Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/55354e-bce7-4a5d-b561-9113fd7afd6c/1/Wy0iMDnMVPDs0cic4TUEgeXccEE.roa
File:                     Wy0iMDnMVPDs0cic4TUEgeXccEE.roa (raw, json)
Hash identifier:          7w48bRR9M/buFcdr/RIeN/coScFaReAFQhJ/UU4psTM=
Subject key identifier:   5B:2D:22:30:39:CC:54:F0:EC:D1:C8:9C:E1:35:04:81:E5:DC:70:41
Certificate issuer:       /CN=e290e9cc3b7e363d726bd702750b53f29b050a7d
Certificate serial:       018CC424EE7CF6DC48BCEB60F7FADB9B5BD3
Authority key identifier: E2:90:E9:CC:3B:7E:36:3D:72:6B:D7:02:75:0B:53:F2:9B:05:0A:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4pDpzDt-Nj1ya9cCdQtT8psFCn0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/55354e-bce7-4a5d-b561-9113fd7afd6c/1/Wy0iMDnMVPDs0cic4TUEgeXccEE.roa
Signing time:             Mon 01 Jan 2024 08:30:03 +0000
ROA not before:           Mon 01 Jan 2024 08:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62201
IP address blocks:        185.149.200.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/55354e-bce7-4a5d-b561-9113fd7afd6c/1/4pDpzDt-Nj1ya9cCdQtT8psFCn0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/55354e-bce7-4a5d-b561-9113fd7afd6c/1/4pDpzDt-Nj1ya9cCdQtT8psFCn0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4pDpzDt-Nj1ya9cCdQtT8psFCn0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:ee:7c:f6:dc:48:bc:eb:60:f7:fa:db:9b:5b:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e290e9cc3b7e363d726bd702750b53f29b050a7d
        Validity
            Not Before: Jan  1 08:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b2d223039cc54f0ecd1c89ce1350481e5dc7041
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:85:94:72:88:d3:86:95:f7:6e:d9:74:6c:91:
                    fd:c8:97:ba:9d:fb:c6:63:04:d1:10:45:88:9c:0c:
                    13:00:74:dd:53:51:c5:9e:8f:ca:e5:a8:b3:11:62:
                    30:4a:1f:7e:ac:db:80:7a:b6:3a:74:c3:1c:b2:42:
                    c2:bd:48:a3:d7:05:31:20:0d:68:e1:cd:ab:a2:16:
                    9c:2c:bd:23:e1:e0:63:08:b1:dd:7a:10:e3:9e:97:
                    c1:96:5e:fa:1d:31:af:a2:b4:a8:b8:cd:41:ce:00:
                    21:e3:ff:15:c5:43:df:c2:88:19:97:60:06:b8:b0:
                    1d:6f:cf:cf:e7:79:ca:55:34:b8:ca:83:f1:fd:4a:
                    10:99:bb:8f:c2:4f:db:f2:52:01:42:91:ec:1e:cf:
                    97:a9:3f:2f:5b:1c:4b:06:8f:78:ca:e5:68:29:dc:
                    c5:29:f3:a0:a1:fb:49:bc:41:d9:71:32:44:c7:10:
                    d5:0b:3f:8e:34:17:50:9d:1a:dc:cd:03:ae:c4:d4:
                    71:b2:57:d4:91:ae:70:8c:f6:91:59:c4:b4:f7:89:
                    b1:d1:93:62:9a:7b:8d:a5:2b:7e:09:1f:2a:07:9e:
                    ca:59:9a:fe:80:22:e2:d2:2a:f5:d5:58:66:31:6c:
                    17:bf:c5:e9:22:bc:85:be:f5:13:30:4a:f7:5c:a8:
                    43:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:2D:22:30:39:CC:54:F0:EC:D1:C8:9C:E1:35:04:81:E5:DC:70:41
            X509v3 Authority Key Identifier:
                keyid:E2:90:E9:CC:3B:7E:36:3D:72:6B:D7:02:75:0B:53:F2:9B:05:0A:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4pDpzDt-Nj1ya9cCdQtT8psFCn0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/55354e-bce7-4a5d-b561-9113fd7afd6c/1/Wy0iMDnMVPDs0cic4TUEgeXccEE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/55354e-bce7-4a5d-b561-9113fd7afd6c/1/4pDpzDt-Nj1ya9cCdQtT8psFCn0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         61:95:9b:79:1b:ae:63:4d:a1:81:ce:81:3c:14:5a:31:d2:22:
         bd:22:a7:f7:03:3c:a5:4f:99:9c:79:85:94:87:01:c2:e7:47:
         f9:8f:81:54:33:49:99:ff:02:86:1c:6f:8d:b3:74:b4:71:38:
         d4:a0:b4:03:f8:cb:fc:26:12:c0:33:ef:00:b9:b0:06:6f:8a:
         c8:5e:af:9b:fc:56:52:1c:72:fb:be:7b:6d:5b:bc:8d:f6:53:
         96:0b:f3:02:0c:d4:f9:f9:e9:eb:65:99:03:3d:c5:6c:5d:f4:
         6b:77:8f:b1:ff:c2:cd:5a:0e:a5:8e:79:34:4f:80:c3:6f:82:
         b3:56:80:69:60:33:8e:20:da:fb:3e:4c:12:ec:58:ff:ea:63:
         d0:6b:53:dc:e7:76:48:c2:65:51:da:af:3c:f3:2e:2d:7f:20:
         d3:a5:fe:59:81:d0:ae:5e:0d:0f:c5:e6:95:08:e9:14:e2:56:
         35:58:ef:9e:c3:f7:b1:0b:c0:61:a5:0d:30:3c:3d:ce:59:24:
         d4:7f:3b:b0:76:0a:ff:b1:23:0d:46:f8:71:85:76:d3:88:fa:
         9a:a2:6c:73:fa:d8:0f:f0:d6:c1:e0:6f:ab:23:72:75:84:6f:
         59:01:f8:3d:0a:14:a5:76:8d:3d:93:43:8d:37:3a:12:28:06:
         b2:9c:51:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJO589txIvOtg9/rbm1vTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyOTBlOWNjM2I3ZTM2M2Q3MjZiZDcwMjc1MGI1M2YyOWIw
NTBhN2QwHhcNMjQwMTAxMDgzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjJkMjIzMDM5Y2M1NGYwZWNkMWM4OWNlMTM1MDQ4MWU1ZGM3MDQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsIWUcojThpX3btl0bJH9yJe6nfvG
YwTREEWInAwTAHTdU1HFno/K5aizEWIwSh9+rNuAerY6dMMcskLCvUij1wUxIA1o
4c2rohacLL0j4eBjCLHdehDjnpfBll76HTGvorSouM1BzgAh4/8VxUPfwogZl2AG
uLAdb8/P53nKVTS4yoPx/UoQmbuPwk/b8lIBQpHsHs+XqT8vWxxLBo94yuVoKdzF
KfOgoftJvEHZcTJExxDVCz+ONBdQnRrczQOuxNRxslfUka5wjPaRWcS094mx0ZNi
mnuNpSt+CR8qB57KWZr+gCLi0ir11VhmMWwXv8XpIryFvvUTMEr3XKhDIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFstIjA5zFTw7NHInOE1BIHl3HBBMB8GA1UdIwQY
MBaAFOKQ6cw7fjY9cmvXAnULU/KbBQp9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHBEcHpEdC1OajF5YTljQ2RRdFQ4cHNGQ24wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC81NTM1NGUtYmNlNy00YTVkLWI1NjEt
OTExM2ZkN2FmZDZjLzEvV3kwaU1Ebk1WUERzMGNpYzRUVUVnZVhjY0VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC81NTM1NGUtYmNlNy00YTVkLWI1NjEtOTExM2ZkN2FmZDZj
LzEvNHBEcHpEdC1OajF5YTljQ2RRdFQ4cHNGQ24wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZXIMA0G
CSqGSIb3DQEBCwUAA4IBAQBhlZt5G65jTaGBzoE8FFox0iK9Iqf3AzylT5mceYWU
hwHC50f5j4FUM0mZ/wKGHG+Ns3S0cTjUoLQD+Mv8JhLAM+8AubAGb4rIXq+b/FZS
HHL7vnttW7yN9lOWC/MCDNT5+enrZZkDPcVsXfRrd4+x/8LNWg6ljnk0T4DDb4Kz
VoBpYDOOINr7PkwS7Fj/6mPQa1Pc53ZIwmVR2q888y4tfyDTpf5ZgdCuXg0PxeaV
COkU4lY1WO+ew/exC8BhpQ0wPD3OWSTUfzuwdgr/sSMNRvhxhXbTiPqaomxz+tgP
8NbB4G+rI3J1hG9ZAfg9ChSldo09k0ONNzoSKAaynFGE
-----END CERTIFICATE-----