Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/W4YKROmIUyv9v3lcCattxLaqiLM.roa
File:                     W4YKROmIUyv9v3lcCattxLaqiLM.roa (raw, json)
Hash identifier:          BoDswYa3I6Bz9SvqC1O6QARXGCHK8pt1P1c3+nZLcL8=
Subject key identifier:   5B:86:0A:44:E9:88:53:2B:FD:BF:79:5C:09:AB:6D:C4:B6:AA:88:B3
Certificate issuer:       /CN=a316c7659af1d56bc718faf614f092758f5edc7f
Certificate serial:       018CC79430A1CCABE9FD0B7B5558F1F4ED56
Authority key identifier: A3:16:C7:65:9A:F1:D5:6B:C7:18:FA:F6:14:F0:92:75:8F:5E:DC:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oxbHZZrx1WvHGPr2FPCSdY9e3H8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/W4YKROmIUyv9v3lcCattxLaqiLM.roa
Signing time:             Tue 02 Jan 2024 00:30:26 +0000
ROA not before:           Tue 02 Jan 2024 00:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.221.84.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/oxbHZZrx1WvHGPr2FPCSdY9e3H8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/oxbHZZrx1WvHGPr2FPCSdY9e3H8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oxbHZZrx1WvHGPr2FPCSdY9e3H8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:30:a1:cc:ab:e9:fd:0b:7b:55:58:f1:f4:ed:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a316c7659af1d56bc718faf614f092758f5edc7f
        Validity
            Not Before: Jan  2 00:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b860a44e988532bfdbf795c09ab6dc4b6aa88b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:3f:fd:30:0f:7c:1d:e9:1e:6d:36:83:f9:2c:
                    35:c2:72:7d:eb:d4:29:03:57:21:69:24:69:1f:c5:
                    dc:f1:0c:55:97:f6:ff:65:95:9c:0a:27:49:76:c2:
                    76:0b:6d:d8:9f:19:06:59:da:54:a0:fa:49:0c:5f:
                    c8:84:90:7d:b8:7d:85:c8:e8:a5:db:c6:75:0e:6b:
                    83:8c:04:2c:49:37:80:2a:50:6f:c0:46:06:64:1b:
                    5f:35:7f:49:5a:a5:a7:81:a7:53:1e:f3:56:d4:3c:
                    a8:b8:19:f9:6b:ef:d7:cf:73:fd:6a:b8:ee:dc:fe:
                    e1:da:d8:fd:00:ca:a3:63:b6:91:23:5c:42:b5:69:
                    af:33:89:36:41:cd:7c:86:1d:40:53:42:55:57:e9:
                    06:e8:9f:32:cd:0f:d2:71:a5:51:52:d0:8c:8a:3d:
                    0c:d7:84:81:d1:d3:1e:6a:6c:a2:31:3b:09:33:40:
                    07:f9:35:03:7b:18:b5:6b:7c:b4:6d:25:e1:98:c0:
                    f4:3c:0e:d6:e7:8f:61:d6:ec:f5:7c:95:cb:4e:c6:
                    e9:eb:0d:95:24:52:d0:61:2b:b2:c1:dc:1b:87:37:
                    3a:72:d8:ea:b1:55:c5:ef:32:c4:e8:2f:bf:14:ec:
                    6c:f4:c9:cd:62:e8:d6:1c:bf:92:53:68:10:7d:eb:
                    20:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:86:0A:44:E9:88:53:2B:FD:BF:79:5C:09:AB:6D:C4:B6:AA:88:B3
            X509v3 Authority Key Identifier:
                keyid:A3:16:C7:65:9A:F1:D5:6B:C7:18:FA:F6:14:F0:92:75:8F:5E:DC:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oxbHZZrx1WvHGPr2FPCSdY9e3H8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/W4YKROmIUyv9v3lcCattxLaqiLM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/oxbHZZrx1WvHGPr2FPCSdY9e3H8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:db:b3:81:4c:8b:76:23:63:08:d4:51:53:f5:7b:a9:6e:dd:
         a2:fb:9f:22:67:8f:38:40:7b:6c:32:29:2d:c8:93:f2:04:77:
         da:a9:5e:41:91:cb:80:1e:b7:a4:88:07:62:b3:fc:b5:6c:05:
         4e:c7:52:c3:1d:9d:c2:58:f4:ec:96:bd:c7:22:8a:e9:11:8f:
         cc:34:7b:a6:f4:50:3f:6a:cd:95:ff:01:55:97:d9:80:81:44:
         a6:de:f4:58:e2:ec:90:1c:01:2d:c1:18:f2:bd:f5:30:a9:48:
         69:78:e5:7f:f4:45:9e:42:7c:b7:3c:a3:62:2e:8a:4d:35:dc:
         b7:4e:36:1c:71:3b:f7:8a:d4:46:32:d7:b7:79:27:1c:68:9e:
         64:e5:d1:3f:24:fc:6d:d2:ee:42:71:3f:e3:06:54:49:8c:59:
         7d:e9:ab:4c:85:95:5a:34:b7:7b:13:8a:35:e4:f3:87:3e:83:
         e2:4b:9b:eb:d2:30:c4:e3:89:2e:91:ae:bf:54:eb:55:f0:99:
         98:a5:43:40:61:d2:51:80:35:98:87:59:e8:78:42:01:42:f5:
         c3:d3:b0:5a:23:86:3d:c9:56:8c:f0:9c:a3:50:db:b0:d6:81:
         88:90:71:d3:f9:39:aa:67:e9:b9:db:db:d1:01:c5:ee:93:17:
         1a:6c:6f:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlDChzKvp/Qt7VVjx9O1WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzMTZjNzY1OWFmMWQ1NmJjNzE4ZmFmNjE0ZjA5Mjc1OGY1
ZWRjN2YwHhcNMjQwMTAyMDAzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Yjg2MGE0NGU5ODg1MzJiZmRiZjc5NWMwOWFiNmRjNGI2YWE4OGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsD/9MA98HekebTaD+Sw1wnJ969Qp
A1chaSRpH8Xc8QxVl/b/ZZWcCidJdsJ2C23YnxkGWdpUoPpJDF/IhJB9uH2FyOil
28Z1DmuDjAQsSTeAKlBvwEYGZBtfNX9JWqWngadTHvNW1DyouBn5a+/Xz3P9arju
3P7h2tj9AMqjY7aRI1xCtWmvM4k2Qc18hh1AU0JVV+kG6J8yzQ/ScaVRUtCMij0M
14SB0dMeamyiMTsJM0AH+TUDexi1a3y0bSXhmMD0PA7W549h1uz1fJXLTsbp6w2V
JFLQYSuywdwbhzc6ctjqsVXF7zLE6C+/FOxs9MnNYujWHL+SU2gQfesgJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFuGCkTpiFMr/b95XAmrbcS2qoizMB8GA1UdIwQY
MBaAFKMWx2Wa8dVrxxj69hTwknWPXtx/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3hiSFpacngxV3ZIR1ByMkZQQ1NkWTllM0g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8zMGQ0ZTgtZTA5MC00YmYyLTgxODUt
MzY4N2M4MThlZGU1LzEvVzRZS1JPbUlVeXY5djNsY0NhdHR4TGFxaUxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8zMGQ0ZTgtZTA5MC00YmYyLTgxODUtMzY4N2M4MThlZGU1
LzEvb3hiSFpacngxV3ZIR1ByMkZQQ1NkWTllM0g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud1UMA0G
CSqGSIb3DQEBCwUAA4IBAQC327OBTIt2I2MI1FFT9Xupbt2i+58iZ484QHtsMikt
yJPyBHfaqV5BkcuAHrekiAdis/y1bAVOx1LDHZ3CWPTslr3HIorpEY/MNHum9FA/
as2V/wFVl9mAgUSm3vRY4uyQHAEtwRjyvfUwqUhpeOV/9EWeQny3PKNiLopNNdy3
TjYccTv3itRGMte3eSccaJ5k5dE/JPxt0u5CcT/jBlRJjFl96atMhZVaNLd7E4o1
5POHPoPiS5vr0jDE44kuka6/VOtV8JmYpUNAYdJRgDWYh1noeEIBQvXD07BaI4Y9
yVaM8JyjUNuw1oGIkHHT+TmqZ+m529vRAcXukxcabG+Q
-----END CERTIFICATE-----