Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/27585c-b866-4962-80fd-ea6134706a40/1/wHiz844bSnAZ4Nug3ceKjQdatmc.roa
File:                     wHiz844bSnAZ4Nug3ceKjQdatmc.roa (raw, json)
Hash identifier:          /mOXe5EHXrP0fFZ7gg8le5T3+NCaa6O//12eYo5yKX8=
Subject key identifier:   C0:78:B3:F3:8E:1B:4A:70:19:E0:DB:A0:DD:C7:8A:8D:07:5A:B6:67
Certificate issuer:       /CN=da0389d85ea126e0efbebc5d8459ef709fb895cb
Certificate serial:       0194274833B7FECA170217CB465A69DC8617
Authority key identifier: DA:03:89:D8:5E:A1:26:E0:EF:BE:BC:5D:84:59:EF:70:9F:B8:95:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gOJ2F6hJuDvvrxdhFnvcJ-4lcs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/27585c-b866-4962-80fd-ea6134706a40/1/wHiz844bSnAZ4Nug3ceKjQdatmc.roa
Signing time:             Thu 02 Jan 2025 13:50:30 +0000
ROA not before:           Thu 02 Jan 2025 13:50:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60446
IP address blocks:        185.112.74.0/24 maxlen: 24
                          2a10:5540::/29 maxlen: 29
                          2a10:5540::/33 maxlen: 48
                          2a10:5540:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/27585c-b866-4962-80fd-ea6134706a40/1/2gOJ2F6hJuDvvrxdhFnvcJ-4lcs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/27585c-b866-4962-80fd-ea6134706a40/1/2gOJ2F6hJuDvvrxdhFnvcJ-4lcs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2gOJ2F6hJuDvvrxdhFnvcJ-4lcs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:33:b7:fe:ca:17:02:17:cb:46:5a:69:dc:86:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da0389d85ea126e0efbebc5d8459ef709fb895cb
        Validity
            Not Before: Jan  2 13:50:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c078b3f38e1b4a7019e0dba0ddc78a8d075ab667
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:d0:95:b8:39:22:7c:1d:cf:d1:e8:ee:d2:71:
                    36:bf:44:84:21:2b:dc:f6:a7:26:b5:bc:3b:09:a8:
                    b9:33:79:d4:a6:ce:83:0a:d0:2f:47:19:2e:df:db:
                    85:2c:76:3a:84:dd:b7:55:ec:9a:7c:36:6d:bb:eb:
                    6d:7c:83:46:3d:84:d5:81:93:8d:74:98:56:7a:7b:
                    47:d0:2d:fd:01:e8:5e:c3:3c:3c:c0:cb:78:97:1d:
                    26:84:3e:4d:8c:89:ec:97:db:31:c0:19:ed:1b:db:
                    33:a6:35:ab:00:d7:13:de:71:e8:8a:e7:f7:76:48:
                    79:de:fe:90:d9:db:6a:25:29:a7:4e:27:e2:5c:b0:
                    cd:2b:a9:7a:f5:c5:a9:98:b5:0d:65:62:a5:7f:e0:
                    18:11:92:68:ae:32:d4:6c:6e:a4:25:4c:ce:f2:34:
                    9c:ab:06:76:8b:9e:c0:88:9a:7a:6a:6c:6f:b3:80:
                    8b:f1:60:45:6a:d4:27:df:72:c7:10:5c:19:1c:a0:
                    52:73:ca:fc:d5:89:87:bd:0a:8d:18:08:fb:44:77:
                    db:61:64:9c:d2:66:da:66:41:37:34:b2:ef:47:04:
                    9d:0f:44:e3:7b:72:03:b4:03:e3:47:8b:46:ac:e9:
                    02:fe:b2:aa:0f:99:51:b5:f1:d0:7a:59:10:d2:9d:
                    14:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:78:B3:F3:8E:1B:4A:70:19:E0:DB:A0:DD:C7:8A:8D:07:5A:B6:67
            X509v3 Authority Key Identifier:
                keyid:DA:03:89:D8:5E:A1:26:E0:EF:BE:BC:5D:84:59:EF:70:9F:B8:95:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gOJ2F6hJuDvvrxdhFnvcJ-4lcs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/27585c-b866-4962-80fd-ea6134706a40/1/wHiz844bSnAZ4Nug3ceKjQdatmc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/27585c-b866-4962-80fd-ea6134706a40/1/2gOJ2F6hJuDvvrxdhFnvcJ-4lcs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.112.74.0/24
                IPv6:
                  2a10:5540::/29

    Signature Algorithm: sha256WithRSAEncryption
         93:54:5c:9d:6d:f3:22:78:a3:84:1e:1b:b7:0b:24:83:c4:26:
         b2:62:5c:bb:c8:35:4c:11:6f:a7:4c:87:cd:86:fe:65:b4:99:
         3b:6d:7a:20:85:cf:74:1a:ef:95:fd:6b:1e:fa:19:ab:95:c2:
         84:35:5c:73:df:ce:b6:6e:28:3f:0a:ab:d2:3b:fa:4f:72:1f:
         8d:f5:1b:9e:07:c0:15:fe:7f:9f:13:8c:10:4b:5f:b9:88:3b:
         39:3a:25:ef:73:3b:b5:16:f5:1a:69:27:be:4e:9c:86:b2:7d:
         06:f3:23:7e:a3:a1:ef:96:08:26:92:bb:fd:9d:f4:da:48:4e:
         4c:e0:90:98:fc:71:4d:0a:6d:3c:a0:be:2c:e2:7b:33:5b:c7:
         3b:d3:f0:45:64:a7:02:40:7e:28:8c:62:ec:7b:4f:f1:35:f4:
         9b:85:53:b0:1b:d9:4e:d9:e8:74:96:47:ea:a7:dd:4b:90:96:
         18:f1:51:e3:67:4b:6e:94:32:ac:5d:39:42:cb:d8:0c:95:f5:
         c4:12:05:9e:32:d0:c4:fd:0e:31:af:b6:e9:6b:c7:3f:3e:cf:
         d0:aa:b3:54:f8:7a:5b:fb:87:ac:48:7e:ac:11:c2:37:4e:61:
         af:77:c1:77:f9:d2:cf:f9:c2:ab:4a:3c:57:d4:b8:e5:c2:f2:
         41:37:46:4d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQnSDO3/soXAhfLRlpp3IYXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDM4OWQ4NWVhMTI2ZTBlZmJlYmM1ZDg0NTllZjcwOWZi
ODk1Y2IwHhcNMjUwMTAyMTM1MDMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDc4YjNmMzhlMWI0YTcwMTllMGRiYTBkZGM3OGE4ZDA3NWFiNjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzNCVuDkifB3P0eju0nE2v0SEISvc
9qcmtbw7Cai5M3nUps6DCtAvRxku39uFLHY6hN23VeyafDZtu+ttfINGPYTVgZON
dJhWentH0C39Aehewzw8wMt4lx0mhD5NjInsl9sxwBntG9szpjWrANcT3nHoiuf3
dkh53v6Q2dtqJSmnTifiXLDNK6l69cWpmLUNZWKlf+AYEZJorjLUbG6kJUzO8jSc
qwZ2i57AiJp6amxvs4CL8WBFatQn33LHEFwZHKBSc8r81YmHvQqNGAj7RHfbYWSc
0mbaZkE3NLLvRwSdD0Tje3IDtAPjR4tGrOkC/rKqD5lRtfHQelkQ0p0U8QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMB4s/OOG0pwGeDboN3Hio0HWrZnMB8GA1UdIwQY
MBaAFNoDidheoSbg7768XYRZ73CfuJXLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdPSjJGNmhKdUR2dnJ4ZGhGbnZjSi00bGNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS8yNzU4NWMtYjg2Ni00OTYyLTgwZmQt
ZWE2MTM0NzA2YTQwLzEvd0hpejg0NGJTbkFaNE51ZzNjZUtqUWRhdG1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS8yNzU4NWMtYjg2Ni00OTYyLTgwZmQtZWE2MTM0NzA2YTQw
LzEvMmdPSjJGNmhKdUR2dnJ4ZGhGbnZjSi00bGNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuXBKMA0E
AgACMAcDBQMqEFVAMA0GCSqGSIb3DQEBCwUAA4IBAQCTVFydbfMieKOEHhu3CySD
xCayYly7yDVMEW+nTIfNhv5ltJk7bXoghc90Gu+V/Wse+hmrlcKENVxz3862big/
CqvSO/pPch+N9RueB8AV/n+fE4wQS1+5iDs5OiXvczu1FvUaaSe+TpyGsn0G8yN+
o6Hvlggmkrv9nfTaSE5M4JCY/HFNCm08oL4s4nszW8c70/BFZKcCQH4ojGLse0/x
NfSbhVOwG9lO2eh0lkfqp91LkJYY8VHjZ0tulDKsXTlCy9gMlfXEEgWeMtDE/Q4x
r7bpa8c/Ps/QqrNU+Hpb+4esSH6sEcI3TmGvd8F3+dLP+cKrSjxX1LjlwvJBN0ZN
-----END CERTIFICATE-----