Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/wX2gFz4BjRbUFFrJyI4vScXEC6Q.roa
File:                     wX2gFz4BjRbUFFrJyI4vScXEC6Q.roa (raw, json)
Hash identifier:          sRvSzQxwqBBkPbqafL/sR1k9el9/1yt4LtK42ONIjN8=
Subject key identifier:   C1:7D:A0:17:3E:01:8D:16:D4:14:5A:C9:C8:8E:2F:49:C5:C4:0B:A4
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       0192EF55F795B14F40EB094A3ED201E1C1CF
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/wX2gFz4BjRbUFFrJyI4vScXEC6Q.roa
Signing time:             Sun 03 Nov 2024 00:04:01 +0000
ROA not before:           Sun 03 Nov 2024 00:04:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     131477
IP address blocks:        185.188.5.0/24 maxlen: 32
                          185.255.152.0/23 maxlen: 32
                          185.255.153.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:ef:55:f7:95:b1:4f:40:eb:09:4a:3e:d2:01:e1:c1:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Nov  3 00:04:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c17da0173e018d16d4145ac9c88e2f49c5c40ba4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:dc:3d:d7:b2:0e:2e:6b:9a:b9:77:23:1c:3e:
                    aa:bd:6d:1b:ee:a5:92:15:7e:ad:fb:af:d5:4e:41:
                    e2:ea:06:5e:33:ae:e4:8c:1e:c8:4d:85:15:96:45:
                    7a:4a:40:ac:a3:c6:02:da:0e:ed:e3:bb:9b:b2:cb:
                    31:5e:f6:4e:e2:e3:51:56:7e:be:15:dd:78:49:f2:
                    cf:0d:cf:ee:60:cc:06:19:59:be:ed:2c:94:22:2f:
                    ca:8f:f6:3f:d5:ad:ae:2e:3c:b9:b4:93:0c:d4:b6:
                    a4:3c:f2:64:85:ae:6f:79:18:ca:96:ef:eb:70:4e:
                    24:a0:b8:e0:dc:61:45:9e:68:f1:33:12:35:9e:53:
                    74:19:5f:9e:72:d8:d7:82:aa:47:68:34:db:fe:4a:
                    96:67:21:65:db:da:3b:84:ce:a4:2b:7d:48:7e:d2:
                    c9:e4:ad:40:ac:18:41:a7:a2:7b:9c:81:73:f3:a6:
                    e9:50:ef:54:1e:87:c2:d1:41:77:e9:0f:5d:5a:bc:
                    2a:ac:03:97:ff:03:8e:a8:26:ca:4b:de:20:b5:55:
                    bf:56:8c:72:9c:52:66:d6:12:05:19:01:a5:c4:3d:
                    6e:17:54:fd:b8:e8:c7:73:32:bc:92:86:b2:0a:c9:
                    98:0a:93:58:dd:a3:ce:ba:7a:5d:33:c8:00:dc:0b:
                    72:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:7D:A0:17:3E:01:8D:16:D4:14:5A:C9:C8:8E:2F:49:C5:C4:0B:A4
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/wX2gFz4BjRbUFFrJyI4vScXEC6Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.188.5.0/24
                  185.255.152.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7e:7d:8f:39:1f:3f:6f:2f:25:60:51:72:d0:e3:ff:24:49:e1:
         69:ee:9b:84:e1:85:0b:6b:c2:c0:07:3f:9b:fb:dd:94:d7:f2:
         e9:f2:79:eb:70:5b:27:10:2c:b5:56:69:cd:b0:c7:2a:82:6b:
         a2:2d:3e:64:e7:61:96:e8:d0:09:90:d5:8f:93:d4:84:86:f4:
         d3:72:d2:33:68:31:fb:41:5a:df:45:a3:8f:19:69:13:6b:9b:
         27:aa:2a:2c:11:d5:4f:3f:da:13:e5:1f:d9:8a:9f:b8:ce:78:
         32:34:5b:31:a1:4c:39:a5:ce:1a:c3:99:9d:34:23:be:96:b8:
         0a:09:a3:71:64:ed:e0:18:23:75:b3:3a:de:cd:bd:86:b0:8c:
         51:57:db:46:5f:f8:ca:1c:df:35:cb:0d:b2:f7:42:81:d9:a7:
         c8:25:7c:00:df:7b:7d:ec:55:94:16:65:1d:e7:8b:dd:7f:22:
         c2:ff:0d:65:c9:44:1e:03:db:15:f3:64:07:4d:1e:55:69:f8:
         4d:2b:28:4c:9e:78:2a:9c:ef:a7:dc:e8:c8:82:df:39:52:39:
         08:fc:b1:c0:65:2e:01:ec:f3:a9:bd:cb:45:2d:37:08:b0:75:
         54:90:19:54:d6:7c:d7:84:f4:54:e7:9e:60:aa:31:f5:27:89:
         a8:76:ca:eb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZLvVfeVsU9A6wlKPtIB4cHPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQxMTAzMDAwNDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTdkYTAxNzNlMDE4ZDE2ZDQxNDVhYzljODhlMmY0OWM1YzQwYmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2tw917IOLmuauXcjHD6qvW0b7qWS
FX6t+6/VTkHi6gZeM67kjB7ITYUVlkV6SkCso8YC2g7t47ubsssxXvZO4uNRVn6+
Fd14SfLPDc/uYMwGGVm+7SyUIi/Kj/Y/1a2uLjy5tJMM1LakPPJkha5veRjKlu/r
cE4koLjg3GFFnmjxMxI1nlN0GV+ectjXgqpHaDTb/kqWZyFl29o7hM6kK31IftLJ
5K1ArBhBp6J7nIFz86bpUO9UHofC0UF36Q9dWrwqrAOX/wOOqCbKS94gtVW/Voxy
nFJm1hIFGQGlxD1uF1T9uOjHczK8koayCsmYCpNY3aPOunpdM8gA3AtyIQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMF9oBc+AY0W1BRayciOL0nFxAukMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvd1gyZ0Z6NEJqUmJVRkZySnlJNHZTY1hFQzZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAubwFAwQB
uf+YMA0GCSqGSIb3DQEBCwUAA4IBAQB+fY85Hz9vLyVgUXLQ4/8kSeFp7puE4YUL
a8LABz+b+92U1/Lp8nnrcFsnECy1VmnNsMcqgmuiLT5k52GW6NAJkNWPk9SEhvTT
ctIzaDH7QVrfRaOPGWkTa5snqiosEdVPP9oT5R/Zip+4zngyNFsxoUw5pc4aw5md
NCO+lrgKCaNxZO3gGCN1szrezb2GsIxRV9tGX/jKHN81yw2y90KB2afIJXwA33t9
7FWUFmUd54vdfyLC/w1lyUQeA9sV82QHTR5VafhNKyhMnngqnO+n3OjIgt85UjkI
/LHAZS4B7POpvctFLTcIsHVUkBlU1nzXhPRU555gqjH1J4modsrr
-----END CERTIFICATE-----