Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/a1449e-2adb-4b1a-b23c-bd6d8badcdc0/1/nWvWK7k5fcpe4OiGPZnR_qmp6Gs.roa
File:                     nWvWK7k5fcpe4OiGPZnR_qmp6Gs.roa (raw, json)
Hash identifier:          2h3PjLiEh22QMbf+FTRREeb4jya367qlMZBeE8osTvk=
Subject key identifier:   9D:6B:D6:2B:B9:39:7D:CA:5E:E0:E8:86:3D:99:D1:FE:A9:A9:E8:6B
Certificate issuer:       /CN=cd698f55b40959b178f7cecbc20c35e9c1379344
Certificate serial:       018CC2DAFD196E1C47A0C069770695DAEA70
Authority key identifier: CD:69:8F:55:B4:09:59:B1:78:F7:CE:CB:C2:0C:35:E9:C1:37:93:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zWmPVbQJWbF4987Lwgw16cE3k0Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/a1449e-2adb-4b1a-b23c-bd6d8badcdc0/1/nWvWK7k5fcpe4OiGPZnR_qmp6Gs.roa
Signing time:             Mon 01 Jan 2024 02:29:40 +0000
ROA not before:           Mon 01 Jan 2024 02:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25540
IP address blocks:        185.26.88.0/22 maxlen: 22
                          2a00:88a0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/a1449e-2adb-4b1a-b23c-bd6d8badcdc0/1/zWmPVbQJWbF4987Lwgw16cE3k0Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/a1449e-2adb-4b1a-b23c-bd6d8badcdc0/1/zWmPVbQJWbF4987Lwgw16cE3k0Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zWmPVbQJWbF4987Lwgw16cE3k0Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:fd:19:6e:1c:47:a0:c0:69:77:06:95:da:ea:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd698f55b40959b178f7cecbc20c35e9c1379344
        Validity
            Not Before: Jan  1 02:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d6bd62bb9397dca5ee0e8863d99d1fea9a9e86b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:33:23:40:25:0b:68:13:71:cb:43:a0:56:79:
                    8a:d6:52:93:9b:4d:71:20:1b:b1:d5:6e:f4:0d:3c:
                    b8:31:db:44:a5:9e:e2:45:44:76:a5:77:8f:a5:c4:
                    7b:2e:08:1a:ea:e6:c0:b0:30:91:6f:2f:40:a8:74:
                    2c:96:44:a3:0c:1c:c6:90:89:d1:44:2d:25:7b:84:
                    ae:46:e2:fa:21:aa:ca:bd:c4:35:84:eb:d7:87:82:
                    74:2d:02:4b:a1:71:be:44:eb:c8:e5:27:23:a3:47:
                    3d:61:dc:e9:28:0f:98:4b:5b:d9:8d:17:0a:37:14:
                    99:e5:ca:3d:28:85:6c:65:25:e1:f0:7c:80:97:8c:
                    f9:d2:d6:e0:51:84:3f:89:1a:03:94:04:ad:fa:84:
                    b1:09:d6:81:73:22:bc:52:e4:41:d9:de:c9:ac:fa:
                    23:8c:e1:a8:14:f9:74:2c:4a:84:b2:07:24:1c:0b:
                    54:c1:16:94:6c:c2:94:06:31:9a:dc:6a:c7:8c:30:
                    f2:5a:ec:a3:7d:39:f2:63:d7:11:6b:b8:f6:15:45:
                    b3:86:e3:b4:b9:7d:a5:60:25:0c:58:a3:64:2f:23:
                    56:41:ed:8a:5b:c3:89:11:6e:58:a8:2b:57:4e:9c:
                    3f:91:bb:30:48:de:ea:78:7f:af:7c:9d:6f:99:2c:
                    9c:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:6B:D6:2B:B9:39:7D:CA:5E:E0:E8:86:3D:99:D1:FE:A9:A9:E8:6B
            X509v3 Authority Key Identifier:
                keyid:CD:69:8F:55:B4:09:59:B1:78:F7:CE:CB:C2:0C:35:E9:C1:37:93:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zWmPVbQJWbF4987Lwgw16cE3k0Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/a1449e-2adb-4b1a-b23c-bd6d8badcdc0/1/nWvWK7k5fcpe4OiGPZnR_qmp6Gs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/a1449e-2adb-4b1a-b23c-bd6d8badcdc0/1/zWmPVbQJWbF4987Lwgw16cE3k0Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.26.88.0/22
                IPv6:
                  2a00:88a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         1a:44:78:41:93:f8:be:a8:94:97:b1:a8:5f:fb:67:df:08:0e:
         4b:ac:46:49:ae:fc:f9:0a:5f:61:c4:f5:02:27:a3:81:c3:dd:
         a8:41:98:c3:8a:25:98:3f:35:fb:bf:e0:b9:f8:6c:9f:06:d5:
         98:74:01:04:a0:e1:df:f4:cc:d7:aa:ef:7f:d0:bc:fa:2c:27:
         08:68:4d:ea:92:91:d7:8d:6f:cd:3b:94:1f:86:bd:6b:69:da:
         44:96:41:c8:38:b0:09:e4:34:28:e4:16:10:b1:22:12:96:f4:
         6b:82:0d:f4:eb:48:79:76:55:8e:c1:5d:59:97:7a:83:e9:a6:
         3d:83:5c:25:23:7c:2a:16:88:38:1c:12:30:a8:45:64:3d:92:
         40:3d:9e:ca:8b:a1:f9:f7:20:76:c8:52:93:a2:b7:90:64:5b:
         49:e5:e2:da:7f:e9:f6:cf:2b:92:de:cf:0c:15:38:09:f4:6f:
         19:27:4f:26:b8:c5:31:d8:d1:34:07:e6:01:05:08:70:24:b4:
         19:99:96:53:88:b1:3d:6a:48:4b:b5:77:5e:e6:c2:4a:8b:99:
         10:cf:eb:8f:76:30:dc:00:d8:a0:b1:57:ed:96:9b:15:6e:31:
         91:7f:7b:43:1c:7e:4a:7d:dc:8e:73:50:ba:e7:8d:43:00:a3:
         db:3b:35:f6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2v0ZbhxHoMBpdwaV2upwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNjk4ZjU1YjQwOTU5YjE3OGY3Y2VjYmMyMGMzNWU5YzEz
NzkzNDQwHhcNMjQwMTAxMDIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDZiZDYyYmI5Mzk3ZGNhNWVlMGU4ODYzZDk5ZDFmZWE5YTllODZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjMjQCULaBNxy0OgVnmK1lKTm01x
IBux1W70DTy4MdtEpZ7iRUR2pXePpcR7Lgga6ubAsDCRby9AqHQslkSjDBzGkInR
RC0le4SuRuL6IarKvcQ1hOvXh4J0LQJLoXG+ROvI5Scjo0c9YdzpKA+YS1vZjRcK
NxSZ5co9KIVsZSXh8HyAl4z50tbgUYQ/iRoDlASt+oSxCdaBcyK8UuRB2d7JrPoj
jOGoFPl0LEqEsgckHAtUwRaUbMKUBjGa3GrHjDDyWuyjfTnyY9cRa7j2FUWzhuO0
uX2lYCUMWKNkLyNWQe2KW8OJEW5YqCtXTpw/kbswSN7qeH+vfJ1vmSycZQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJ1r1iu5OX3KXuDohj2Z0f6pqehrMB8GA1UdIwQY
MBaAFM1pj1W0CVmxePfOy8IMNenBN5NEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveldtUFZiUUpXYkY0OTg3THdndzE2Y0UzazBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC9hMTQ0OWUtMmFkYi00YjFhLWIyM2Mt
YmQ2ZDhiYWRjZGMwLzEvbld2V0s3azVmY3BlNE9pR1BablJfcW1wNkdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC9hMTQ0OWUtMmFkYi00YjFhLWIyM2MtYmQ2ZDhiYWRjZGMw
LzEveldtUFZiUUpXYkY0OTg3THdndzE2Y0UzazBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuRpYMA0E
AgACMAcDBQAqAIigMA0GCSqGSIb3DQEBCwUAA4IBAQAaRHhBk/i+qJSXsahf+2ff
CA5LrEZJrvz5Cl9hxPUCJ6OBw92oQZjDiiWYPzX7v+C5+GyfBtWYdAEEoOHf9MzX
qu9/0Lz6LCcIaE3qkpHXjW/NO5Qfhr1radpElkHIOLAJ5DQo5BYQsSISlvRrgg30
60h5dlWOwV1Zl3qD6aY9g1wlI3wqFog4HBIwqEVkPZJAPZ7Ki6H59yB2yFKToreQ
ZFtJ5eLaf+n2zyuS3s8MFTgJ9G8ZJ08muMUx2NE0B+YBBQhwJLQZmZZTiLE9akhL
tXde5sJKi5kQz+uPdjDcANigsVftlpsVbjGRf3tDHH5KfdyOc1C6541DAKPbOzX2
-----END CERTIFICATE-----