Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/69cbc0-b6c5-4e67-a73b-2b65a7a8be8c/1/wbOpu5lvsVAW8KILVvNKMQyfUN0.roa
File:                     wbOpu5lvsVAW8KILVvNKMQyfUN0.roa (raw, json)
Hash identifier:          ziyMrUoVMTSRf/IMRWtrWK9wHd959PUBbvpw+4hHeB8=
Subject key identifier:   C1:B3:A9:BB:99:6F:B1:50:16:F0:A2:0B:56:F3:4A:31:0C:9F:50:DD
Certificate issuer:       /CN=68b22eea4a4a3b81654a227eda94e0e75937b015
Certificate serial:       018CC8012FFF6F011953F6B153D947EB8EA7
Authority key identifier: 68:B2:2E:EA:4A:4A:3B:81:65:4A:22:7E:DA:94:E0:E7:59:37:B0:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aLIu6kpKO4FlSiJ-2pTg51k3sBU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/69cbc0-b6c5-4e67-a73b-2b65a7a8be8c/1/wbOpu5lvsVAW8KILVvNKMQyfUN0.roa
Signing time:             Tue 02 Jan 2024 02:29:30 +0000
ROA not before:           Tue 02 Jan 2024 02:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208972
IP address blocks:        185.252.114.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/69cbc0-b6c5-4e67-a73b-2b65a7a8be8c/1/aLIu6kpKO4FlSiJ-2pTg51k3sBU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/69cbc0-b6c5-4e67-a73b-2b65a7a8be8c/1/aLIu6kpKO4FlSiJ-2pTg51k3sBU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aLIu6kpKO4FlSiJ-2pTg51k3sBU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:2f:ff:6f:01:19:53:f6:b1:53:d9:47:eb:8e:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68b22eea4a4a3b81654a227eda94e0e75937b015
        Validity
            Not Before: Jan  2 02:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1b3a9bb996fb15016f0a20b56f34a310c9f50dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:f1:8f:b7:49:c5:03:23:90:7b:cd:32:2f:e9:
                    b1:e1:89:9e:fc:71:fa:db:3a:61:43:83:72:24:ab:
                    91:c7:c6:2a:8f:33:c4:c4:be:33:e8:6e:38:1a:c9:
                    dd:1d:99:7a:41:31:20:b5:c4:a8:ec:ce:aa:ab:9e:
                    f2:22:45:d7:4d:2e:95:8c:c0:e6:a3:1f:36:8d:0c:
                    a3:d9:f1:bd:df:4f:d8:df:f5:d0:45:52:b1:6a:76:
                    8a:2e:91:a6:70:af:49:fd:bb:4e:64:fb:80:5e:bb:
                    af:2a:b0:21:e3:44:77:1a:2c:c3:41:a6:e0:0e:1b:
                    1d:02:d8:35:96:2b:73:4d:ef:5d:4e:0e:8f:07:28:
                    65:df:e3:bd:65:4f:25:b7:5b:75:67:43:60:ad:a3:
                    1f:7e:99:21:d1:e6:93:1f:77:6f:fe:e2:82:48:b4:
                    b5:0b:62:1f:f4:f3:de:3e:cb:ea:1b:f8:5e:3e:60:
                    1c:f4:01:16:7d:1c:05:72:9c:a1:e4:fe:ec:fc:53:
                    0d:95:55:cc:0f:2f:8a:a1:59:85:1b:b8:fa:b0:af:
                    d1:e1:22:ff:f7:d9:59:ef:1d:91:e1:ab:2f:84:e7:
                    fe:56:24:39:6a:15:d7:bf:7d:c5:45:dc:5c:3f:33:
                    9d:33:6e:29:71:09:ae:51:1f:da:28:e4:79:88:e8:
                    33:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:B3:A9:BB:99:6F:B1:50:16:F0:A2:0B:56:F3:4A:31:0C:9F:50:DD
            X509v3 Authority Key Identifier:
                keyid:68:B2:2E:EA:4A:4A:3B:81:65:4A:22:7E:DA:94:E0:E7:59:37:B0:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aLIu6kpKO4FlSiJ-2pTg51k3sBU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/69cbc0-b6c5-4e67-a73b-2b65a7a8be8c/1/wbOpu5lvsVAW8KILVvNKMQyfUN0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/69cbc0-b6c5-4e67-a73b-2b65a7a8be8c/1/aLIu6kpKO4FlSiJ-2pTg51k3sBU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.252.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:97:c6:94:0c:ee:1a:1b:18:8f:53:ac:30:4f:0f:22:c4:11:
         e2:57:1d:c7:67:f8:d1:69:f5:d7:ad:47:82:b2:b2:2a:37:b3:
         d8:4b:60:c4:bb:e0:16:0a:36:1d:4e:bd:32:8a:19:30:06:fc:
         10:5b:a7:5b:12:f7:a6:32:69:c3:6b:b1:90:99:3e:54:cb:a3:
         38:7a:28:c2:92:f3:b5:f7:67:24:ae:43:c9:af:a8:d1:2b:7a:
         4a:24:8d:2b:e9:80:1e:98:90:80:21:6c:b7:06:3a:16:11:4a:
         49:ea:a4:20:20:3b:85:b5:16:ac:22:ca:13:26:d1:14:eb:81:
         4f:a7:d9:7b:ee:da:bb:93:82:b4:c5:9a:a4:e8:29:e6:e9:84:
         ce:59:04:d5:9e:dd:94:35:d1:03:1f:c9:55:67:e3:6e:33:98:
         7e:40:7d:bd:35:7d:65:0f:32:8e:86:a5:b7:2a:15:c6:95:dd:
         90:cf:93:cc:a6:78:eb:58:26:c6:c0:95:82:c2:9f:d4:a9:15:
         ac:af:eb:ad:ac:9f:0f:a0:7d:bf:5a:8f:2c:aa:24:3b:38:02:
         14:82:f2:cc:26:99:11:f3:eb:c4:19:ae:ae:fd:9d:d9:0b:d9:
         89:66:82:2c:36:16:bd:8d:ac:fc:e3:0e:6d:0a:1d:27:c1:c4:
         3f:20:ec:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAS//bwEZU/axU9lH646nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YjIyZWVhNGE0YTNiODE2NTRhMjI3ZWRhOTRlMGU3NTkz
N2IwMTUwHhcNMjQwMTAyMDIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWIzYTliYjk5NmZiMTUwMTZmMGEyMGI1NmYzNGEzMTBjOWY1MGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjfGPt0nFAyOQe80yL+mx4Yme/HH6
2zphQ4NyJKuRx8YqjzPExL4z6G44GsndHZl6QTEgtcSo7M6qq57yIkXXTS6VjMDm
ox82jQyj2fG930/Y3/XQRVKxanaKLpGmcK9J/btOZPuAXruvKrAh40R3GizDQabg
DhsdAtg1litzTe9dTg6PByhl3+O9ZU8lt1t1Z0NgraMffpkh0eaTH3dv/uKCSLS1
C2If9PPePsvqG/hePmAc9AEWfRwFcpyh5P7s/FMNlVXMDy+KoVmFG7j6sK/R4SL/
99lZ7x2R4asvhOf+ViQ5ahXXv33FRdxcPzOdM24pcQmuUR/aKOR5iOgzJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMGzqbuZb7FQFvCiC1bzSjEMn1DdMB8GA1UdIwQY
MBaAFGiyLupKSjuBZUoiftqU4OdZN7AVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUxJdTZrcEtPNEZsU2lKLTJwVGc1MWszc0JVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy82OWNiYzAtYjZjNS00ZTY3LWE3M2It
MmI2NWE3YThiZThjLzEvd2JPcHU1bHZzVkFXOEtJTFZ2TktNUXlmVU4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy82OWNiYzAtYjZjNS00ZTY3LWE3M2ItMmI2NWE3YThiZThj
LzEvYUxJdTZrcEtPNEZsU2lKLTJwVGc1MWszc0JVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufxyMA0G
CSqGSIb3DQEBCwUAA4IBAQBel8aUDO4aGxiPU6wwTw8ixBHiVx3HZ/jRafXXrUeC
srIqN7PYS2DEu+AWCjYdTr0yihkwBvwQW6dbEvemMmnDa7GQmT5Uy6M4eijCkvO1
92ckrkPJr6jRK3pKJI0r6YAemJCAIWy3BjoWEUpJ6qQgIDuFtRasIsoTJtEU64FP
p9l77tq7k4K0xZqk6Cnm6YTOWQTVnt2UNdEDH8lVZ+NuM5h+QH29NX1lDzKOhqW3
KhXGld2Qz5PMpnjrWCbGwJWCwp/UqRWsr+utrJ8PoH2/Wo8sqiQ7OAIUgvLMJpkR
8+vEGa6u/Z3ZC9mJZoIsNha9jaz84w5tCh0nwcQ/IOzp
-----END CERTIFICATE-----