Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/WuQ-AjWFLqwVzDbVQf935jlg-ak.roa
File:                     WuQ-AjWFLqwVzDbVQf935jlg-ak.roa (raw, json)
Hash identifier:          Egrg9iOdSobJg7AFsm3j98xNdSctf9CeWANDK5RpFmA=
Subject key identifier:   5A:E4:3E:02:35:85:2E:AC:15:CC:36:D5:41:FF:77:E6:39:60:F9:A9
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0197E967472AEB66FC9B9ABE21B8C74A081D
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/WuQ-AjWFLqwVzDbVQf935jlg-ak.roa
Signing time:             Tue 08 Jul 2025 09:39:09 +0000
ROA not before:           Tue 08 Jul 2025 09:39:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     150770
IP address blocks:        89.213.1.0/24 maxlen: 24
                          213.218.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 14:11:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e9:67:47:2a:eb:66:fc:9b:9a:be:21:b8:c7:4a:08:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jul  8 09:39:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5ae43e0235852eac15cc36d541ff77e63960f9a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:c1:9a:6c:7a:91:9a:29:d2:a4:bf:c3:fb:d6:
                    07:90:86:4d:26:c5:c2:e3:89:37:93:98:9c:d8:99:
                    9c:0a:e4:cc:2b:c8:c8:71:90:8b:cb:35:f7:60:30:
                    f6:07:bb:82:8f:96:cf:0c:63:04:96:53:fa:5b:37:
                    f3:d6:01:7e:df:40:83:d1:0b:dd:88:e2:18:80:16:
                    d5:b7:59:6e:94:d5:de:62:bd:3f:81:3b:f7:c5:0e:
                    4f:ec:43:3c:bd:0b:2d:9a:65:e8:fa:e3:82:36:fc:
                    82:22:be:e2:5f:24:de:b7:cc:1e:4b:86:3a:dd:2a:
                    7f:27:9d:9d:ca:72:e8:52:25:69:0c:e0:42:7d:3b:
                    a3:80:76:3a:2c:b7:5c:9e:10:e2:0e:7c:14:95:2c:
                    5f:dc:60:14:08:2a:e7:e9:83:0c:b0:f1:2f:ff:73:
                    4a:45:37:be:7c:a1:e2:01:6f:48:fb:5c:10:75:de:
                    13:7a:4f:0f:bf:f5:a7:c0:1d:7b:9f:85:88:01:4e:
                    1a:7f:35:cf:75:7a:01:dd:24:de:75:de:24:ac:db:
                    be:67:e4:10:fb:26:f5:d5:37:93:52:24:7b:4d:f4:
                    06:83:db:1c:46:0e:c9:e6:f1:45:f9:66:fa:5a:ea:
                    fd:c8:f0:13:e8:1a:15:3b:49:2f:1f:29:7e:f7:e4:
                    dd:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:E4:3E:02:35:85:2E:AC:15:CC:36:D5:41:FF:77:E6:39:60:F9:A9
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/WuQ-AjWFLqwVzDbVQf935jlg-ak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.1.0/24
                  213.218.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:bf:a2:7b:1d:37:51:33:b5:e1:34:ce:6f:bb:b8:5a:ca:e3:
         b8:d8:8f:ac:30:58:f2:d7:ba:9a:93:c5:35:75:ca:e1:52:8d:
         2e:1f:31:0b:bd:d7:f2:68:18:ff:f6:5a:a7:01:69:8a:86:94:
         66:ce:9d:69:16:ce:d9:86:2d:77:ec:5a:86:20:54:9f:33:45:
         27:90:99:3c:1f:7d:35:fa:06:fe:78:bb:88:8a:95:15:33:0e:
         bb:3a:64:ec:00:34:83:0f:26:80:61:f8:a8:fa:8a:f3:4d:be:
         81:5f:d6:11:74:a7:10:c2:7a:ad:33:3c:d5:a4:80:b3:8d:0c:
         1e:0c:85:6a:ad:df:34:89:07:97:0a:b1:d9:6c:5e:12:74:28:
         ae:43:bd:6e:d7:21:5a:13:0e:1d:c9:1e:0e:bb:21:95:10:14:
         f3:73:f0:5f:74:5a:5b:9f:8c:f7:0d:18:9d:12:7e:c6:e6:5b:
         84:1d:25:3c:7b:4b:88:f1:39:5b:7c:71:0d:e7:d0:8f:3c:fe:
         bf:03:b3:a3:0a:20:1e:de:29:ed:6c:08:af:6c:86:d2:32:48:
         7d:6a:f6:4b:cb:73:5c:2a:75:b8:d1:06:de:bf:5f:12:34:f2:
         f9:d5:94:27:f1:3f:26:30:af:97:c4:92:e4:3d:ca:83:7c:0d:
         c7:ba:7f:fe
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZfpZ0cq62b8m5q+IbjHSggdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNzA4MDkzOTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWU0M2UwMjM1ODUyZWFjMTVjYzM2ZDU0MWZmNzdlNjM5NjBmOWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwsGabHqRminSpL/D+9YHkIZNJsXC
44k3k5ic2JmcCuTMK8jIcZCLyzX3YDD2B7uCj5bPDGMEllP6Wzfz1gF+30CD0Qvd
iOIYgBbVt1lulNXeYr0/gTv3xQ5P7EM8vQstmmXo+uOCNvyCIr7iXyTet8weS4Y6
3Sp/J52dynLoUiVpDOBCfTujgHY6LLdcnhDiDnwUlSxf3GAUCCrn6YMMsPEv/3NK
RTe+fKHiAW9I+1wQdd4Tek8Pv/WnwB17n4WIAU4afzXPdXoB3STedd4krNu+Z+QQ
+yb11TeTUiR7TfQGg9scRg7J5vFF+Wb6Wur9yPAT6BoVO0kvHyl+9+TdsQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFrkPgI1hS6sFcw21UH/d+Y5YPmpMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvV3VRLUFqV0ZMcXdWekRiVlFmOTM1amxnLWFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWdUBAwQA
1drYMA0GCSqGSIb3DQEBCwUAA4IBAQAyv6J7HTdRM7XhNM5vu7hayuO42I+sMFjy
17qak8U1dcrhUo0uHzELvdfyaBj/9lqnAWmKhpRmzp1pFs7Zhi137FqGIFSfM0Un
kJk8H301+gb+eLuIipUVMw67OmTsADSDDyaAYfio+orzTb6BX9YRdKcQwnqtMzzV
pICzjQweDIVqrd80iQeXCrHZbF4SdCiuQ71u1yFaEw4dyR4OuyGVEBTzc/BfdFpb
n4z3DRidEn7G5luEHSU8e0uI8TlbfHEN59CPPP6/A7OjCiAe3intbAivbIbSMkh9
avZLy3NcKnW40Qbev18SNPL51ZQn8T8mMK+XxJLkPcqDfA3Hun/+
-----END CERTIFICATE-----