Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/185fe9-2517-438c-8e26-9fd836e8b366/1/W78yyw7g-0a1dB8hNuG6IVEWG7Q.roa
File:                     W78yyw7g-0a1dB8hNuG6IVEWG7Q.roa (raw, json)
Hash identifier:          avWRhmPBBHFFJFVTlQ6h0Ke4GQXUjYFDLgVzboTz1uo=
Subject key identifier:   5B:BF:32:CB:0E:E0:FB:46:B5:74:1F:21:36:E1:BA:21:51:16:1B:B4
Certificate issuer:       /CN=95151fbb71e41b2d1063d3b11141ada1a844c7f7
Certificate serial:       018CC26D32ADD0F2A918CF789E84DF51C192
Authority key identifier: 95:15:1F:BB:71:E4:1B:2D:10:63:D3:B1:11:41:AD:A1:A8:44:C7:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lRUfu3HkGy0QY9OxEUGtoahEx_c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/185fe9-2517-438c-8e26-9fd836e8b366/1/W78yyw7g-0a1dB8hNuG6IVEWG7Q.roa
Signing time:             Mon 01 Jan 2024 00:29:45 +0000
ROA not before:           Mon 01 Jan 2024 00:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     38965
IP address blocks:        185.231.57.0/24 maxlen: 24
                          2a10:b880::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/185fe9-2517-438c-8e26-9fd836e8b366/1/lRUfu3HkGy0QY9OxEUGtoahEx_c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/185fe9-2517-438c-8e26-9fd836e8b366/1/lRUfu3HkGy0QY9OxEUGtoahEx_c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lRUfu3HkGy0QY9OxEUGtoahEx_c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:32:ad:d0:f2:a9:18:cf:78:9e:84:df:51:c1:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95151fbb71e41b2d1063d3b11141ada1a844c7f7
        Validity
            Not Before: Jan  1 00:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5bbf32cb0ee0fb46b5741f2136e1ba2151161bb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:5c:2b:05:b8:35:0a:46:5d:49:28:4c:df:fd:
                    b7:44:09:66:f7:67:5c:1f:25:2f:f8:cb:da:69:4c:
                    d2:b6:b3:6c:f1:79:6d:f4:29:8f:a3:bf:1f:91:40:
                    1f:f4:a1:5c:31:c6:14:79:db:b1:bc:19:16:b8:a4:
                    f9:66:8c:0c:ab:62:57:e3:91:20:e8:7c:f1:d2:19:
                    4d:78:67:df:84:5e:44:8c:4b:16:37:b2:a9:4a:de:
                    8f:75:2a:5a:7d:8b:98:f4:26:3d:9c:39:e9:ac:a7:
                    c0:86:1e:04:ff:11:61:80:45:3a:10:3b:11:e7:fb:
                    2c:fa:50:3c:ca:70:81:65:e5:9e:dc:5d:f7:b8:87:
                    31:5e:27:33:6e:90:09:90:70:04:6d:d3:8b:57:f9:
                    6b:38:06:b5:94:89:5d:8e:6f:a1:91:ed:dc:82:e7:
                    19:c8:cd:aa:c7:40:e7:e0:6c:39:36:0f:14:28:70:
                    06:fe:5a:e9:22:e5:2a:f7:e8:6d:e1:a0:be:2c:f5:
                    f0:16:9e:dc:61:19:b5:c2:52:0c:57:8a:b1:fe:85:
                    72:a8:a8:59:e4:d6:f8:a9:5d:bb:35:30:bf:35:9f:
                    d9:7d:26:db:55:a3:a0:de:e4:b2:4b:07:9f:32:29:
                    bd:1a:0d:92:73:a2:f7:75:ba:ab:77:6f:6b:53:88:
                    f9:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:BF:32:CB:0E:E0:FB:46:B5:74:1F:21:36:E1:BA:21:51:16:1B:B4
            X509v3 Authority Key Identifier:
                keyid:95:15:1F:BB:71:E4:1B:2D:10:63:D3:B1:11:41:AD:A1:A8:44:C7:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lRUfu3HkGy0QY9OxEUGtoahEx_c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/185fe9-2517-438c-8e26-9fd836e8b366/1/W78yyw7g-0a1dB8hNuG6IVEWG7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/185fe9-2517-438c-8e26-9fd836e8b366/1/lRUfu3HkGy0QY9OxEUGtoahEx_c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.231.57.0/24
                IPv6:
                  2a10:b880::/32

    Signature Algorithm: sha256WithRSAEncryption
         f5:5a:59:64:41:81:2e:bc:a1:86:87:90:5e:e9:1f:9c:11:85:
         c6:02:6e:d2:c7:61:2e:97:5f:6b:15:e5:2e:fc:71:e2:a4:09:
         cb:8e:19:b9:3a:7f:d7:94:ee:13:8c:54:f4:63:53:45:00:a3:
         8a:99:63:1b:49:d7:d4:b5:ae:f9:a0:8c:93:b5:f6:b8:86:65:
         e3:5b:8a:cd:7c:bc:25:30:b2:0b:44:fd:5e:f4:3d:a4:0e:06:
         64:f5:ca:82:49:d3:42:72:1a:1c:41:ba:93:c8:ff:f4:bc:ff:
         50:20:5b:16:c4:f0:3e:24:c8:74:f6:72:04:c1:32:5b:a0:07:
         71:64:e1:d1:11:39:10:4d:24:72:85:7b:f5:a1:bf:11:f9:e6:
         a3:dd:e3:08:6d:2e:d0:30:86:3d:36:1b:79:91:03:24:5c:c4:
         ea:dc:9a:d8:46:8f:a9:67:90:94:2f:51:ed:13:9e:02:ca:75:
         05:11:1b:eb:8f:3a:fc:92:46:f7:50:1c:0e:d2:7e:24:51:4b:
         45:2a:21:11:a9:d5:dc:4c:ab:f2:55:d9:0e:5d:34:e2:af:a0:
         01:e5:50:41:6f:6c:24:2d:a3:c2:cc:b8:f9:5f:33:2f:7a:fd:
         69:38:2b:5d:2c:10:f4:cd:6b:4e:6a:76:b4:fa:f7:a5:d8:0b:
         08:d5:af:26
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzCbTKt0PKpGM94noTfUcGSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MTUxZmJiNzFlNDFiMmQxMDYzZDNiMTExNDFhZGExYTg0
NGM3ZjcwHhcNMjQwMTAxMDAyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmJmMzJjYjBlZTBmYjQ2YjU3NDFmMjEzNmUxYmEyMTUxMTYxYmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzFwrBbg1CkZdSShM3/23RAlm92dc
HyUv+MvaaUzStrNs8Xlt9CmPo78fkUAf9KFcMcYUeduxvBkWuKT5ZowMq2JX45Eg
6Hzx0hlNeGffhF5EjEsWN7KpSt6PdSpafYuY9CY9nDnprKfAhh4E/xFhgEU6EDsR
5/ss+lA8ynCBZeWe3F33uIcxXiczbpAJkHAEbdOLV/lrOAa1lIldjm+hke3cgucZ
yM2qx0Dn4Gw5Ng8UKHAG/lrpIuUq9+ht4aC+LPXwFp7cYRm1wlIMV4qx/oVyqKhZ
5Nb4qV27NTC/NZ/ZfSbbVaOg3uSySwefMim9Gg2Sc6L3dbqrd29rU4j51wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFu/MssO4PtGtXQfITbhuiFRFhu0MB8GA1UdIwQY
MBaAFJUVH7tx5BstEGPTsRFBraGoRMf3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFJVZnUzSGtHeTBRWTlPeEVVR3RvYWhFeF9jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8xODVmZTktMjUxNy00MzhjLThlMjYt
OWZkODM2ZThiMzY2LzEvVzc4eXl3N2ctMGExZEI4aE51RzZJVkVXRzdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8xODVmZTktMjUxNy00MzhjLThlMjYtOWZkODM2ZThiMzY2
LzEvbFJVZnUzSGtHeTBRWTlPeEVVR3RvYWhFeF9jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuec5MA0E
AgACMAcDBQAqELiAMA0GCSqGSIb3DQEBCwUAA4IBAQD1WllkQYEuvKGGh5Be6R+c
EYXGAm7Sx2Eul19rFeUu/HHipAnLjhm5On/XlO4TjFT0Y1NFAKOKmWMbSdfUta75
oIyTtfa4hmXjW4rNfLwlMLILRP1e9D2kDgZk9cqCSdNCchocQbqTyP/0vP9QIFsW
xPA+JMh09nIEwTJboAdxZOHRETkQTSRyhXv1ob8R+eaj3eMIbS7QMIY9Nht5kQMk
XMTq3JrYRo+pZ5CUL1HtE54CynUFERvrjzr8kkb3UBwO0n4kUUtFKiERqdXcTKvy
VdkOXTTir6AB5VBBb2wkLaPCzLj5XzMvev1pOCtdLBD0zWtOana0+vel2AsI1a8m
-----END CERTIFICATE-----