Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/a94dea-2ffc-408d-aa9d-1ae36a4469fd/1/WkH0uGp4HoXZqUyJa4iBbr8yNuo.roa
File:                     WkH0uGp4HoXZqUyJa4iBbr8yNuo.roa (raw, json)
Hash identifier:          J5HOqeq//9Q4GWb0ZhzqqxYT0H8YvIEvm0MVKyPGjnY=
Subject key identifier:   5A:41:F4:B8:6A:78:1E:85:D9:A9:4C:89:6B:88:81:6E:BF:32:36:EA
Certificate issuer:       /CN=ab06c8f2247d22041c82e555667881e50f9154ab
Certificate serial:       018CC87137305B5A7EDB72518C361045C2AD
Authority key identifier: AB:06:C8:F2:24:7D:22:04:1C:82:E5:55:66:78:81:E5:0F:91:54:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwbI8iR9IgQcguVVZniB5Q-RVKs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/a94dea-2ffc-408d-aa9d-1ae36a4469fd/1/WkH0uGp4HoXZqUyJa4iBbr8yNuo.roa
Signing time:             Tue 02 Jan 2024 04:31:52 +0000
ROA not before:           Tue 02 Jan 2024 04:31:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48821
IP address blocks:        185.138.52.0/22 maxlen: 24
                          2a07:a40::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/a94dea-2ffc-408d-aa9d-1ae36a4469fd/1/qwbI8iR9IgQcguVVZniB5Q-RVKs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/a94dea-2ffc-408d-aa9d-1ae36a4469fd/1/qwbI8iR9IgQcguVVZniB5Q-RVKs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwbI8iR9IgQcguVVZniB5Q-RVKs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 04:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:37:30:5b:5a:7e:db:72:51:8c:36:10:45:c2:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab06c8f2247d22041c82e555667881e50f9154ab
        Validity
            Not Before: Jan  2 04:31:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a41f4b86a781e85d9a94c896b88816ebf3236ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:25:c9:d3:0e:f9:eb:e1:2c:26:7f:d8:6e:0c:
                    40:21:44:fb:13:3e:a3:cd:00:65:0a:f3:28:54:7e:
                    91:49:44:08:45:6f:5a:34:4c:1e:6c:33:b4:c0:f7:
                    fe:a0:fc:66:5b:c2:9c:ad:9c:69:ec:c5:1f:77:07:
                    4a:f4:35:89:85:8b:03:4c:12:5d:18:5f:2e:3b:76:
                    3c:14:43:a1:a4:76:c7:e5:93:7b:16:d0:fd:63:f3:
                    55:45:4a:10:4a:83:8c:44:bb:47:2e:f9:1d:9a:95:
                    b6:0d:40:7b:ff:57:55:4a:09:83:7d:d5:19:59:e3:
                    19:bd:22:92:6d:a5:78:58:ad:4d:0d:05:cc:62:f6:
                    4d:63:56:6f:ac:4a:d2:9b:c4:ad:ee:56:1a:42:34:
                    a9:52:88:f4:13:8b:3e:23:9a:6a:45:b8:9f:00:28:
                    fb:22:52:90:e1:27:e9:a0:b9:9b:98:da:e8:86:ee:
                    fc:6a:a0:ea:7d:f5:ac:8c:8b:b2:13:b1:00:b9:3a:
                    55:f6:f8:d6:25:ec:89:2d:72:42:0a:1c:9d:cc:b2:
                    c8:8a:51:75:6b:49:0b:76:93:a6:77:5f:ca:ef:77:
                    37:b8:5e:32:52:9c:60:a4:2e:b6:b2:64:b0:f4:38:
                    bb:53:ec:f4:7b:76:7e:06:6c:11:62:44:3e:54:b7:
                    f3:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:41:F4:B8:6A:78:1E:85:D9:A9:4C:89:6B:88:81:6E:BF:32:36:EA
            X509v3 Authority Key Identifier:
                keyid:AB:06:C8:F2:24:7D:22:04:1C:82:E5:55:66:78:81:E5:0F:91:54:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwbI8iR9IgQcguVVZniB5Q-RVKs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/a94dea-2ffc-408d-aa9d-1ae36a4469fd/1/WkH0uGp4HoXZqUyJa4iBbr8yNuo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/a94dea-2ffc-408d-aa9d-1ae36a4469fd/1/qwbI8iR9IgQcguVVZniB5Q-RVKs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.52.0/22
                IPv6:
                  2a07:a40::/29

    Signature Algorithm: sha256WithRSAEncryption
         0c:0c:a9:f6:d1:c5:60:a5:6c:f2:32:1b:cd:0c:09:64:1e:7b:
         8e:1d:47:4b:9c:88:e4:e8:82:4c:aa:89:e0:e6:97:fc:c4:7f:
         a6:a9:30:17:07:58:7d:db:99:2b:43:13:95:3d:e2:58:0f:a6:
         8d:f0:5e:63:48:6a:f1:af:d2:88:e3:af:69:9b:62:a3:60:6d:
         fa:e9:b5:19:02:9b:9d:f3:4f:6a:86:4e:65:47:e9:29:bf:76:
         70:74:ff:7f:2d:55:26:8e:75:b6:d5:e2:6f:c1:0d:e5:6c:47:
         77:3b:f7:bb:94:7f:24:ad:ff:19:ea:a6:29:42:5e:42:be:78:
         4f:d2:2c:78:21:70:09:fd:5f:79:19:2c:85:13:f3:6d:ca:e3:
         ab:e9:4d:4a:8a:0d:68:26:c2:3d:fe:49:7d:39:59:1f:92:ab:
         5d:e8:ee:f7:53:13:61:fb:d0:06:f0:2d:d3:fb:f2:b5:50:8e:
         6a:0a:bf:92:ef:24:d4:87:fe:0e:b3:1d:98:c4:a3:b5:0f:3d:
         15:eb:57:ff:80:6b:f1:7a:f5:60:a3:ee:6b:93:0e:fd:d5:5b:
         fe:16:b1:28:d7:fb:b5:8e:e9:a1:08:8e:74:11:5e:60:37:c4:
         49:7a:8b:7b:d1:1b:9e:77:52:c3:75:c1:d7:73:b1:00:29:64:
         fd:6e:b7:fa
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIcTcwW1p+23JRjDYQRcKtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDZjOGYyMjQ3ZDIyMDQxYzgyZTU1NTY2Nzg4MWU1MGY5
MTU0YWIwHhcNMjQwMTAyMDQzMTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTQxZjRiODZhNzgxZTg1ZDlhOTRjODk2Yjg4ODE2ZWJmMzIzNmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiyXJ0w756+EsJn/YbgxAIUT7Ez6j
zQBlCvMoVH6RSUQIRW9aNEwebDO0wPf+oPxmW8KcrZxp7MUfdwdK9DWJhYsDTBJd
GF8uO3Y8FEOhpHbH5ZN7FtD9Y/NVRUoQSoOMRLtHLvkdmpW2DUB7/1dVSgmDfdUZ
WeMZvSKSbaV4WK1NDQXMYvZNY1ZvrErSm8St7lYaQjSpUoj0E4s+I5pqRbifACj7
IlKQ4SfpoLmbmNrohu78aqDqffWsjIuyE7EAuTpV9vjWJeyJLXJCChydzLLIilF1
a0kLdpOmd1/K73c3uF4yUpxgpC62smSw9Di7U+z0e3Z+BmwRYkQ+VLfzDwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFpB9LhqeB6F2alMiWuIgW6/MjbqMB8GA1UdIwQY
MBaAFKsGyPIkfSIEHILlVWZ4geUPkVSrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdiSThpUjlJZ1FjZ3VWVlpuaUI1US1SVktzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9hOTRkZWEtMmZmYy00MDhkLWFhOWQt
MWFlMzZhNDQ2OWZkLzEvV2tIMHVHcDRIb1hacVV5SmE0aUJicjh5TnVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9hOTRkZWEtMmZmYy00MDhkLWFhOWQtMWFlMzZhNDQ2OWZk
LzEvcXdiSThpUjlJZ1FjZ3VWVlpuaUI1US1SVktzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYo0MA0E
AgACMAcDBQMqBwpAMA0GCSqGSIb3DQEBCwUAA4IBAQAMDKn20cVgpWzyMhvNDAlk
HnuOHUdLnIjk6IJMqong5pf8xH+mqTAXB1h925krQxOVPeJYD6aN8F5jSGrxr9KI
469pm2KjYG366bUZApud809qhk5lR+kpv3ZwdP9/LVUmjnW21eJvwQ3lbEd3O/e7
lH8krf8Z6qYpQl5CvnhP0ix4IXAJ/V95GSyFE/NtyuOr6U1Kig1oJsI9/kl9OVkf
kqtd6O73UxNh+9AG8C3T+/K1UI5qCr+S7yTUh/4Osx2YxKO1Dz0V61f/gGvxevVg
o+5rkw791Vv+FrEo1/u1jumhCI50EV5gN8RJeot70Rued1LDdcHXc7EAKWT9brf6
-----END CERTIFICATE-----