Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/0WheHs--PVNhb-dwmL15VnoMZNE.roa
File:                     0WheHs--PVNhb-dwmL15VnoMZNE.roa (raw, json)
Hash identifier:          LogvI9W6pq8n6MXjyIiRO69ByPMJ4x9E03NP2sl5Rfg=
Subject key identifier:   D1:68:5E:1E:CF:BE:3D:53:61:6F:E7:70:98:BD:79:56:7A:0C:64:D1
Certificate issuer:       /CN=5588f197f97e8900755544e810cddef9d90fbc41
Certificate serial:       01942369E894FADE2F1407D36005E8EB2B62
Authority key identifier: 55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/0WheHs--PVNhb-dwmL15VnoMZNE.roa
Signing time:             Wed 01 Jan 2025 19:48:50 +0000
ROA not before:           Wed 01 Jan 2025 19:48:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13259
IP address blocks:        149.126.240.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:e8:94:fa:de:2f:14:07:d3:60:05:e8:eb:2b:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5588f197f97e8900755544e810cddef9d90fbc41
        Validity
            Not Before: Jan  1 19:48:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d1685e1ecfbe3d53616fe77098bd79567a0c64d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:67:55:99:14:ee:e3:e9:b4:59:05:d4:69:9e:
                    c5:ea:c2:c7:d6:2a:f0:a0:82:df:58:85:4d:61:93:
                    6b:c0:eb:7d:a1:99:6d:fb:24:2b:12:b3:0d:ca:68:
                    5d:ec:80:11:3b:6a:75:f6:6c:45:7b:11:ef:ac:28:
                    eb:eb:56:b7:fc:8e:07:84:91:15:3f:71:4c:5e:3c:
                    0a:a3:15:03:53:02:24:3d:c2:e6:d5:3b:f4:4b:0d:
                    07:59:54:b7:22:b4:1d:ac:d7:11:15:39:f5:a5:d5:
                    9b:ca:a7:59:f9:e4:b8:88:be:02:44:8f:f1:3c:1f:
                    00:ed:26:e2:ff:a4:1a:ba:6c:49:b0:e3:55:93:05:
                    93:fc:eb:9b:c9:19:88:ac:e8:2f:2c:d1:16:84:ca:
                    64:90:41:c9:ea:4c:3a:be:35:d5:67:06:5f:a1:77:
                    81:f8:6f:0d:1a:2f:5d:be:66:13:7c:d3:62:c9:a6:
                    fe:ea:6a:b3:c9:82:61:45:08:a8:ba:ce:cd:36:04:
                    2a:08:3c:22:74:6d:1e:7c:90:90:9a:46:b6:b7:f5:
                    ba:15:ed:43:39:fe:f5:02:51:46:b4:1e:18:05:ad:
                    c7:eb:00:db:a9:60:dd:bd:2b:06:4f:7c:dc:d0:3b:
                    04:f0:8e:84:30:d1:37:e1:65:ce:95:2f:49:73:df:
                    fc:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:68:5E:1E:CF:BE:3D:53:61:6F:E7:70:98:BD:79:56:7A:0C:64:D1
            X509v3 Authority Key Identifier:
                keyid:55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/0WheHs--PVNhb-dwmL15VnoMZNE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.126.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         36:84:fb:da:61:52:86:89:8d:8a:46:65:fe:da:04:82:95:23:
         6f:d8:5a:63:32:af:76:8d:13:0a:78:04:2a:25:fe:d5:c6:5e:
         72:81:94:46:cc:90:13:16:a2:50:49:63:e8:18:49:91:b4:d1:
         77:15:b2:f5:29:5d:7f:18:a7:4c:c7:c8:51:c3:50:fc:9e:e3:
         1a:28:1b:34:f9:82:49:a2:df:45:b6:85:31:64:81:2b:f9:67:
         4d:ad:1e:70:84:ec:9c:67:85:f0:95:86:32:45:40:54:b5:47:
         86:45:01:92:d4:5a:4c:d7:0e:b3:eb:d8:7d:88:47:72:1b:79:
         5f:1e:53:bc:7f:fc:06:29:0c:97:92:44:cc:2d:79:4b:68:97:
         5d:d6:68:f4:7b:e9:96:e2:2d:f1:12:b7:f3:4d:f3:b8:a6:dd:
         2f:7c:1a:5b:f8:e8:60:76:18:42:e0:a4:73:de:8b:75:df:29:
         d9:68:a0:fc:cd:7e:0e:75:cf:99:7f:44:53:c9:00:f1:d0:85:
         96:b5:2a:13:fa:f3:c3:d7:0c:a4:5d:f8:e6:8c:cb:32:1c:de:
         1b:66:7a:51:de:2c:82:de:60:44:7e:31:86:02:38:e8:23:13:
         4e:57:9c:88:4d:42:82:47:b1:db:44:3c:3e:21:e7:f9:96:8f:
         ce:c8:3c:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaeiU+t4vFAfTYAXo6ytiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ODhmMTk3Zjk3ZTg5MDA3NTU1NDRlODEwY2RkZWY5ZDkw
ZmJjNDEwHhcNMjUwMTAxMTk0ODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTY4NWUxZWNmYmUzZDUzNjE2ZmU3NzA5OGJkNzk1NjdhMGM2NGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn2dVmRTu4+m0WQXUaZ7F6sLH1irw
oILfWIVNYZNrwOt9oZlt+yQrErMNymhd7IARO2p19mxFexHvrCjr61a3/I4HhJEV
P3FMXjwKoxUDUwIkPcLm1Tv0Sw0HWVS3IrQdrNcRFTn1pdWbyqdZ+eS4iL4CRI/x
PB8A7Sbi/6QaumxJsONVkwWT/OubyRmIrOgvLNEWhMpkkEHJ6kw6vjXVZwZfoXeB
+G8NGi9dvmYTfNNiyab+6mqzyYJhRQious7NNgQqCDwidG0efJCQmka2t/W6Fe1D
Of71AlFGtB4YBa3H6wDbqWDdvSsGT3zc0DsE8I6EMNE34WXOlS9Jc9/8gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNFoXh7Pvj1TYW/ncJi9eVZ6DGTRMB8GA1UdIwQY
MBaAFFWI8Zf5fokAdVVE6BDN3vnZD7xBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2Et
N2NmZWY0Mjc2YTBmLzEvMFdoZUhzLS1QVk5oYi1kd21MMTVWbm9NWk5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2EtN2NmZWY0Mjc2YTBm
LzEvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQElX7wMA0G
CSqGSIb3DQEBCwUAA4IBAQA2hPvaYVKGiY2KRmX+2gSClSNv2FpjMq92jRMKeAQq
Jf7Vxl5ygZRGzJATFqJQSWPoGEmRtNF3FbL1KV1/GKdMx8hRw1D8nuMaKBs0+YJJ
ot9FtoUxZIEr+WdNrR5whOycZ4XwlYYyRUBUtUeGRQGS1FpM1w6z69h9iEdyG3lf
HlO8f/wGKQyXkkTMLXlLaJdd1mj0e+mW4i3xErfzTfO4pt0vfBpb+OhgdhhC4KRz
3ot13ynZaKD8zX4Odc+Zf0RTyQDx0IWWtSoT+vPD1wykXfjmjMsyHN4bZnpR3iyC
3mBEfjGGAjjoIxNOV5yITUKCR7HbRDw+Ief5lo/OyDzr
-----END CERTIFICATE-----