Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/W-BqAytwLhtGHZzQWw3N67IOs00.roa
File:                     W-BqAytwLhtGHZzQWw3N67IOs00.roa (raw, json)
Hash identifier:          hjrd1Vz8jZ89utQK8P8tLoce00nKXunOaUIFgXvhalY=
Subject key identifier:   5B:E0:6A:03:2B:70:2E:1B:46:1D:9C:D0:5B:0D:CD:EB:B2:0E:B3:4D
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01942824A1995884BA1A10D5D2898C578C31
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/W-BqAytwLhtGHZzQWw3N67IOs00.roa
Signing time:             Thu 02 Jan 2025 17:51:16 +0000
ROA not before:           Thu 02 Jan 2025 17:51:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198178
IP address blocks:        45.128.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 00:57:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:a1:99:58:84:ba:1a:10:d5:d2:89:8c:57:8c:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 17:51:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5be06a032b702e1b461d9cd05b0dcdebb20eb34d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:69:9b:c3:07:41:1f:ea:5f:ab:48:67:c0:94:
                    26:34:09:6d:4c:f4:ee:5d:67:c1:d8:d5:2d:7e:c3:
                    53:7e:36:fb:77:80:9e:8b:f6:85:1b:8a:27:a8:90:
                    cb:12:72:7c:ef:e4:36:fb:77:3f:d1:d1:99:c4:6b:
                    7b:d1:2b:b6:ef:7b:55:b5:3c:97:45:c6:ef:0b:17:
                    c9:66:fc:64:2c:a2:86:03:ef:ac:80:f0:c2:bb:4e:
                    08:90:1b:b9:8a:aa:97:c0:3c:0a:22:70:a0:96:7b:
                    d7:64:a6:6c:16:bb:b3:da:12:d6:e5:49:a9:5a:1e:
                    48:52:9b:95:5b:8e:c1:d7:89:0e:e1:5a:34:48:3c:
                    46:23:8c:4c:ad:d8:46:8d:3b:4f:e6:fe:69:37:5e:
                    64:7e:ff:1c:b2:8c:b0:70:a2:27:90:c2:60:b1:63:
                    b4:61:67:98:4e:1f:4d:c9:a2:e8:88:96:0e:6c:17:
                    e5:29:3a:30:af:fd:c1:ef:2a:8a:eb:ea:f7:c5:8d:
                    a8:01:19:07:8f:70:54:8c:fb:f8:4a:81:27:45:cb:
                    cd:88:9a:d1:f5:b8:4e:9f:5c:70:cf:c8:5d:43:3b:
                    bd:b8:5d:75:72:78:6c:31:07:0a:a5:3e:d1:58:36:
                    61:73:14:ed:9b:16:0e:bd:f5:6d:fc:68:26:ca:9a:
                    f4:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:E0:6A:03:2B:70:2E:1B:46:1D:9C:D0:5B:0D:CD:EB:B2:0E:B3:4D
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/W-BqAytwLhtGHZzQWw3N67IOs00.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:54:78:a7:7a:20:0c:8f:67:88:8f:67:7a:01:ed:11:0d:dd:
         fe:e6:6f:72:0b:6a:65:c1:64:3d:0a:fd:85:28:57:4b:73:43:
         41:82:59:ae:40:06:fa:4c:49:56:93:a3:b5:6d:f3:16:9a:25:
         22:ad:33:e9:a2:07:f4:73:49:1e:3a:f3:fb:26:97:7e:8d:cf:
         3a:4c:20:9c:f2:d6:c2:ef:69:56:a8:6a:4f:d4:e9:22:11:f6:
         fc:62:c7:ff:41:16:7d:28:93:6c:4a:78:d2:fb:86:1d:e9:df:
         a4:41:f7:81:a7:30:25:f9:b6:95:41:4a:c4:27:f2:a3:ad:30:
         78:0b:70:a2:ec:ae:2c:59:3f:c9:6d:99:84:5c:c9:ca:d4:fb:
         9c:b3:8d:4e:b1:d3:76:2d:70:87:e2:cd:3c:4b:b3:62:18:f5:
         a1:c6:8f:67:cd:bc:b6:a6:6e:13:25:8e:8f:6a:55:e1:7c:50:
         7e:16:dd:da:81:77:15:f3:06:45:5d:87:78:fe:1a:27:23:64:
         c6:c9:f6:ef:85:5b:ff:e3:3e:5f:6c:2f:85:c7:19:ea:58:18:
         64:ca:a0:59:6f:d3:c5:6b:c7:fe:e6:ca:f5:ac:dc:5f:e8:d2:
         20:50:e4:ea:d9:d1:34:82:d2:a4:29:a3:74:70:6a:ff:62:f9:
         53:77:06:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJKGZWIS6GhDV0omMV4wxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTAyMTc1MTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmUwNmEwMzJiNzAyZTFiNDYxZDljZDA1YjBkY2RlYmIyMGViMzRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2mbwwdBH+pfq0hnwJQmNAltTPTu
XWfB2NUtfsNTfjb7d4Cei/aFG4onqJDLEnJ87+Q2+3c/0dGZxGt70Su273tVtTyX
RcbvCxfJZvxkLKKGA++sgPDCu04IkBu5iqqXwDwKInCglnvXZKZsFruz2hLW5Ump
Wh5IUpuVW47B14kO4Vo0SDxGI4xMrdhGjTtP5v5pN15kfv8csoywcKInkMJgsWO0
YWeYTh9NyaLoiJYObBflKTowr/3B7yqK6+r3xY2oARkHj3BUjPv4SoEnRcvNiJrR
9bhOn1xwz8hdQzu9uF11cnhsMQcKpT7RWDZhcxTtmxYOvfVt/Ggmypr0/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFvgagMrcC4bRh2c0FsNzeuyDrNNMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvVy1CcUF5dHdMaHRHSFp6UVd3M042N0lPczAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYBjMA0G
CSqGSIb3DQEBCwUAA4IBAQBfVHineiAMj2eIj2d6Ae0RDd3+5m9yC2plwWQ9Cv2F
KFdLc0NBglmuQAb6TElWk6O1bfMWmiUirTPpogf0c0keOvP7Jpd+jc86TCCc8tbC
72lWqGpP1OkiEfb8Ysf/QRZ9KJNsSnjS+4Yd6d+kQfeBpzAl+baVQUrEJ/KjrTB4
C3Ci7K4sWT/JbZmEXMnK1Pucs41OsdN2LXCH4s08S7NiGPWhxo9nzby2pm4TJY6P
alXhfFB+Ft3agXcV8wZFXYd4/honI2TGyfbvhVv/4z5fbC+FxxnqWBhkyqBZb9PF
a8f+5sr1rNxf6NIgUOTq2dE0gtKkKaN0cGr/YvlTdwbv
-----END CERTIFICATE-----