Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/7WHLMfBOo_A-V_4nszKEXw8xW_o.roa
File:                     7WHLMfBOo_A-V_4nszKEXw8xW_o.roa (raw, json)
Hash identifier:          Lu56EHZbhgxTFcioKU6Qt0c0FOoDvUQxdNLeBrmbiEo=
Subject key identifier:   ED:61:CB:31:F0:4E:A3:F0:3E:57:FE:27:B3:32:84:5F:0F:31:5B:FA
Certificate issuer:       /CN=a6785773df313b91711bf6bc5b149ecc246b9e89
Certificate serial:       018CE8EDB1E42FCAC2ABDBE34F4A7DF536FE
Authority key identifier: A6:78:57:73:DF:31:3B:91:71:1B:F6:BC:5B:14:9E:CC:24:6B:9E:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pnhXc98xO5FxG_a8WxSezCRrnok.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/7WHLMfBOo_A-V_4nszKEXw8xW_o.roa
Signing time:             Mon 08 Jan 2024 11:55:40 +0000
ROA not before:           Mon 08 Jan 2024 11:55:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205800
IP address blocks:        185.239.179.0/24 maxlen: 24
                          185.239.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/pnhXc98xO5FxG_a8WxSezCRrnok.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/pnhXc98xO5FxG_a8WxSezCRrnok.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pnhXc98xO5FxG_a8WxSezCRrnok.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e8:ed:b1:e4:2f:ca:c2:ab:db:e3:4f:4a:7d:f5:36:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a6785773df313b91711bf6bc5b149ecc246b9e89
        Validity
            Not Before: Jan  8 11:55:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ed61cb31f04ea3f03e57fe27b332845f0f315bfa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:91:e9:0f:4e:56:55:5d:50:6e:5f:15:ae:b8:
                    af:48:5a:c5:23:da:7f:05:4f:62:b6:16:cb:d1:80:
                    47:28:f8:7c:66:03:f2:83:09:03:f5:95:ab:38:8c:
                    d0:9f:28:2c:cd:7a:36:2e:de:4b:73:60:68:f9:ec:
                    ab:c9:f2:92:e9:de:bb:99:53:72:de:53:bb:f4:db:
                    88:1c:22:6b:59:9a:de:61:ad:d7:c2:bc:22:b5:7a:
                    26:52:2e:7c:9c:95:f9:ca:87:c7:a5:54:71:67:2c:
                    90:01:fb:41:15:39:45:58:b0:c5:ca:c6:0c:7a:b9:
                    9e:34:d5:d2:27:a6:36:ce:00:55:c2:40:a4:55:fc:
                    aa:85:dd:fa:69:42:fb:8f:88:70:3f:19:0c:97:9d:
                    2a:c1:d6:1d:da:aa:4a:77:81:b3:19:37:80:fa:d4:
                    6f:b0:53:d3:e8:d0:15:4e:1a:fa:93:f0:e6:80:cd:
                    f7:57:2f:b0:c9:f1:c5:00:36:99:77:f6:fe:ed:a3:
                    19:3b:18:7a:b2:b5:45:45:7c:63:23:70:64:66:21:
                    2a:46:bc:c6:ee:fa:04:ef:58:ad:10:9f:b4:7f:c1:
                    a2:5f:c5:af:e9:da:d9:2c:d3:ed:83:35:1c:18:05:
                    22:7c:b1:46:2d:0a:50:be:bc:1a:e3:a2:e9:6a:d1:
                    72:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:61:CB:31:F0:4E:A3:F0:3E:57:FE:27:B3:32:84:5F:0F:31:5B:FA
            X509v3 Authority Key Identifier:
                keyid:A6:78:57:73:DF:31:3B:91:71:1B:F6:BC:5B:14:9E:CC:24:6B:9E:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pnhXc98xO5FxG_a8WxSezCRrnok.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/7WHLMfBOo_A-V_4nszKEXw8xW_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/pnhXc98xO5FxG_a8WxSezCRrnok.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.177.0/24
                  185.239.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:1a:73:75:fd:f7:82:31:9e:5c:9f:73:3b:af:e1:3a:5b:14:
         db:69:c6:3f:49:24:c9:84:98:21:7e:00:81:4b:a0:e9:b9:ee:
         87:9a:5c:9f:53:90:5c:5e:92:2f:56:15:9f:00:66:31:d5:03:
         20:4b:82:f2:2b:27:1a:04:cf:90:4d:53:4a:ff:43:00:da:ae:
         0a:2c:5a:97:01:5a:b5:e0:03:6f:66:3a:fe:4b:eb:a1:fb:5f:
         bf:63:20:b0:a4:41:64:50:0f:f3:98:f7:b7:57:44:19:9f:7a:
         f0:2a:d7:ff:02:9f:79:3f:95:08:5e:20:83:ac:59:3f:1e:c1:
         88:35:e4:ea:06:56:64:fe:7d:fa:05:ef:43:09:5c:79:d6:4a:
         7f:81:70:36:38:17:63:16:e1:de:15:bd:05:57:7b:36:96:6e:
         a6:ff:16:4f:27:95:c5:3f:17:a3:4d:44:5c:a5:0e:06:e8:57:
         0d:fc:b2:b2:4b:63:c8:68:15:f6:23:0c:49:2f:aa:eb:5c:c1:
         58:6f:c2:42:cb:ee:1b:2d:ad:50:f2:81:1d:45:61:0c:d1:3b:
         49:39:2d:13:23:4f:63:81:15:c2:60:0d:39:5b:0c:bc:40:c5:
         f1:87:81:a8:06:45:c9:97:03:1c:12:6a:75:6a:7d:8a:14:f3:
         76:58:a5:a7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzo7bHkL8rCq9vjT0p99Tb+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2Nzg1NzczZGYzMTNiOTE3MTFiZjZiYzViMTQ5ZWNjMjQ2
YjllODkwHhcNMjQwMTA4MTE1NTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDYxY2IzMWYwNGVhM2YwM2U1N2ZlMjdiMzMyODQ1ZjBmMzE1YmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpHpD05WVV1Qbl8VrrivSFrFI9p/
BU9ithbL0YBHKPh8ZgPygwkD9ZWrOIzQnygszXo2Lt5Lc2Bo+eyryfKS6d67mVNy
3lO79NuIHCJrWZreYa3XwrwitXomUi58nJX5yofHpVRxZyyQAftBFTlFWLDFysYM
ermeNNXSJ6Y2zgBVwkCkVfyqhd36aUL7j4hwPxkMl50qwdYd2qpKd4GzGTeA+tRv
sFPT6NAVThr6k/DmgM33Vy+wyfHFADaZd/b+7aMZOxh6srVFRXxjI3BkZiEqRrzG
7voE71itEJ+0f8GiX8Wv6drZLNPtgzUcGAUifLFGLQpQvrwa46LpatFysQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO1hyzHwTqPwPlf+J7MyhF8PMVv6MB8GA1UdIwQY
MBaAFKZ4V3PfMTuRcRv2vFsUnswka56JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcG5oWGM5OHhPNUZ4R19hOFd4U2V6Q1Jybm9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9hZTkyMTEtYzUyZC00ODBkLWE1OTEt
ZDc1ODY5YzBjNzFlLzEvN1dITE1mQk9vX0EtVl80bnN6S0VYdzh4V19vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9hZTkyMTEtYzUyZC00ODBkLWE1OTEtZDc1ODY5YzBjNzFl
LzEvcG5oWGM5OHhPNUZ4R19hOFd4U2V6Q1Jybm9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAue+xAwQA
ue+zMA0GCSqGSIb3DQEBCwUAA4IBAQBXGnN1/feCMZ5cn3M7r+E6WxTbacY/SSTJ
hJghfgCBS6Dpue6HmlyfU5BcXpIvVhWfAGYx1QMgS4LyKycaBM+QTVNK/0MA2q4K
LFqXAVq14ANvZjr+S+uh+1+/YyCwpEFkUA/zmPe3V0QZn3rwKtf/Ap95P5UIXiCD
rFk/HsGINeTqBlZk/n36Be9DCVx51kp/gXA2OBdjFuHeFb0FV3s2lm6m/xZPJ5XF
PxejTURcpQ4G6FcN/LKyS2PIaBX2IwxJL6rrXMFYb8JCy+4bLa1Q8oEdRWEM0TtJ
OS0TI09jgRXCYA05Wwy8QMXxh4GoBkXJlwMcEmp1an2KFPN2WKWn
-----END CERTIFICATE-----