Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/853218-ac6e-4f9c-a959-3df549a06d5b/1/dWcRkvNvK-ARasQXCle_5kBtItE.roa
File:                     dWcRkvNvK-ARasQXCle_5kBtItE.roa (raw, json)
Hash identifier:          L0E2a8Fzy7LlakGMRj42m3kfG6OGKhwkH8vDW+4qE2c=
Subject key identifier:   75:67:11:92:F3:6F:2B:E0:11:6A:C4:17:0A:57:BF:E6:40:6D:22:D1
Certificate issuer:       /CN=23f8c999b30ce248e6c468c784d64d72f963e938
Certificate serial:       018CC348A43E42FD9BBF7C17BD056C474B13
Authority key identifier: 23:F8:C9:99:B3:0C:E2:48:E6:C4:68:C7:84:D6:4D:72:F9:63:E9:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I_jJmbMM4kjmxGjHhNZNcvlj6Tg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/853218-ac6e-4f9c-a959-3df549a06d5b/1/dWcRkvNvK-ARasQXCle_5kBtItE.roa
Signing time:             Mon 01 Jan 2024 04:29:26 +0000
ROA not before:           Mon 01 Jan 2024 04:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198948
IP address blocks:        178.218.193.0/24 maxlen: 24
                          91.239.248.0/22 maxlen: 24
                          185.129.112.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/853218-ac6e-4f9c-a959-3df549a06d5b/1/I_jJmbMM4kjmxGjHhNZNcvlj6Tg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/853218-ac6e-4f9c-a959-3df549a06d5b/1/I_jJmbMM4kjmxGjHhNZNcvlj6Tg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I_jJmbMM4kjmxGjHhNZNcvlj6Tg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 22:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:a4:3e:42:fd:9b:bf:7c:17:bd:05:6c:47:4b:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23f8c999b30ce248e6c468c784d64d72f963e938
        Validity
            Not Before: Jan  1 04:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75671192f36f2be0116ac4170a57bfe6406d22d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:96:c3:0e:14:56:5b:c6:24:d9:50:eb:21:ca:
                    47:0a:41:99:3c:aa:5a:bb:43:11:ec:f6:fe:0e:61:
                    9f:82:a9:99:f3:eb:b6:cd:54:b3:56:9d:8c:de:73:
                    17:a9:33:80:d7:57:4f:ea:28:16:f8:cd:c9:01:f1:
                    ff:d2:6f:08:d2:4a:80:78:f6:45:3a:fd:e9:1d:bf:
                    54:71:26:04:58:3e:51:28:cb:61:b4:26:ee:d3:e8:
                    72:c9:30:58:f6:af:06:9a:6f:f1:0d:bd:43:0e:0f:
                    98:4d:82:e7:f5:a9:aa:95:f5:0e:3e:ce:db:e2:5d:
                    c1:0d:42:cf:9b:d8:ae:90:c6:17:9f:61:f8:f4:2e:
                    e1:49:bf:92:6e:d1:96:92:fd:13:66:fd:2f:aa:1c:
                    35:b2:2d:78:60:9d:f8:6f:31:ae:8d:db:25:e1:e8:
                    5d:54:eb:11:c7:84:cf:51:55:6a:3f:c7:26:90:4d:
                    35:ac:18:66:a6:75:53:bf:52:f9:2f:96:8f:f9:ea:
                    da:91:cf:3b:1f:0f:ce:1b:a3:be:cc:bd:9a:4e:87:
                    25:c2:e1:c4:ba:55:11:63:46:e0:64:52:38:fb:79:
                    c8:8b:dc:c5:b5:98:cd:1b:ca:d0:f9:e6:24:87:e7:
                    1d:fb:76:a5:da:6c:fd:37:93:c9:2c:2c:75:51:ba:
                    af:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:67:11:92:F3:6F:2B:E0:11:6A:C4:17:0A:57:BF:E6:40:6D:22:D1
            X509v3 Authority Key Identifier:
                keyid:23:F8:C9:99:B3:0C:E2:48:E6:C4:68:C7:84:D6:4D:72:F9:63:E9:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I_jJmbMM4kjmxGjHhNZNcvlj6Tg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/853218-ac6e-4f9c-a959-3df549a06d5b/1/dWcRkvNvK-ARasQXCle_5kBtItE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/853218-ac6e-4f9c-a959-3df549a06d5b/1/I_jJmbMM4kjmxGjHhNZNcvlj6Tg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.248.0/22
                  178.218.193.0/24
                  185.129.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         97:b0:43:36:6b:fa:53:c5:86:e0:f4:df:59:13:4c:20:5a:66:
         f6:4d:a5:21:c1:45:d7:90:58:7c:22:f1:aa:da:34:50:4b:1a:
         76:25:1f:06:f1:3f:72:b3:d9:1d:3e:70:24:a2:9f:0b:51:33:
         6b:67:3e:9c:80:5c:a8:16:a5:3e:03:18:ec:ce:5d:4a:02:36:
         f0:81:5c:66:fc:a7:5d:f9:14:6f:94:f5:27:d5:ac:04:0b:ca:
         0c:b4:f6:72:ee:6e:08:e4:5c:f6:f9:a7:38:af:e4:80:4d:60:
         6c:02:78:6d:7f:d5:ed:d8:14:83:50:44:a4:72:e8:0d:fc:c4:
         e7:f5:df:03:2e:fb:3e:04:6a:4d:1e:e5:8a:63:f9:87:33:17:
         89:a1:eb:df:0a:2b:ec:fd:bd:ec:e2:48:41:3b:b3:c4:87:af:
         c3:da:e1:34:45:56:6a:de:e6:91:cf:aa:18:2f:17:f8:b2:00:
         df:06:2d:0d:43:ee:56:ba:78:bc:37:13:31:ea:be:39:63:4e:
         a1:a6:b7:9a:d0:97:43:4f:02:1f:66:b9:f6:7b:35:4b:fd:15:
         ed:df:e8:bc:67:8f:e0:03:c4:9f:97:a6:17:c3:30:3d:a7:6f:
         f4:91:9b:b4:1a:4c:89:d3:7b:35:45:3a:3b:d6:60:8e:cd:c3:
         40:09:65:49
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzDSKQ+Qv2bv3wXvQVsR0sTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzZjhjOTk5YjMwY2UyNDhlNmM0NjhjNzg0ZDY0ZDcyZjk2
M2U5MzgwHhcNMjQwMTAxMDQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTY3MTE5MmYzNmYyYmUwMTE2YWM0MTcwYTU3YmZlNjQwNmQyMmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi5bDDhRWW8Yk2VDrIcpHCkGZPKpa
u0MR7Pb+DmGfgqmZ8+u2zVSzVp2M3nMXqTOA11dP6igW+M3JAfH/0m8I0kqAePZF
Ov3pHb9UcSYEWD5RKMthtCbu0+hyyTBY9q8Gmm/xDb1DDg+YTYLn9amqlfUOPs7b
4l3BDULPm9iukMYXn2H49C7hSb+SbtGWkv0TZv0vqhw1si14YJ34bzGujdsl4ehd
VOsRx4TPUVVqP8cmkE01rBhmpnVTv1L5L5aP+erakc87Hw/OG6O+zL2aToclwuHE
ulURY0bgZFI4+3nIi9zFtZjNG8rQ+eYkh+cd+3al2mz9N5PJLCx1UbqvCwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHVnEZLzbyvgEWrEFwpXv+ZAbSLRMB8GA1UdIwQY
MBaAFCP4yZmzDOJI5sRox4TWTXL5Y+k4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSV9qSm1iTU00a2pteEdqSGhOWk5jdmxqNlRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS84NTMyMTgtYWM2ZS00ZjljLWE5NTkt
M2RmNTQ5YTA2ZDViLzEvZFdjUmt2TnZLLUFSYXNRWENsZV81a0J0SXRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS84NTMyMTgtYWM2ZS00ZjljLWE5NTktM2RmNTQ5YTA2ZDVi
LzEvSV9qSm1iTU00a2pteEdqSGhOWk5jdmxqNlRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCW+/4AwQA
strBAwQCuYFwMA0GCSqGSIb3DQEBCwUAA4IBAQCXsEM2a/pTxYbg9N9ZE0wgWmb2
TaUhwUXXkFh8IvGq2jRQSxp2JR8G8T9ys9kdPnAkop8LUTNrZz6cgFyoFqU+Axjs
zl1KAjbwgVxm/Kdd+RRvlPUn1awEC8oMtPZy7m4I5Fz2+ac4r+SATWBsAnhtf9Xt
2BSDUESkcugN/MTn9d8DLvs+BGpNHuWKY/mHMxeJoevfCivs/b3s4khBO7PEh6/D
2uE0RVZq3uaRz6oYLxf4sgDfBi0NQ+5Wuni8NxMx6r45Y06hprea0JdDTwIfZrn2
ezVL/RXt3+i8Z4/gA8Sfl6YXwzA9p2/0kZu0GkyJ03s1RTo71mCOzcNACWVJ
-----END CERTIFICATE-----