Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/WIQKv1yBgAmdKOR0E2A4nPxwEwI.roa
File:                     WIQKv1yBgAmdKOR0E2A4nPxwEwI.roa (raw, json)
Hash identifier:          GMjQNOULyHdka8sSVPbS/PcY4YGN3WU27SHBowdX67s=
Subject key identifier:   58:84:0A:BF:5C:81:80:09:9D:28:E4:74:13:60:38:9C:FC:70:13:02
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC8029AC5AA55BA26A9C3B35B788C9328
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/WIQKv1yBgAmdKOR0E2A4nPxwEwI.roa
Signing time:             Tue 02 Jan 2024 02:31:03 +0000
ROA not before:           Tue 02 Jan 2024 02:31:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216307
IP address blocks:        185.218.100.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:9a:c5:aa:55:ba:26:a9:c3:b3:5b:78:8c:93:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:31:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58840abf5c8180099d28e4741360389cfc701302
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:ec:81:3c:a3:b4:62:92:77:2d:cc:65:3d:15:
                    f2:3b:20:35:f1:f4:e9:66:48:00:d5:22:55:76:e5:
                    f3:d3:15:f2:9b:b6:3d:43:a1:53:1d:4a:78:8b:ec:
                    b3:1c:f0:f9:7b:4d:e3:29:bb:e8:d0:37:23:28:82:
                    e4:23:1e:1c:bd:06:d6:f0:dc:5e:0e:dd:3a:7e:f7:
                    52:72:1b:79:ec:12:cc:ca:74:68:29:be:dc:c5:b9:
                    fb:c8:ec:f5:21:e2:87:9a:ae:e9:57:88:d0:23:dd:
                    e3:07:b2:9f:9a:51:60:69:bb:1f:9c:52:e1:ac:3f:
                    d7:eb:92:23:ab:44:26:fd:23:ae:3e:99:69:63:86:
                    2a:8e:9d:c1:45:fb:44:0e:9e:db:a0:87:c4:da:de:
                    8d:63:e2:30:17:14:f6:63:f8:d5:3b:5b:a8:bb:aa:
                    be:a9:39:e6:6a:f3:19:b8:a8:32:65:74:14:b5:f9:
                    62:a9:ee:6e:95:c1:f4:f0:76:be:90:8e:24:5b:75:
                    56:14:e0:65:7f:04:66:f5:82:7b:ba:f7:ca:17:4c:
                    48:a2:08:97:6f:76:de:0c:b0:c0:97:ed:e3:db:14:
                    fe:28:e4:48:4d:8e:e1:a2:02:c6:06:68:56:fd:dd:
                    12:e4:7c:44:56:af:82:78:84:69:5b:12:40:71:26:
                    2a:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:84:0A:BF:5C:81:80:09:9D:28:E4:74:13:60:38:9C:FC:70:13:02
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/WIQKv1yBgAmdKOR0E2A4nPxwEwI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.218.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:8e:47:72:5b:7f:be:de:b4:ae:3e:1e:57:a8:35:92:b5:a4:
         9f:72:03:44:49:2e:39:bc:42:2c:b8:13:6c:a8:0f:f8:f0:89:
         14:57:9e:52:e7:cc:62:7f:9b:9b:87:60:ac:42:03:64:d2:d5:
         c4:c6:87:7d:03:a6:fd:b4:1e:e9:be:99:c0:ad:43:16:0e:58:
         60:28:22:67:e3:39:cb:5c:33:9f:22:41:1b:b9:90:63:c8:65:
         1d:98:d1:1e:71:06:3d:6f:d6:71:28:19:49:0d:ae:5b:d1:19:
         3e:df:57:9d:13:dc:b5:a0:34:6a:4b:02:d5:62:30:44:4b:eb:
         69:79:5f:77:29:a0:b8:d8:43:d3:24:f8:22:03:c7:15:81:1b:
         9a:13:ae:f0:e0:70:81:d6:80:61:18:6c:7b:29:f0:a0:1a:20:
         da:6f:58:0f:97:ce:9e:c1:6e:9c:2e:ef:bd:2b:db:3c:88:31:
         b8:27:ba:40:aa:f9:3a:1a:aa:70:65:63:ee:78:2f:f7:e8:f1:
         8c:86:52:40:e4:44:18:7c:6b:9a:ad:dc:3c:85:a4:c9:3a:af:
         1a:6e:24:78:bd:9e:7c:8f:64:3b:90:3f:ed:77:b5:6c:7d:9f:
         a9:e4:7a:87:e8:bf:75:d5:fa:b1:f6:ce:66:86:72:c7:f4:2a:
         fd:be:ee:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAprFqlW6JqnDs1t4jJMoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODg0MGFiZjVjODE4MDA5OWQyOGU0NzQxMzYwMzg5Y2ZjNzAxMzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzOyBPKO0YpJ3LcxlPRXyOyA18fTp
ZkgA1SJVduXz0xXym7Y9Q6FTHUp4i+yzHPD5e03jKbvo0DcjKILkIx4cvQbW8Nxe
Dt06fvdScht57BLMynRoKb7cxbn7yOz1IeKHmq7pV4jQI93jB7KfmlFgabsfnFLh
rD/X65Ijq0Qm/SOuPplpY4Yqjp3BRftEDp7boIfE2t6NY+IwFxT2Y/jVO1uou6q+
qTnmavMZuKgyZXQUtfliqe5ulcH08Ha+kI4kW3VWFOBlfwRm9YJ7uvfKF0xIogiX
b3beDLDAl+3j2xT+KORITY7hogLGBmhW/d0S5HxEVq+CeIRpWxJAcSYqsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFiECr9cgYAJnSjkdBNgOJz8cBMCMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvV0lRS3YxeUJnQW1kS09SMEUyQTRuUHh3RXdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudpkMA0G
CSqGSIb3DQEBCwUAA4IBAQBgjkdyW3++3rSuPh5XqDWStaSfcgNESS45vEIsuBNs
qA/48IkUV55S58xif5ubh2CsQgNk0tXExod9A6b9tB7pvpnArUMWDlhgKCJn4znL
XDOfIkEbuZBjyGUdmNEecQY9b9ZxKBlJDa5b0Rk+31edE9y1oDRqSwLVYjBES+tp
eV93KaC42EPTJPgiA8cVgRuaE67w4HCB1oBhGGx7KfCgGiDab1gPl86ewW6cLu+9
K9s8iDG4J7pAqvk6GqpwZWPueC/36PGMhlJA5EQYfGuardw8haTJOq8abiR4vZ58
j2Q7kD/td7VsfZ+p5HqH6L911fqx9s5mhnLH9Cr9vu55
-----END CERTIFICATE-----