Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/wOcUi5LXGQRRd17LBu4PnWEIhUU.roa
File:                     wOcUi5LXGQRRd17LBu4PnWEIhUU.roa (raw, json)
Hash identifier:          Phvhu5k8Ne1e0LCjJCDuKdKrq7FdBDx5nb3dziGO3bE=
Subject key identifier:   C0:E7:14:8B:92:D7:19:04:51:77:5E:CB:06:EE:0F:9D:61:08:85:45
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DF94D3A557CD3D8DFC20C36DE9C86E
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/wOcUi5LXGQRRd17LBu4PnWEIhUU.roa
Signing time:             Tue 02 Jan 2024 06:32:25 +0000
ROA not before:           Tue 02 Jan 2024 06:32:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25227
IP address blocks:        185.106.95.0/24 maxlen: 24
                          185.244.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:94:d3:a5:57:cd:3d:8d:fc:20:c3:6d:e9:c8:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c0e7148b92d7190451775ecb06ee0f9d61088545
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:2b:1a:1e:5a:a6:92:39:8d:e5:cb:3d:2b:5b:
                    4a:69:33:de:a7:24:e9:28:c7:8d:12:10:fa:08:4c:
                    54:33:9f:3c:c1:5e:8b:55:2d:20:2a:3c:4a:20:16:
                    8b:b8:50:46:a5:a6:9d:71:5a:60:15:c7:7a:30:8c:
                    d8:7c:49:13:b5:cd:02:2e:c9:db:23:4a:c3:97:12:
                    e2:fc:9b:51:8d:89:e3:eb:9c:9c:42:2d:92:31:c7:
                    19:92:e3:ff:7c:41:98:1b:27:28:12:fe:1b:68:ab:
                    c8:8f:1f:80:19:21:fe:22:78:7c:d2:df:c0:4a:89:
                    19:c6:c1:95:60:75:60:54:36:e7:df:c1:0c:38:ef:
                    88:b5:5c:0d:29:c3:68:a0:56:8b:91:56:f3:22:64:
                    72:aa:f6:58:52:66:8a:ee:b2:5e:1a:16:31:45:3e:
                    19:65:d5:e0:81:20:ee:c0:a1:6b:35:59:ec:f5:be:
                    4b:d1:e1:95:6d:67:a3:29:ec:4a:42:2e:b2:13:4f:
                    9a:8a:ee:36:02:99:75:92:b7:98:66:b5:d4:74:24:
                    56:de:45:88:7b:23:78:97:36:47:b1:45:ce:57:39:
                    c4:a8:af:0d:ad:ac:39:b1:cb:cc:03:e0:1b:bb:a7:
                    04:cc:e8:d6:1e:4a:c7:ae:1f:2b:69:3b:9e:c7:ae:
                    6d:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:E7:14:8B:92:D7:19:04:51:77:5E:CB:06:EE:0F:9D:61:08:85:45
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/wOcUi5LXGQRRd17LBu4PnWEIhUU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.106.95.0/24
                  185.244.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:80:b2:66:86:d7:a8:a7:c8:e1:17:28:f5:64:09:b0:88:8f:
         d9:0b:0e:39:33:4b:d6:46:88:07:ed:6f:3c:35:5d:ff:2a:ad:
         9a:c4:e7:b7:c2:c5:69:06:45:e1:6a:48:79:07:3f:6b:3f:9c:
         53:cd:2a:51:57:04:58:bd:0e:be:b8:32:29:fb:ba:4e:af:e5:
         73:79:aa:e1:43:e6:c4:85:af:18:d1:83:fb:2e:9e:ec:6f:3c:
         89:3d:6a:69:b6:9f:9d:58:e5:94:47:92:39:fc:21:b7:50:d3:
         b3:a8:28:69:4f:71:e1:47:04:00:8d:ed:59:9b:db:92:92:af:
         da:0f:a0:64:ac:83:3f:96:93:9b:b1:94:7d:24:18:ff:fb:f4:
         eb:c7:08:0a:0a:5f:95:ae:2d:1d:87:54:49:58:6d:8b:78:9e:
         dc:81:41:a4:74:78:1d:25:7c:86:6d:3c:23:5c:b6:fd:87:7c:
         cf:e8:fd:79:4e:1e:f1:86:55:a1:f1:75:4b:d0:e8:50:bc:32:
         89:fe:c3:85:a9:6d:37:0d:62:ea:48:0e:5b:63:cd:f9:4d:e9:
         5e:b2:6c:87:a3:17:1b:05:38:67:6b:2e:b8:87:f4:22:45:8a:
         c7:2d:cd:83:f5:bc:d1:f5:b2:82:c4:6e:14:70:d1:6b:a3:df:
         e4:2b:79:f5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI35TTpVfNPY38IMNt6chuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGU3MTQ4YjkyZDcxOTA0NTE3NzVlY2IwNmVlMGY5ZDYxMDg4NTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApSsaHlqmkjmN5cs9K1tKaTPepyTp
KMeNEhD6CExUM588wV6LVS0gKjxKIBaLuFBGpaadcVpgFcd6MIzYfEkTtc0CLsnb
I0rDlxLi/JtRjYnj65ycQi2SMccZkuP/fEGYGycoEv4baKvIjx+AGSH+Inh80t/A
SokZxsGVYHVgVDbn38EMOO+ItVwNKcNooFaLkVbzImRyqvZYUmaK7rJeGhYxRT4Z
ZdXggSDuwKFrNVns9b5L0eGVbWejKexKQi6yE0+aiu42Apl1kreYZrXUdCRW3kWI
eyN4lzZHsUXOVznEqK8Nraw5scvMA+Abu6cEzOjWHkrHrh8raTuex65tIwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMDnFIuS1xkEUXdeywbuD51hCIVFMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvd09jVWk1TFhHUVJSZDE3TEJ1NFBuV0VJaFVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuWpfAwQA
ufSvMA0GCSqGSIb3DQEBCwUAA4IBAQASgLJmhteop8jhFyj1ZAmwiI/ZCw45M0vW
RogH7W88NV3/Kq2axOe3wsVpBkXhakh5Bz9rP5xTzSpRVwRYvQ6+uDIp+7pOr+Vz
earhQ+bEha8Y0YP7Lp7sbzyJPWpptp+dWOWUR5I5/CG3UNOzqChpT3HhRwQAje1Z
m9uSkq/aD6BkrIM/lpObsZR9JBj/+/TrxwgKCl+Vri0dh1RJWG2LeJ7cgUGkdHgd
JXyGbTwjXLb9h3zP6P15Th7xhlWh8XVL0OhQvDKJ/sOFqW03DWLqSA5bY835Tele
smyHoxcbBThnay64h/QiRYrHLc2D9bzR9bKCxG4UcNFro9/kK3n1
-----END CERTIFICATE-----