Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/0bdb78-7e63-470e-a39d-f00a1938881f/1/wtqmKX03uAKJmHNkoER1q7obl8c.roa
File:                     wtqmKX03uAKJmHNkoER1q7obl8c.roa (raw, json)
Hash identifier:          hl1DWY4on8MIELP5AkyL2D3DUZcTmMoYOIax5VElVk0=
Subject key identifier:   C2:DA:A6:29:7D:37:B8:02:89:98:73:64:A0:44:75:AB:BA:1B:97:C7
Certificate issuer:       /CN=870a207f8d0fd26330bcd59fa8473549dc92dee9
Certificate serial:       018CC6B8E4D4C23A9187D0AF04BA68085ADD
Authority key identifier: 87:0A:20:7F:8D:0F:D2:63:30:BC:D5:9F:A8:47:35:49:DC:92:DE:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwogf40P0mMwvNWfqEc1SdyS3uk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/0bdb78-7e63-470e-a39d-f00a1938881f/1/wtqmKX03uAKJmHNkoER1q7obl8c.roa
Signing time:             Mon 01 Jan 2024 20:30:55 +0000
ROA not before:           Mon 01 Jan 2024 20:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44319
IP address blocks:        185.255.172.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/0bdb78-7e63-470e-a39d-f00a1938881f/1/hwogf40P0mMwvNWfqEc1SdyS3uk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/0bdb78-7e63-470e-a39d-f00a1938881f/1/hwogf40P0mMwvNWfqEc1SdyS3uk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hwogf40P0mMwvNWfqEc1SdyS3uk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:e4:d4:c2:3a:91:87:d0:af:04:ba:68:08:5a:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870a207f8d0fd26330bcd59fa8473549dc92dee9
        Validity
            Not Before: Jan  1 20:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2daa6297d37b80289987364a04475abba1b97c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:fe:f5:d8:3a:39:a8:cb:69:48:ef:dd:dc:06:
                    40:79:88:e9:a9:72:b7:55:09:85:7c:d7:cc:be:b7:
                    f3:48:55:0a:cb:4c:99:c8:47:8e:c9:73:f0:06:82:
                    c4:5c:06:55:24:47:d0:07:fa:c0:0f:44:13:65:e3:
                    58:4b:1c:d8:14:d4:40:4b:3e:ee:3f:33:a6:72:82:
                    6b:0a:19:96:0a:71:9e:6a:16:15:6b:04:02:da:d3:
                    aa:2c:c1:2d:7b:33:51:95:b6:7b:44:b7:bf:7d:2b:
                    08:78:71:3c:3c:f5:4f:1f:07:75:f9:54:6e:e0:cf:
                    2e:bd:94:fe:cf:0d:ad:01:b4:d5:01:fb:87:b2:54:
                    e9:29:f9:9a:de:87:85:f1:d7:83:a9:ce:c7:24:17:
                    e7:84:2e:a3:8d:8c:57:6e:5f:f0:0b:cd:f5:22:40:
                    df:72:f0:3e:a4:8f:60:48:e5:cf:50:38:26:1e:07:
                    c1:83:bd:54:b3:f6:e0:2c:1f:15:03:08:18:23:dc:
                    61:79:be:74:b3:bf:b3:24:26:ea:33:bc:96:07:73:
                    70:0e:8d:2b:16:a5:eb:99:11:b1:23:0b:9d:04:93:
                    3e:fa:be:f8:ee:f9:59:55:68:7f:de:21:4a:80:2e:
                    a0:f8:ae:a2:a7:13:fb:73:b3:99:22:81:48:7e:a5:
                    ea:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:DA:A6:29:7D:37:B8:02:89:98:73:64:A0:44:75:AB:BA:1B:97:C7
            X509v3 Authority Key Identifier:
                keyid:87:0A:20:7F:8D:0F:D2:63:30:BC:D5:9F:A8:47:35:49:DC:92:DE:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwogf40P0mMwvNWfqEc1SdyS3uk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/0bdb78-7e63-470e-a39d-f00a1938881f/1/wtqmKX03uAKJmHNkoER1q7obl8c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/0bdb78-7e63-470e-a39d-f00a1938881f/1/hwogf40P0mMwvNWfqEc1SdyS3uk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.255.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1a:ff:95:6b:34:84:37:43:78:4f:ef:22:98:e8:e1:98:01:2f:
         1d:7c:f0:6c:ad:c9:ad:75:01:5e:42:33:4e:c9:d5:8a:79:82:
         28:29:9d:67:6f:8a:fd:bf:dc:0a:d1:57:da:35:23:91:18:af:
         f3:1b:b4:88:62:09:fc:19:90:83:e0:76:f8:49:81:79:6a:59:
         c0:8e:b4:7a:68:c0:61:bb:8b:52:92:80:4b:65:a2:e6:fe:94:
         37:0f:7f:be:de:89:22:4b:7b:1e:2c:9f:26:d3:1a:3f:9c:03:
         18:03:2c:f0:fe:95:ea:ce:a1:15:c2:e6:16:e6:76:0e:0c:85:
         c1:f6:36:1b:56:f8:03:7c:b2:84:10:3a:41:08:df:f7:57:cd:
         f5:b9:b0:14:2b:a6:18:9e:e0:34:07:76:6e:4e:72:a0:89:1b:
         bd:01:d5:ee:60:54:64:b2:52:46:80:8c:a3:e9:5f:f7:89:39:
         12:28:81:fb:92:8a:61:89:6d:fe:2f:82:17:d5:16:37:19:a1:
         60:6d:dc:c0:8a:4b:51:44:8a:ae:d8:ec:18:f4:7c:ed:a4:19:
         db:05:4c:05:a3:8b:1b:49:95:b0:f9:c8:a7:e8:ba:71:0c:8b:
         45:00:cc:76:d1:e3:97:70:3e:cd:2f:9b:45:8a:4a:d0:ef:6f:
         e2:46:e6:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuOTUwjqRh9CvBLpoCFrdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGEyMDdmOGQwZmQyNjMzMGJjZDU5ZmE4NDczNTQ5ZGM5
MmRlZTkwHhcNMjQwMTAxMjAzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmRhYTYyOTdkMzdiODAyODk5ODczNjRhMDQ0NzVhYmJhMWI5N2M3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsf712Do5qMtpSO/d3AZAeYjpqXK3
VQmFfNfMvrfzSFUKy0yZyEeOyXPwBoLEXAZVJEfQB/rAD0QTZeNYSxzYFNRASz7u
PzOmcoJrChmWCnGeahYVawQC2tOqLMEtezNRlbZ7RLe/fSsIeHE8PPVPHwd1+VRu
4M8uvZT+zw2tAbTVAfuHslTpKfma3oeF8deDqc7HJBfnhC6jjYxXbl/wC831IkDf
cvA+pI9gSOXPUDgmHgfBg71Us/bgLB8VAwgYI9xheb50s7+zJCbqM7yWB3NwDo0r
FqXrmRGxIwudBJM++r747vlZVWh/3iFKgC6g+K6ipxP7c7OZIoFIfqXqPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMLapil9N7gCiZhzZKBEdau6G5fHMB8GA1UdIwQY
MBaAFIcKIH+ND9JjMLzVn6hHNUnckt7pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHdvZ2Y0MFAwbU13dk5XZnFFYzFTZHlTM3VrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8wYmRiNzgtN2U2My00NzBlLWEzOWQt
ZjAwYTE5Mzg4ODFmLzEvd3RxbUtYMDN1QUtKbUhOa29FUjFxN29ibDhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS8wYmRiNzgtN2U2My00NzBlLWEzOWQtZjAwYTE5Mzg4ODFm
LzEvaHdvZ2Y0MFAwbU13dk5XZnFFYzFTZHlTM3VrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuf+sMA0G
CSqGSIb3DQEBCwUAA4IBAQAa/5VrNIQ3Q3hP7yKY6OGYAS8dfPBsrcmtdQFeQjNO
ydWKeYIoKZ1nb4r9v9wK0VfaNSORGK/zG7SIYgn8GZCD4Hb4SYF5alnAjrR6aMBh
u4tSkoBLZaLm/pQ3D3++3okiS3seLJ8m0xo/nAMYAyzw/pXqzqEVwuYW5nYODIXB
9jYbVvgDfLKEEDpBCN/3V831ubAUK6YYnuA0B3ZuTnKgiRu9AdXuYFRkslJGgIyj
6V/3iTkSKIH7kophiW3+L4IX1RY3GaFgbdzAiktRRIqu2OwY9HztpBnbBUwFo4sb
SZWw+cin6LpxDItFAMx20eOXcD7NL5tFikrQ72/iRuYt
-----END CERTIFICATE-----