Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/wCGu4pLpZH1wZecjtqoikivqppA.roa
File:                     wCGu4pLpZH1wZecjtqoikivqppA.roa (raw, json)
Hash identifier:          C7282sAfE342SrVqqKihSNozWevWOleZShaAsoWIS7k=
Subject key identifier:   C0:21:AE:E2:92:E9:64:7D:70:65:E7:23:B6:AA:22:92:2B:EA:A6:90
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       0194274892DF7D5DAE337B6736FBBF89C794
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/wCGu4pLpZH1wZecjtqoikivqppA.roa
Signing time:             Thu 02 Jan 2025 13:50:54 +0000
ROA not before:           Thu 02 Jan 2025 13:50:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     136258
IP address blocks:        92.118.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 02:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:92:df:7d:5d:ae:33:7b:67:36:fb:bf:89:c7:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 13:50:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c021aee292e9647d7065e723b6aa22922beaa690
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:f9:33:1a:e3:9d:0c:84:19:5d:ec:09:76:10:
                    3f:fe:9b:cd:4d:5c:72:c7:c0:c2:96:07:bf:80:6e:
                    38:fa:0a:ed:f8:14:b9:7f:53:4f:80:c7:dd:3a:ca:
                    24:9f:cc:16:f5:ef:89:e4:f5:ae:2d:c4:7e:3b:a4:
                    c5:e2:42:45:3e:ca:a7:68:1d:29:cf:51:f8:fa:ad:
                    3a:6d:43:37:8f:46:79:92:7c:45:cc:f9:d2:8e:00:
                    4e:b9:9d:b2:ef:26:bf:3f:02:c7:5b:cd:a2:86:bc:
                    3f:9f:16:fd:4a:2c:df:af:16:8b:02:28:49:7c:c6:
                    2f:87:2e:49:0e:d1:70:98:bc:79:cc:a1:d5:95:70:
                    3f:36:ed:73:1e:a4:ae:fe:e3:70:de:d8:40:81:b5:
                    88:6f:1b:13:a7:9f:2c:66:9f:2f:6d:ee:93:b3:0b:
                    8b:47:f2:56:c1:27:00:7b:25:ca:3a:7f:b5:e1:02:
                    46:97:50:7a:c4:dd:e2:c9:48:d5:e7:2f:94:a0:ce:
                    9c:38:4f:6f:c7:38:10:83:3e:81:9f:d9:11:a4:3e:
                    a0:98:58:0b:5e:79:a1:cc:d2:b6:65:80:30:9b:19:
                    6e:85:2b:d3:03:fc:62:27:3f:7e:3c:a3:63:b1:c6:
                    55:2c:db:4b:77:c1:ad:c3:0d:91:99:a6:1f:3d:03:
                    ad:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:21:AE:E2:92:E9:64:7D:70:65:E7:23:B6:AA:22:92:2B:EA:A6:90
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/wCGu4pLpZH1wZecjtqoikivqppA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.118.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:72:06:67:27:b5:fd:76:e3:69:a8:98:6f:f2:aa:6d:81:6e:
         18:1c:14:d1:13:dc:d9:9e:9a:22:b5:14:29:68:b4:c2:88:75:
         77:2f:41:fc:60:21:c8:fa:40:4c:a6:b2:c7:25:e3:24:e4:b9:
         6f:34:96:30:4d:ae:61:25:19:bb:38:77:74:3b:4e:fd:9d:0f:
         16:d2:8a:94:57:c9:83:10:27:f0:70:30:1e:3a:84:9a:c4:70:
         10:2a:14:e8:25:0f:6f:07:2f:26:5e:62:af:8f:a8:a1:c9:2d:
         ec:d3:57:b7:a5:b5:b1:74:cb:7a:98:5e:a2:43:98:b0:62:b9:
         82:da:09:ab:0e:9e:cf:fb:fa:ae:94:ad:01:ce:b3:f4:b6:dc:
         06:5c:0f:82:e7:58:c2:07:75:7a:45:de:71:85:ce:b5:00:14:
         a3:3f:d3:7b:2e:5f:80:d4:f1:54:10:ae:ae:3e:bc:1d:77:ba:
         03:dc:e1:55:44:9b:7d:63:be:ac:49:a0:79:82:81:2f:a6:cd:
         5d:dd:04:b3:d5:df:d3:25:74:6e:2a:af:81:b5:78:92:87:81:
         11:fe:bc:6a:50:75:7e:8f:72:97:05:54:50:31:88:b2:ce:bb:
         c7:0b:23:9c:51:69:67:9a:04:c0:53:92:8c:21:6b:c1:53:13:
         97:2c:14:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSJLffV2uM3tnNvu/iceUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjUwMTAyMTM1MDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDIxYWVlMjkyZTk2NDdkNzA2NWU3MjNiNmFhMjI5MjJiZWFhNjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/kzGuOdDIQZXewJdhA//pvNTVxy
x8DClge/gG44+grt+BS5f1NPgMfdOsokn8wW9e+J5PWuLcR+O6TF4kJFPsqnaB0p
z1H4+q06bUM3j0Z5knxFzPnSjgBOuZ2y7ya/PwLHW82ihrw/nxb9SizfrxaLAihJ
fMYvhy5JDtFwmLx5zKHVlXA/Nu1zHqSu/uNw3thAgbWIbxsTp58sZp8vbe6TswuL
R/JWwScAeyXKOn+14QJGl1B6xN3iyUjV5y+UoM6cOE9vxzgQgz6Bn9kRpD6gmFgL
XnmhzNK2ZYAwmxluhSvTA/xiJz9+PKNjscZVLNtLd8Gtww2RmaYfPQOtZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMAhruKS6WR9cGXnI7aqIpIr6qaQMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvd0NHdTRwTHBaSDF3WmVjanRxb2lraXZxcHBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXHbNMA0G
CSqGSIb3DQEBCwUAA4IBAQBMcgZnJ7X9duNpqJhv8qptgW4YHBTRE9zZnpoitRQp
aLTCiHV3L0H8YCHI+kBMprLHJeMk5LlvNJYwTa5hJRm7OHd0O079nQ8W0oqUV8mD
ECfwcDAeOoSaxHAQKhToJQ9vBy8mXmKvj6ihyS3s01e3pbWxdMt6mF6iQ5iwYrmC
2gmrDp7P+/qulK0BzrP0ttwGXA+C51jCB3V6Rd5xhc61ABSjP9N7Ll+A1PFUEK6u
Prwdd7oD3OFVRJt9Y76sSaB5goEvps1d3QSz1d/TJXRuKq+BtXiSh4ER/rxqUHV+
j3KXBVRQMYiyzrvHCyOcUWlnmgTAU5KMIWvBUxOXLBSp
-----END CERTIFICATE-----