Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/013153-b63b-4074-ac5c-f4dd6639f875/1/DW-sNsxiSt8lM4KAsW6zUSPb3NE.roa
File:                     DW-sNsxiSt8lM4KAsW6zUSPb3NE.roa (raw, json)
Hash identifier:          kCnpoNoow0kmKozG9npxkX0PtVhVcYT9/iUm8KF3UN0=
Subject key identifier:   0D:6F:AC:36:CC:62:4A:DF:25:33:82:80:B1:6E:B3:51:23:DB:DC:D1
Certificate issuer:       /CN=f65e7423d3f7b1b2e7acc1ba1cee0240b7d679d6
Certificate serial:       018CC801221C2103F4EBC8655912FA4D9B94
Authority key identifier: F6:5E:74:23:D3:F7:B1:B2:E7:AC:C1:BA:1C:EE:02:40:B7:D6:79:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9l50I9P3sbLnrMG6HO4CQLfWedY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/013153-b63b-4074-ac5c-f4dd6639f875/1/DW-sNsxiSt8lM4KAsW6zUSPb3NE.roa
Signing time:             Tue 02 Jan 2024 02:29:26 +0000
ROA not before:           Tue 02 Jan 2024 02:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205269
IP address blocks:        185.247.216.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/013153-b63b-4074-ac5c-f4dd6639f875/1/9l50I9P3sbLnrMG6HO4CQLfWedY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/013153-b63b-4074-ac5c-f4dd6639f875/1/9l50I9P3sbLnrMG6HO4CQLfWedY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9l50I9P3sbLnrMG6HO4CQLfWedY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 04:02:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:22:1c:21:03:f4:eb:c8:65:59:12:fa:4d:9b:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f65e7423d3f7b1b2e7acc1ba1cee0240b7d679d6
        Validity
            Not Before: Jan  2 02:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d6fac36cc624adf25338280b16eb35123dbdcd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:55:94:1c:f3:47:65:6e:da:23:cf:ba:f1:02:
                    9a:39:36:6f:5a:e3:ef:ad:41:50:e7:50:f3:92:49:
                    f8:6f:b7:82:50:7c:ee:6e:b2:88:84:6a:0f:1f:a2:
                    d7:ad:aa:e4:40:7d:4f:29:37:00:51:14:11:e0:9a:
                    69:93:e2:f6:c0:17:27:7f:bb:90:d9:73:b4:44:54:
                    dd:42:76:26:20:64:92:3e:98:40:e1:1d:37:38:79:
                    52:ea:87:f2:ed:a7:f6:7b:43:01:93:d7:1c:aa:6c:
                    ab:28:96:de:e4:40:25:cf:bb:e8:89:1b:88:87:50:
                    01:12:65:d8:93:6d:eb:8c:66:37:b6:fb:03:52:6d:
                    54:42:84:ed:68:f3:34:dd:34:1b:6f:05:d3:fd:da:
                    4f:af:d4:7e:80:1c:0b:4a:50:c7:93:4a:51:a9:f9:
                    58:34:f6:99:da:d5:c4:dc:b4:62:5a:64:3f:0d:9d:
                    ed:eb:61:10:45:e1:be:2a:7f:c1:58:10:e7:3f:9e:
                    01:b3:3c:6c:95:26:99:6b:79:a6:00:ca:23:4c:2c:
                    ee:0f:bd:2f:80:26:dc:8e:d2:23:b2:25:3e:7a:e9:
                    a6:e5:25:84:cd:42:ef:3a:80:a5:76:bf:2b:89:0c:
                    6f:b0:fe:60:a5:9a:99:75:dd:6e:10:60:50:9f:b1:
                    cf:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:6F:AC:36:CC:62:4A:DF:25:33:82:80:B1:6E:B3:51:23:DB:DC:D1
            X509v3 Authority Key Identifier:
                keyid:F6:5E:74:23:D3:F7:B1:B2:E7:AC:C1:BA:1C:EE:02:40:B7:D6:79:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9l50I9P3sbLnrMG6HO4CQLfWedY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/013153-b63b-4074-ac5c-f4dd6639f875/1/DW-sNsxiSt8lM4KAsW6zUSPb3NE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/013153-b63b-4074-ac5c-f4dd6639f875/1/9l50I9P3sbLnrMG6HO4CQLfWedY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.247.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         02:ef:74:c6:d4:47:28:c9:2a:6d:b3:0d:c2:36:45:ff:38:fd:
         be:32:04:70:36:50:f8:56:a0:9f:e2:2a:89:61:bc:92:fd:3a:
         cf:c2:92:25:ad:45:cf:e9:a4:cc:78:4b:fb:e8:46:88:fb:ac:
         28:e3:3d:3d:48:36:8e:fa:83:a7:66:1a:f5:fe:ac:d1:73:2b:
         e9:f5:eb:c8:92:d3:19:9c:b3:88:d4:27:f7:ad:5a:cd:0a:8b:
         a6:84:b5:14:e9:a4:88:7a:a6:e0:20:91:67:ac:5c:46:e3:44:
         7a:99:11:ff:a4:c6:5a:b4:6d:ad:4b:a4:7b:2f:0e:ed:45:3b:
         fa:c7:1c:e2:43:2c:aa:53:de:74:43:19:c1:26:4c:13:95:b8:
         03:b6:fd:97:8c:2b:c7:1a:47:60:c1:e3:84:0f:e7:ca:dc:f3:
         16:cd:ae:38:e7:13:98:92:01:e4:ca:3d:51:1d:92:8f:4e:75:
         69:2b:41:08:4d:3f:a2:0a:ce:90:b4:e3:0f:70:c0:bf:09:49:
         45:39:d8:26:27:20:53:1e:82:f0:1f:7f:03:8d:7d:0e:f9:30:
         e7:9a:59:e4:0b:90:a9:c4:50:dc:8f:3d:20:2b:cd:21:b3:fa:
         1b:70:07:62:59:84:c6:cf:c9:7e:27:0e:01:67:a0:7c:7f:44:
         4a:53:45:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIASIcIQP068hlWRL6TZuUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2NWU3NDIzZDNmN2IxYjJlN2FjYzFiYTFjZWUwMjQwYjdk
Njc5ZDYwHhcNMjQwMTAyMDIyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDZmYWMzNmNjNjI0YWRmMjUzMzgyODBiMTZlYjM1MTIzZGJkY2QxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAllWUHPNHZW7aI8+68QKaOTZvWuPv
rUFQ51Dzkkn4b7eCUHzubrKIhGoPH6LXrarkQH1PKTcAURQR4Jppk+L2wBcnf7uQ
2XO0RFTdQnYmIGSSPphA4R03OHlS6ofy7af2e0MBk9ccqmyrKJbe5EAlz7voiRuI
h1ABEmXYk23rjGY3tvsDUm1UQoTtaPM03TQbbwXT/dpPr9R+gBwLSlDHk0pRqflY
NPaZ2tXE3LRiWmQ/DZ3t62EQReG+Kn/BWBDnP54BszxslSaZa3mmAMojTCzuD70v
gCbcjtIjsiU+eumm5SWEzULvOoCldr8riQxvsP5gpZqZdd1uEGBQn7HPpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA1vrDbMYkrfJTOCgLFus1Ej29zRMB8GA1UdIwQY
MBaAFPZedCPT97Gy56zBuhzuAkC31nnWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWw1MEk5UDNzYkxuck1HNkhPNENRTGZXZWRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi8wMTMxNTMtYjYzYi00MDc0LWFjNWMt
ZjRkZDY2MzlmODc1LzEvRFctc05zeGlTdDhsTTRLQXNXNnpVU1BiM05FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi8wMTMxNTMtYjYzYi00MDc0LWFjNWMtZjRkZDY2MzlmODc1
LzEvOWw1MEk5UDNzYkxuck1HNkhPNENRTGZXZWRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuffYMA0G
CSqGSIb3DQEBCwUAA4IBAQAC73TG1EcoySptsw3CNkX/OP2+MgRwNlD4VqCf4iqJ
YbyS/TrPwpIlrUXP6aTMeEv76EaI+6wo4z09SDaO+oOnZhr1/qzRcyvp9evIktMZ
nLOI1Cf3rVrNCoumhLUU6aSIeqbgIJFnrFxG40R6mRH/pMZatG2tS6R7Lw7tRTv6
xxziQyyqU950QxnBJkwTlbgDtv2XjCvHGkdgweOED+fK3PMWza445xOYkgHkyj1R
HZKPTnVpK0EITT+iCs6QtOMPcMC/CUlFOdgmJyBTHoLwH38DjX0O+TDnmlnkC5Cp
xFDcjz0gK80hs/obcAdiWYTGz8l+Jw4BZ6B8f0RKU0Xy
-----END CERTIFICATE-----