Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/WYW6z44YvhXfbAJjVMoAzIW9AZQ.roa
File:                     WYW6z44YvhXfbAJjVMoAzIW9AZQ.roa (raw, json)
Hash identifier:          KuWBSL2oBxZd9hbr1Lgx24b8jxS/kYrymEiknAu1aoU=
Subject key identifier:   59:85:BA:CF:8E:18:BE:15:DF:6C:02:63:54:CA:00:CC:85:BD:01:94
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       0194258EC95E7331A7241825C284A7E4A1E5
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/WYW6z44YvhXfbAJjVMoAzIW9AZQ.roa
Signing time:             Thu 02 Jan 2025 05:48:22 +0000
ROA not before:           Thu 02 Jan 2025 05:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     138997
IP address blocks:        45.9.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:c9:5e:73:31:a7:24:18:25:c2:84:a7:e4:a1:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  2 05:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5985bacf8e18be15df6c026354ca00cc85bd0194
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:43:dd:01:2e:be:3f:a5:e3:7f:60:57:17:c6:
                    70:ec:74:35:10:18:af:a7:3f:97:5a:a1:0b:a1:04:
                    c4:2b:70:bd:0f:4e:d5:75:08:cb:4f:c4:f4:74:7c:
                    48:78:23:75:16:9d:66:58:56:75:0b:c3:70:73:62:
                    e2:06:68:cc:f0:73:2f:c0:6c:04:53:b7:73:3d:db:
                    4f:35:32:59:a8:05:c5:58:c7:3e:34:c2:2c:2b:59:
                    41:b3:af:2d:ac:11:f4:b0:2c:d2:9f:78:6e:bd:96:
                    c8:91:0f:1c:e8:07:9c:d5:e0:dd:81:74:af:e4:fa:
                    d0:8d:84:1d:bf:c5:e7:f7:1e:de:70:b4:3e:8a:4e:
                    75:07:82:89:a9:21:82:74:6b:c3:b9:ae:1a:f5:61:
                    a8:b8:a0:79:35:de:bd:33:88:03:a1:d2:eb:c8:aa:
                    27:37:13:86:f1:5e:e1:48:38:e4:a0:b1:3a:3e:b4:
                    e0:cd:7e:33:e7:32:a6:ef:e5:d8:81:3e:60:a5:d9:
                    7f:a5:4c:99:9b:f0:aa:ac:d2:bb:7e:b0:b3:16:8c:
                    71:c6:0b:97:e4:d2:6e:45:28:23:6f:fd:b1:b0:e9:
                    da:87:58:23:10:a1:69:a4:b6:e4:39:9c:cc:94:e9:
                    fa:95:75:b8:6e:58:d5:4d:55:9d:28:51:c0:9d:f9:
                    4f:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:85:BA:CF:8E:18:BE:15:DF:6C:02:63:54:CA:00:CC:85:BD:01:94
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/WYW6z44YvhXfbAJjVMoAzIW9AZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:27:ec:17:55:b1:9e:f9:fe:2a:1d:3a:51:c3:51:44:98:0e:
         31:f3:69:f3:4a:a2:5c:c3:49:6b:75:c3:e2:f3:88:f1:2e:bd:
         34:c3:f6:9e:2f:30:08:20:2c:75:2c:4c:03:d6:76:c4:74:7e:
         c0:80:eb:94:26:69:10:a9:c3:92:c0:b1:2c:6b:ba:28:1f:44:
         33:99:89:25:aa:7b:43:eb:ad:0e:29:b0:10:23:1a:ea:c0:1e:
         6a:37:1d:1e:f3:ff:4f:62:02:54:ff:0a:fa:4f:1b:8c:65:bf:
         d8:d0:f1:1d:37:ae:29:0d:50:1d:01:b2:97:44:8b:1d:fc:f8:
         c4:7c:3f:a2:f2:71:df:79:78:cd:61:b7:78:4b:37:f2:cd:d2:
         0a:7a:e9:22:70:5e:fe:a1:83:ad:5c:e1:ed:9f:56:ae:6a:53:
         89:d4:95:90:a0:81:a3:5d:c2:74:82:01:5f:29:7c:e7:25:3a:
         73:3e:ee:8d:07:22:68:27:8f:18:52:a2:d8:81:34:05:6e:06:
         b4:42:80:e1:91:16:e5:6d:b9:f1:9d:ec:99:56:26:24:51:97:
         46:e2:41:a1:b7:76:d7:56:f2:5c:cc:15:ed:45:81:a5:07:55:
         a1:f4:a0:3b:d1:19:30:68:71:4f:55:f4:81:23:2c:29:18:d1:
         42:22:80:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljsleczGnJBglwoSn5KHlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjUwMTAyMDU0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTg1YmFjZjhlMThiZTE1ZGY2YzAyNjM1NGNhMDBjYzg1YmQwMTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8kPdAS6+P6Xjf2BXF8Zw7HQ1EBiv
pz+XWqELoQTEK3C9D07VdQjLT8T0dHxIeCN1Fp1mWFZ1C8Nwc2LiBmjM8HMvwGwE
U7dzPdtPNTJZqAXFWMc+NMIsK1lBs68trBH0sCzSn3huvZbIkQ8c6Aec1eDdgXSv
5PrQjYQdv8Xn9x7ecLQ+ik51B4KJqSGCdGvDua4a9WGouKB5Nd69M4gDodLryKon
NxOG8V7hSDjkoLE6PrTgzX4z5zKm7+XYgT5gpdl/pUyZm/CqrNK7frCzFoxxxguX
5NJuRSgjb/2xsOnah1gjEKFppLbkOZzMlOn6lXW4bljVTVWdKFHAnflPjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFmFus+OGL4V32wCY1TKAMyFvQGUMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvV1lXNno0NFl2aFhmYkFKalZNb0F6SVc5QVpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQkIMA0G
CSqGSIb3DQEBCwUAA4IBAQC2J+wXVbGe+f4qHTpRw1FEmA4x82nzSqJcw0lrdcPi
84jxLr00w/aeLzAIICx1LEwD1nbEdH7AgOuUJmkQqcOSwLEsa7ooH0QzmYklqntD
660OKbAQIxrqwB5qNx0e8/9PYgJU/wr6TxuMZb/Y0PEdN64pDVAdAbKXRIsd/PjE
fD+i8nHfeXjNYbd4SzfyzdIKeukicF7+oYOtXOHtn1aualOJ1JWQoIGjXcJ0ggFf
KXznJTpzPu6NByJoJ48YUqLYgTQFbga0QoDhkRblbbnxneyZViYkUZdG4kGht3bX
VvJczBXtRYGlB1Wh9KA70RkwaHFPVfSBIywpGNFCIoAx
-----END CERTIFICATE-----