Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/WlNY40vGoHsISV8cxe7v-uDL1z8.roa
File:                     WlNY40vGoHsISV8cxe7v-uDL1z8.roa (raw, json)
Hash identifier:          DSI5lhy3OTW1NGDCgjE4YBOi3i582drRHl7z2eh8GT4=
Subject key identifier:   5A:53:58:E3:4B:C6:A0:7B:08:49:5F:1C:C5:EE:EF:FA:E0:CB:D7:3F
Certificate issuer:       /CN=28fd66e43a104633b27bac539b98bdf8ebfac9ae
Certificate serial:       01953992E4123FDE4060BFAD2804847C1E72
Authority key identifier: 28:FD:66:E4:3A:10:46:33:B2:7B:AC:53:9B:98:BD:F8:EB:FA:C9:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/WlNY40vGoHsISV8cxe7v-uDL1z8.roa
Signing time:             Mon 24 Feb 2025 20:08:02 +0000
ROA not before:           Mon 24 Feb 2025 20:08:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44547
IP address blocks:        45.80.174.0/24 maxlen: 24
                          185.136.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/KP1m5DoQRjOye6xTm5i9-Ov6ya4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/KP1m5DoQRjOye6xTm5i9-Ov6ya4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:39:92:e4:12:3f:de:40:60:bf:ad:28:04:84:7c:1e:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28fd66e43a104633b27bac539b98bdf8ebfac9ae
        Validity
            Not Before: Feb 24 20:08:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5a5358e34bc6a07b08495f1cc5eeeffae0cbd73f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:a0:02:dd:f2:2e:b5:39:da:1f:54:ff:89:34:
                    18:14:b0:58:e6:e1:f7:ad:17:39:64:3d:a9:11:95:
                    ab:27:52:d5:c6:ef:73:57:4e:62:74:be:35:d8:27:
                    79:ed:dd:9c:1c:8b:0e:38:d2:0d:a3:51:7b:38:ba:
                    29:f1:56:2d:aa:5e:2c:56:a8:3c:96:9f:7b:dc:d9:
                    b1:d7:4d:92:86:52:c1:a0:08:4c:30:30:e7:91:f1:
                    44:ec:27:b1:fd:05:7d:49:bf:17:97:96:c2:48:a0:
                    f0:8c:3d:cd:14:78:84:4f:a8:5b:41:c8:9d:9d:15:
                    b3:a8:cb:22:79:c1:1d:74:cf:2f:94:16:14:78:7a:
                    16:91:93:08:7a:f7:5c:1f:90:35:61:9a:6c:1e:8a:
                    36:ce:2e:8b:01:68:b7:c9:69:57:15:73:2d:f7:92:
                    fb:39:91:88:2f:51:cd:d6:30:65:12:5d:10:da:55:
                    53:ef:8e:af:7e:7b:bf:21:93:de:2f:9f:2a:cd:0e:
                    87:bb:d6:6e:03:86:92:1a:e7:0c:ae:3d:95:51:57:
                    4b:c4:30:fd:36:6f:90:f5:50:f2:6d:51:ca:21:de:
                    3c:1e:c7:cb:23:5c:39:ea:d1:3d:e1:a6:27:03:c2:
                    33:58:6e:2c:48:5a:cd:f5:7f:f7:7a:f4:ae:97:6c:
                    22:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:53:58:E3:4B:C6:A0:7B:08:49:5F:1C:C5:EE:EF:FA:E0:CB:D7:3F
            X509v3 Authority Key Identifier:
                keyid:28:FD:66:E4:3A:10:46:33:B2:7B:AC:53:9B:98:BD:F8:EB:FA:C9:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/WlNY40vGoHsISV8cxe7v-uDL1z8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/KP1m5DoQRjOye6xTm5i9-Ov6ya4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.174.0/24
                  185.136.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:e2:64:67:cb:80:20:6a:18:eb:ae:78:8d:a1:42:16:5c:62:
         56:0a:33:12:d8:13:5b:6f:b5:a1:b8:de:8f:d3:a5:bd:e6:34:
         82:a6:1a:fc:7c:05:6d:f9:fe:ce:72:f4:e7:c7:37:8e:53:e2:
         73:9d:37:10:b2:2e:56:2d:50:3d:39:e9:a5:02:0a:31:b3:b9:
         0a:35:63:03:d7:1e:b1:4e:44:ce:e6:3a:41:18:00:67:60:68:
         cb:cd:ff:33:e2:2d:16:8f:93:a1:ab:3d:d6:a9:b0:dc:72:5a:
         2d:d0:cf:84:23:b9:f7:9f:83:b7:1e:08:2e:92:68:83:0f:0f:
         91:1f:25:72:e7:e2:71:ba:2c:67:75:ff:8e:fd:e9:86:20:50:
         5c:d5:c0:fc:08:03:f1:1c:90:ce:d2:80:fa:a5:79:fe:41:74:
         6a:d1:bb:10:e4:ef:8a:04:93:39:3c:4e:30:b7:13:12:9d:af:
         d6:f3:8f:40:93:d7:12:9c:d5:e3:8f:a5:6f:6e:c7:08:64:69:
         d9:8a:2e:06:f8:1e:da:55:62:0e:90:35:70:d6:56:99:f9:a7:
         0c:c0:12:d1:b4:1b:98:a4:2f:9e:d6:ac:ad:3f:39:06:4a:a9:
         6b:b0:ff:f0:31:7d:f0:69:11:17:2c:1e:4b:26:01:b4:76:af:
         90:f2:d7:7f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZU5kuQSP95AYL+tKASEfB5yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4ZmQ2NmU0M2ExMDQ2MzNiMjdiYWM1MzliOThiZGY4ZWJm
YWM5YWUwHhcNMjUwMjI0MjAwODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTUzNThlMzRiYzZhMDdiMDg0OTVmMWNjNWVlZWZmYWUwY2JkNzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuaAC3fIutTnaH1T/iTQYFLBY5uH3
rRc5ZD2pEZWrJ1LVxu9zV05idL412Cd57d2cHIsOONINo1F7OLop8VYtql4sVqg8
lp973Nmx102ShlLBoAhMMDDnkfFE7Cex/QV9Sb8Xl5bCSKDwjD3NFHiET6hbQcid
nRWzqMsiecEddM8vlBYUeHoWkZMIevdcH5A1YZpsHoo2zi6LAWi3yWlXFXMt95L7
OZGIL1HN1jBlEl0Q2lVT746vfnu/IZPeL58qzQ6Hu9ZuA4aSGucMrj2VUVdLxDD9
Nm+Q9VDybVHKId48HsfLI1w56tE94aYnA8IzWG4sSFrN9X/3evSul2wibwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFpTWONLxqB7CElfHMXu7/rgy9c/MB8GA1UdIwQY
MBaAFCj9ZuQ6EEYzsnusU5uYvfjr+smuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1AxbTVEb1FSak95ZTZ4VG01aTktT3Y2eWE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi84ZWQzYjctYmIyZC00ZjRkLTlkYjYt
MjY3NjY5ZjM1NjQ4LzEvV2xOWTQwdkdvSHNJU1Y4Y3hlN3YtdURMMXo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi84ZWQzYjctYmIyZC00ZjRkLTlkYjYtMjY3NjY5ZjM1NjQ4
LzEvS1AxbTVEb1FSak95ZTZ4VG01aTktT3Y2eWE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVCuAwQA
uYjOMA0GCSqGSIb3DQEBCwUAA4IBAQAA4mRny4AgahjrrniNoUIWXGJWCjMS2BNb
b7WhuN6P06W95jSCphr8fAVt+f7OcvTnxzeOU+JznTcQsi5WLVA9OemlAgoxs7kK
NWMD1x6xTkTO5jpBGABnYGjLzf8z4i0Wj5Ohqz3WqbDcclot0M+EI7n3n4O3Hggu
kmiDDw+RHyVy5+Jxuixndf+O/emGIFBc1cD8CAPxHJDO0oD6pXn+QXRq0bsQ5O+K
BJM5PE4wtxMSna/W849Ak9cSnNXjj6VvbscIZGnZii4G+B7aVWIOkDVw1laZ+acM
wBLRtBuYpC+e1qytPzkGSqlrsP/wMX3waREXLB5LJgG0dq+Q8td/
-----END CERTIFICATE-----