Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/e5a814-16a5-403b-93f3-cf32a0d92825/1/tEhe3xmJmG_zsPc9AhVU7gwZ72o.roa
File:                     tEhe3xmJmG_zsPc9AhVU7gwZ72o.roa (raw, json)
Hash identifier:          nyYpIvGBw88+v1ZuYGDB63GDtBeJ/G7Te0Fxnm/mrc0=
Subject key identifier:   B4:48:5E:DF:19:89:98:6F:F3:B0:F7:3D:02:15:54:EE:0C:19:EF:6A
Certificate issuer:       /CN=c256d25f1fdd00dc80dd6d225b21119bf2121e89
Certificate serial:       018CC26D61A8F8E17F793F7FF452029CA8B2
Authority key identifier: C2:56:D2:5F:1F:DD:00:DC:80:DD:6D:22:5B:21:11:9B:F2:12:1E:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wlbSXx_dANyA3W0iWyERm_ISHok.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/e5a814-16a5-403b-93f3-cf32a0d92825/1/tEhe3xmJmG_zsPc9AhVU7gwZ72o.roa
Signing time:             Mon 01 Jan 2024 00:29:57 +0000
ROA not before:           Mon 01 Jan 2024 00:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202757
IP address blocks:        185.255.217.0/24 maxlen: 24
                          185.255.216.0/24 maxlen: 24
                          185.255.219.0/24 maxlen: 24
                          185.255.218.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/e5a814-16a5-403b-93f3-cf32a0d92825/1/wlbSXx_dANyA3W0iWyERm_ISHok.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/e5a814-16a5-403b-93f3-cf32a0d92825/1/wlbSXx_dANyA3W0iWyERm_ISHok.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wlbSXx_dANyA3W0iWyERm_ISHok.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:61:a8:f8:e1:7f:79:3f:7f:f4:52:02:9c:a8:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c256d25f1fdd00dc80dd6d225b21119bf2121e89
        Validity
            Not Before: Jan  1 00:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4485edf1989986ff3b0f73d021554ee0c19ef6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:79:99:b8:71:f3:2d:e9:a7:87:79:d4:60:94:
                    3c:de:b1:44:aa:5d:c1:e2:ad:32:47:53:a9:bf:18:
                    3b:98:60:65:d3:d0:5a:e1:fe:c2:48:b8:0c:2c:d9:
                    a7:ae:d9:21:99:32:56:da:f6:f4:82:ca:23:9e:22:
                    c1:17:f8:6a:5d:0d:82:d3:14:29:54:a4:f1:89:e3:
                    24:7f:2f:d2:46:76:30:fb:b4:51:7b:86:5d:a8:4d:
                    99:b4:2a:13:f6:86:3f:e3:a3:f1:b5:3b:59:6c:52:
                    97:5a:06:fe:ec:96:3d:15:19:f4:3b:f8:0f:00:aa:
                    13:cb:87:89:ff:dc:f6:0b:66:88:01:30:91:72:8c:
                    fa:06:18:02:a5:9d:65:f1:0c:14:2d:01:c4:00:2f:
                    bf:39:e5:58:aa:91:64:1d:ec:e1:11:9c:9f:18:79:
                    8a:30:c2:56:1c:b3:d6:17:94:57:ae:cf:37:a9:43:
                    42:c5:07:43:66:7c:fe:84:c6:3e:81:bc:0a:e1:25:
                    35:cc:27:a7:67:14:26:9b:87:d2:86:8b:65:59:c2:
                    b1:47:a9:07:d2:c0:de:64:f1:68:e1:a6:c9:d9:e0:
                    46:f8:31:84:a0:42:26:c7:26:c3:60:91:1e:d7:51:
                    46:87:08:b1:0f:ad:33:d7:14:0a:c9:dd:36:63:2c:
                    5e:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:48:5E:DF:19:89:98:6F:F3:B0:F7:3D:02:15:54:EE:0C:19:EF:6A
            X509v3 Authority Key Identifier:
                keyid:C2:56:D2:5F:1F:DD:00:DC:80:DD:6D:22:5B:21:11:9B:F2:12:1E:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wlbSXx_dANyA3W0iWyERm_ISHok.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/e5a814-16a5-403b-93f3-cf32a0d92825/1/tEhe3xmJmG_zsPc9AhVU7gwZ72o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/e5a814-16a5-403b-93f3-cf32a0d92825/1/wlbSXx_dANyA3W0iWyERm_ISHok.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.255.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5d:86:d6:85:5e:4c:38:ca:df:76:b0:39:79:ee:36:0b:8b:84:
         60:f2:c1:2f:73:f7:fe:4e:bc:db:e2:1e:18:24:d3:49:45:4e:
         db:ff:d1:8c:44:79:89:23:0d:49:ba:bd:10:87:8d:77:6d:94:
         bc:f0:dd:ae:db:40:a7:29:7d:1f:ad:62:7f:76:d7:9b:97:c7:
         08:36:dd:33:4f:b7:ac:8e:6e:74:1b:f0:66:cb:c2:63:44:ac:
         2b:fd:cc:bc:e3:a2:2f:e1:ab:39:a1:44:c9:db:6c:b2:16:a6:
         d8:1f:ef:82:49:6b:31:6e:75:a4:e1:04:b7:91:30:59:e6:98:
         76:38:01:cd:22:d7:37:2b:10:07:00:b2:3f:56:41:56:8c:93:
         5a:54:12:42:5d:1f:3b:af:27:e0:9d:5b:a0:ec:88:32:26:a3:
         be:43:40:a5:3f:6a:bb:ea:05:e8:fa:da:ff:39:fd:d9:4c:a2:
         74:0b:2c:f5:6c:5d:f4:4a:ed:0c:ac:59:a8:24:44:06:f3:36:
         b7:34:9d:a6:35:14:92:1e:c3:1c:b9:ef:5e:49:93:39:d4:c6:
         95:97:83:56:67:01:3a:ac:c8:18:2d:83:ec:99:c1:41:13:7c:
         8f:7f:4d:ce:71:00:2e:30:75:09:09:e3:17:2a:f0:f5:89:37:
         2f:1d:c4:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbWGo+OF/eT9/9FICnKiyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNTZkMjVmMWZkZDAwZGM4MGRkNmQyMjViMjExMTliZjIx
MjFlODkwHhcNMjQwMTAxMDAyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDQ4NWVkZjE5ODk5ODZmZjNiMGY3M2QwMjE1NTRlZTBjMTllZjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnnmZuHHzLemnh3nUYJQ83rFEql3B
4q0yR1Opvxg7mGBl09Ba4f7CSLgMLNmnrtkhmTJW2vb0gsojniLBF/hqXQ2C0xQp
VKTxieMkfy/SRnYw+7RRe4ZdqE2ZtCoT9oY/46PxtTtZbFKXWgb+7JY9FRn0O/gP
AKoTy4eJ/9z2C2aIATCRcoz6BhgCpZ1l8QwULQHEAC+/OeVYqpFkHezhEZyfGHmK
MMJWHLPWF5RXrs83qUNCxQdDZnz+hMY+gbwK4SU1zCenZxQmm4fShotlWcKxR6kH
0sDeZPFo4abJ2eBG+DGEoEImxybDYJEe11FGhwixD60z1xQKyd02YyxehQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLRIXt8ZiZhv87D3PQIVVO4MGe9qMB8GA1UdIwQY
MBaAFMJW0l8f3QDcgN1tIlshEZvyEh6JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2xiU1h4X2RBTnlBM1cwaVd5RVJtX0lTSG9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS9lNWE4MTQtMTZhNS00MDNiLTkzZjMt
Y2YzMmEwZDkyODI1LzEvdEVoZTN4bUptR196c1BjOUFoVlU3Z3daNzJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS9lNWE4MTQtMTZhNS00MDNiLTkzZjMtY2YzMmEwZDkyODI1
LzEvd2xiU1h4X2RBTnlBM1cwaVd5RVJtX0lTSG9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuf/YMA0G
CSqGSIb3DQEBCwUAA4IBAQBdhtaFXkw4yt92sDl57jYLi4Rg8sEvc/f+Trzb4h4Y
JNNJRU7b/9GMRHmJIw1Jur0Qh413bZS88N2u20CnKX0frWJ/dtebl8cINt0zT7es
jm50G/Bmy8JjRKwr/cy846Iv4as5oUTJ22yyFqbYH++CSWsxbnWk4QS3kTBZ5ph2
OAHNItc3KxAHALI/VkFWjJNaVBJCXR87ryfgnVug7IgyJqO+Q0ClP2q76gXo+tr/
Of3ZTKJ0Cyz1bF30Su0MrFmoJEQG8za3NJ2mNRSSHsMcue9eSZM51MaVl4NWZwE6
rMgYLYPsmcFBE3yPf03OcQAuMHUJCeMXKvD1iTcvHcQT
-----END CERTIFICATE-----