Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/df2777-77a1-4b84-921f-a88270f5d1a9/1/Wice8Ujm8CbRh-etokDSW1v-yEc.roa
File:                     Wice8Ujm8CbRh-etokDSW1v-yEc.roa (raw, json)
Hash identifier:          0jhGh07dfDWavLuC1Y//b1V3TPZXAS78Z1beknbUEzk=
Subject key identifier:   5A:27:1E:F1:48:E6:F0:26:D1:87:E7:AD:A2:40:D2:5B:5B:FE:C8:47
Certificate issuer:       /CN=5f16b294b1a647bf6d67683b51614497e751f21f
Certificate serial:       018CC94D112133F41D02D0C3B05738A3A06F
Authority key identifier: 5F:16:B2:94:B1:A6:47:BF:6D:67:68:3B:51:61:44:97:E7:51:F2:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XxaylLGmR79tZ2g7UWFEl-dR8h8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/df2777-77a1-4b84-921f-a88270f5d1a9/1/Wice8Ujm8CbRh-etokDSW1v-yEc.roa
Signing time:             Tue 02 Jan 2024 08:32:00 +0000
ROA not before:           Tue 02 Jan 2024 08:32:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34182
IP address blocks:        193.28.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/df2777-77a1-4b84-921f-a88270f5d1a9/1/XxaylLGmR79tZ2g7UWFEl-dR8h8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/df2777-77a1-4b84-921f-a88270f5d1a9/1/XxaylLGmR79tZ2g7UWFEl-dR8h8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XxaylLGmR79tZ2g7UWFEl-dR8h8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 05:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:11:21:33:f4:1d:02:d0:c3:b0:57:38:a3:a0:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f16b294b1a647bf6d67683b51614497e751f21f
        Validity
            Not Before: Jan  2 08:32:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a271ef148e6f026d187e7ada240d25b5bfec847
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:99:ea:97:14:b6:ee:18:18:83:12:08:51:e5:
                    e6:61:65:b4:16:27:75:6c:66:c5:8f:41:16:bf:1f:
                    24:1e:73:3b:2e:d7:c9:b9:7d:f9:39:50:c6:30:c4:
                    6f:b7:9f:16:ad:86:f2:69:d5:df:a2:71:2d:22:c0:
                    9c:a1:5b:33:65:72:c6:e1:3c:1f:35:68:a0:75:b4:
                    18:3c:d3:6f:ff:e1:ce:19:c4:d9:82:6b:e2:d1:95:
                    31:06:59:36:83:bb:89:86:f0:d2:95:09:bf:0e:81:
                    a3:0d:da:c0:67:d4:9e:1e:5b:2c:02:70:1d:64:54:
                    d4:15:f9:e4:44:72:02:7c:a6:25:d7:63:e0:e3:12:
                    71:45:0a:69:c3:73:76:e0:35:6c:fc:3f:e8:4c:e4:
                    af:16:18:cb:30:24:14:cd:ff:37:4a:52:d6:7e:96:
                    80:aa:ee:2c:5a:91:eb:42:7e:6c:d4:c8:04:77:6d:
                    c3:e9:b5:b7:9c:16:a5:69:e1:46:90:16:97:3f:7b:
                    ff:dd:34:ba:f6:96:d5:56:02:69:65:1e:72:ce:b3:
                    68:c3:2a:f7:58:79:75:3a:2e:c6:d4:e4:70:e0:be:
                    7d:72:37:ec:ac:8b:f6:4e:fd:0f:06:c6:2c:f1:e9:
                    eb:d8:91:99:16:0c:25:ae:ca:a0:1c:08:6e:d3:91:
                    d0:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:27:1E:F1:48:E6:F0:26:D1:87:E7:AD:A2:40:D2:5B:5B:FE:C8:47
            X509v3 Authority Key Identifier:
                keyid:5F:16:B2:94:B1:A6:47:BF:6D:67:68:3B:51:61:44:97:E7:51:F2:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XxaylLGmR79tZ2g7UWFEl-dR8h8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/df2777-77a1-4b84-921f-a88270f5d1a9/1/Wice8Ujm8CbRh-etokDSW1v-yEc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/df2777-77a1-4b84-921f-a88270f5d1a9/1/XxaylLGmR79tZ2g7UWFEl-dR8h8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.28.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:e1:5e:ab:07:62:78:64:cb:e2:ea:4e:97:04:76:29:dc:7b:
         36:af:a5:44:fc:3b:c7:0b:c2:88:50:cc:c4:0c:90:88:a5:6c:
         93:9b:2a:96:34:3d:42:38:79:af:3e:5f:c1:67:9b:73:49:8f:
         a8:1d:77:0d:91:56:62:0d:42:da:d6:0a:f0:fc:2f:01:15:47:
         e3:55:85:ba:9b:3f:03:7c:01:1e:49:aa:29:d8:f0:c1:69:9a:
         a7:fd:33:48:b9:b6:41:7b:52:e0:e8:2f:7e:b2:74:fd:84:90:
         47:2d:dd:9e:0e:5e:d1:a2:51:03:10:da:b0:19:bf:7e:31:44:
         b2:1e:ae:15:e8:fa:8d:8d:6e:81:2b:3a:1c:8a:f3:80:7d:c3:
         49:b2:db:16:a0:7b:36:8a:ab:32:72:2b:12:21:1d:2b:64:72:
         bd:35:94:d2:d8:00:02:85:3e:dd:1a:a3:99:1f:aa:78:60:48:
         35:c5:46:b7:c6:be:29:26:00:4b:12:e9:af:96:5e:03:55:f6:
         49:8e:d7:1f:95:a9:ed:64:5c:15:1d:ce:2c:56:38:b8:42:32:
         e8:56:db:28:c6:f0:a3:fe:ad:ae:1d:a0:38:c3:bb:28:ed:d8:
         9b:5b:15:a0:80:9e:9f:6d:08:46:4b:b8:df:04:7a:5d:02:7c:
         08:93:5c:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTREhM/QdAtDDsFc4o6BvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmMTZiMjk0YjFhNjQ3YmY2ZDY3NjgzYjUxNjE0NDk3ZTc1
MWYyMWYwHhcNMjQwMTAyMDgzMjAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTI3MWVmMTQ4ZTZmMDI2ZDE4N2U3YWRhMjQwZDI1YjViZmVjODQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzZnqlxS27hgYgxIIUeXmYWW0Fid1
bGbFj0EWvx8kHnM7LtfJuX35OVDGMMRvt58WrYbyadXfonEtIsCcoVszZXLG4Twf
NWigdbQYPNNv/+HOGcTZgmvi0ZUxBlk2g7uJhvDSlQm/DoGjDdrAZ9SeHlssAnAd
ZFTUFfnkRHICfKYl12Pg4xJxRQppw3N24DVs/D/oTOSvFhjLMCQUzf83SlLWfpaA
qu4sWpHrQn5s1MgEd23D6bW3nBalaeFGkBaXP3v/3TS69pbVVgJpZR5yzrNowyr3
WHl1Oi7G1ORw4L59cjfsrIv2Tv0PBsYs8enr2JGZFgwlrsqgHAhu05HQ2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFonHvFI5vAm0YfnraJA0ltb/shHMB8GA1UdIwQY
MBaAFF8WspSxpke/bWdoO1FhRJfnUfIfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHhheWxMR21SNzl0WjJnN1VXRkVsLWRSOGg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC9kZjI3NzctNzdhMS00Yjg0LTkyMWYt
YTg4MjcwZjVkMWE5LzEvV2ljZThVam04Q2JSaC1ldG9rRFNXMXYteUVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC9kZjI3NzctNzdhMS00Yjg0LTkyMWYtYTg4MjcwZjVkMWE5
LzEvWHhheWxMR21SNzl0WjJnN1VXRkVsLWRSOGg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRy5MA0G
CSqGSIb3DQEBCwUAA4IBAQC/4V6rB2J4ZMvi6k6XBHYp3Hs2r6VE/DvHC8KIUMzE
DJCIpWyTmyqWND1COHmvPl/BZ5tzSY+oHXcNkVZiDULa1grw/C8BFUfjVYW6mz8D
fAEeSaop2PDBaZqn/TNIubZBe1Lg6C9+snT9hJBHLd2eDl7RolEDENqwGb9+MUSy
Hq4V6PqNjW6BKzocivOAfcNJstsWoHs2iqsycisSIR0rZHK9NZTS2AAChT7dGqOZ
H6p4YEg1xUa3xr4pJgBLEumvll4DVfZJjtcflantZFwVHc4sVji4QjLoVtsoxvCj
/q2uHaA4w7so7dibWxWggJ6fbQhGS7jfBHpdAnwIk1zo
-----END CERTIFICATE-----