Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/27b3b3-4b22-4740-a65a-6e7bae5ff898/1/wDMlnlmhoCkHUVzuzwnMH-P3aos.roa
File:                     wDMlnlmhoCkHUVzuzwnMH-P3aos.roa (raw, json)
Hash identifier:          LKT45jAG/plgZwMmjUjDiwus+uavnaWh3HjxDTdaWa0=
Subject key identifier:   C0:33:25:9E:59:A1:A0:29:07:51:5C:EE:CF:09:CC:1F:E3:F7:6A:8B
Certificate issuer:       /CN=2aa8202b4d0c5c111d374f1e98b73db4924d64b1
Certificate serial:       018CC86F503C7C11DCE1FA8DA27045776102
Authority key identifier: 2A:A8:20:2B:4D:0C:5C:11:1D:37:4F:1E:98:B7:3D:B4:92:4D:64:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KqggK00MXBEdN08emLc9tJJNZLE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/27b3b3-4b22-4740-a65a-6e7bae5ff898/1/wDMlnlmhoCkHUVzuzwnMH-P3aos.roa
Signing time:             Tue 02 Jan 2024 04:29:47 +0000
ROA not before:           Tue 02 Jan 2024 04:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202008
IP address blocks:        185.53.188.0/22 maxlen: 24
                          2a02:4060::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/27b3b3-4b22-4740-a65a-6e7bae5ff898/1/KqggK00MXBEdN08emLc9tJJNZLE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/27b3b3-4b22-4740-a65a-6e7bae5ff898/1/KqggK00MXBEdN08emLc9tJJNZLE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KqggK00MXBEdN08emLc9tJJNZLE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:01:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:50:3c:7c:11:dc:e1:fa:8d:a2:70:45:77:61:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2aa8202b4d0c5c111d374f1e98b73db4924d64b1
        Validity
            Not Before: Jan  2 04:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c033259e59a1a02907515ceecf09cc1fe3f76a8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:4a:cd:09:8e:47:31:23:d4:7e:61:35:86:25:
                    b3:58:3a:5e:b9:89:50:05:5a:6c:10:1d:47:22:97:
                    17:d5:1e:dc:23:dd:da:e8:e2:7d:63:9a:eb:e8:1c:
                    1d:d9:73:83:05:3f:6c:8f:95:c8:81:38:d3:8e:39:
                    f3:6c:ae:8a:b1:0b:d6:fc:4b:75:c5:78:a7:9d:07:
                    e9:17:a1:9e:8c:7e:40:c5:4a:b8:f1:7c:49:38:4e:
                    03:ac:d1:e9:8b:0f:b3:5b:46:59:32:46:b3:d1:7e:
                    ad:ea:e7:29:72:12:0a:4a:07:e7:84:e1:52:66:17:
                    71:a5:97:22:ba:0a:92:65:9b:8c:4c:e8:91:43:3b:
                    2b:99:89:1e:14:17:ed:77:b2:b6:c0:89:fd:bb:17:
                    b3:b3:57:f0:a2:5d:cb:24:aa:55:82:8b:53:3f:ec:
                    40:b5:59:77:ea:22:6d:6e:3f:04:b6:3a:d6:8b:12:
                    e2:e2:c0:ea:21:e7:b5:65:31:a8:74:81:4a:94:01:
                    09:a4:f6:d8:b1:34:0d:51:e9:9a:7a:ad:ee:35:fb:
                    59:c2:1b:81:66:42:cc:6c:89:93:9d:0f:ce:57:c9:
                    34:d1:77:39:5f:2e:51:6e:78:6c:e2:d3:51:c6:a0:
                    54:6d:3f:c9:d4:30:ff:de:7f:0d:54:3d:b5:7e:67:
                    37:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:33:25:9E:59:A1:A0:29:07:51:5C:EE:CF:09:CC:1F:E3:F7:6A:8B
            X509v3 Authority Key Identifier:
                keyid:2A:A8:20:2B:4D:0C:5C:11:1D:37:4F:1E:98:B7:3D:B4:92:4D:64:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KqggK00MXBEdN08emLc9tJJNZLE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/27b3b3-4b22-4740-a65a-6e7bae5ff898/1/wDMlnlmhoCkHUVzuzwnMH-P3aos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/27b3b3-4b22-4740-a65a-6e7bae5ff898/1/KqggK00MXBEdN08emLc9tJJNZLE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.53.188.0/22
                IPv6:
                  2a02:4060::/29

    Signature Algorithm: sha256WithRSAEncryption
         5a:75:c2:36:f1:a4:18:05:1b:02:6e:9f:93:2f:82:d8:81:6e:
         42:ef:86:bb:a1:e5:60:dd:71:26:c6:67:bd:17:b2:c6:32:fc:
         f0:2e:c5:11:0e:09:d6:d8:fc:6f:18:df:c0:a5:5f:9a:43:50:
         7c:04:93:ce:34:79:e8:85:03:c4:00:90:6b:74:bb:aa:c7:05:
         00:18:a0:e2:fb:4d:64:60:ba:44:55:15:ed:00:53:52:c1:43:
         b4:a2:18:48:d3:36:0f:fa:5c:55:76:75:ec:ac:f9:4a:1e:ea:
         f1:c0:16:af:e5:1a:06:20:cb:8a:f6:e4:17:33:df:6e:ee:db:
         e7:36:f4:ba:91:24:d5:02:cd:29:52:20:5a:12:a2:96:c0:32:
         79:c5:28:e4:67:6e:cf:e5:4b:be:b5:3d:72:80:6c:0a:3f:50:
         2d:eb:f5:7e:33:6f:c3:d1:68:95:8f:aa:b6:f1:13:da:a0:4e:
         5c:d8:6d:12:1e:b9:94:cc:fb:82:a6:ac:9b:05:2c:46:af:e4:
         e0:af:e9:a7:37:a6:71:6c:d2:71:b5:d9:40:13:62:16:89:7e:
         e6:f0:c5:27:34:2d:d0:a8:68:35:40:c7:2b:80:6d:9e:fd:53:
         dc:86:6e:05:df:87:17:23:ea:f8:16:eb:9a:21:60:66:1f:97:
         60:db:0b:f9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIb1A8fBHc4fqNonBFd2ECMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYTgyMDJiNGQwYzVjMTExZDM3NGYxZTk4YjczZGI0OTI0
ZDY0YjEwHhcNMjQwMTAyMDQyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDMzMjU5ZTU5YTFhMDI5MDc1MTVjZWVjZjA5Y2MxZmUzZjc2YThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0krNCY5HMSPUfmE1hiWzWDpeuYlQ
BVpsEB1HIpcX1R7cI93a6OJ9Y5rr6Bwd2XODBT9sj5XIgTjTjjnzbK6KsQvW/Et1
xXinnQfpF6GejH5AxUq48XxJOE4DrNHpiw+zW0ZZMkaz0X6t6ucpchIKSgfnhOFS
ZhdxpZciugqSZZuMTOiRQzsrmYkeFBftd7K2wIn9uxezs1fwol3LJKpVgotTP+xA
tVl36iJtbj8EtjrWixLi4sDqIee1ZTGodIFKlAEJpPbYsTQNUemaeq3uNftZwhuB
ZkLMbImTnQ/OV8k00Xc5Xy5Rbnhs4tNRxqBUbT/J1DD/3n8NVD21fmc3hwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMAzJZ5ZoaApB1Fc7s8JzB/j92qLMB8GA1UdIwQY
MBaAFCqoICtNDFwRHTdPHpi3PbSSTWSxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3FnZ0swME1YQkVkTjA4ZW1MYzl0SkpOWkxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC8yN2IzYjMtNGIyMi00NzQwLWE2NWEt
NmU3YmFlNWZmODk4LzEvd0RNbG5sbWhvQ2tIVVZ6dXp3bk1ILVAzYW9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC8yN2IzYjMtNGIyMi00NzQwLWE2NWEtNmU3YmFlNWZmODk4
LzEvS3FnZ0swME1YQkVkTjA4ZW1MYzl0SkpOWkxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuTW8MA0E
AgACMAcDBQMqAkBgMA0GCSqGSIb3DQEBCwUAA4IBAQBadcI28aQYBRsCbp+TL4LY
gW5C74a7oeVg3XEmxme9F7LGMvzwLsURDgnW2PxvGN/ApV+aQ1B8BJPONHnohQPE
AJBrdLuqxwUAGKDi+01kYLpEVRXtAFNSwUO0ohhI0zYP+lxVdnXsrPlKHurxwBav
5RoGIMuK9uQXM99u7tvnNvS6kSTVAs0pUiBaEqKWwDJ5xSjkZ27P5Uu+tT1ygGwK
P1At6/V+M2/D0WiVj6q28RPaoE5c2G0SHrmUzPuCpqybBSxGr+Tgr+mnN6ZxbNJx
tdlAE2IWiX7m8MUnNC3QqGg1QMcrgG2e/VPchm4F34cXI+r4FuuaIWBmH5dg2wv5
-----END CERTIFICATE-----