Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/2d9f68-83d1-4d1f-a211-22de4eed80eb/1/wG_toJzQcsLfnCCECsN6GO00t1k.roa
File:                     wG_toJzQcsLfnCCECsN6GO00t1k.roa (raw, json)
Hash identifier:          EJ8D7AOAOxEr6g7iVAABRTKQ41iq0rT+KZMrYp1UHyA=
Subject key identifier:   C0:6F:ED:A0:9C:D0:72:C2:DF:9C:20:84:0A:C3:7A:18:ED:34:B7:59
Certificate issuer:       /CN=e17524c2a6f24d7e6794b00c09634dcad2310434
Certificate serial:       018CC2DAB2B8B7858C7C8C23E2A47E2E14C4
Authority key identifier: E1:75:24:C2:A6:F2:4D:7E:67:94:B0:0C:09:63:4D:CA:D2:31:04:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4XUkwqbyTX5nlLAMCWNNytIxBDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/2d9f68-83d1-4d1f-a211-22de4eed80eb/1/wG_toJzQcsLfnCCECsN6GO00t1k.roa
Signing time:             Mon 01 Jan 2024 02:29:21 +0000
ROA not before:           Mon 01 Jan 2024 02:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59474
IP address blocks:        185.253.110.0/24 maxlen: 24
                          2a10:adc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/2d9f68-83d1-4d1f-a211-22de4eed80eb/1/4XUkwqbyTX5nlLAMCWNNytIxBDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/2d9f68-83d1-4d1f-a211-22de4eed80eb/1/4XUkwqbyTX5nlLAMCWNNytIxBDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4XUkwqbyTX5nlLAMCWNNytIxBDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:b2:b8:b7:85:8c:7c:8c:23:e2:a4:7e:2e:14:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e17524c2a6f24d7e6794b00c09634dcad2310434
        Validity
            Not Before: Jan  1 02:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c06feda09cd072c2df9c20840ac37a18ed34b759
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:fa:ed:d4:0e:c7:48:29:2f:d2:0f:f4:c0:3b:
                    4f:b5:de:8e:33:1a:19:d8:cb:1f:9e:eb:78:3e:59:
                    94:81:94:7f:c1:0b:f4:e2:80:83:3c:58:30:78:3f:
                    8d:55:5d:9a:67:2e:b7:72:41:80:4a:7a:67:5d:91:
                    06:d1:55:1b:57:e7:0c:d0:c3:08:5e:30:62:96:cc:
                    01:f1:32:60:7e:2a:29:15:23:67:cc:52:e9:01:ea:
                    49:3a:15:5b:19:54:bc:2e:c3:8e:1f:d0:45:13:09:
                    c0:69:6b:cf:99:c0:23:bc:2b:79:51:d7:e0:ed:3d:
                    0d:4b:9d:31:08:dc:69:49:6a:c2:d9:df:55:af:8c:
                    8b:06:d9:08:3d:5c:2b:fc:e3:20:1e:87:a0:6d:60:
                    4a:d0:5c:d0:d5:8f:61:65:c3:2f:a9:a5:8e:e5:96:
                    3e:c8:aa:0f:2a:39:7c:62:82:35:52:d0:fc:e5:e6:
                    6b:80:bc:59:70:c3:67:8a:8f:e1:d3:11:5f:e8:ba:
                    1b:99:0b:d1:79:2b:23:af:4a:46:68:7b:cc:52:ee:
                    3a:fe:96:5a:98:2c:a5:11:3f:f6:c3:b6:bc:a6:b8:
                    3b:b0:fc:82:b8:0f:f4:61:1e:bc:04:2b:7f:20:ec:
                    e9:51:66:e6:cb:17:de:4c:3a:30:d3:04:c7:a4:a0:
                    f3:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:6F:ED:A0:9C:D0:72:C2:DF:9C:20:84:0A:C3:7A:18:ED:34:B7:59
            X509v3 Authority Key Identifier:
                keyid:E1:75:24:C2:A6:F2:4D:7E:67:94:B0:0C:09:63:4D:CA:D2:31:04:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4XUkwqbyTX5nlLAMCWNNytIxBDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/2d9f68-83d1-4d1f-a211-22de4eed80eb/1/wG_toJzQcsLfnCCECsN6GO00t1k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/2d9f68-83d1-4d1f-a211-22de4eed80eb/1/4XUkwqbyTX5nlLAMCWNNytIxBDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.253.110.0/24
                IPv6:
                  2a10:adc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         4d:54:ea:0d:00:7a:18:38:34:cb:e3:12:0b:c6:cf:02:61:8a:
         ba:4e:eb:44:ee:e2:1b:89:c7:ab:a0:99:31:90:2f:11:3a:d8:
         83:f6:00:53:ad:4f:e8:68:b8:44:b5:26:63:0f:db:49:57:e7:
         95:e0:e8:c8:31:05:5a:c1:92:37:37:59:84:74:4a:04:f1:3b:
         43:fb:0e:36:13:8f:7b:a1:db:d8:5b:1f:33:14:13:99:40:6a:
         78:d2:34:01:8e:98:68:77:3f:be:70:83:52:1e:57:1f:25:07:
         f6:e2:b1:20:83:b6:59:23:28:d7:cb:ea:8d:1f:fb:4f:1a:a9:
         61:42:07:2f:01:f9:bf:89:31:72:2e:0c:80:87:ec:60:18:1d:
         68:2e:d0:bc:71:44:9e:47:9f:03:59:eb:64:62:ec:25:77:93:
         0f:ee:7e:23:10:a2:dc:e4:e5:7c:24:55:36:6c:2f:eb:b3:54:
         b0:1d:9b:0e:63:bb:19:a3:ab:ad:b9:64:33:9f:33:e7:e0:27:
         8a:f4:9c:ca:04:4b:32:e5:fb:e5:b2:06:91:31:34:22:a9:f8:
         f1:80:c1:ea:5c:fb:a6:27:bf:46:92:a9:47:02:93:c9:59:63:
         f1:8a:5b:68:2e:cd:ea:7e:5a:31:a7:cc:88:f5:7d:89:af:f0:
         d8:7c:43:8a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2rK4t4WMfIwj4qR+LhTEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNzUyNGMyYTZmMjRkN2U2Nzk0YjAwYzA5NjM0ZGNhZDIz
MTA0MzQwHhcNMjQwMTAxMDIyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDZmZWRhMDljZDA3MmMyZGY5YzIwODQwYWMzN2ExOGVkMzRiNzU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvfrt1A7HSCkv0g/0wDtPtd6OMxoZ
2Msfnut4PlmUgZR/wQv04oCDPFgweD+NVV2aZy63ckGASnpnXZEG0VUbV+cM0MMI
XjBilswB8TJgfiopFSNnzFLpAepJOhVbGVS8LsOOH9BFEwnAaWvPmcAjvCt5Udfg
7T0NS50xCNxpSWrC2d9Vr4yLBtkIPVwr/OMgHoegbWBK0FzQ1Y9hZcMvqaWO5ZY+
yKoPKjl8YoI1UtD85eZrgLxZcMNnio/h0xFf6LobmQvReSsjr0pGaHvMUu46/pZa
mCylET/2w7a8prg7sPyCuA/0YR68BCt/IOzpUWbmyxfeTDow0wTHpKDzsQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMBv7aCc0HLC35wghArDehjtNLdZMB8GA1UdIwQY
MBaAFOF1JMKm8k1+Z5SwDAljTcrSMQQ0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFhVa3dxYnlUWDVubExBTUNXTk55dEl4QkRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi8yZDlmNjgtODNkMS00ZDFmLWEyMTEt
MjJkZTRlZWQ4MGViLzEvd0dfdG9KelFjc0xmbkNDRUNzTjZHTzAwdDFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi8yZDlmNjgtODNkMS00ZDFmLWEyMTEtMjJkZTRlZWQ4MGVi
LzEvNFhVa3dxYnlUWDVubExBTUNXTk55dEl4QkRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuf1uMA0E
AgACMAcDBQMqEK3AMA0GCSqGSIb3DQEBCwUAA4IBAQBNVOoNAHoYODTL4xILxs8C
YYq6TutE7uIbiceroJkxkC8ROtiD9gBTrU/oaLhEtSZjD9tJV+eV4OjIMQVawZI3
N1mEdEoE8TtD+w42E497odvYWx8zFBOZQGp40jQBjphodz++cINSHlcfJQf24rEg
g7ZZIyjXy+qNH/tPGqlhQgcvAfm/iTFyLgyAh+xgGB1oLtC8cUSeR58DWetkYuwl
d5MP7n4jEKLc5OV8JFU2bC/rs1SwHZsOY7sZo6utuWQznzPn4CeK9JzKBEsy5fvl
sgaRMTQiqfjxgMHqXPumJ79GkqlHApPJWWPxiltoLs3qfloxp8yI9X2Jr/DYfEOK
-----END CERTIFICATE-----