Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/67f42e-7062-4112-ad42-9349f10a2649/1/iawY4X5FtowQoXbavR3A6BGjVtw.roa
File:                     iawY4X5FtowQoXbavR3A6BGjVtw.roa (raw, json)
Hash identifier:          UaGcsakC94iuQjDDMUGYIhG8Xd/NNyrNEKoOYvRbGuU=
Subject key identifier:   89:AC:18:E1:7E:45:B6:8C:10:A1:76:DA:BD:1D:C0:E8:11:A3:56:DC
Certificate issuer:       /CN=728c2bfd6bb503a01d018602bda152d734ed56f0
Certificate serial:       018CCA99FBFF3AD5287804118FFA528CABA0
Authority key identifier: 72:8C:2B:FD:6B:B5:03:A0:1D:01:86:02:BD:A1:52:D7:34:ED:56:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cowr_Wu1A6AdAYYCvaFS1zTtVvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/67f42e-7062-4112-ad42-9349f10a2649/1/iawY4X5FtowQoXbavR3A6BGjVtw.roa
Signing time:             Tue 02 Jan 2024 14:35:38 +0000
ROA not before:           Tue 02 Jan 2024 14:35:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209094
IP address blocks:        5.182.188.0/24 maxlen: 24
                          2a0e:6400::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/67f42e-7062-4112-ad42-9349f10a2649/1/cowr_Wu1A6AdAYYCvaFS1zTtVvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/67f42e-7062-4112-ad42-9349f10a2649/1/cowr_Wu1A6AdAYYCvaFS1zTtVvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cowr_Wu1A6AdAYYCvaFS1zTtVvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:fb:ff:3a:d5:28:78:04:11:8f:fa:52:8c:ab:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=728c2bfd6bb503a01d018602bda152d734ed56f0
        Validity
            Not Before: Jan  2 14:35:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89ac18e17e45b68c10a176dabd1dc0e811a356dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:8c:74:74:6a:bb:69:62:63:aa:77:c2:77:17:
                    b3:fc:ae:af:18:42:02:10:4a:19:cc:d3:2d:42:83:
                    84:5f:a1:49:68:38:c5:05:db:a1:90:4f:65:40:99:
                    94:29:46:05:74:01:ff:8d:c5:f2:6d:e5:57:18:1f:
                    42:ce:01:2a:91:9e:7a:4d:a9:b0:33:6a:ed:01:d6:
                    52:c2:d8:dc:2e:70:1d:19:c9:ed:e1:10:1d:10:ab:
                    89:ea:61:7d:5a:9d:6d:25:f2:ae:e1:a1:bb:c3:c0:
                    bb:09:da:33:a4:70:27:b7:c6:c4:e9:a8:7c:28:85:
                    17:8e:67:45:4b:81:6f:ae:d0:8a:28:19:45:2c:7f:
                    36:75:ae:f5:a0:25:dd:83:65:5a:dc:98:54:77:69:
                    ed:b7:a1:17:9f:01:11:2f:81:e8:1f:d6:03:ad:3e:
                    60:85:b7:86:3c:7f:c8:a2:52:83:90:c2:3f:13:6e:
                    51:49:91:c5:5f:67:d1:21:b2:b7:4d:cc:24:da:ac:
                    9e:af:6a:9e:17:67:09:3d:10:7d:fc:c5:cd:61:c8:
                    d8:b6:36:58:ca:f0:1d:29:0c:a2:5b:41:33:6b:0e:
                    91:9b:43:10:b6:c8:82:a9:d9:82:3f:86:47:6e:1d:
                    5e:8d:2a:b0:2b:46:23:9f:6b:82:31:19:1f:3d:14:
                    20:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:AC:18:E1:7E:45:B6:8C:10:A1:76:DA:BD:1D:C0:E8:11:A3:56:DC
            X509v3 Authority Key Identifier:
                keyid:72:8C:2B:FD:6B:B5:03:A0:1D:01:86:02:BD:A1:52:D7:34:ED:56:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cowr_Wu1A6AdAYYCvaFS1zTtVvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/67f42e-7062-4112-ad42-9349f10a2649/1/iawY4X5FtowQoXbavR3A6BGjVtw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/67f42e-7062-4112-ad42-9349f10a2649/1/cowr_Wu1A6AdAYYCvaFS1zTtVvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.188.0/24
                IPv6:
                  2a0e:6400::/32

    Signature Algorithm: sha256WithRSAEncryption
         ad:ba:21:8a:3f:af:27:89:a6:99:2e:03:e6:4d:88:74:76:85:
         72:b0:80:dc:73:a3:fa:ab:50:d7:3e:a8:08:33:ff:af:3d:ed:
         17:fb:55:a7:a8:d5:32:32:60:b0:db:78:62:45:5d:2c:d7:d9:
         17:65:c2:c0:ac:95:3f:72:04:08:10:7d:6f:f0:2b:34:fd:bc:
         39:d3:5e:18:0e:d9:b0:58:68:8f:15:f9:21:00:12:fa:ea:07:
         1c:13:83:2d:99:a7:0e:be:0d:5c:23:21:e2:a5:cc:be:18:8c:
         6b:1b:da:61:95:30:56:7d:23:80:24:e2:93:5a:a4:b4:8a:42:
         19:ad:82:e9:5d:07:13:e9:3f:9f:d4:28:bb:79:54:31:1c:3f:
         e5:b2:21:18:e2:55:09:72:94:97:77:4a:88:d9:a2:15:fc:e2:
         0d:8c:2c:01:8d:cc:a1:39:7f:47:50:35:24:9d:59:52:03:ba:
         9c:97:f8:82:f7:56:71:d0:3a:b5:d6:1c:b9:fe:b9:b7:2c:68:
         fb:2c:78:47:13:ca:78:ea:89:3d:f4:c5:29:3a:1d:9a:ff:47:
         60:b0:b5:72:80:4c:b8:f8:22:e6:5b:c0:17:97:44:86:96:ef:
         c5:f7:94:07:30:f8:9b:c4:60:f1:f9:ee:13:f0:20:41:2a:9a:
         55:c2:da:77
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKmfv/OtUoeAQRj/pSjKugMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyOGMyYmZkNmJiNTAzYTAxZDAxODYwMmJkYTE1MmQ3MzRl
ZDU2ZjAwHhcNMjQwMTAyMTQzNTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWFjMThlMTdlNDViNjhjMTBhMTc2ZGFiZDFkYzBlODExYTM1NmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnYx0dGq7aWJjqnfCdxez/K6vGEIC
EEoZzNMtQoOEX6FJaDjFBduhkE9lQJmUKUYFdAH/jcXybeVXGB9CzgEqkZ56Tamw
M2rtAdZSwtjcLnAdGcnt4RAdEKuJ6mF9Wp1tJfKu4aG7w8C7CdozpHAnt8bE6ah8
KIUXjmdFS4FvrtCKKBlFLH82da71oCXdg2Va3JhUd2ntt6EXnwERL4HoH9YDrT5g
hbeGPH/IolKDkMI/E25RSZHFX2fRIbK3Tcwk2qyer2qeF2cJPRB9/MXNYcjYtjZY
yvAdKQyiW0Ezaw6Rm0MQtsiCqdmCP4ZHbh1ejSqwK0Yjn2uCMRkfPRQgzQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFImsGOF+RbaMEKF22r0dwOgRo1bcMB8GA1UdIwQY
MBaAFHKMK/1rtQOgHQGGAr2hUtc07VbwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY293cl9XdTFBNkFkQVlZQ3ZhRlMxelR0VnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS82N2Y0MmUtNzA2Mi00MTEyLWFkNDIt
OTM0OWYxMGEyNjQ5LzEvaWF3WTRYNUZ0b3dRb1hiYXZSM0E2QkdqVnR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS82N2Y0MmUtNzA2Mi00MTEyLWFkNDItOTM0OWYxMGEyNjQ5
LzEvY293cl9XdTFBNkFkQVlZQ3ZhRlMxelR0VnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQABba8MA0E
AgACMAcDBQAqDmQAMA0GCSqGSIb3DQEBCwUAA4IBAQCtuiGKP68niaaZLgPmTYh0
doVysIDcc6P6q1DXPqgIM/+vPe0X+1WnqNUyMmCw23hiRV0s19kXZcLArJU/cgQI
EH1v8Cs0/bw5014YDtmwWGiPFfkhABL66gccE4MtmacOvg1cIyHipcy+GIxrG9ph
lTBWfSOAJOKTWqS0ikIZrYLpXQcT6T+f1Ci7eVQxHD/lsiEY4lUJcpSXd0qI2aIV
/OINjCwBjcyhOX9HUDUknVlSA7qcl/iC91Zx0Dq11hy5/rm3LGj7LHhHE8p46ok9
9MUpOh2a/0dgsLVygEy4+CLmW8AXl0SGlu/F95QHMPibxGDx+e4T8CBBKppVwtp3
-----END CERTIFICATE-----