Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/496773-5018-48dc-a240-f60d6f7182a1/1/WYkwsfl1LrYxcZc4hOn_dwqrnKU.roa
File:                     WYkwsfl1LrYxcZc4hOn_dwqrnKU.roa (raw, json)
Hash identifier:          OFI3Jc8HI7chg6jym9Pd2h5sq7FHfkNT1WJbvujMSAY=
Subject key identifier:   59:89:30:B1:F9:75:2E:B6:31:71:97:38:84:E9:FF:77:0A:AB:9C:A5
Certificate issuer:       /CN=8821a39aed9da4ee3ab6639d244508fa1e8d20f6
Certificate serial:       019428235E1F0F389072CAF682712640FF0C
Authority key identifier: 88:21:A3:9A:ED:9D:A4:EE:3A:B6:63:9D:24:45:08:FA:1E:8D:20:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iCGjmu2dpO46tmOdJEUI-h6NIPY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/496773-5018-48dc-a240-f60d6f7182a1/1/WYkwsfl1LrYxcZc4hOn_dwqrnKU.roa
Signing time:             Thu 02 Jan 2025 17:49:54 +0000
ROA not before:           Thu 02 Jan 2025 17:49:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        45.137.128.0/22 maxlen: 22
                          192.144.44.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/496773-5018-48dc-a240-f60d6f7182a1/1/iCGjmu2dpO46tmOdJEUI-h6NIPY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/496773-5018-48dc-a240-f60d6f7182a1/1/iCGjmu2dpO46tmOdJEUI-h6NIPY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iCGjmu2dpO46tmOdJEUI-h6NIPY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:5e:1f:0f:38:90:72:ca:f6:82:71:26:40:ff:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8821a39aed9da4ee3ab6639d244508fa1e8d20f6
        Validity
            Not Before: Jan  2 17:49:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=598930b1f9752eb63171973884e9ff770aab9ca5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:8d:c2:e6:5b:7d:c0:7e:1a:69:6c:2d:07:5c:
                    c0:6c:27:91:c1:f3:27:c3:e0:d6:19:26:e0:08:cb:
                    a6:66:62:a0:f6:40:2b:d3:ba:79:ce:0a:b0:da:ae:
                    f3:fc:d7:e1:55:67:05:e2:ee:84:4e:46:06:bc:fb:
                    3a:d5:0e:26:28:f7:1e:3e:1e:cf:b4:df:97:d1:4a:
                    3e:0b:db:83:76:53:b0:18:f0:87:bd:60:be:5d:74:
                    62:bf:1a:27:9f:23:31:95:47:99:45:e2:2d:43:1b:
                    98:d6:ac:a8:27:80:42:e5:5e:60:96:29:eb:88:a9:
                    8f:e6:a2:dd:94:d5:36:18:ae:bc:2f:65:37:47:b7:
                    80:da:20:1c:9f:c8:ab:c0:b7:bf:53:20:d8:ed:ff:
                    f0:8e:85:82:49:34:04:aa:f9:af:4a:78:34:69:73:
                    af:d7:45:56:20:59:9a:bf:2d:85:f5:f9:36:e0:04:
                    58:c8:55:6b:7f:61:54:10:28:16:c7:30:d5:08:d1:
                    4c:f8:28:d4:99:7d:f9:37:49:bb:5f:15:df:4b:5e:
                    81:52:13:43:fb:7b:66:c5:0e:90:53:1f:1a:a1:25:
                    53:00:c8:db:01:ee:14:a8:f8:4e:a5:fc:e7:c0:af:
                    77:f2:d0:43:4e:e5:c7:4c:47:e5:ea:01:05:fd:32:
                    71:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:89:30:B1:F9:75:2E:B6:31:71:97:38:84:E9:FF:77:0A:AB:9C:A5
            X509v3 Authority Key Identifier:
                keyid:88:21:A3:9A:ED:9D:A4:EE:3A:B6:63:9D:24:45:08:FA:1E:8D:20:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iCGjmu2dpO46tmOdJEUI-h6NIPY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/496773-5018-48dc-a240-f60d6f7182a1/1/WYkwsfl1LrYxcZc4hOn_dwqrnKU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/496773-5018-48dc-a240-f60d6f7182a1/1/iCGjmu2dpO46tmOdJEUI-h6NIPY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.128.0/22
                  192.144.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3d:b5:ca:38:a5:db:b9:5d:78:3f:f4:f2:c7:57:08:17:4f:4f:
         5f:3f:05:3a:ba:83:d0:ae:0b:25:29:db:05:64:ef:27:dc:cb:
         1b:a1:f1:10:09:e4:2f:87:e1:52:54:da:f3:30:e5:1d:4a:c6:
         8e:95:0e:42:c7:f8:5a:33:50:d5:a2:b8:1c:22:cc:56:d5:86:
         51:b5:10:94:fc:98:a8:35:a4:3a:e0:d7:9a:55:62:16:45:99:
         92:39:27:9d:92:01:f2:fa:7b:fb:d4:46:62:8a:a5:3d:eb:04:
         80:49:bd:eb:d1:38:e4:b7:2f:b0:c4:fb:d8:b0:78:fd:d4:cb:
         74:88:be:2e:9c:7a:1c:33:26:72:34:48:c5:0b:1d:82:39:95:
         cb:9a:79:11:a6:77:67:ab:a2:ba:fb:a5:83:69:6c:39:d3:53:
         f4:a7:fa:39:97:f5:c6:8a:d3:ab:91:be:65:a3:26:db:9e:e7:
         a2:fe:07:b8:95:27:9a:87:93:dc:92:52:c2:fd:df:61:56:f5:
         60:a7:6d:12:f6:58:7b:27:6d:59:6f:82:a9:5a:f0:7a:98:44:
         79:45:10:aa:a7:0d:b2:ea:85:8f:db:d7:46:91:c8:f6:24:a8:
         0a:a2:b8:ed:03:fa:ce:15:48:e6:70:fe:bd:2f:ea:e7:bf:e9:
         2c:1b:4b:d2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoI14fDziQcsr2gnEmQP8MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4MjFhMzlhZWQ5ZGE0ZWUzYWI2NjM5ZDI0NDUwOGZhMWU4
ZDIwZjYwHhcNMjUwMTAyMTc0OTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTg5MzBiMWY5NzUyZWI2MzE3MTk3Mzg4NGU5ZmY3NzBhYWI5Y2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzI3C5lt9wH4aaWwtB1zAbCeRwfMn
w+DWGSbgCMumZmKg9kAr07p5zgqw2q7z/NfhVWcF4u6ETkYGvPs61Q4mKPcePh7P
tN+X0Uo+C9uDdlOwGPCHvWC+XXRivxonnyMxlUeZReItQxuY1qyoJ4BC5V5glinr
iKmP5qLdlNU2GK68L2U3R7eA2iAcn8irwLe/UyDY7f/wjoWCSTQEqvmvSng0aXOv
10VWIFmavy2F9fk24ARYyFVrf2FUECgWxzDVCNFM+CjUmX35N0m7XxXfS16BUhND
+3tmxQ6QUx8aoSVTAMjbAe4UqPhOpfznwK938tBDTuXHTEfl6gEF/TJx0QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFmJMLH5dS62MXGXOITp/3cKq5ylMB8GA1UdIwQY
MBaAFIgho5rtnaTuOrZjnSRFCPoejSD2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUNHam11MmRwTzQ2dG1PZEpFVUktaDZOSVBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC80OTY3NzMtNTAxOC00OGRjLWEyNDAt
ZjYwZDZmNzE4MmExLzEvV1lrd3NmbDFMcll4Y1pjNGhPbl9kd3FybktVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC80OTY3NzMtNTAxOC00OGRjLWEyNDAtZjYwZDZmNzE4MmEx
LzEvaUNHam11MmRwTzQ2dG1PZEpFVUktaDZOSVBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLYmAAwQC
wJAsMA0GCSqGSIb3DQEBCwUAA4IBAQA9tco4pdu5XXg/9PLHVwgXT09fPwU6uoPQ
rgslKdsFZO8n3MsbofEQCeQvh+FSVNrzMOUdSsaOlQ5Cx/haM1DVorgcIsxW1YZR
tRCU/JioNaQ64NeaVWIWRZmSOSedkgHy+nv71EZiiqU96wSASb3r0Tjkty+wxPvY
sHj91Mt0iL4unHocMyZyNEjFCx2COZXLmnkRpndnq6K6+6WDaWw501P0p/o5l/XG
itOrkb5loybbnuei/ge4lSeah5PcklLC/d9hVvVgp20S9lh7J21Zb4KpWvB6mER5
RRCqpw2y6oWP29dGkcj2JKgKorjtA/rOFUjmcP69L+rnv+ksG0vS
-----END CERTIFICATE-----