Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/848c8b-0e9c-4d6e-873e-8cf7d4493358/1/w49soLRro9NyeMuT5m_AXRvWKW4.roa
File:                     w49soLRro9NyeMuT5m_AXRvWKW4.roa (raw, json)
Hash identifier:          NQxKALq775ahG/cowuRivYJQ95AD5JkMG4/7iAmFB9M=
Subject key identifier:   C3:8F:6C:A0:B4:6B:A3:D3:72:78:CB:93:E6:6F:C0:5D:1B:D6:29:6E
Certificate issuer:       /CN=cbbe3c6d99811819cedddcd27e4be25bc0cf506f
Certificate serial:       018CC94D8DA7A79A6A05CB8ECACBF5C1E142
Authority key identifier: CB:BE:3C:6D:99:81:18:19:CE:DD:DC:D2:7E:4B:E2:5B:C0:CF:50:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y748bZmBGBnO3dzSfkviW8DPUG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/848c8b-0e9c-4d6e-873e-8cf7d4493358/1/w49soLRro9NyeMuT5m_AXRvWKW4.roa
Signing time:             Tue 02 Jan 2024 08:32:32 +0000
ROA not before:           Tue 02 Jan 2024 08:32:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51175
IP address blocks:        188.123.199.0/24 maxlen: 24
                          188.123.204.0/22 maxlen: 22
                          188.123.212.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/848c8b-0e9c-4d6e-873e-8cf7d4493358/1/y748bZmBGBnO3dzSfkviW8DPUG8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/848c8b-0e9c-4d6e-873e-8cf7d4493358/1/y748bZmBGBnO3dzSfkviW8DPUG8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y748bZmBGBnO3dzSfkviW8DPUG8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:8d:a7:a7:9a:6a:05:cb:8e:ca:cb:f5:c1:e1:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cbbe3c6d99811819cedddcd27e4be25bc0cf506f
        Validity
            Not Before: Jan  2 08:32:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c38f6ca0b46ba3d37278cb93e66fc05d1bd6296e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:8b:a0:88:49:8b:c3:df:dc:c5:06:b0:fc:2b:
                    17:9b:71:77:ff:1f:e7:ec:a1:b7:e9:60:9d:8a:03:
                    ac:a6:c8:97:81:83:4b:bb:7b:0e:f4:10:73:57:62:
                    5a:b1:c2:e4:21:47:7c:23:6c:82:09:72:48:b5:3e:
                    d5:92:62:c3:13:6a:2a:86:44:20:54:74:2b:c7:9a:
                    98:d5:96:57:68:6b:5c:07:87:13:de:f2:82:44:cf:
                    d3:e1:87:c0:0c:5d:45:1d:f5:eb:72:60:67:f4:47:
                    61:e2:a0:cc:f3:f9:07:fb:7e:25:00:ad:d4:7c:6d:
                    eb:4b:37:67:33:ac:10:1a:33:cc:71:3d:09:e3:b4:
                    e4:2b:fd:fd:db:2e:a6:35:51:7b:fd:ca:78:5e:ef:
                    b4:08:61:a7:0a:95:89:f2:e2:62:39:95:28:44:03:
                    f5:cd:b5:8b:a0:43:87:ce:1b:f2:d5:d4:99:d0:b6:
                    17:25:cc:3e:ca:99:9e:c3:d3:2e:bf:1a:f9:f3:a5:
                    01:4a:76:8a:12:34:59:77:41:53:36:36:69:7f:9b:
                    ba:20:f7:0e:fc:79:a2:f0:8d:22:f5:25:24:f9:e0:
                    b4:5d:4d:bb:cc:dd:eb:1b:6b:7c:8e:7a:26:7e:46:
                    fd:1f:d0:bc:61:0c:39:2f:54:17:37:5c:12:32:dc:
                    96:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:8F:6C:A0:B4:6B:A3:D3:72:78:CB:93:E6:6F:C0:5D:1B:D6:29:6E
            X509v3 Authority Key Identifier:
                keyid:CB:BE:3C:6D:99:81:18:19:CE:DD:DC:D2:7E:4B:E2:5B:C0:CF:50:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y748bZmBGBnO3dzSfkviW8DPUG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/848c8b-0e9c-4d6e-873e-8cf7d4493358/1/w49soLRro9NyeMuT5m_AXRvWKW4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/848c8b-0e9c-4d6e-873e-8cf7d4493358/1/y748bZmBGBnO3dzSfkviW8DPUG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.123.199.0/24
                  188.123.204.0/22
                  188.123.212.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b2:95:b2:da:06:a7:6b:9c:29:63:0a:62:0c:19:32:49:5a:af:
         06:db:b0:b5:8f:63:6f:f2:2e:df:30:fa:0a:86:37:6e:b6:5b:
         08:f5:bd:14:06:70:0f:93:a0:71:6b:71:ff:8a:d1:6c:85:5e:
         53:55:d5:a3:ae:34:24:90:45:53:b4:2e:2b:eb:05:d0:74:1f:
         57:82:41:ec:e3:4e:f0:15:15:7f:e3:25:99:05:90:49:54:40:
         73:2e:9b:5c:2e:a7:2c:03:49:cc:b8:b9:f4:cc:a3:03:8f:e2:
         41:a2:56:55:01:63:37:af:54:bd:00:a0:2d:54:7f:b9:57:01:
         58:ed:92:5a:af:ff:0c:1a:49:e5:57:bb:17:eb:62:c4:0a:2f:
         76:ff:ef:45:3d:b1:88:0d:87:1d:fb:a5:93:f6:2f:b0:d6:59:
         d6:17:33:27:66:16:27:9b:9b:73:2d:42:95:c8:93:05:b1:fb:
         86:5c:34:41:38:51:e9:af:97:49:53:6b:7c:8a:3a:bc:a9:87:
         38:23:dd:3a:94:3f:42:5d:27:f2:5a:1c:0d:06:5a:73:31:53:
         8c:d8:4f:9f:f1:9b:8e:64:a3:7b:08:25:b2:5a:11:33:21:a2:
         31:a0:a8:a9:a2:9d:1b:ac:d3:58:5c:57:f7:6a:cb:d9:c3:08:
         56:88:c5:5c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJTY2np5pqBcuOysv1weFCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiYmUzYzZkOTk4MTE4MTljZWRkZGNkMjdlNGJlMjViYzBj
ZjUwNmYwHhcNMjQwMTAyMDgzMjMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzhmNmNhMGI0NmJhM2QzNzI3OGNiOTNlNjZmYzA1ZDFiZDYyOTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4ugiEmLw9/cxQaw/CsXm3F3/x/n
7KG36WCdigOspsiXgYNLu3sO9BBzV2JascLkIUd8I2yCCXJItT7VkmLDE2oqhkQg
VHQrx5qY1ZZXaGtcB4cT3vKCRM/T4YfADF1FHfXrcmBn9Edh4qDM8/kH+34lAK3U
fG3rSzdnM6wQGjPMcT0J47TkK/392y6mNVF7/cp4Xu+0CGGnCpWJ8uJiOZUoRAP1
zbWLoEOHzhvy1dSZ0LYXJcw+ypmew9Muvxr586UBSnaKEjRZd0FTNjZpf5u6IPcO
/Hmi8I0i9SUk+eC0XU27zN3rG2t8jnomfkb9H9C8YQw5L1QXN1wSMtyWfwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMOPbKC0a6PTcnjLk+ZvwF0b1iluMB8GA1UdIwQY
MBaAFMu+PG2ZgRgZzt3c0n5L4lvAz1BvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTc0OGJabUJHQm5PM2R6U2ZrdmlXOERQVUc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS84NDhjOGItMGU5Yy00ZDZlLTg3M2Ut
OGNmN2Q0NDkzMzU4LzEvdzQ5c29MUnJvOU55ZU11VDVtX0FYUnZXS1c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS84NDhjOGItMGU5Yy00ZDZlLTg3M2UtOGNmN2Q0NDkzMzU4
LzEveTc0OGJabUJHQm5PM2R6U2ZrdmlXOERQVUc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAvHvHAwQC
vHvMAwQBvHvUMA0GCSqGSIb3DQEBCwUAA4IBAQCylbLaBqdrnCljCmIMGTJJWq8G
27C1j2Nv8i7fMPoKhjdutlsI9b0UBnAPk6Bxa3H/itFshV5TVdWjrjQkkEVTtC4r
6wXQdB9XgkHs407wFRV/4yWZBZBJVEBzLptcLqcsA0nMuLn0zKMDj+JBolZVAWM3
r1S9AKAtVH+5VwFY7ZJar/8MGknlV7sX62LECi92/+9FPbGIDYcd+6WT9i+w1lnW
FzMnZhYnm5tzLUKVyJMFsfuGXDRBOFHpr5dJU2t8ijq8qYc4I906lD9CXSfyWhwN
BlpzMVOM2E+f8ZuOZKN7CCWyWhEzIaIxoKipop0brNNYXFf3asvZwwhWiMVc
-----END CERTIFICATE-----