Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/0600f8-2958-4417-bb67-3c5e1744acdd/1/wfzndjh_1PyK6B8Rf4Qnrhzhf1I.roa
File:                     wfzndjh_1PyK6B8Rf4Qnrhzhf1I.roa (raw, json)
Hash identifier:          conmJC0uHXltpd+fK7k2U4ghVYU0Xoj8HIet8R78GBA=
Subject key identifier:   C1:FC:E7:76:38:7F:D4:FC:8A:E8:1F:11:7F:84:27:AE:1C:E1:7F:52
Certificate issuer:       /CN=af503e5b835f0a81381d1c4c1233d38fb7ddf23d
Certificate serial:       0194282651C90CA67786599FBF1BC89F4924
Authority key identifier: AF:50:3E:5B:83:5F:0A:81:38:1D:1C:4C:12:33:D3:8F:B7:DD:F2:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r1A-W4NfCoE4HRxMEjPTj7fd8j0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/0600f8-2958-4417-bb67-3c5e1744acdd/1/wfzndjh_1PyK6B8Rf4Qnrhzhf1I.roa
Signing time:             Thu 02 Jan 2025 17:53:07 +0000
ROA not before:           Thu 02 Jan 2025 17:53:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44812
IP address blocks:        92.119.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/0600f8-2958-4417-bb67-3c5e1744acdd/1/r1A-W4NfCoE4HRxMEjPTj7fd8j0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/0600f8-2958-4417-bb67-3c5e1744acdd/1/r1A-W4NfCoE4HRxMEjPTj7fd8j0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r1A-W4NfCoE4HRxMEjPTj7fd8j0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 02:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:51:c9:0c:a6:77:86:59:9f:bf:1b:c8:9f:49:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af503e5b835f0a81381d1c4c1233d38fb7ddf23d
        Validity
            Not Before: Jan  2 17:53:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c1fce776387fd4fc8ae81f117f8427ae1ce17f52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:e0:0a:35:4c:06:f7:46:68:53:b4:96:ca:c5:
                    85:49:74:b8:91:d8:5a:cb:37:77:c3:b3:fb:c2:df:
                    2f:3d:f9:3f:ee:1b:2f:a5:06:ee:d5:37:d7:33:2d:
                    e6:56:09:5b:5a:e7:1c:f2:0e:78:09:1c:aa:fd:04:
                    30:15:35:d1:70:64:c3:26:3d:a2:88:47:8c:c8:2d:
                    1f:fa:79:c4:7b:90:36:c2:c9:2e:05:e3:49:78:aa:
                    14:17:50:da:7d:90:09:19:b1:08:27:9d:41:84:cd:
                    b9:c0:af:49:8e:91:83:dc:ae:63:49:b3:e0:19:ca:
                    1b:37:44:d5:55:36:01:c8:2f:1a:b8:6c:da:be:d2:
                    54:42:9f:2b:6d:19:2b:d9:42:7f:3b:31:0e:f1:5a:
                    3d:dc:b5:b9:00:48:ab:4b:01:62:02:8c:6b:10:c7:
                    7e:19:71:e3:99:1a:ba:ab:bf:83:58:26:c6:3a:0f:
                    82:f7:b4:c4:3d:71:01:03:09:32:bd:d0:fd:bd:dd:
                    c2:1e:5f:f5:cc:71:96:75:33:08:27:51:e4:43:1a:
                    61:84:64:ee:86:e7:40:b0:d1:e9:c5:5c:96:e2:2b:
                    77:ca:a0:71:33:c1:a2:62:c0:00:a0:f4:bf:3f:7d:
                    dc:bf:c0:b6:5d:58:f3:aa:af:08:88:0b:0b:82:a2:
                    2f:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:FC:E7:76:38:7F:D4:FC:8A:E8:1F:11:7F:84:27:AE:1C:E1:7F:52
            X509v3 Authority Key Identifier:
                keyid:AF:50:3E:5B:83:5F:0A:81:38:1D:1C:4C:12:33:D3:8F:B7:DD:F2:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r1A-W4NfCoE4HRxMEjPTj7fd8j0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/0600f8-2958-4417-bb67-3c5e1744acdd/1/wfzndjh_1PyK6B8Rf4Qnrhzhf1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/0600f8-2958-4417-bb67-3c5e1744acdd/1/r1A-W4NfCoE4HRxMEjPTj7fd8j0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.119.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:f8:09:37:14:fe:5f:de:9a:0c:be:46:c1:61:58:05:27:d9:
         6f:91:34:16:8e:b0:ef:aa:c9:66:53:67:3d:09:bc:7c:82:f0:
         af:f4:08:44:1f:ee:e5:41:b6:08:d9:75:cf:c6:fb:f1:c0:1e:
         eb:48:46:0a:2c:10:f3:c5:3c:38:6f:f8:76:9b:75:d7:ab:27:
         5d:12:cd:da:72:e4:17:fa:5e:60:c5:d3:c6:e0:03:6d:bc:16:
         2d:a7:7d:2f:9a:0b:28:41:5b:16:d4:f6:90:3f:f0:94:f2:12:
         98:48:8e:d7:6d:c8:99:98:64:5d:37:cf:75:ee:dd:fe:4a:9d:
         69:6e:9f:94:04:b5:e1:8c:6f:8e:a5:28:b3:4b:91:d4:a0:db:
         87:5b:99:2f:ea:b3:a7:3f:c5:fe:65:f5:db:53:0d:b4:6d:ac:
         60:a5:29:4f:7f:d2:51:2c:7e:c5:31:e9:d9:f7:90:dd:db:dc:
         c8:29:93:bf:d0:89:0a:a1:d1:ef:ea:88:f9:d0:38:2f:0c:7b:
         b4:dc:ea:16:68:20:32:bf:d3:bb:4e:d8:31:35:37:9c:db:3a:
         0e:8f:d2:3e:08:97:4c:c4:9f:7c:31:aa:08:dd:f7:69:b9:e5:
         aa:52:84:24:f7:4d:c2:44:ef:b0:d3:09:cf:7e:0a:7d:d4:dc:
         2d:93:7a:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJlHJDKZ3hlmfvxvIn0kkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNTAzZTViODM1ZjBhODEzODFkMWM0YzEyMzNkMzhmYjdk
ZGYyM2QwHhcNMjUwMTAyMTc1MzA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWZjZTc3NjM4N2ZkNGZjOGFlODFmMTE3Zjg0MjdhZTFjZTE3ZjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+AKNUwG90ZoU7SWysWFSXS4kdha
yzd3w7P7wt8vPfk/7hsvpQbu1TfXMy3mVglbWucc8g54CRyq/QQwFTXRcGTDJj2i
iEeMyC0f+nnEe5A2wskuBeNJeKoUF1DafZAJGbEIJ51BhM25wK9JjpGD3K5jSbPg
GcobN0TVVTYByC8auGzavtJUQp8rbRkr2UJ/OzEO8Vo93LW5AEirSwFiAoxrEMd+
GXHjmRq6q7+DWCbGOg+C97TEPXEBAwkyvdD9vd3CHl/1zHGWdTMIJ1HkQxphhGTu
hudAsNHpxVyW4it3yqBxM8GiYsAAoPS/P33cv8C2XVjzqq8IiAsLgqIvnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMH853Y4f9T8iugfEX+EJ64c4X9SMB8GA1UdIwQY
MBaAFK9QPluDXwqBOB0cTBIz04+33fI9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjFBLVc0TmZDb0U0SFJ4TUVqUFRqN2ZkOGowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS8wNjAwZjgtMjk1OC00NDE3LWJiNjct
M2M1ZTE3NDRhY2RkLzEvd2Z6bmRqaF8xUHlLNkI4UmY0UW5yaHpoZjFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS8wNjAwZjgtMjk1OC00NDE3LWJiNjctM2M1ZTE3NDRhY2Rk
LzEvcjFBLVc0TmZDb0U0SFJ4TUVqUFRqN2ZkOGowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXHefMA0G
CSqGSIb3DQEBCwUAA4IBAQBz+Ak3FP5f3poMvkbBYVgFJ9lvkTQWjrDvqslmU2c9
Cbx8gvCv9AhEH+7lQbYI2XXPxvvxwB7rSEYKLBDzxTw4b/h2m3XXqyddEs3acuQX
+l5gxdPG4ANtvBYtp30vmgsoQVsW1PaQP/CU8hKYSI7XbciZmGRdN8917t3+Sp1p
bp+UBLXhjG+OpSizS5HUoNuHW5kv6rOnP8X+ZfXbUw20baxgpSlPf9JRLH7FMenZ
95Dd29zIKZO/0IkKodHv6oj50DgvDHu03OoWaCAyv9O7TtgxNTec2zoOj9I+CJdM
xJ98MaoI3fdpueWqUoQk903CRO+w0wnPfgp91Nwtk3qT
-----END CERTIFICATE-----