Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/55229c-e282-4a85-b7a4-8acbfea2ecfa/1/WN8Ya_XWOQxbFHsQ1AKRMaDtaXQ.roa
File:                     WN8Ya_XWOQxbFHsQ1AKRMaDtaXQ.roa (raw, json)
Hash identifier:          gmlodeal/LIZfgUaSRK7JqzxrSvTCNFMMKisYchKE9I=
Subject key identifier:   58:DF:18:6B:F5:D6:39:0C:5B:14:7B:10:D4:02:91:31:A0:ED:69:74
Certificate issuer:       /CN=8d4f3f8ba7dcf5894f2f611d7dfab53d4a63c0a9
Certificate serial:       018CC348D801675BADC0CF378182791F77A5
Authority key identifier: 8D:4F:3F:8B:A7:DC:F5:89:4F:2F:61:1D:7D:FA:B5:3D:4A:63:C0:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jU8_i6fc9YlPL2Edffq1PUpjwKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/55229c-e282-4a85-b7a4-8acbfea2ecfa/1/WN8Ya_XWOQxbFHsQ1AKRMaDtaXQ.roa
Signing time:             Mon 01 Jan 2024 04:29:40 +0000
ROA not before:           Mon 01 Jan 2024 04:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200839
IP address blocks:        185.76.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/55229c-e282-4a85-b7a4-8acbfea2ecfa/1/jU8_i6fc9YlPL2Edffq1PUpjwKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/55229c-e282-4a85-b7a4-8acbfea2ecfa/1/jU8_i6fc9YlPL2Edffq1PUpjwKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jU8_i6fc9YlPL2Edffq1PUpjwKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:d8:01:67:5b:ad:c0:cf:37:81:82:79:1f:77:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d4f3f8ba7dcf5894f2f611d7dfab53d4a63c0a9
        Validity
            Not Before: Jan  1 04:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58df186bf5d6390c5b147b10d4029131a0ed6974
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:09:41:ec:ae:4b:72:83:e6:f6:ee:0c:58:06:
                    74:53:10:f9:b1:e4:78:8f:e2:ed:fe:73:67:61:4f:
                    65:7b:61:56:c4:34:37:fd:cf:b9:cc:af:c2:1d:49:
                    d8:9c:04:63:b9:4d:07:9b:ef:b0:d7:bc:5a:21:2f:
                    67:0b:db:76:25:7c:e6:13:03:ba:5b:c2:3b:85:0e:
                    fb:8f:3e:59:c3:04:39:b9:f5:f0:71:a0:9a:35:6f:
                    49:65:6c:38:11:76:6c:ef:cc:88:6a:f6:2b:85:c2:
                    60:5b:76:9a:39:9c:5d:20:b1:8b:02:3a:c8:15:b6:
                    a4:23:b1:53:30:85:68:a7:9f:9a:fe:e0:34:90:26:
                    ce:17:01:f1:e3:46:2e:b0:ac:94:2c:8f:57:68:3f:
                    85:91:ae:d3:e2:72:b4:07:3f:3b:d8:14:2b:e2:65:
                    fe:e8:6a:10:ca:a7:f0:41:24:be:19:b7:85:18:2b:
                    92:7b:79:06:81:e7:8d:2a:48:6b:4a:b8:96:17:c6:
                    fb:d0:db:c2:91:82:e0:c0:f0:7c:98:95:77:2f:5e:
                    69:6c:df:30:89:59:74:e0:bb:93:13:42:82:53:8d:
                    26:a0:d8:a7:5a:33:bc:c0:71:fc:29:36:2c:63:6d:
                    53:2d:a6:8b:71:ea:29:fc:a5:71:69:f7:d2:f4:43:
                    1f:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:DF:18:6B:F5:D6:39:0C:5B:14:7B:10:D4:02:91:31:A0:ED:69:74
            X509v3 Authority Key Identifier:
                keyid:8D:4F:3F:8B:A7:DC:F5:89:4F:2F:61:1D:7D:FA:B5:3D:4A:63:C0:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jU8_i6fc9YlPL2Edffq1PUpjwKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/55229c-e282-4a85-b7a4-8acbfea2ecfa/1/WN8Ya_XWOQxbFHsQ1AKRMaDtaXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/55229c-e282-4a85-b7a4-8acbfea2ecfa/1/jU8_i6fc9YlPL2Edffq1PUpjwKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.76.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:70:f9:6b:70:d5:ba:70:c2:7f:d4:01:64:9d:39:67:70:5c:
         1b:db:18:ce:d2:69:79:ea:55:61:c1:9f:40:ee:12:c9:90:38:
         bf:16:7e:3d:5f:88:68:4e:97:0b:71:74:c6:84:24:73:4f:6b:
         a0:41:d5:d4:f3:5e:6b:85:44:08:de:e2:f9:fe:79:5c:5d:94:
         e2:20:40:3a:91:be:0b:f6:d5:d0:a8:3a:83:94:6b:d6:7c:9d:
         e9:6c:30:78:97:3c:9b:f4:ca:93:a7:94:18:0c:5e:00:27:f5:
         95:ed:4b:76:5c:6e:d9:3a:43:e7:5b:97:9a:b8:24:eb:40:2e:
         07:20:c0:e7:50:6f:0e:d7:c8:ca:f6:ee:af:2e:9f:be:26:54:
         89:c5:aa:27:88:8d:c5:2b:e7:85:8e:a8:39:3e:81:8a:3f:e6:
         8d:d2:7a:a4:05:00:cb:4a:0c:4b:19:52:48:2e:b3:aa:6e:db:
         49:f6:1d:c9:fd:cc:0c:22:7c:d1:95:d8:49:b7:5d:ce:09:1e:
         53:4e:cd:e8:cd:6d:f7:91:5c:00:44:23:71:71:b1:38:2e:3d:
         f8:26:12:af:87:68:54:b9:08:20:7b:c2:83:96:7b:e0:e4:ff:
         5c:cd:82:69:54:1f:14:39:1d:5e:54:33:81:86:db:27:e6:fd:
         ad:c2:7b:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSNgBZ1utwM83gYJ5H3elMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNGYzZjhiYTdkY2Y1ODk0ZjJmNjExZDdkZmFiNTNkNGE2
M2MwYTkwHhcNMjQwMTAxMDQyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGRmMTg2YmY1ZDYzOTBjNWIxNDdiMTBkNDAyOTEzMWEwZWQ2OTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkAlB7K5LcoPm9u4MWAZ0UxD5seR4
j+Lt/nNnYU9le2FWxDQ3/c+5zK/CHUnYnARjuU0Hm++w17xaIS9nC9t2JXzmEwO6
W8I7hQ77jz5ZwwQ5ufXwcaCaNW9JZWw4EXZs78yIavYrhcJgW3aaOZxdILGLAjrI
FbakI7FTMIVop5+a/uA0kCbOFwHx40YusKyULI9XaD+Fka7T4nK0Bz872BQr4mX+
6GoQyqfwQSS+GbeFGCuSe3kGgeeNKkhrSriWF8b70NvCkYLgwPB8mJV3L15pbN8w
iVl04LuTE0KCU40moNinWjO8wHH8KTYsY21TLaaLceop/KVxaffS9EMfxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFjfGGv11jkMWxR7ENQCkTGg7Wl0MB8GA1UdIwQY
MBaAFI1PP4un3PWJTy9hHX36tT1KY8CpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalU4X2k2ZmM5WWxQTDJFZGZmcTFQVXBqd0trLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy81NTIyOWMtZTI4Mi00YTg1LWI3YTQt
OGFjYmZlYTJlY2ZhLzEvV044WWFfWFdPUXhiRkhzUTFBS1JNYUR0YVhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy81NTIyOWMtZTI4Mi00YTg1LWI3YTQtOGFjYmZlYTJlY2Zh
LzEvalU4X2k2ZmM5WWxQTDJFZGZmcTFQVXBqd0trLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUxoMA0G
CSqGSIb3DQEBCwUAA4IBAQAWcPlrcNW6cMJ/1AFknTlncFwb2xjO0ml56lVhwZ9A
7hLJkDi/Fn49X4hoTpcLcXTGhCRzT2ugQdXU815rhUQI3uL5/nlcXZTiIEA6kb4L
9tXQqDqDlGvWfJ3pbDB4lzyb9MqTp5QYDF4AJ/WV7Ut2XG7ZOkPnW5eauCTrQC4H
IMDnUG8O18jK9u6vLp++JlSJxaoniI3FK+eFjqg5PoGKP+aN0nqkBQDLSgxLGVJI
LrOqbttJ9h3J/cwMInzRldhJt13OCR5TTs3ozW33kVwARCNxcbE4Lj34JhKvh2hU
uQgge8KDlnvg5P9czYJpVB8UOR1eVDOBhtsn5v2twnvs
-----END CERTIFICATE-----