Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/c9aa81-5bfd-4535-9606-941cc6a7bad9/1/wNwz-CEyZ2UgBaszV0ucixDH2J8.roa
File:                     wNwz-CEyZ2UgBaszV0ucixDH2J8.roa (raw, json)
Hash identifier:          7MrpT4CLu6mRCHE7ngg+YWwTFHL1zoVwcmT3KvmQWLM=
Subject key identifier:   C0:DC:33:F8:21:32:67:65:20:05:AB:33:57:4B:9C:8B:10:C7:D8:9F
Certificate issuer:       /CN=17526ccac4f9064e058549b30172c84439787fbc
Certificate serial:       019421B23E35FE9F8C26AC0D9B1382970823
Authority key identifier: 17:52:6C:CA:C4:F9:06:4E:05:85:49:B3:01:72:C8:44:39:78:7F:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F1JsysT5Bk4FhUmzAXLIRDl4f7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/c9aa81-5bfd-4535-9606-941cc6a7bad9/1/wNwz-CEyZ2UgBaszV0ucixDH2J8.roa
Signing time:             Wed 01 Jan 2025 11:48:36 +0000
ROA not before:           Wed 01 Jan 2025 11:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206150
IP address blocks:        45.90.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/c9aa81-5bfd-4535-9606-941cc6a7bad9/1/F1JsysT5Bk4FhUmzAXLIRDl4f7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/c9aa81-5bfd-4535-9606-941cc6a7bad9/1/F1JsysT5Bk4FhUmzAXLIRDl4f7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F1JsysT5Bk4FhUmzAXLIRDl4f7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 03:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:3e:35:fe:9f:8c:26:ac:0d:9b:13:82:97:08:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17526ccac4f9064e058549b30172c84439787fbc
        Validity
            Not Before: Jan  1 11:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c0dc33f8213267652005ab33574b9c8b10c7d89f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:37:32:35:1c:b2:f7:dc:4b:b2:e3:f3:12:74:
                    c9:ff:39:2d:2c:ab:86:9a:11:bf:94:16:88:1a:b4:
                    7f:3f:7c:76:4b:f0:be:80:8d:8b:f0:e4:99:4c:16:
                    80:27:cf:fd:c1:f0:c6:29:b9:b5:14:0c:24:d5:26:
                    cc:f5:79:9e:55:0d:2e:ee:7f:7a:aa:26:af:1c:4c:
                    16:51:07:b3:ce:c2:16:e2:32:80:f1:55:fd:1b:29:
                    2b:cc:3a:05:5f:56:81:d1:24:f7:1f:7d:c1:20:f0:
                    20:c3:ec:bc:b0:ba:0e:22:5a:da:e3:e9:d8:c2:e5:
                    e4:a7:f0:13:b2:25:61:b5:c0:f7:52:2f:b6:30:20:
                    bf:76:98:c9:f6:7c:c4:e3:47:da:20:55:76:81:9d:
                    fb:33:89:4c:17:49:cc:0c:6f:0f:49:9a:ad:93:a2:
                    33:e2:12:b4:5c:b3:07:d9:de:19:23:a0:1f:b0:ec:
                    27:2c:56:24:c7:62:f6:98:ba:b5:f3:c5:14:cb:4a:
                    9e:10:be:10:1a:42:ba:63:42:91:59:06:4b:5f:e4:
                    e5:ed:6b:79:2e:03:bd:e7:31:4b:06:f2:76:33:cf:
                    53:07:fe:5d:f5:3e:6e:6d:51:e6:d5:ce:98:4a:3a:
                    44:29:b1:bb:94:81:3d:d8:39:4d:d3:40:97:29:b6:
                    ef:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:DC:33:F8:21:32:67:65:20:05:AB:33:57:4B:9C:8B:10:C7:D8:9F
            X509v3 Authority Key Identifier:
                keyid:17:52:6C:CA:C4:F9:06:4E:05:85:49:B3:01:72:C8:44:39:78:7F:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F1JsysT5Bk4FhUmzAXLIRDl4f7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/c9aa81-5bfd-4535-9606-941cc6a7bad9/1/wNwz-CEyZ2UgBaszV0ucixDH2J8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/c9aa81-5bfd-4535-9606-941cc6a7bad9/1/F1JsysT5Bk4FhUmzAXLIRDl4f7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:81:5c:d0:fc:c3:75:58:1a:f8:81:93:98:b2:c5:f3:a7:63:
         1a:0c:5e:49:27:0a:7b:e6:3a:be:3b:8d:5b:c7:6e:8e:ee:92:
         a1:09:57:11:48:83:9f:07:6f:1c:01:c8:71:3f:5e:97:16:c8:
         1e:1e:50:01:ee:b7:fb:9a:02:65:50:a5:e9:be:fb:52:08:85:
         af:5f:49:34:66:e6:4b:17:ba:31:f3:6c:2a:4b:fb:c6:74:e8:
         53:51:54:f1:04:19:41:c1:82:00:0d:ec:22:fb:43:17:db:ab:
         70:05:74:bb:12:a0:55:c2:18:cc:9a:18:1e:11:4b:7c:40:08:
         92:06:71:27:40:0b:e7:42:ad:92:c5:ff:32:99:85:95:c4:bd:
         54:34:1f:6a:8d:cd:09:8e:52:e6:f9:4c:5a:5c:47:53:b1:c9:
         7d:4d:e7:d3:63:80:50:33:e5:30:a4:2c:78:0e:59:61:32:59:
         1d:6c:f3:6a:3a:59:dd:9f:2a:69:b5:d2:49:5d:3b:e9:db:2b:
         91:1e:8d:07:aa:37:f6:49:b5:6b:74:38:21:39:10:2e:15:2b:
         66:fc:96:30:59:ad:29:3a:83:cf:b5:2b:0f:8f:53:b2:6d:8d:
         a1:20:63:85:60:df:2a:d8:aa:2a:60:b4:b9:3c:44:33:12:27:
         b5:d7:92:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsj41/p+MJqwNmxOClwgjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NTI2Y2NhYzRmOTA2NGUwNTg1NDliMzAxNzJjODQ0Mzk3
ODdmYmMwHhcNMjUwMTAxMTE0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGRjMzNmODIxMzI2NzY1MjAwNWFiMzM1NzRiOWM4YjEwYzdkODlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgjcyNRyy99xLsuPzEnTJ/zktLKuG
mhG/lBaIGrR/P3x2S/C+gI2L8OSZTBaAJ8/9wfDGKbm1FAwk1SbM9XmeVQ0u7n96
qiavHEwWUQezzsIW4jKA8VX9GykrzDoFX1aB0ST3H33BIPAgw+y8sLoOIlra4+nY
wuXkp/ATsiVhtcD3Ui+2MCC/dpjJ9nzE40faIFV2gZ37M4lMF0nMDG8PSZqtk6Iz
4hK0XLMH2d4ZI6AfsOwnLFYkx2L2mLq188UUy0qeEL4QGkK6Y0KRWQZLX+Tl7Wt5
LgO95zFLBvJ2M89TB/5d9T5ubVHm1c6YSjpEKbG7lIE92DlN00CXKbbvVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMDcM/ghMmdlIAWrM1dLnIsQx9ifMB8GA1UdIwQY
MBaAFBdSbMrE+QZOBYVJswFyyEQ5eH+8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjFKc3lzVDVCazRGaFVtekFYTElSRGw0Zjd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9jOWFhODEtNWJmZC00NTM1LTk2MDYt
OTQxY2M2YTdiYWQ5LzEvd053ei1DRXlaMlVnQmFzelYwdWNpeERIMko4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9jOWFhODEtNWJmZC00NTM1LTk2MDYtOTQxY2M2YTdiYWQ5
LzEvRjFKc3lzVDVCazRGaFVtekFYTElSRGw0Zjd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVpUMA0G
CSqGSIb3DQEBCwUAA4IBAQCwgVzQ/MN1WBr4gZOYssXzp2MaDF5JJwp75jq+O41b
x26O7pKhCVcRSIOfB28cAchxP16XFsgeHlAB7rf7mgJlUKXpvvtSCIWvX0k0ZuZL
F7ox82wqS/vGdOhTUVTxBBlBwYIADewi+0MX26twBXS7EqBVwhjMmhgeEUt8QAiS
BnEnQAvnQq2Sxf8ymYWVxL1UNB9qjc0JjlLm+UxaXEdTscl9TefTY4BQM+UwpCx4
DllhMlkdbPNqOlndnypptdJJXTvp2yuRHo0Hqjf2SbVrdDghORAuFStm/JYwWa0p
OoPPtSsPj1OybY2hIGOFYN8q2KoqYLS5PEQzEie115Lv
-----END CERTIFICATE-----