Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/wPqYVNKJADvVgGucnETD7HuiSvs.roa
File:                     wPqYVNKJADvVgGucnETD7HuiSvs.roa (raw, json)
Hash identifier:          0eyTJy9gG8F8Xex/RtpsLoJCxS1EJ4y1hxoKVvkvOZ8=
Subject key identifier:   C0:FA:98:54:D2:89:00:3B:D5:80:6B:9C:9C:44:C3:EC:7B:A2:4A:FB
Certificate issuer:       /CN=57130f799f8a8985502a2ea3356037674085cfca
Certificate serial:       0194221FA304335D5D5B7700314EB50D658A
Authority key identifier: 57:13:0F:79:9F:8A:89:85:50:2A:2E:A3:35:60:37:67:40:85:CF:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/wPqYVNKJADvVgGucnETD7HuiSvs.roa
Signing time:             Wed 01 Jan 2025 13:48:06 +0000
ROA not before:           Wed 01 Jan 2025 13:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        45.149.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 07:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:a3:04:33:5d:5d:5b:77:00:31:4e:b5:0d:65:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57130f799f8a8985502a2ea3356037674085cfca
        Validity
            Not Before: Jan  1 13:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c0fa9854d289003bd5806b9c9c44c3ec7ba24afb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:86:5d:ec:2f:78:00:63:ad:49:0b:4b:1e:ea:
                    ae:fa:b1:7a:74:0b:7b:d5:65:37:71:da:75:b7:14:
                    7d:0d:1f:1b:25:15:a6:61:65:34:2b:9d:da:dd:a1:
                    d1:b5:72:2e:d7:10:13:5c:02:41:43:ec:29:86:ac:
                    bc:64:b0:70:91:b9:c5:c0:0c:ce:77:7b:12:76:e1:
                    6a:3b:d3:a5:36:97:1b:79:0b:a5:dd:4e:16:76:68:
                    dd:67:7c:fc:3b:2b:cb:c1:3d:6b:34:6e:e5:1a:55:
                    21:38:e0:ad:ce:a0:37:ca:bb:ff:e2:53:70:5a:3e:
                    bd:28:3e:96:39:3e:2e:28:1d:d4:d0:6c:c2:f1:4c:
                    30:0f:09:58:43:f9:51:84:f9:0b:36:39:7a:c3:53:
                    67:58:21:34:8c:77:59:aa:75:89:3a:53:53:f6:c0:
                    eb:eb:48:40:e5:61:5b:75:bc:82:aa:49:b8:fc:17:
                    11:11:df:e4:36:6c:d5:b0:91:90:17:9b:fc:23:84:
                    14:a0:ae:b7:72:9b:4d:66:70:c0:4c:36:47:73:c2:
                    3b:d5:87:c5:1f:c2:d8:fc:10:53:65:89:4a:d3:96:
                    28:07:6f:4e:5d:f0:bb:15:30:7b:8a:35:d5:4e:59:
                    22:e0:0a:38:e3:58:3a:76:12:ae:2f:00:ef:63:f5:
                    f7:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:FA:98:54:D2:89:00:3B:D5:80:6B:9C:9C:44:C3:EC:7B:A2:4A:FB
            X509v3 Authority Key Identifier:
                keyid:57:13:0F:79:9F:8A:89:85:50:2A:2E:A3:35:60:37:67:40:85:CF:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/wPqYVNKJADvVgGucnETD7HuiSvs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:00:31:b5:fb:0d:a3:c6:09:53:f3:27:19:7c:05:c0:77:6a:
         78:5d:12:fc:0b:d0:a5:13:e4:66:7b:eb:98:74:fc:0b:9c:d4:
         ac:62:d0:3b:5c:84:c8:1e:69:3a:54:69:33:94:19:66:6e:f9:
         a2:e4:8e:92:51:0a:70:d3:d9:34:80:c3:d9:70:e8:84:be:fa:
         aa:5e:0b:01:1c:56:da:5e:35:9d:72:4c:57:0a:65:2c:00:93:
         6f:8b:e7:bc:03:62:fe:4d:ff:9c:13:66:24:f2:f5:68:a7:6a:
         97:8b:07:c9:9b:8a:37:92:ad:36:61:95:31:57:b0:2f:fa:5d:
         09:90:28:1e:40:32:6c:f5:f3:55:01:76:b6:5b:b5:70:cf:3c:
         00:29:6a:30:b6:81:f7:88:70:77:8b:28:6d:a9:31:20:2b:83:
         5e:d4:62:65:9c:a8:95:04:96:68:fe:dc:a2:b9:5b:fc:ec:0b:
         19:eb:de:f4:93:a3:7a:29:ba:03:fa:a6:06:41:31:3a:f4:86:
         79:9f:f7:5d:6c:3b:03:09:40:46:68:c4:5d:bd:6e:f3:e2:37:
         e6:95:05:71:af:15:6a:8f:7c:58:32:22:8f:69:0b:bf:1e:66:
         0c:f2:2a:16:f0:7a:04:ea:28:19:52:37:e2:0e:b8:74:b8:5d:
         0a:ec:f7:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH6MEM11dW3cAMU61DWWKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MTMwZjc5OWY4YTg5ODU1MDJhMmVhMzM1NjAzNzY3NDA4
NWNmY2EwHhcNMjUwMTAxMTM0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGZhOTg1NGQyODkwMDNiZDU4MDZiOWM5YzQ0YzNlYzdiYTI0YWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsIZd7C94AGOtSQtLHuqu+rF6dAt7
1WU3cdp1txR9DR8bJRWmYWU0K53a3aHRtXIu1xATXAJBQ+wphqy8ZLBwkbnFwAzO
d3sSduFqO9OlNpcbeQul3U4WdmjdZ3z8OyvLwT1rNG7lGlUhOOCtzqA3yrv/4lNw
Wj69KD6WOT4uKB3U0GzC8UwwDwlYQ/lRhPkLNjl6w1NnWCE0jHdZqnWJOlNT9sDr
60hA5WFbdbyCqkm4/BcREd/kNmzVsJGQF5v8I4QUoK63cptNZnDATDZHc8I71YfF
H8LY/BBTZYlK05YoB29OXfC7FTB7ijXVTlki4Ao441g6dhKuLwDvY/X3vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMD6mFTSiQA71YBrnJxEw+x7okr7MB8GA1UdIwQY
MBaAFFcTD3mfiomFUCouozVgN2dAhc/KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnhNUGVaLUtpWVZRS2k2ak5XQTNaMENGejhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi81MTgxZGUtNDRjZC00NjU0LTk2ZmMt
ZDNiOTBhOWI5YjQxLzEvd1BxWVZOS0pBRHZWZ0d1Y25FVEQ3SHVpU3ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi81MTgxZGUtNDRjZC00NjU0LTk2ZmMtZDNiOTBhOWI5YjQx
LzEvVnhNUGVaLUtpWVZRS2k2ak5XQTNaMENGejhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZUkMA0G
CSqGSIb3DQEBCwUAA4IBAQARADG1+w2jxglT8ycZfAXAd2p4XRL8C9ClE+Rme+uY
dPwLnNSsYtA7XITIHmk6VGkzlBlmbvmi5I6SUQpw09k0gMPZcOiEvvqqXgsBHFba
XjWdckxXCmUsAJNvi+e8A2L+Tf+cE2Yk8vVop2qXiwfJm4o3kq02YZUxV7Av+l0J
kCgeQDJs9fNVAXa2W7VwzzwAKWowtoH3iHB3iyhtqTEgK4Ne1GJlnKiVBJZo/tyi
uVv87AsZ6970k6N6KboD+qYGQTE69IZ5n/ddbDsDCUBGaMRdvW7z4jfmlQVxrxVq
j3xYMiKPaQu/HmYM8ioW8HoE6igZUjfiDrh0uF0K7PeM
-----END CERTIFICATE-----