Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/d78f6a-76e7-4ef4-82ba-e9188bcec0c5/1/wPprtlMnFXSHAf0336Ro9cbLtck.roa
File:                     wPprtlMnFXSHAf0336Ro9cbLtck.roa (raw, json)
Hash identifier:          /fXnL9AkAv3Fioj58181d4yJmK75ZQ9mPWfZsNccZVk=
Subject key identifier:   C0:FA:6B:B6:53:27:15:74:87:01:FD:37:DF:A4:68:F5:C6:CB:B5:C9
Certificate issuer:       /CN=1d361d7f1f5f823977502606351fd48dfbee11e3
Certificate serial:       018CC8DCF1FA671E63CDED08557821DE02CE
Authority key identifier: 1D:36:1D:7F:1F:5F:82:39:77:50:26:06:35:1F:D4:8D:FB:EE:11:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HTYdfx9fgjl3UCYGNR_UjfvuEeM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/d78f6a-76e7-4ef4-82ba-e9188bcec0c5/1/wPprtlMnFXSHAf0336Ro9cbLtck.roa
Signing time:             Tue 02 Jan 2024 06:29:32 +0000
ROA not before:           Tue 02 Jan 2024 06:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208126
IP address blocks:        185.84.227.0/24 maxlen: 24
                          2a12:91c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/d78f6a-76e7-4ef4-82ba-e9188bcec0c5/1/HTYdfx9fgjl3UCYGNR_UjfvuEeM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/d78f6a-76e7-4ef4-82ba-e9188bcec0c5/1/HTYdfx9fgjl3UCYGNR_UjfvuEeM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HTYdfx9fgjl3UCYGNR_UjfvuEeM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 18:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:f1:fa:67:1e:63:cd:ed:08:55:78:21:de:02:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d361d7f1f5f823977502606351fd48dfbee11e3
        Validity
            Not Before: Jan  2 06:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c0fa6bb6532715748701fd37dfa468f5c6cbb5c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:36:14:d9:cc:f3:5b:f3:87:96:00:4e:59:98:
                    fe:b2:95:b8:82:63:c1:0c:87:cf:de:41:6d:4b:8c:
                    c9:bd:b4:72:e1:39:82:2d:9d:df:4b:c3:f8:d5:03:
                    a4:7b:d8:25:b2:36:6d:e4:01:58:a3:37:3f:40:ec:
                    76:d8:42:c2:2e:e5:70:95:58:e2:3f:81:82:a7:fb:
                    a5:9d:9a:2c:13:14:6a:85:9b:70:e6:56:01:d6:d0:
                    f2:dc:7d:56:0f:e8:13:9e:b2:2a:f2:cb:a0:59:e0:
                    48:6d:07:b2:2d:c3:00:98:ab:38:22:70:dc:0e:a4:
                    ad:8a:a8:4b:45:e4:1c:86:a9:f0:17:38:bf:d1:d3:
                    aa:54:d6:52:81:9c:fc:6e:36:a3:90:83:f2:3b:34:
                    63:35:e5:f1:a2:92:1c:c8:be:af:5f:43:ba:77:d0:
                    d9:4e:e4:87:38:67:60:38:d5:f5:bd:7b:39:eb:7f:
                    f2:70:23:78:11:a8:82:70:bf:85:73:70:fe:ff:05:
                    31:de:73:c5:9f:98:d4:c0:eb:73:c3:32:5a:58:5f:
                    a3:85:19:02:3c:ac:54:b3:a8:f2:3e:69:a4:80:df:
                    1a:61:eb:6c:8d:be:b8:26:90:8c:91:63:6f:77:08:
                    11:01:52:e0:89:6c:4a:bb:2e:34:ee:9c:66:07:91:
                    e5:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:FA:6B:B6:53:27:15:74:87:01:FD:37:DF:A4:68:F5:C6:CB:B5:C9
            X509v3 Authority Key Identifier:
                keyid:1D:36:1D:7F:1F:5F:82:39:77:50:26:06:35:1F:D4:8D:FB:EE:11:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HTYdfx9fgjl3UCYGNR_UjfvuEeM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/d78f6a-76e7-4ef4-82ba-e9188bcec0c5/1/wPprtlMnFXSHAf0336Ro9cbLtck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/d78f6a-76e7-4ef4-82ba-e9188bcec0c5/1/HTYdfx9fgjl3UCYGNR_UjfvuEeM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.84.227.0/24
                IPv6:
                  2a12:91c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         c4:8a:20:12:f9:8a:c3:31:b1:4e:91:31:70:84:9c:e8:cc:f0:
         0f:c2:67:fd:0d:5d:ba:4f:ac:33:1a:c9:46:e7:88:07:df:07:
         22:c9:d7:18:a1:a6:c1:79:0f:e0:f1:80:cd:0c:43:e5:5d:e2:
         b9:4a:3e:20:d2:51:a9:0b:89:8a:0e:4d:15:0d:ca:96:02:54:
         38:f4:f0:af:b8:0f:ce:2c:f6:e1:38:30:b8:e0:cc:ea:4d:30:
         6d:e9:5c:ce:33:77:84:c4:25:40:49:a0:2d:dc:14:89:0c:39:
         ee:ab:a5:94:ea:74:57:e3:43:60:3a:93:00:f3:0f:3f:1a:8c:
         d9:1e:f8:53:f3:24:cd:78:a4:94:a4:39:32:46:84:31:ef:13:
         55:b5:1f:83:1c:5a:68:a8:1f:be:77:12:32:42:b8:3a:68:a3:
         ad:f3:fa:5f:d9:1b:db:21:1b:e5:fc:c7:01:69:ca:38:93:c0:
         33:dc:8e:4a:de:71:f9:60:22:d1:5a:08:a2:f3:46:7e:99:a5:
         bc:81:4b:73:cd:06:5f:35:5c:03:e6:07:b7:66:2b:da:0c:ed:
         b8:4a:a9:dd:b3:ea:37:5e:d6:e4:f8:56:72:22:da:70:e9:a8:
         c5:01:cf:21:2c:d4:c6:fc:3e:4c:63:63:3f:f2:9e:b4:5f:92:
         86:90:ac:9a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3PH6Zx5jze0IVXgh3gLOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMzYxZDdmMWY1ZjgyMzk3NzUwMjYwNjM1MWZkNDhkZmJl
ZTExZTMwHhcNMjQwMTAyMDYyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGZhNmJiNjUzMjcxNTc0ODcwMWZkMzdkZmE0NjhmNWM2Y2JiNWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAojYU2czzW/OHlgBOWZj+spW4gmPB
DIfP3kFtS4zJvbRy4TmCLZ3fS8P41QOke9glsjZt5AFYozc/QOx22ELCLuVwlVji
P4GCp/ulnZosExRqhZtw5lYB1tDy3H1WD+gTnrIq8sugWeBIbQeyLcMAmKs4InDc
DqStiqhLReQchqnwFzi/0dOqVNZSgZz8bjajkIPyOzRjNeXxopIcyL6vX0O6d9DZ
TuSHOGdgONX1vXs563/ycCN4EaiCcL+Fc3D+/wUx3nPFn5jUwOtzwzJaWF+jhRkC
PKxUs6jyPmmkgN8aYetsjb64JpCMkWNvdwgRAVLgiWxKuy407pxmB5HlvwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMD6a7ZTJxV0hwH9N9+kaPXGy7XJMB8GA1UdIwQY
MBaAFB02HX8fX4I5d1AmBjUf1I377hHjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFRZZGZ4OWZnamwzVUNZR05SX1VqZnZ1RWVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9kNzhmNmEtNzZlNy00ZWY0LTgyYmEt
ZTkxODhiY2VjMGM1LzEvd1BwcnRsTW5GWFNIQWYwMzM2Um85Y2JMdGNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9kNzhmNmEtNzZlNy00ZWY0LTgyYmEtZTkxODhiY2VjMGM1
LzEvSFRZZGZ4OWZnamwzVUNZR05SX1VqZnZ1RWVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuVTjMA0E
AgACMAcDBQMqEpHAMA0GCSqGSIb3DQEBCwUAA4IBAQDEiiAS+YrDMbFOkTFwhJzo
zPAPwmf9DV26T6wzGslG54gH3wciydcYoabBeQ/g8YDNDEPlXeK5Sj4g0lGpC4mK
Dk0VDcqWAlQ49PCvuA/OLPbhODC44MzqTTBt6VzOM3eExCVASaAt3BSJDDnuq6WU
6nRX40NgOpMA8w8/GozZHvhT8yTNeKSUpDkyRoQx7xNVtR+DHFpoqB++dxIyQrg6
aKOt8/pf2RvbIRvl/McBaco4k8Az3I5K3nH5YCLRWgii80Z+maW8gUtzzQZfNVwD
5ge3ZivaDO24Sqnds+o3Xtbk+FZyItpw6ajFAc8hLNTG/D5MY2M/8p60X5KGkKya
-----END CERTIFICATE-----