Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/wHcAQi8uIPoSNIZEDrB6lp9A4iU.roa
File:                     wHcAQi8uIPoSNIZEDrB6lp9A4iU.roa (raw, json)
Hash identifier:          WTw2CPdpDYr7UwLDEjPSvLdXO5lHAaBKc6BFHrkeRHQ=
Subject key identifier:   C0:77:00:42:2F:2E:20:FA:12:34:86:44:0E:B0:7A:96:9F:40:E2:25
Certificate issuer:       /CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
Certificate serial:       0194258F4C07605329F38C7140687206E362
Authority key identifier: 4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/wHcAQi8uIPoSNIZEDrB6lp9A4iU.roa
Signing time:             Thu 02 Jan 2025 05:48:55 +0000
ROA not before:           Thu 02 Jan 2025 05:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48851
IP address blocks:        62.73.169.40/29 maxlen: 29
                          82.112.107.136/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:4c:07:60:53:29:f3:8c:71:40:68:72:06:e3:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
        Validity
            Not Before: Jan  2 05:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c07700422f2e20fa123486440eb07a969f40e225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:84:5b:09:42:db:d3:c2:4a:57:53:28:6e:70:
                    b9:63:1e:e0:aa:72:93:f7:02:37:83:8a:1a:04:23:
                    cc:d2:c9:7f:b2:63:9f:d9:9d:69:bc:de:06:4f:cb:
                    44:7c:55:43:eb:72:17:59:e0:05:ac:4b:fe:5e:64:
                    ea:5b:51:c6:26:8e:b7:c0:57:f3:65:dc:04:37:78:
                    ea:0a:04:83:63:40:fc:f3:ca:91:6b:9f:c5:7e:74:
                    f4:c8:a0:0a:4a:9b:89:57:a9:8a:ef:4a:07:8c:4e:
                    dc:d7:7f:fc:5a:3a:bd:fc:a0:23:3d:02:1d:60:49:
                    18:e0:9c:e9:91:8b:52:98:ba:ee:f5:b3:a6:f9:52:
                    b2:14:50:51:7c:41:94:6e:ad:b1:9e:bb:98:98:08:
                    d9:42:ab:77:97:24:bd:94:5b:da:bd:a7:8e:30:0e:
                    cb:1b:64:42:d9:2d:a4:d2:17:a0:ce:55:db:38:92:
                    b3:c5:fc:06:b2:74:b7:5c:f6:55:cb:17:80:58:36:
                    a7:b1:a6:22:e0:31:eb:51:dc:23:63:a2:50:41:4e:
                    a3:b8:dc:b4:09:a7:28:1b:a2:0e:a9:81:e7:ee:81:
                    e8:e4:25:a9:07:11:d6:d5:05:02:73:55:06:c8:38:
                    93:e9:02:a6:2c:22:06:47:fa:6f:39:be:8b:0a:40:
                    c6:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:77:00:42:2F:2E:20:FA:12:34:86:44:0E:B0:7A:96:9F:40:E2:25
            X509v3 Authority Key Identifier:
                keyid:4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/wHcAQi8uIPoSNIZEDrB6lp9A4iU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.73.169.40/29
                  82.112.107.136/29

    Signature Algorithm: sha256WithRSAEncryption
         8e:03:83:2b:54:18:9a:fb:de:3a:ad:e7:ee:9a:94:85:d5:a2:
         e8:50:05:a4:38:64:e5:0c:fc:d3:9b:39:f5:d4:d8:90:a7:5c:
         12:c2:ec:43:9d:91:5f:7d:4e:8d:f9:59:eb:a2:56:82:d0:54:
         1f:b8:1b:f2:c3:cd:48:01:ad:e0:b2:e9:3e:2b:8d:3a:bd:99:
         c8:0a:bf:93:23:5e:c5:0f:03:7f:39:77:1b:fb:9a:5a:d6:7a:
         0c:81:f9:ce:49:a7:3c:47:03:fd:22:28:37:00:1d:65:73:91:
         c0:4b:4a:22:16:5f:db:b5:7f:c2:4b:70:f6:40:f7:bb:1f:f7:
         2a:b2:e0:f7:8b:0d:57:3b:65:f6:9f:42:32:87:2d:9c:4c:01:
         44:7c:53:fe:0c:d7:a9:36:fb:60:30:12:22:f8:bb:e4:70:a5:
         08:42:61:dd:f2:45:f9:96:a2:eb:39:05:e8:91:19:01:1a:25:
         ce:9a:a8:20:a0:a6:8f:7f:82:4c:7e:92:e1:5e:02:d7:6c:4c:
         3a:c8:08:90:fd:ed:06:61:4e:d6:d8:87:3e:0e:4d:64:1e:ee:
         b7:bb:84:f9:60:e5:41:82:96:1a:db:70:56:c2:c4:d1:b7:7f:
         70:a3:c3:de:70:0d:43:fc:8c:7f:80:e5:45:ba:ae:64:f7:ec:
         9f:6a:ae:b6
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQlj0wHYFMp84xxQGhyBuNiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNWEyOTIxZmJlYjhhNDQ4ZTdhZTFlYzVhMTFiOGFiODk4
ZDIyZmQwHhcNMjUwMTAyMDU0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDc3MDA0MjJmMmUyMGZhMTIzNDg2NDQwZWIwN2E5NjlmNDBlMjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2oRbCULb08JKV1MobnC5Yx7gqnKT
9wI3g4oaBCPM0sl/smOf2Z1pvN4GT8tEfFVD63IXWeAFrEv+XmTqW1HGJo63wFfz
ZdwEN3jqCgSDY0D888qRa5/FfnT0yKAKSpuJV6mK70oHjE7c13/8Wjq9/KAjPQId
YEkY4JzpkYtSmLru9bOm+VKyFFBRfEGUbq2xnruYmAjZQqt3lyS9lFvavaeOMA7L
G2RC2S2k0hegzlXbOJKzxfwGsnS3XPZVyxeAWDansaYi4DHrUdwjY6JQQU6juNy0
CacoG6IOqYHn7oHo5CWpBxHW1QUCc1UGyDiT6QKmLCIGR/pvOb6LCkDGlQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMB3AEIvLiD6EjSGRA6wepafQOIlMB8GA1UdIwQY
MBaAFE1aKSH764pEjnrh7FoRuKuJjSL9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUt
NzgwYTI1Y2QwZGQ5LzEvd0hjQVFpOHVJUG9TTklaRURyQjZscDlBNGlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUtNzgwYTI1Y2QwZGQ5
LzEvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOAwUDPkmpKAMF
A1Jwa4gwDQYJKoZIhvcNAQELBQADggEBAI4DgytUGJr73jqt5+6alIXVouhQBaQ4
ZOUM/NObOfXU2JCnXBLC7EOdkV99To35WeuiVoLQVB+4G/LDzUgBreCy6T4rjTq9
mcgKv5MjXsUPA385dxv7mlrWegyB+c5JpzxHA/0iKDcAHWVzkcBLSiIWX9u1f8JL
cPZA97sf9yqy4PeLDVc7ZfafQjKHLZxMAUR8U/4M16k2+2AwEiL4u+RwpQhCYd3y
RfmWous5BeiRGQEaJc6aqCCgpo9/gkx+kuFeAtdsTDrICJD97QZhTtbYhz4OTWQe
7re7hPlg5UGClhrbcFbCxNG3f3Cjw95wDUP8jH+A5UW6rmT37J9qrrY=
-----END CERTIFICATE-----