Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/496442-aab7-409c-9eff-d46ed568f871/1/w8pMwx-vyyole256lyQ0C_5-WOI.roa
File:                     w8pMwx-vyyole256lyQ0C_5-WOI.roa (raw, json)
Hash identifier:          K+srURRGs/DsNg/JW4KWXf2QN5EAfkcbY2aU8MAMJS8=
Subject key identifier:   C3:CA:4C:C3:1F:AF:CB:2A:25:7B:6E:7A:97:24:34:0B:FE:7E:58:E2
Certificate issuer:       /CN=8bf8a298141fc2f45c072d27a0bf262655cb6f5a
Certificate serial:       019652FA3103BFE0F24A3D4916F71C3FB45C
Authority key identifier: 8B:F8:A2:98:14:1F:C2:F4:5C:07:2D:27:A0:BF:26:26:55:CB:6F:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i_iimBQfwvRcBy0noL8mJlXLb1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/496442-aab7-409c-9eff-d46ed568f871/1/w8pMwx-vyyole256lyQ0C_5-WOI.roa
Signing time:             Sun 20 Apr 2025 11:34:10 +0000
ROA not before:           Sun 20 Apr 2025 11:34:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49556
IP address blocks:        185.94.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/496442-aab7-409c-9eff-d46ed568f871/1/i_iimBQfwvRcBy0noL8mJlXLb1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/496442-aab7-409c-9eff-d46ed568f871/1/i_iimBQfwvRcBy0noL8mJlXLb1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i_iimBQfwvRcBy0noL8mJlXLb1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:52:fa:31:03:bf:e0:f2:4a:3d:49:16:f7:1c:3f:b4:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bf8a298141fc2f45c072d27a0bf262655cb6f5a
        Validity
            Not Before: Apr 20 11:34:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c3ca4cc31fafcb2a257b6e7a9724340bfe7e58e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:d1:f8:c7:d5:31:f2:8e:6d:08:bf:b3:b0:9f:
                    1c:52:7f:f2:26:0b:9f:58:2d:d8:00:96:fa:f2:ec:
                    ed:6d:d9:dd:0b:ca:05:86:4c:58:fb:09:0a:a3:68:
                    7f:b7:25:ab:fb:0b:63:0d:97:0e:3b:b7:82:4c:da:
                    53:e4:32:e1:c7:af:b4:56:6f:92:02:52:07:7d:9f:
                    38:19:09:66:63:12:3c:a2:94:b4:5c:bc:35:fb:85:
                    2b:a6:b7:d7:2a:61:8d:c6:e7:b6:75:f9:73:d9:28:
                    1c:37:7c:bf:01:6e:09:d6:ea:ad:9d:dd:0f:8c:78:
                    83:5c:8a:da:bf:a6:ac:c3:31:f7:7c:10:79:85:52:
                    49:a7:a3:c3:0b:db:1b:92:44:d9:39:28:1a:df:b4:
                    d5:98:9c:3a:8f:77:7d:fe:e5:6c:82:dd:21:35:b9:
                    98:c8:2e:57:5b:d5:b5:c8:41:7b:79:ca:53:08:fe:
                    1f:e4:21:4e:5c:8f:75:fd:6b:9b:06:12:36:5c:94:
                    af:ab:ed:2e:58:91:d7:d8:48:91:5f:1f:43:99:a7:
                    84:60:75:30:21:4a:d3:78:6e:49:4e:15:fe:72:ef:
                    92:71:3a:50:b3:eb:17:76:d7:88:9c:93:60:d1:55:
                    77:21:ba:8e:a4:21:08:12:12:17:c4:22:39:ff:91:
                    65:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:CA:4C:C3:1F:AF:CB:2A:25:7B:6E:7A:97:24:34:0B:FE:7E:58:E2
            X509v3 Authority Key Identifier:
                keyid:8B:F8:A2:98:14:1F:C2:F4:5C:07:2D:27:A0:BF:26:26:55:CB:6F:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i_iimBQfwvRcBy0noL8mJlXLb1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/496442-aab7-409c-9eff-d46ed568f871/1/w8pMwx-vyyole256lyQ0C_5-WOI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/496442-aab7-409c-9eff-d46ed568f871/1/i_iimBQfwvRcBy0noL8mJlXLb1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.94.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:0a:ef:ed:cb:5e:a1:03:1f:14:a9:b8:1d:ce:64:25:24:58:
         dd:67:ee:6e:db:aa:8b:57:42:fb:a6:43:b6:ad:fb:97:a5:10:
         64:75:72:a1:55:97:f6:5a:e7:9c:b2:bb:7e:24:4d:f4:f1:d1:
         74:dc:81:93:15:bb:77:3e:99:9a:f2:eb:d7:c7:93:ba:b2:fa:
         d6:42:66:42:89:54:ed:4a:ef:3f:59:ad:e5:2b:3e:72:02:08:
         76:50:d3:72:d6:7b:42:18:af:9a:32:de:14:d4:c6:94:4f:77:
         ff:84:02:f2:97:ba:a8:9f:86:8f:06:5c:26:8d:c3:13:d5:17:
         cf:dd:41:04:5d:36:16:48:58:83:bb:94:d1:08:0f:a1:11:68:
         73:1d:b3:02:30:b8:bb:d0:6b:f3:1f:be:6b:ae:f0:23:c9:ae:
         be:ab:aa:e1:fb:53:4e:57:78:33:33:a2:05:df:5a:4c:a2:94:
         cf:54:a3:51:21:40:11:11:9a:cc:66:de:8b:80:69:f0:c2:3a:
         d3:0a:38:a8:6e:8a:dc:20:a5:f8:01:6f:7e:2b:c7:1c:2b:ba:
         27:a9:e2:78:c0:93:cd:1e:be:50:bc:49:37:46:4a:a2:b0:81:
         47:35:9d:33:b4:a3:32:a0:0a:66:8d:75:87:e6:20:bb:f0:bf:
         e0:f8:bc:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZS+jEDv+DySj1JFvccP7RcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiZjhhMjk4MTQxZmMyZjQ1YzA3MmQyN2EwYmYyNjI2NTVj
YjZmNWEwHhcNMjUwNDIwMTEzNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2NhNGNjMzFmYWZjYjJhMjU3YjZlN2E5NzI0MzQwYmZlN2U1OGUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuNH4x9Ux8o5tCL+zsJ8cUn/yJguf
WC3YAJb68uztbdndC8oFhkxY+wkKo2h/tyWr+wtjDZcOO7eCTNpT5DLhx6+0Vm+S
AlIHfZ84GQlmYxI8opS0XLw1+4UrprfXKmGNxue2dflz2SgcN3y/AW4J1uqtnd0P
jHiDXIrav6aswzH3fBB5hVJJp6PDC9sbkkTZOSga37TVmJw6j3d9/uVsgt0hNbmY
yC5XW9W1yEF7ecpTCP4f5CFOXI91/WubBhI2XJSvq+0uWJHX2EiRXx9DmaeEYHUw
IUrTeG5JThX+cu+ScTpQs+sXdteInJNg0VV3IbqOpCEIEhIXxCI5/5FlJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMPKTMMfr8sqJXtuepckNAv+fljiMB8GA1UdIwQY
MBaAFIv4opgUH8L0XActJ6C/JiZVy29aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaV9paW1CUWZ3dlJjQnkwbm9MOG1KbFhMYjFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My80OTY0NDItYWFiNy00MDljLTllZmYt
ZDQ2ZWQ1NjhmODcxLzEvdzhwTXd4LXZ5eW9sZTI1Nmx5UTBDXzUtV09JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My80OTY0NDItYWFiNy00MDljLTllZmYtZDQ2ZWQ1NjhmODcx
LzEvaV9paW1CUWZ3dlJjQnkwbm9MOG1KbFhMYjFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuV60MA0G
CSqGSIb3DQEBCwUAA4IBAQB2Cu/ty16hAx8UqbgdzmQlJFjdZ+5u26qLV0L7pkO2
rfuXpRBkdXKhVZf2Wuecsrt+JE308dF03IGTFbt3Ppma8uvXx5O6svrWQmZCiVTt
Su8/Wa3lKz5yAgh2UNNy1ntCGK+aMt4U1MaUT3f/hALyl7qon4aPBlwmjcMT1RfP
3UEEXTYWSFiDu5TRCA+hEWhzHbMCMLi70GvzH75rrvAjya6+q6rh+1NOV3gzM6IF
31pMopTPVKNRIUAREZrMZt6LgGnwwjrTCjioborcIKX4AW9+K8ccK7onqeJ4wJPN
Hr5QvEk3RkqisIFHNZ0ztKMyoApmjXWH5iC78L/g+LzE
-----END CERTIFICATE-----