Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/WYcmQmVWmLLagqYZdeaY9MUObvs.roa
File:                     WYcmQmVWmLLagqYZdeaY9MUObvs.roa (raw, json)
Hash identifier:          w7yRRVf01LV3khMFrHjuWK2mQcid2DVdWWFOodP1K/o=
Subject key identifier:   59:87:26:42:65:56:98:B2:DA:82:A6:19:75:E6:98:F4:C5:0E:6E:FB
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       018CC2DACCFD1078A7729D0D9D5999C9AAC6
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/WYcmQmVWmLLagqYZdeaY9MUObvs.roa
Signing time:             Mon 01 Jan 2024 02:29:28 +0000
ROA not before:           Mon 01 Jan 2024 02:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202676
IP address blocks:        185.156.248.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:cc:fd:10:78:a7:72:9d:0d:9d:59:99:c9:aa:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 02:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59872642655698b2da82a61975e698f4c50e6efb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:6d:46:b0:ad:a6:09:91:76:0e:f9:ef:54:dd:
                    a5:35:14:ff:01:0a:67:97:88:2e:a4:a4:13:05:0e:
                    34:29:24:ba:6c:0e:05:37:4c:93:9a:aa:da:26:b0:
                    0d:52:88:27:23:45:5f:ff:62:d2:d0:8f:f7:03:e0:
                    5f:43:03:af:b9:48:e0:18:ad:d1:4e:6a:7d:00:5a:
                    1a:01:f5:64:f2:3a:7b:df:8b:8a:24:99:c9:4b:e2:
                    35:94:5d:d7:30:8c:8d:92:0c:18:6d:12:ff:d7:cc:
                    1c:75:ab:5d:ac:4e:1f:3f:2c:fa:0c:13:2a:a7:20:
                    ce:4b:ec:9c:ed:3c:3e:67:92:12:9e:1c:30:5d:a7:
                    52:2c:d1:01:f8:21:f6:53:78:26:6d:16:75:27:c8:
                    2f:12:0f:43:9f:1d:dd:7f:2a:c7:d8:28:68:f2:2b:
                    a9:aa:37:23:4d:1d:89:69:3c:d7:24:35:ff:c6:26:
                    5c:20:f8:e3:85:f7:77:66:15:3c:e4:50:b3:bf:0d:
                    49:d3:80:4f:d9:00:16:78:73:49:c2:3c:9d:cd:69:
                    25:3e:db:98:f9:db:2a:6b:b7:85:a4:14:90:96:7c:
                    16:f8:7b:60:bc:0b:d4:96:7d:b8:b7:63:3b:9f:1d:
                    34:f5:71:82:43:66:0c:f8:71:cd:a4:57:77:64:51:
                    f3:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:87:26:42:65:56:98:B2:DA:82:A6:19:75:E6:98:F4:C5:0E:6E:FB
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/WYcmQmVWmLLagqYZdeaY9MUObvs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.156.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a7:1f:c5:e6:c8:77:2d:21:c3:ce:65:0c:1d:4a:7f:c6:d1:42:
         86:14:d5:16:43:a9:09:3b:69:2e:75:31:29:6c:8e:52:1d:4e:
         0d:30:91:0d:5a:ef:75:f1:5a:01:4f:3f:c6:08:ca:04:b6:91:
         73:6e:b6:d1:1a:01:c8:83:c4:4e:30:41:1a:99:d7:fc:97:c4:
         77:b5:66:a4:3a:1b:4b:98:30:77:28:f5:bc:ba:b3:e0:bf:a3:
         31:c3:50:05:9b:ef:1f:5c:2e:fb:16:75:9e:b3:25:3f:a0:e3:
         73:86:82:35:fb:e4:8f:3f:3b:af:70:19:10:51:aa:74:4f:7e:
         e2:d4:b1:7a:d8:dd:88:2d:41:f2:67:0c:09:ea:17:2f:dd:65:
         5c:70:d9:78:90:0a:46:d3:a4:31:9b:41:44:18:e1:02:b0:3b:
         9b:7c:89:cf:77:d7:a9:2f:73:e7:18:b4:7e:54:a2:ad:0c:48:
         6c:14:43:cc:60:7e:f3:11:86:ca:61:1d:a5:37:a9:25:7f:72:
         63:2f:20:d4:db:26:56:c7:4f:4b:19:bf:6c:2d:c1:33:d5:bb:
         9b:0b:d2:54:4c:08:45:be:ba:05:db:7a:19:2b:fa:2f:27:ee:
         3a:eb:b8:6e:a1:0c:e9:98:57:57:c8:0f:c5:e8:5a:01:28:48:
         a0:76:25:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2sz9EHincp0NnVmZyarGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjQwMTAxMDIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTg3MjY0MjY1NTY5OGIyZGE4MmE2MTk3NWU2OThmNGM1MGU2ZWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk21GsK2mCZF2DvnvVN2lNRT/AQpn
l4gupKQTBQ40KSS6bA4FN0yTmqraJrANUognI0Vf/2LS0I/3A+BfQwOvuUjgGK3R
Tmp9AFoaAfVk8jp734uKJJnJS+I1lF3XMIyNkgwYbRL/18wcdatdrE4fPyz6DBMq
pyDOS+yc7Tw+Z5ISnhwwXadSLNEB+CH2U3gmbRZ1J8gvEg9Dnx3dfyrH2Cho8iup
qjcjTR2JaTzXJDX/xiZcIPjjhfd3ZhU85FCzvw1J04BP2QAWeHNJwjydzWklPtuY
+dsqa7eFpBSQlnwW+HtgvAvUln24t2M7nx009XGCQ2YM+HHNpFd3ZFHz4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFmHJkJlVpiy2oKmGXXmmPTFDm77MB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvV1ljbVFtVldtTExhZ3FZWmRlYVk5TVVPYnZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZz4MA0G
CSqGSIb3DQEBCwUAA4IBAQCnH8XmyHctIcPOZQwdSn/G0UKGFNUWQ6kJO2kudTEp
bI5SHU4NMJENWu918VoBTz/GCMoEtpFzbrbRGgHIg8ROMEEamdf8l8R3tWakOhtL
mDB3KPW8urPgv6Mxw1AFm+8fXC77FnWesyU/oONzhoI1++SPPzuvcBkQUap0T37i
1LF62N2ILUHyZwwJ6hcv3WVccNl4kApG06Qxm0FEGOECsDubfInPd9epL3PnGLR+
VKKtDEhsFEPMYH7zEYbKYR2lN6klf3JjLyDU2yZWx09LGb9sLcEz1bubC9JUTAhF
vroF23oZK/ovJ+4667huoQzpmFdXyA/F6FoBKEigdiVC
-----END CERTIFICATE-----