Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/5260d0-1855-4f30-b8ef-7c998079a6a9/1/wg0N_QT7G61zqrORlQLm6L3nMHw.roa
File:                     wg0N_QT7G61zqrORlQLm6L3nMHw.roa (raw, json)
Hash identifier:          2gK6bgvE2SkH3zb+2mcAEAEC6Sa4E0L+tV+sFWROsHo=
Subject key identifier:   C2:0D:0D:FD:04:FB:1B:AD:73:AA:B3:91:95:02:E6:E8:BD:E7:30:7C
Certificate issuer:       /CN=5cfe3881f3c44774f51cc75ee7e6f91c5565a606
Certificate serial:       018F344D8B862D29DE0D00F1DF448710BE66
Authority key identifier: 5C:FE:38:81:F3:C4:47:74:F5:1C:C7:5E:E7:E6:F9:1C:55:65:A6:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XP44gfPER3T1HMde5-b5HFVlpgY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/5260d0-1855-4f30-b8ef-7c998079a6a9/1/wg0N_QT7G61zqrORlQLm6L3nMHw.roa
Signing time:             Wed 01 May 2024 13:17:28 +0000
ROA not before:           Wed 01 May 2024 13:17:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.133.68.0/22 maxlen: 24
                          2a05:2440::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/5260d0-1855-4f30-b8ef-7c998079a6a9/1/XP44gfPER3T1HMde5-b5HFVlpgY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/5260d0-1855-4f30-b8ef-7c998079a6a9/1/XP44gfPER3T1HMde5-b5HFVlpgY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XP44gfPER3T1HMde5-b5HFVlpgY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:34:4d:8b:86:2d:29:de:0d:00:f1:df:44:87:10:be:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5cfe3881f3c44774f51cc75ee7e6f91c5565a606
        Validity
            Not Before: May  1 13:17:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c20d0dfd04fb1bad73aab3919502e6e8bde7307c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:c7:32:51:3e:38:50:ee:f4:61:31:aa:f4:fb:
                    eb:a6:30:35:47:c8:52:3d:53:08:7b:af:7f:83:81:
                    0a:76:3a:df:ec:7b:dd:9a:64:b5:56:c7:7f:b6:cd:
                    f7:cc:f5:38:22:d5:9b:7e:c4:c4:40:4e:aa:6d:28:
                    74:14:eb:69:a0:cb:2c:1c:ff:d7:58:cb:53:eb:5f:
                    9d:15:b8:ab:b0:34:10:f6:46:b0:7c:b4:d5:eb:e8:
                    87:1e:b6:5b:8c:46:77:a7:2c:ed:ea:9a:36:ed:d0:
                    36:c4:e3:f6:e3:a0:87:ea:71:5c:57:67:36:d2:22:
                    b1:f9:a7:94:d6:c2:1c:43:14:50:4f:b7:32:da:6a:
                    68:df:cc:ab:0e:dd:ad:96:3c:bd:41:67:5c:f4:90:
                    14:cd:8a:25:1c:27:83:82:46:6a:41:3f:69:a5:4d:
                    09:d3:f9:79:38:36:4f:5b:b5:89:38:ad:a3:61:da:
                    64:cf:7e:42:9d:08:78:77:7e:d5:53:3d:c1:f4:3a:
                    27:79:22:fb:4c:a7:a7:29:ca:7e:39:e8:d0:28:18:
                    98:cc:a2:b4:4d:77:45:c2:3d:5c:8a:69:32:90:b6:
                    e9:50:6f:7f:cb:dd:e5:60:44:5e:b2:38:a5:cc:af:
                    95:c1:d1:b1:a2:c8:e6:9c:9e:a0:4f:9d:93:d2:3e:
                    4c:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:0D:0D:FD:04:FB:1B:AD:73:AA:B3:91:95:02:E6:E8:BD:E7:30:7C
            X509v3 Authority Key Identifier:
                keyid:5C:FE:38:81:F3:C4:47:74:F5:1C:C7:5E:E7:E6:F9:1C:55:65:A6:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XP44gfPER3T1HMde5-b5HFVlpgY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/5260d0-1855-4f30-b8ef-7c998079a6a9/1/wg0N_QT7G61zqrORlQLm6L3nMHw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/5260d0-1855-4f30-b8ef-7c998079a6a9/1/XP44gfPER3T1HMde5-b5HFVlpgY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.133.68.0/22
                IPv6:
                  2a05:2440::/29

    Signature Algorithm: sha256WithRSAEncryption
         47:c6:c6:c1:cd:25:92:fe:af:4e:74:94:5b:a3:ae:a1:a1:f4:
         63:8a:dc:6d:30:18:ec:ab:bb:ab:92:63:28:86:9d:ef:8f:b8:
         41:30:41:8e:c9:a1:77:6c:44:7c:02:be:02:ae:48:c6:33:66:
         65:7a:e1:94:e3:02:42:a5:5a:26:4c:2d:9d:35:f6:a5:61:3e:
         76:ba:69:60:75:d0:63:31:46:3b:64:23:f2:fa:c8:f9:4d:54:
         e4:68:b6:0b:a2:b7:1e:b7:48:0c:e6:64:f3:2f:0f:37:09:69:
         74:61:eb:79:ea:94:c3:2c:be:46:4f:b1:de:a7:01:c1:aa:29:
         2b:70:3c:cb:77:c4:28:c6:9e:1a:f9:fa:5c:82:aa:a5:34:9b:
         bf:f0:05:aa:cd:1e:fb:ee:66:ac:e7:21:df:79:9d:fe:8c:6e:
         62:d9:2a:d4:b5:cb:94:94:6f:39:c0:f2:e1:4b:25:66:03:e3:
         e5:96:3f:f8:23:ad:95:d7:5d:4d:4c:ea:fb:d5:50:86:3e:33:
         e1:04:db:c3:b5:d8:a7:42:29:38:07:d0:e2:41:2d:d8:b7:80:
         83:c0:72:51:6c:26:1a:78:c9:7e:e9:98:21:bc:d5:04:ad:85:
         91:71:c2:5a:27:0c:16:ca:2e:0d:b1:d0:36:0a:00:4e:0b:a9:
         ef:42:89:f6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY80TYuGLSneDQDx30SHEL5mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjZmUzODgxZjNjNDQ3NzRmNTFjYzc1ZWU3ZTZmOTFjNTU2
NWE2MDYwHhcNMjQwNTAxMTMxNzI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjBkMGRmZDA0ZmIxYmFkNzNhYWIzOTE5NTAyZTZlOGJkZTczMDdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA58cyUT44UO70YTGq9PvrpjA1R8hS
PVMIe69/g4EKdjrf7HvdmmS1Vsd/ts33zPU4ItWbfsTEQE6qbSh0FOtpoMssHP/X
WMtT61+dFbirsDQQ9kawfLTV6+iHHrZbjEZ3pyzt6po27dA2xOP246CH6nFcV2c2
0iKx+aeU1sIcQxRQT7cy2mpo38yrDt2tljy9QWdc9JAUzYolHCeDgkZqQT9ppU0J
0/l5ODZPW7WJOK2jYdpkz35CnQh4d37VUz3B9DoneSL7TKenKcp+OejQKBiYzKK0
TXdFwj1cimkykLbpUG9/y93lYEResjilzK+VwdGxosjmnJ6gT52T0j5MqQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMINDf0E+xutc6qzkZUC5ui95zB8MB8GA1UdIwQY
MBaAFFz+OIHzxEd09RzHXufm+RxVZaYGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFA0NGdmUEVSM1QxSE1kZTUtYjVIRlZscGdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS81MjYwZDAtMTg1NS00ZjMwLWI4ZWYt
N2M5OTgwNzlhNmE5LzEvd2cwTl9RVDdHNjF6cXJPUmxRTG02TDNuTUh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS81MjYwZDAtMTg1NS00ZjMwLWI4ZWYtN2M5OTgwNzlhNmE5
LzEvWFA0NGdmUEVSM1QxSE1kZTUtYjVIRlZscGdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYVEMA0E
AgACMAcDBQMqBSRAMA0GCSqGSIb3DQEBCwUAA4IBAQBHxsbBzSWS/q9OdJRbo66h
ofRjitxtMBjsq7urkmMohp3vj7hBMEGOyaF3bER8Ar4CrkjGM2ZleuGU4wJCpVom
TC2dNfalYT52umlgddBjMUY7ZCPy+sj5TVTkaLYLorcet0gM5mTzLw83CWl0Yet5
6pTDLL5GT7HepwHBqikrcDzLd8Qoxp4a+fpcgqqlNJu/8AWqzR777mas5yHfeZ3+
jG5i2SrUtcuUlG85wPLhSyVmA+Pllj/4I62V111NTOr71VCGPjPhBNvDtdinQik4
B9DiQS3Yt4CDwHJRbCYaeMl+6ZghvNUErYWRccJaJwwWyi4NsdA2CgBOC6nvQon2
-----END CERTIFICATE-----