Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/4f0551-6922-45bf-97d3-7cf9a5fb6a9c/1/waF-Z2tmHU-QUDkDn9iZbxxfb6I.roa
File:                     waF-Z2tmHU-QUDkDn9iZbxxfb6I.roa (raw, json)
Hash identifier:          ZXxshP6+dzd/+gUJHJAzlroxH2761ylZK7k4PFEwl24=
Subject key identifier:   C1:A1:7E:67:6B:66:1D:4F:90:50:39:03:9F:D8:99:6F:1C:5F:6F:A2
Certificate issuer:       /CN=fed7f817d7e6ded56ededc44488cd41c052a0dc5
Certificate serial:       018CC94E434267D6D367811B62445DEE529C
Authority key identifier: FE:D7:F8:17:D7:E6:DE:D5:6E:DE:DC:44:48:8C:D4:1C:05:2A:0D:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_tf4F9fm3tVu3txESIzUHAUqDcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/4f0551-6922-45bf-97d3-7cf9a5fb6a9c/1/waF-Z2tmHU-QUDkDn9iZbxxfb6I.roa
Signing time:             Tue 02 Jan 2024 08:33:18 +0000
ROA not before:           Tue 02 Jan 2024 08:33:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206314
IP address blocks:        91.226.236.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/4f0551-6922-45bf-97d3-7cf9a5fb6a9c/1/_tf4F9fm3tVu3txESIzUHAUqDcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/4f0551-6922-45bf-97d3-7cf9a5fb6a9c/1/_tf4F9fm3tVu3txESIzUHAUqDcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_tf4F9fm3tVu3txESIzUHAUqDcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:43:42:67:d6:d3:67:81:1b:62:44:5d:ee:52:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fed7f817d7e6ded56ededc44488cd41c052a0dc5
        Validity
            Not Before: Jan  2 08:33:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1a17e676b661d4f905039039fd8996f1c5f6fa2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:49:a2:3e:11:5b:25:3e:83:49:68:15:9b:1e:
                    23:75:27:b8:4e:9e:b0:e0:13:2d:bf:bb:34:0d:62:
                    b5:de:23:76:b4:b3:f4:ad:af:f9:2a:dd:73:00:e7:
                    05:8e:b3:fe:39:fc:6f:8a:fb:2f:0f:3e:74:42:6c:
                    67:da:ed:71:d8:53:e5:10:d3:c1:ff:c2:f9:d7:33:
                    93:bd:4b:5a:77:d9:c2:c9:19:db:27:58:33:0e:5a:
                    b4:b4:51:f7:e5:3c:66:b3:7c:bb:cb:43:c6:ca:d1:
                    c4:fa:57:10:82:f4:78:12:6a:6e:bc:01:92:5e:e2:
                    ff:33:98:4f:1c:06:78:5f:cc:59:70:c8:f1:59:55:
                    d1:25:25:af:ea:8b:95:67:d9:5c:9a:ed:2e:e9:be:
                    c7:87:27:b2:22:bf:4f:76:12:5b:04:df:6a:d8:aa:
                    48:29:67:96:79:18:1c:cc:ea:f8:eb:49:be:d0:63:
                    d1:f9:02:31:16:1d:26:be:04:d1:71:9d:ee:71:09:
                    1d:4a:f4:64:97:f0:06:aa:7a:b1:a8:93:8e:e9:36:
                    62:a3:36:84:57:2b:5c:33:61:c8:07:f0:6f:45:d4:
                    47:ba:44:5c:20:36:a0:5a:a6:30:2a:d4:5f:14:d5:
                    ff:d6:ad:17:3f:b2:42:33:85:97:cb:c2:71:1b:e7:
                    85:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:A1:7E:67:6B:66:1D:4F:90:50:39:03:9F:D8:99:6F:1C:5F:6F:A2
            X509v3 Authority Key Identifier:
                keyid:FE:D7:F8:17:D7:E6:DE:D5:6E:DE:DC:44:48:8C:D4:1C:05:2A:0D:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_tf4F9fm3tVu3txESIzUHAUqDcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/4f0551-6922-45bf-97d3-7cf9a5fb6a9c/1/waF-Z2tmHU-QUDkDn9iZbxxfb6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/4f0551-6922-45bf-97d3-7cf9a5fb6a9c/1/_tf4F9fm3tVu3txESIzUHAUqDcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.226.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         03:58:f2:6f:82:6f:60:2f:5f:b4:bb:c2:0e:20:81:ca:a4:e3:
         e5:d7:c7:f8:10:79:d6:8f:99:4c:2c:83:f2:8b:17:7d:5f:15:
         40:e2:cb:ad:2b:ec:3c:04:73:b7:d6:96:ab:84:ac:27:1a:c0:
         39:ef:d1:71:7c:1e:c8:54:eb:de:de:b2:27:6c:f9:1f:05:98:
         9d:50:54:52:53:09:c4:42:9e:17:65:01:72:d1:8d:30:24:e7:
         a1:1d:ef:d6:51:fe:5f:2d:03:fb:e6:62:69:9c:7c:e9:eb:f2:
         c1:89:ef:1c:5a:57:46:d3:fd:e0:48:30:bd:07:98:2c:c2:cb:
         a8:ad:36:a4:82:9a:fe:52:cf:ab:2f:b5:4d:7a:2c:71:b2:73:
         c5:f6:eb:93:ca:4f:46:73:8a:44:2d:68:01:63:c0:a1:5d:43:
         bd:5c:01:84:1b:90:aa:00:a5:e9:fa:0f:f4:08:eb:36:c6:93:
         88:a3:db:0b:cd:a0:20:8f:0a:e5:1f:e9:19:e0:69:dd:3a:07:
         9e:f6:4a:55:43:43:c9:f3:d5:3c:db:74:9f:17:9c:84:3e:a2:
         58:c5:f7:de:20:9f:01:cb:30:af:5d:dd:8c:8d:d5:e7:ec:41:
         ab:64:01:43:37:9f:8a:c5:10:40:48:77:67:74:ed:0a:ef:d4:
         7b:01:aa:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTkNCZ9bTZ4EbYkRd7lKcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlZDdmODE3ZDdlNmRlZDU2ZWRlZGM0NDQ4OGNkNDFjMDUy
YTBkYzUwHhcNMjQwMTAyMDgzMzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWExN2U2NzZiNjYxZDRmOTA1MDM5MDM5ZmQ4OTk2ZjFjNWY2ZmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4kmiPhFbJT6DSWgVmx4jdSe4Tp6w
4BMtv7s0DWK13iN2tLP0ra/5Kt1zAOcFjrP+OfxvivsvDz50Qmxn2u1x2FPlENPB
/8L51zOTvUtad9nCyRnbJ1gzDlq0tFH35Txms3y7y0PGytHE+lcQgvR4EmpuvAGS
XuL/M5hPHAZ4X8xZcMjxWVXRJSWv6ouVZ9lcmu0u6b7HhyeyIr9PdhJbBN9q2KpI
KWeWeRgczOr460m+0GPR+QIxFh0mvgTRcZ3ucQkdSvRkl/AGqnqxqJOO6TZiozaE
VytcM2HIB/BvRdRHukRcIDagWqYwKtRfFNX/1q0XP7JCM4WXy8JxG+eFQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMGhfmdrZh1PkFA5A5/YmW8cX2+iMB8GA1UdIwQY
MBaAFP7X+BfX5t7Vbt7cREiM1BwFKg3FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3RmNEY5Zm0zdFZ1M3R4RVNJelVIQVVxRGNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS80ZjA1NTEtNjkyMi00NWJmLTk3ZDMt
N2NmOWE1ZmI2YTljLzEvd2FGLVoydG1IVS1RVURrRG45aVpieHhmYjZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS80ZjA1NTEtNjkyMi00NWJmLTk3ZDMtN2NmOWE1ZmI2YTlj
LzEvX3RmNEY5Zm0zdFZ1M3R4RVNJelVIQVVxRGNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+LsMA0G
CSqGSIb3DQEBCwUAA4IBAQADWPJvgm9gL1+0u8IOIIHKpOPl18f4EHnWj5lMLIPy
ixd9XxVA4sutK+w8BHO31parhKwnGsA579FxfB7IVOve3rInbPkfBZidUFRSUwnE
Qp4XZQFy0Y0wJOehHe/WUf5fLQP75mJpnHzp6/LBie8cWldG0/3gSDC9B5gswsuo
rTakgpr+Us+rL7VNeixxsnPF9uuTyk9Gc4pELWgBY8ChXUO9XAGEG5CqAKXp+g/0
COs2xpOIo9sLzaAgjwrlH+kZ4GndOgee9kpVQ0PJ89U823SfF5yEPqJYxffeIJ8B
yzCvXd2MjdXn7EGrZAFDN5+KxRBASHdndO0K79R7Aaq3
-----END CERTIFICATE-----