmfF5RbKVn4QY2b6M6VA21X9M2wgo7MhCtYjzEg2dzlYPJ0i+Y20wKfG
1/Z4ows/gAWY7JVHGLD54PRt+LHSO4h8NShsLLB2BEISKWnmBpNfilcIaLlONKlK
hEqH0QUG/ZCGE3sCOgkv0sZnJRek0UicXozPJTpYZZJqEW5ivfLN+fn2FdM0qfdV
2NWqHUWsA6sP+mQGPZesGImf19w2rQRxKW/z6VHPgq/EhIOtmcak+zn6j/KIrmuE
-----END CERTIFICATE-----