Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/WwsrqEAzFv-hVsXiUc03wsfBCMY.roa
File:                     WwsrqEAzFv-hVsXiUc03wsfBCMY.roa (raw, json)
Hash identifier:          W2ATt3uL+0vvuI8owmK3aRi8xehId+aQq2rlXQux4m0=
Subject key identifier:   5B:0B:2B:A8:40:33:16:FF:A1:56:C5:E2:51:CD:37:C2:C7:C1:08:C6
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0194D5795B71EDC2BEB3165A5C098BCF5A9D
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/WwsrqEAzFv-hVsXiUc03wsfBCMY.roa
Signing time:             Wed 05 Feb 2025 09:38:07 +0000
ROA not before:           Wed 05 Feb 2025 09:38:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     23470
IP address blocks:        83.219.98.0/24 maxlen: 24
                          94.156.14.0/24 maxlen: 24
                          193.148.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 09:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:d5:79:5b:71:ed:c2:be:b3:16:5a:5c:09:8b:cf:5a:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Feb  5 09:38:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5b0b2ba8403316ffa156c5e251cd37c2c7c108c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:0a:72:bc:34:81:65:5d:24:41:c6:9f:f5:c5:
                    9a:73:62:ed:54:e2:f6:71:03:50:e1:2b:e1:34:be:
                    e5:cd:f5:67:b5:0c:68:67:8f:0d:22:10:01:b7:3c:
                    a6:a4:9c:6b:eb:c5:b6:47:79:35:93:0f:91:3d:99:
                    8c:57:60:3e:7e:d6:aa:c3:81:89:e8:c0:ef:ec:92:
                    1d:92:0a:de:15:8f:65:03:cb:47:bb:98:ed:54:f1:
                    ad:87:a1:bc:bc:36:36:66:cc:bf:05:2e:0b:38:07:
                    3a:d5:29:99:f2:6a:29:7f:89:67:b9:d7:98:c1:3e:
                    10:5d:59:45:dd:df:c5:b4:51:0e:fd:5c:62:97:66:
                    93:8a:a8:73:19:b7:4e:9e:db:91:f0:d3:70:b6:d5:
                    f9:43:49:23:20:4e:3a:24:50:8f:54:51:46:84:eb:
                    36:61:80:98:12:9b:1c:90:13:b7:b9:35:5b:f0:3d:
                    61:d4:a7:12:2e:08:f9:fa:1d:da:b6:63:e2:19:38:
                    fa:52:82:45:26:a3:47:07:1b:ae:11:a0:f4:5f:f7:
                    96:93:2c:6d:f5:5e:50:b1:87:3a:1d:43:47:9b:17:
                    30:59:f0:52:eb:31:69:fd:32:3a:89:33:91:8d:eb:
                    29:24:6e:08:88:58:1d:65:98:94:c6:67:06:c5:dc:
                    38:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:0B:2B:A8:40:33:16:FF:A1:56:C5:E2:51:CD:37:C2:C7:C1:08:C6
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/WwsrqEAzFv-hVsXiUc03wsfBCMY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.219.98.0/24
                  94.156.14.0/24
                  193.148.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:a6:33:9d:51:dd:22:96:be:c5:2d:8e:8e:15:79:a1:00:6e:
         6e:b3:05:35:26:08:bd:9b:07:3a:0e:03:72:8a:87:1e:50:6b:
         3a:7f:12:e3:36:14:a7:9f:d9:3a:f4:73:3c:ae:02:d7:e6:24:
         e0:54:83:f6:35:f4:d6:f6:17:0b:22:05:ff:83:ab:1c:e0:34:
         f2:12:40:fd:99:25:21:22:6e:8f:e2:4d:50:a4:19:b0:73:de:
         10:c3:5a:78:78:3f:82:a7:dc:3c:2a:f2:d8:02:cc:42:f5:84:
         d5:ae:e5:dd:3e:af:95:20:1e:dd:ef:ab:83:d0:45:48:69:32:
         60:b9:c0:45:de:0c:25:5d:72:a5:63:42:b3:27:27:8a:e5:81:
         6b:22:aa:64:9d:8b:d1:32:ae:ac:0a:73:21:1d:65:d6:0d:88:
         f6:14:1c:bb:03:e8:1f:bc:a1:72:4b:a7:14:76:93:bb:52:8a:
         cd:32:08:be:2c:81:e8:2d:79:b7:6d:85:cc:cc:60:09:14:2a:
         73:1e:95:32:42:e1:ad:e8:f2:b7:ff:c3:19:0f:9b:14:b2:24:
         b2:05:60:6b:6f:e3:a3:b4:26:95:a8:45:83:c5:71:ac:a9:a4:
         ea:c2:55:e3:8d:b7:6e:03:c3:9f:d5:44:30:4f:93:8d:a3:72:
         b5:0c:8b:70
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZTVeVtx7cK+sxZaXAmLz1qdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMjA1MDkzODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjBiMmJhODQwMzMxNmZmYTE1NmM1ZTI1MWNkMzdjMmM3YzEwOGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgpyvDSBZV0kQcaf9cWac2LtVOL2
cQNQ4SvhNL7lzfVntQxoZ48NIhABtzympJxr68W2R3k1kw+RPZmMV2A+ftaqw4GJ
6MDv7JIdkgreFY9lA8tHu5jtVPGth6G8vDY2Zsy/BS4LOAc61SmZ8mopf4lnudeY
wT4QXVlF3d/FtFEO/Vxil2aTiqhzGbdOntuR8NNwttX5Q0kjIE46JFCPVFFGhOs2
YYCYEpsckBO3uTVb8D1h1KcSLgj5+h3atmPiGTj6UoJFJqNHBxuuEaD0X/eWkyxt
9V5QsYc6HUNHmxcwWfBS6zFp/TI6iTORjespJG4IiFgdZZiUxmcGxdw4PQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFsLK6hAMxb/oVbF4lHNN8LHwQjGMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvV3dzcnFFQXpGdi1oVnNYaVVjMDN3c2ZCQ01ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAU9tiAwQA
XpwOAwQAwZT9MA0GCSqGSIb3DQEBCwUAA4IBAQA/pjOdUd0ilr7FLY6OFXmhAG5u
swU1Jgi9mwc6DgNyioceUGs6fxLjNhSnn9k69HM8rgLX5iTgVIP2NfTW9hcLIgX/
g6sc4DTyEkD9mSUhIm6P4k1QpBmwc94Qw1p4eD+Cp9w8KvLYAsxC9YTVruXdPq+V
IB7d76uD0EVIaTJgucBF3gwlXXKlY0KzJyeK5YFrIqpknYvRMq6sCnMhHWXWDYj2
FBy7A+gfvKFyS6cUdpO7UorNMgi+LIHoLXm3bYXMzGAJFCpzHpUyQuGt6PK3/8MZ
D5sUsiSyBWBrb+OjtCaVqEWDxXGsqaTqwlXjjbduA8Of1UQwT5ONo3K1DItw
-----END CERTIFICATE-----