Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/4ce558-63d6-469a-bb5d-f7820c5e966a/1/RWRByuXL5FWenmf4-2mS_5NGDJw.roa
File:                     RWRByuXL5FWenmf4-2mS_5NGDJw.roa (raw, json)
Hash identifier:          9I3xaAkAWCxblZu0cDuVk6wW5AFq23VHickead7r5mc=
Subject key identifier:   45:64:41:CA:E5:CB:E4:55:9E:9E:67:F8:FB:69:92:FF:93:46:0C:9C
Certificate issuer:       /CN=bfe9f12c96ba20683aff5c958bfad8e4c577f7fe
Certificate serial:       018CC492EB5E45394DCD12A5CAA85D5C0EA8
Authority key identifier: BF:E9:F1:2C:96:BA:20:68:3A:FF:5C:95:8B:FA:D8:E4:C5:77:F7:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v-nxLJa6IGg6_1yVi_rY5MV39_4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/4ce558-63d6-469a-bb5d-f7820c5e966a/1/RWRByuXL5FWenmf4-2mS_5NGDJw.roa
Signing time:             Mon 01 Jan 2024 10:30:11 +0000
ROA not before:           Mon 01 Jan 2024 10:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     139242
IP address blocks:        185.212.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/4ce558-63d6-469a-bb5d-f7820c5e966a/1/v-nxLJa6IGg6_1yVi_rY5MV39_4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/4ce558-63d6-469a-bb5d-f7820c5e966a/1/v-nxLJa6IGg6_1yVi_rY5MV39_4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v-nxLJa6IGg6_1yVi_rY5MV39_4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:eb:5e:45:39:4d:cd:12:a5:ca:a8:5d:5c:0e:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfe9f12c96ba20683aff5c958bfad8e4c577f7fe
        Validity
            Not Before: Jan  1 10:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=456441cae5cbe4559e9e67f8fb6992ff93460c9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:df:bf:a4:38:d1:c9:09:1f:2f:05:8f:a1:ae:
                    60:0f:1a:0f:ef:2e:a0:6a:bb:cf:d5:cb:2e:48:9f:
                    6a:7b:dc:8d:09:fe:a0:83:8d:55:bf:0f:af:ec:f9:
                    1e:b6:e9:2e:df:c1:08:c1:f9:08:b1:42:44:4e:6c:
                    e4:f2:d2:e6:01:b3:47:9d:b3:a3:b3:df:02:c4:6f:
                    ea:3d:19:36:18:33:69:11:28:19:10:dc:3c:b7:12:
                    f6:89:ad:fd:66:18:70:8d:bb:b5:f9:66:4a:61:61:
                    01:1b:1a:cc:4c:40:62:f9:51:86:07:0e:6b:d0:cc:
                    96:93:6f:7d:57:95:39:ca:3a:50:d6:c2:c8:3d:31:
                    87:51:5a:e2:97:bd:d5:e2:ae:d0:c3:44:db:61:44:
                    c4:84:4f:e7:95:7d:03:81:66:63:09:17:f5:76:34:
                    92:3e:67:7a:ad:7d:16:cd:22:da:80:26:59:e8:0e:
                    99:4b:5c:50:c0:43:4f:9c:6f:32:21:47:74:f1:69:
                    a4:e3:84:aa:57:7a:4e:0e:e6:ce:0a:0f:9d:47:25:
                    aa:6f:9c:d7:b2:fa:9f:35:53:18:6d:22:da:cc:cb:
                    f0:74:be:30:02:4e:4b:63:4a:63:e7:76:81:1f:e2:
                    6c:5d:43:02:4c:b0:96:59:f8:b9:43:da:fb:7f:63:
                    4d:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:64:41:CA:E5:CB:E4:55:9E:9E:67:F8:FB:69:92:FF:93:46:0C:9C
            X509v3 Authority Key Identifier:
                keyid:BF:E9:F1:2C:96:BA:20:68:3A:FF:5C:95:8B:FA:D8:E4:C5:77:F7:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v-nxLJa6IGg6_1yVi_rY5MV39_4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/4ce558-63d6-469a-bb5d-f7820c5e966a/1/RWRByuXL5FWenmf4-2mS_5NGDJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/4ce558-63d6-469a-bb5d-f7820c5e966a/1/v-nxLJa6IGg6_1yVi_rY5MV39_4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:72:89:d9:51:dc:4e:04:56:63:4b:e6:48:f3:14:7c:d4:06:
         0d:4a:ec:80:7e:2f:59:8c:1b:4d:95:ad:77:bc:fb:bf:af:aa:
         5e:62:01:04:73:67:76:b4:25:35:2e:a9:2f:8f:aa:a1:52:4b:
         1c:3f:1a:d8:ef:42:76:7e:86:d8:4d:01:d6:01:35:f6:8e:54:
         e2:dc:fc:f6:f3:da:4f:46:08:ae:90:fc:56:04:9f:65:7a:cd:
         b0:b6:87:43:44:ac:42:5d:22:98:b8:dc:09:80:b8:03:6b:67:
         51:0e:63:56:24:02:4b:ed:05:c2:4d:a6:59:6b:b5:60:0f:13:
         76:33:19:6c:d6:30:a2:e2:c8:9f:0c:75:42:7c:52:80:32:e1:
         e4:d7:f5:2f:b6:59:b7:75:73:12:c9:38:c8:8e:71:e0:31:87:
         70:fb:9b:aa:8a:3c:a6:31:bb:82:d0:27:8d:63:b2:17:32:fd:
         42:aa:5f:99:2f:a2:df:fa:51:be:f6:2c:c0:9e:68:9b:b1:7e:
         82:a6:88:5a:e9:67:27:2f:20:d8:43:e6:f2:48:25:14:bd:38:
         f6:87:8a:21:29:00:94:07:fc:d9:3a:ed:52:69:0f:bc:a5:88:
         45:59:3b:e6:ce:40:b6:6a:c9:a0:49:87:82:db:3b:58:6b:9e:
         d2:22:01:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkuteRTlNzRKlyqhdXA6oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmZTlmMTJjOTZiYTIwNjgzYWZmNWM5NThiZmFkOGU0YzU3
N2Y3ZmUwHhcNMjQwMTAxMTAzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTY0NDFjYWU1Y2JlNDU1OWU5ZTY3ZjhmYjY5OTJmZjkzNDYwYzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi9+/pDjRyQkfLwWPoa5gDxoP7y6g
arvP1csuSJ9qe9yNCf6gg41Vvw+v7Pketuku38EIwfkIsUJETmzk8tLmAbNHnbOj
s98CxG/qPRk2GDNpESgZENw8txL2ia39Zhhwjbu1+WZKYWEBGxrMTEBi+VGGBw5r
0MyWk299V5U5yjpQ1sLIPTGHUVril73V4q7Qw0TbYUTEhE/nlX0DgWZjCRf1djSS
Pmd6rX0WzSLagCZZ6A6ZS1xQwENPnG8yIUd08Wmk44SqV3pODubOCg+dRyWqb5zX
svqfNVMYbSLazMvwdL4wAk5LY0pj53aBH+JsXUMCTLCWWfi5Q9r7f2NNqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEVkQcrly+RVnp5n+Ptpkv+TRgycMB8GA1UdIwQY
MBaAFL/p8SyWuiBoOv9clYv62OTFd/f+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdi1ueExKYTZJR2c2XzF5Vmlfclk1TVYzOV80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy80Y2U1NTgtNjNkNi00NjlhLWJiNWQt
Zjc4MjBjNWU5NjZhLzEvUldSQnl1WEw1Rldlbm1mNC0ybVNfNU5HREp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy80Y2U1NTgtNjNkNi00NjlhLWJiNWQtZjc4MjBjNWU5NjZh
LzEvdi1ueExKYTZJR2c2XzF5Vmlfclk1TVYzOV80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudSQMA0G
CSqGSIb3DQEBCwUAA4IBAQBTconZUdxOBFZjS+ZI8xR81AYNSuyAfi9ZjBtNla13
vPu/r6peYgEEc2d2tCU1Lqkvj6qhUkscPxrY70J2fobYTQHWATX2jlTi3Pz289pP
RgiukPxWBJ9les2wtodDRKxCXSKYuNwJgLgDa2dRDmNWJAJL7QXCTaZZa7VgDxN2
Mxls1jCi4sifDHVCfFKAMuHk1/Uvtlm3dXMSyTjIjnHgMYdw+5uqijymMbuC0CeN
Y7IXMv1Cql+ZL6Lf+lG+9izAnmibsX6Cpoha6WcnLyDYQ+bySCUUvTj2h4ohKQCU
B/zZOu1SaQ+8pYhFWTvmzkC2asmgSYeC2ztYa57SIgEF
-----END CERTIFICATE-----