Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/2e543d-4ef7-4e85-867a-99f2004659d1/1/WdmL2O8VPrkR42ZOw2QephNcMKQ.roa
File:                     WdmL2O8VPrkR42ZOw2QephNcMKQ.roa (raw, json)
Hash identifier:          hlVVES8UOIZDvKYVagg5Nkh0JVEcOtJVFmlV0ra9F/8=
Subject key identifier:   59:D9:8B:D8:EF:15:3E:B9:11:E3:66:4E:C3:64:1E:A6:13:5C:30:A4
Certificate issuer:       /CN=7cdc40c3dbdf819d7413e772bd875814c7eaf55e
Certificate serial:       019425FC4759F6FEF9C8E6220036D0AA3A8E
Authority key identifier: 7C:DC:40:C3:DB:DF:81:9D:74:13:E7:72:BD:87:58:14:C7:EA:F5:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fNxAw9vfgZ10E-dyvYdYFMfq9V4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/2e543d-4ef7-4e85-867a-99f2004659d1/1/WdmL2O8VPrkR42ZOw2QephNcMKQ.roa
Signing time:             Thu 02 Jan 2025 07:47:57 +0000
ROA not before:           Thu 02 Jan 2025 07:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201233
IP address blocks:        217.18.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/2e543d-4ef7-4e85-867a-99f2004659d1/1/fNxAw9vfgZ10E-dyvYdYFMfq9V4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/2e543d-4ef7-4e85-867a-99f2004659d1/1/fNxAw9vfgZ10E-dyvYdYFMfq9V4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fNxAw9vfgZ10E-dyvYdYFMfq9V4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 04:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:47:59:f6:fe:f9:c8:e6:22:00:36:d0:aa:3a:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7cdc40c3dbdf819d7413e772bd875814c7eaf55e
        Validity
            Not Before: Jan  2 07:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=59d98bd8ef153eb911e3664ec3641ea6135c30a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:76:f3:2e:c6:87:86:ad:e6:12:4b:d1:2e:94:
                    32:d0:5a:d9:74:43:52:2e:a5:e2:e0:32:a8:65:e2:
                    48:05:79:3e:ca:c1:2a:f9:d4:49:3e:18:94:7e:9c:
                    7c:41:56:ef:a2:ff:0b:f6:7b:8e:67:04:ef:b3:a2:
                    9f:a7:07:56:5a:02:e4:9c:ac:02:50:d7:90:cf:6a:
                    91:54:fd:a0:e6:73:b8:69:bc:62:26:96:96:e3:85:
                    72:e6:2e:63:ec:b8:8e:20:2f:e3:c8:15:4c:5d:b7:
                    99:24:4e:d2:9e:ac:b2:db:d3:6e:65:06:32:ba:92:
                    28:dc:3b:fe:81:c5:3a:1b:95:29:ce:a5:58:27:08:
                    c9:21:e2:1f:c9:6e:45:97:56:87:fa:94:33:ee:12:
                    a5:91:59:2a:25:94:32:3d:d7:58:6a:f8:e5:3a:17:
                    47:cb:15:83:c7:b0:c8:78:7d:c6:87:7b:2b:77:56:
                    de:06:ea:cc:80:27:1f:74:50:8b:1b:d5:83:9d:b4:
                    00:05:de:d2:02:cb:8f:fc:d2:7a:a7:60:95:19:f3:
                    55:1b:76:50:c2:08:5f:1b:c4:bd:d0:e5:c1:57:5e:
                    fc:19:01:4c:9f:c4:87:d4:9b:24:c1:36:d0:31:3e:
                    3f:73:7c:72:ff:96:c5:5d:67:6e:40:06:34:c8:2f:
                    12:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:D9:8B:D8:EF:15:3E:B9:11:E3:66:4E:C3:64:1E:A6:13:5C:30:A4
            X509v3 Authority Key Identifier:
                keyid:7C:DC:40:C3:DB:DF:81:9D:74:13:E7:72:BD:87:58:14:C7:EA:F5:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fNxAw9vfgZ10E-dyvYdYFMfq9V4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/2e543d-4ef7-4e85-867a-99f2004659d1/1/WdmL2O8VPrkR42ZOw2QephNcMKQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/2e543d-4ef7-4e85-867a-99f2004659d1/1/fNxAw9vfgZ10E-dyvYdYFMfq9V4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.18.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:93:2d:22:6c:40:d9:a8:2f:dd:d8:90:65:e4:34:fa:6f:37:
         52:ee:5d:2d:93:d6:15:55:33:fe:3e:6f:99:0f:c4:20:fa:7a:
         86:06:3c:05:f8:44:50:a7:94:09:74:7d:da:89:5c:e8:d5:a9:
         b3:3b:ee:1b:30:c5:94:b0:51:5f:f8:81:31:78:fa:8b:57:ca:
         12:c9:49:17:ee:a2:f4:dc:b0:66:17:f5:0b:46:eb:9d:b4:11:
         a9:51:ce:eb:8a:ac:a2:70:7a:76:42:76:f7:75:6a:c2:7d:af:
         07:58:79:f2:ba:84:e2:b5:48:a7:f2:5b:ef:f6:84:f6:1a:74:
         79:99:9e:dc:2c:08:d1:0b:bd:4a:3a:ed:82:84:ea:95:d2:d0:
         64:77:35:87:a4:7b:a3:dd:4a:d4:92:c2:de:75:fe:73:86:0a:
         9f:fa:8c:8e:81:1e:b0:cc:b9:d6:1f:7a:3c:92:d2:36:34:b3:
         d8:86:45:76:98:38:e8:4a:2d:28:d6:15:36:2d:a3:3a:d0:23:
         2d:a3:2f:b5:fd:67:4d:bd:ec:6e:1d:84:fc:cd:81:cf:db:29:
         a0:f3:f1:28:97:f8:bb:3a:4f:8f:92:4d:8d:b5:71:b7:93:6d:
         4f:35:08:f0:4b:51:81:9d:4c:c5:68:33:9d:21:45:31:e2:fc:
         19:48:12:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/EdZ9v75yOYiADbQqjqOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjZGM0MGMzZGJkZjgxOWQ3NDEzZTc3MmJkODc1ODE0Yzdl
YWY1NWUwHhcNMjUwMTAyMDc0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWQ5OGJkOGVmMTUzZWI5MTFlMzY2NGVjMzY0MWVhNjEzNWMzMGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHbzLsaHhq3mEkvRLpQy0FrZdENS
LqXi4DKoZeJIBXk+ysEq+dRJPhiUfpx8QVbvov8L9nuOZwTvs6KfpwdWWgLknKwC
UNeQz2qRVP2g5nO4abxiJpaW44Vy5i5j7LiOIC/jyBVMXbeZJE7Snqyy29NuZQYy
upIo3Dv+gcU6G5UpzqVYJwjJIeIfyW5Fl1aH+pQz7hKlkVkqJZQyPddYavjlOhdH
yxWDx7DIeH3Gh3srd1beBurMgCcfdFCLG9WDnbQABd7SAsuP/NJ6p2CVGfNVG3ZQ
wghfG8S90OXBV178GQFMn8SH1JskwTbQMT4/c3xy/5bFXWduQAY0yC8SBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFnZi9jvFT65EeNmTsNkHqYTXDCkMB8GA1UdIwQY
MBaAFHzcQMPb34GddBPncr2HWBTH6vVeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZk54QXc5dmZnWjEwRS1keXZZZFlGTWZxOVY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS8yZTU0M2QtNGVmNy00ZTg1LTg2N2Et
OTlmMjAwNDY1OWQxLzEvV2RtTDJPOFZQcmtSNDJaT3cyUWVwaE5jTUtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS8yZTU0M2QtNGVmNy00ZTg1LTg2N2EtOTlmMjAwNDY1OWQx
LzEvZk54QXc5dmZnWjEwRS1keXZZZFlGTWZxOVY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RJVMA0G
CSqGSIb3DQEBCwUAA4IBAQAAky0ibEDZqC/d2JBl5DT6bzdS7l0tk9YVVTP+Pm+Z
D8Qg+nqGBjwF+ERQp5QJdH3aiVzo1amzO+4bMMWUsFFf+IExePqLV8oSyUkX7qL0
3LBmF/ULRuudtBGpUc7riqyicHp2Qnb3dWrCfa8HWHnyuoTitUin8lvv9oT2GnR5
mZ7cLAjRC71KOu2ChOqV0tBkdzWHpHuj3UrUksLedf5zhgqf+oyOgR6wzLnWH3o8
ktI2NLPYhkV2mDjoSi0o1hU2LaM60CMtoy+1/WdNvexuHYT8zYHP2ymg8/Eol/i7
Ok+Pkk2NtXG3k21PNQjwS1GBnUzFaDOdIUUx4vwZSBJs
-----END CERTIFICATE-----