Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/wP6M-mJFDgS28CfaLHFWVT2uT6g.roa
File:                     wP6M-mJFDgS28CfaLHFWVT2uT6g.roa (raw, json)
Hash identifier:          2hiG0zAlYMTEaJaTJeFRAAFbeJU4+RADPiy+8mr5HG0=
Subject key identifier:   C0:FE:8C:FA:62:45:0E:04:B6:F0:27:DA:2C:71:56:55:3D:AE:4F:A8
Certificate issuer:       /CN=79a843d3a67bf202d0ae23df95e14ea871d8f15d
Certificate serial:       018CC6B8C3659928E6EBB7EDB52BC0380CB4
Authority key identifier: 79:A8:43:D3:A6:7B:F2:02:D0:AE:23:DF:95:E1:4E:A8:71:D8:F1:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/wP6M-mJFDgS28CfaLHFWVT2uT6g.roa
Signing time:             Mon 01 Jan 2024 20:30:46 +0000
ROA not before:           Mon 01 Jan 2024 20:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212609
IP address blocks:        194.45.100.0/24 maxlen: 24
                          45.145.96.0/22 maxlen: 22
                          185.21.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:c3:65:99:28:e6:eb:b7:ed:b5:2b:c0:38:0c:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79a843d3a67bf202d0ae23df95e14ea871d8f15d
        Validity
            Not Before: Jan  1 20:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c0fe8cfa62450e04b6f027da2c7156553dae4fa8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:bf:a1:55:ab:34:fa:94:71:97:33:a8:70:7b:
                    f4:46:aa:e9:4c:8c:07:eb:0a:96:03:86:3f:0a:29:
                    16:72:48:07:87:3a:a7:49:8f:ae:03:63:d7:14:c0:
                    a5:f9:04:95:6d:ce:c4:8c:47:3f:77:b1:1b:f4:66:
                    3e:51:f8:71:8b:41:f5:46:30:fb:c4:e4:67:7c:5d:
                    62:2b:14:d4:6d:84:17:51:c1:6f:86:db:6d:1c:6b:
                    b9:dc:9f:57:c2:e8:5b:89:92:dd:de:c6:ca:9e:d4:
                    33:1f:0d:ec:7f:45:25:58:c3:2d:b3:cc:f2:e6:b8:
                    2f:cb:f9:91:37:75:ef:c5:0c:5f:37:1f:cf:ed:3d:
                    21:f5:b8:b6:b1:b5:e4:32:ce:ec:cd:17:d9:bf:63:
                    cb:d1:86:96:44:e4:4e:ac:a4:55:1b:9f:e9:54:75:
                    a4:4e:ec:3f:fe:01:33:d0:aa:8c:89:7d:e6:1f:8e:
                    80:37:56:ae:e7:56:97:b3:6e:38:9d:3a:27:4d:ab:
                    34:a4:59:f7:fa:a7:b9:20:1e:b5:87:00:51:87:a6:
                    bd:13:31:ce:40:13:77:a6:58:7a:1b:54:4c:1d:8d:
                    9f:89:72:9e:bc:9d:1a:a3:c5:2e:58:bf:f5:fc:ea:
                    60:0e:6e:c1:9b:65:31:35:be:dc:26:3f:54:44:09:
                    c1:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:FE:8C:FA:62:45:0E:04:B6:F0:27:DA:2C:71:56:55:3D:AE:4F:A8
            X509v3 Authority Key Identifier:
                keyid:79:A8:43:D3:A6:7B:F2:02:D0:AE:23:DF:95:E1:4E:A8:71:D8:F1:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/wP6M-mJFDgS28CfaLHFWVT2uT6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.96.0/22
                  185.21.50.0/24
                  194.45.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:b1:00:3d:70:5f:0d:44:e2:82:bb:b0:de:39:1f:0c:ba:89:
         31:92:ff:7f:d8:2c:b0:35:fa:26:83:ac:52:10:6b:b0:b3:b0:
         09:c5:49:bd:81:8a:eb:dc:07:89:e5:a2:26:2a:8e:47:b1:dd:
         c6:8d:d5:b3:da:47:23:d4:da:f4:c6:e2:fc:f5:ea:77:3a:ae:
         c5:8c:bf:4a:02:17:e3:02:53:b7:16:e7:5b:7c:f3:a1:b2:86:
         89:91:8b:dd:4d:71:d8:1c:ec:97:d1:20:04:6c:bb:3e:2c:73:
         1a:2e:5c:02:56:22:f1:0d:58:00:9f:09:13:28:3b:5b:7a:98:
         46:f8:44:eb:38:44:6c:5f:73:b0:26:f8:68:fd:da:21:ab:2c:
         f8:c2:47:84:13:a9:4e:64:b0:81:66:54:93:1d:f7:dc:9a:45:
         0b:b3:ca:0c:eb:96:63:95:b8:c1:d3:c0:d0:ee:17:8e:e7:5d:
         ab:06:13:78:3d:71:64:99:c3:89:f7:5d:25:65:a7:9c:d7:da:
         29:31:ff:ad:26:99:ba:cb:e7:a5:96:88:95:d7:0c:d7:32:a3:
         4e:c4:75:4f:33:71:93:f7:1f:11:eb:81:0b:30:20:81:30:a9:
         4c:95:f6:51:f1:45:e4:ab:2b:d5:10:f7:99:db:36:a0:71:89:
         a2:53:59:26
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzGuMNlmSjm67fttSvAOAy0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5YTg0M2QzYTY3YmYyMDJkMGFlMjNkZjk1ZTE0ZWE4NzFk
OGYxNWQwHhcNMjQwMTAxMjAzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGZlOGNmYTYyNDUwZTA0YjZmMDI3ZGEyYzcxNTY1NTNkYWU0ZmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjr+hVas0+pRxlzOocHv0RqrpTIwH
6wqWA4Y/CikWckgHhzqnSY+uA2PXFMCl+QSVbc7EjEc/d7Eb9GY+Ufhxi0H1RjD7
xORnfF1iKxTUbYQXUcFvhtttHGu53J9XwuhbiZLd3sbKntQzHw3sf0UlWMMts8zy
5rgvy/mRN3XvxQxfNx/P7T0h9bi2sbXkMs7szRfZv2PL0YaWROROrKRVG5/pVHWk
Tuw//gEz0KqMiX3mH46AN1au51aXs244nTonTas0pFn3+qe5IB61hwBRh6a9EzHO
QBN3plh6G1RMHY2fiXKevJ0ao8UuWL/1/OpgDm7Bm2UxNb7cJj9URAnBbwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMD+jPpiRQ4EtvAn2ixxVlU9rk+oMB8GA1UdIwQY
MBaAFHmoQ9Ome/IC0K4j35XhTqhx2PFdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWFoRDA2Wjc4Z0xRcmlQZmxlRk9xSEhZOFYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9mNzBjNmEtODE0Yi00NjFhLTg1NDEt
YjRkZDIyNzU4OTUxLzEvd1A2TS1tSkZEZ1MyOENmYUxIRldWVDJ1VDZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9mNzBjNmEtODE0Yi00NjFhLTg1NDEtYjRkZDIyNzU4OTUx
LzEvZWFoRDA2Wjc4Z0xRcmlQZmxlRk9xSEhZOFYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLZFgAwQA
uRUyAwQAwi1kMA0GCSqGSIb3DQEBCwUAA4IBAQBgsQA9cF8NROKCu7DeOR8Muokx
kv9/2CywNfomg6xSEGuws7AJxUm9gYrr3AeJ5aImKo5Hsd3GjdWz2kcj1Nr0xuL8
9ep3Oq7FjL9KAhfjAlO3FudbfPOhsoaJkYvdTXHYHOyX0SAEbLs+LHMaLlwCViLx
DVgAnwkTKDtbephG+ETrOERsX3OwJvho/dohqyz4wkeEE6lOZLCBZlSTHffcmkUL
s8oM65ZjlbjB08DQ7heO512rBhN4PXFkmcOJ910lZaec19opMf+tJpm6y+elloiV
1wzXMqNOxHVPM3GT9x8R64ELMCCBMKlMlfZR8UXkqyvVEPeZ2zagcYmiU1km
-----END CERTIFICATE-----