Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/ecc102-ad7e-4101-a727-58018a03330a/1/WZpaBRHbJvV3APgauuka7IhrTjY.roa
File:                     WZpaBRHbJvV3APgauuka7IhrTjY.roa (raw, json)
Hash identifier:          N7PJ6tT8+NoaNwurVN1hCRFlu22DLnLYMpbiTBoA0mg=
Subject key identifier:   59:9A:5A:05:11:DB:26:F5:77:00:F8:1A:BA:E9:1A:EC:88:6B:4E:36
Certificate issuer:       /CN=1ab8f8fbea49baf59fcec22e48a9fe2157d86483
Certificate serial:       01941F8CA19670876EC3E9A5AAA48653DB53
Authority key identifier: 1A:B8:F8:FB:EA:49:BA:F5:9F:CE:C2:2E:48:A9:FE:21:57:D8:64:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Grj4--pJuvWfzsIuSKn-IVfYZIM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/ecc102-ad7e-4101-a727-58018a03330a/1/WZpaBRHbJvV3APgauuka7IhrTjY.roa
Signing time:             Wed 01 Jan 2025 01:48:17 +0000
ROA not before:           Wed 01 Jan 2025 01:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        193.104.169.0/24 maxlen: 24
                          195.200.230.0/23 maxlen: 23
                          2001:67c:b4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/ecc102-ad7e-4101-a727-58018a03330a/1/Grj4--pJuvWfzsIuSKn-IVfYZIM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/ecc102-ad7e-4101-a727-58018a03330a/1/Grj4--pJuvWfzsIuSKn-IVfYZIM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Grj4--pJuvWfzsIuSKn-IVfYZIM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:a1:96:70:87:6e:c3:e9:a5:aa:a4:86:53:db:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ab8f8fbea49baf59fcec22e48a9fe2157d86483
        Validity
            Not Before: Jan  1 01:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=599a5a0511db26f57700f81abae91aec886b4e36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:70:75:71:2c:4e:91:29:18:7f:08:7c:bc:18:
                    8f:ec:df:fb:14:d2:d7:86:06:b8:7a:ae:89:62:10:
                    66:e9:8f:00:1b:56:2c:c5:b0:01:11:b6:97:6c:1f:
                    35:90:e0:2c:da:99:3d:f5:61:5e:ec:8e:27:10:6b:
                    2f:f2:a7:f3:e5:61:ca:12:0d:33:8d:5e:ff:81:5b:
                    de:41:ac:b8:91:bf:14:1a:b8:fe:9c:44:d6:9d:f5:
                    b7:08:0f:3f:62:d0:99:a6:1a:27:63:6d:a9:22:52:
                    99:8b:a1:b6:fc:4c:2e:ee:8a:8f:0f:6f:df:a4:c2:
                    aa:37:d9:2d:af:9e:53:a2:2e:5d:2c:8a:bd:aa:5d:
                    5c:df:c3:4a:17:aa:8c:2a:17:dc:76:0a:35:34:36:
                    d9:1b:03:54:1b:d1:d8:88:25:bb:5c:2a:d9:38:ba:
                    b9:84:cb:85:17:ef:75:f3:7d:67:70:f8:be:d5:fe:
                    aa:fb:63:b0:79:d2:e7:aa:1c:e3:61:a2:f8:14:4e:
                    7f:0e:99:95:fd:b3:28:4b:8b:9a:dc:e1:f9:94:19:
                    a8:51:e2:ef:a2:0e:72:05:c0:01:a9:6a:42:eb:7e:
                    28:4d:7c:55:ba:bd:df:55:6c:f7:48:e1:56:eb:ff:
                    6b:75:84:c8:22:45:4f:57:29:35:f2:f9:18:99:ea:
                    dd:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:9A:5A:05:11:DB:26:F5:77:00:F8:1A:BA:E9:1A:EC:88:6B:4E:36
            X509v3 Authority Key Identifier:
                keyid:1A:B8:F8:FB:EA:49:BA:F5:9F:CE:C2:2E:48:A9:FE:21:57:D8:64:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Grj4--pJuvWfzsIuSKn-IVfYZIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/ecc102-ad7e-4101-a727-58018a03330a/1/WZpaBRHbJvV3APgauuka7IhrTjY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/ecc102-ad7e-4101-a727-58018a03330a/1/Grj4--pJuvWfzsIuSKn-IVfYZIM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.169.0/24
                  195.200.230.0/23
                IPv6:
                  2001:67c:b4::/48

    Signature Algorithm: sha256WithRSAEncryption
         2d:27:a9:9a:21:16:0f:df:2d:90:b9:99:1e:ca:b1:46:f0:ad:
         4e:be:ae:b5:91:81:5a:45:34:62:5e:45:0a:54:ec:45:f3:78:
         a9:4c:d2:43:2d:4b:4a:8b:5c:ae:2d:a2:2f:70:dd:d5:f3:05:
         04:40:8c:d5:aa:be:98:ef:7a:eb:2b:d4:38:42:02:9d:f8:3f:
         12:b8:3d:cd:db:f7:9f:61:0b:16:2e:39:4b:e5:57:f6:e6:c0:
         9c:82:83:6c:eb:aa:98:c5:0f:77:52:df:ea:52:c4:b4:08:91:
         ac:ad:54:27:98:58:a0:19:6c:b1:d0:79:b1:e9:01:2a:fb:b4:
         ee:2e:28:a7:55:53:48:ef:a7:43:d9:cc:b2:ac:47:a6:43:41:
         95:c0:1e:05:f1:8f:de:08:90:3a:15:08:9a:f7:a2:84:77:b5:
         c8:b3:d3:01:5c:38:78:ad:42:81:13:73:b7:63:58:65:57:b2:
         ca:f3:ff:73:5f:ff:64:db:9a:61:f8:a2:4f:b9:be:b3:7d:77:
         e8:e6:2c:6f:00:b6:a6:ff:d2:75:73:e2:09:a0:12:b7:d6:bf:
         24:77:37:18:c3:69:96:6b:3c:c4:18:a0:d2:f3:d7:12:00:4a:
         7f:3d:df:e8:ee:2a:39:a3:3d:dd:03:66:86:a0:d8:f9:f7:8b:
         ec:0b:e1:0a
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZQfjKGWcIduw+mlqqSGU9tTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhYjhmOGZiZWE0OWJhZjU5ZmNlYzIyZTQ4YTlmZTIxNTdk
ODY0ODMwHhcNMjUwMTAxMDE0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTlhNWEwNTExZGIyNmY1NzcwMGY4MWFiYWU5MWFlYzg4NmI0ZTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApXB1cSxOkSkYfwh8vBiP7N/7FNLX
hga4eq6JYhBm6Y8AG1YsxbABEbaXbB81kOAs2pk99WFe7I4nEGsv8qfz5WHKEg0z
jV7/gVveQay4kb8UGrj+nETWnfW3CA8/YtCZphonY22pIlKZi6G2/Ewu7oqPD2/f
pMKqN9ktr55Toi5dLIq9ql1c38NKF6qMKhfcdgo1NDbZGwNUG9HYiCW7XCrZOLq5
hMuFF+91831ncPi+1f6q+2OwedLnqhzjYaL4FE5/DpmV/bMoS4ua3OH5lBmoUeLv
og5yBcABqWpC634oTXxVur3fVWz3SOFW6/9rdYTIIkVPVyk18vkYmerd6wIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFFmaWgUR2yb1dwD4GrrpGuyIa042MB8GA1UdIwQY
MBaAFBq4+PvqSbr1n87CLkip/iFX2GSDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3JqNC0tcEp1dldmenNJdVNLbi1JVmZZWklNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9lY2MxMDItYWQ3ZS00MTAxLWE3Mjct
NTgwMThhMDMzMzBhLzEvV1pwYUJSSGJKdlYzQVBnYXV1a2E3SWhyVGpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9lY2MxMDItYWQ3ZS00MTAxLWE3MjctNTgwMThhMDMzMzBh
LzEvR3JqNC0tcEp1dldmenNJdVNLbi1JVmZZWklNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAwWipAwQB
w8jmMA8EAgACMAkDBwAgAQZ8ALQwDQYJKoZIhvcNAQELBQADggEBAC0nqZohFg/f
LZC5mR7KsUbwrU6+rrWRgVpFNGJeRQpU7EXzeKlM0kMtS0qLXK4toi9w3dXzBQRA
jNWqvpjveusr1DhCAp34PxK4Pc3b959hCxYuOUvlV/bmwJyCg2zrqpjFD3dS3+pS
xLQIkaytVCeYWKAZbLHQebHpASr7tO4uKKdVU0jvp0PZzLKsR6ZDQZXAHgXxj94I
kDoVCJr3ooR3tciz0wFcOHitQoETc7djWGVXssrz/3Nf/2TbmmH4ok+5vrN9d+jm
LG8Atqb/0nVz4gmgErfWvyR3NxjDaZZrPMQYoNLz1xIASn893+juKjmjPd0DZoag
2Pn3i+wL4Qo=
-----END CERTIFICATE-----