Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/18d035-3494-4ab7-a5cb-9f788fd27520/1/WJX8pUUgztAx5ziEUO7pdOPaYpY.roa
File:                     WJX8pUUgztAx5ziEUO7pdOPaYpY.roa (raw, json)
Hash identifier:          Zv2hcAwndmbcI8AgNFSDMAAPE42QlNQ0rd+YTdhMpog=
Subject key identifier:   58:95:FC:A5:45:20:CE:D0:31:E7:38:84:50:EE:E9:74:E3:DA:62:96
Certificate issuer:       /CN=b43d4e9fe3a5487d20f1000191629150f628f3a1
Certificate serial:       01942068092D9F10DE9C4D7D9A37A3C4B903
Authority key identifier: B4:3D:4E:9F:E3:A5:48:7D:20:F1:00:01:91:62:91:50:F6:28:F3:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tD1On-OlSH0g8QABkWKRUPYo86E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/18d035-3494-4ab7-a5cb-9f788fd27520/1/WJX8pUUgztAx5ziEUO7pdOPaYpY.roa
Signing time:             Wed 01 Jan 2025 05:47:56 +0000
ROA not before:           Wed 01 Jan 2025 05:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208201
IP address blocks:        45.153.120.0/24 maxlen: 24
                          2a0f:af00::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/18d035-3494-4ab7-a5cb-9f788fd27520/1/tD1On-OlSH0g8QABkWKRUPYo86E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/18d035-3494-4ab7-a5cb-9f788fd27520/1/tD1On-OlSH0g8QABkWKRUPYo86E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tD1On-OlSH0g8QABkWKRUPYo86E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:09:2d:9f:10:de:9c:4d:7d:9a:37:a3:c4:b9:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b43d4e9fe3a5487d20f1000191629150f628f3a1
        Validity
            Not Before: Jan  1 05:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5895fca54520ced031e7388450eee974e3da6296
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:97:b3:b8:41:6d:7d:e4:71:ee:3d:75:05:d7:
                    1d:e8:76:6f:bf:c4:46:dc:4e:6d:43:6b:01:6a:41:
                    6e:8b:ae:bd:f6:27:b7:c9:20:f4:56:81:1a:16:10:
                    0c:34:74:27:d5:1b:e4:63:68:f8:45:4a:7a:b6:6a:
                    34:51:d2:90:45:be:ba:f1:01:a3:7e:f7:86:30:7e:
                    2f:ae:8e:80:6d:52:d9:d0:14:ae:f9:11:77:8e:44:
                    a9:a8:5a:e3:46:5f:cb:99:44:5a:e4:de:31:af:c2:
                    22:c7:fb:d3:20:c8:b8:f2:40:67:d0:35:da:0c:25:
                    7d:a3:f9:40:84:1c:f2:8b:e9:80:3e:02:75:b6:f4:
                    ad:af:77:d5:49:31:c5:d6:41:10:aa:87:ee:d1:1f:
                    7e:6c:8d:a9:1a:c8:ba:13:02:eb:d2:43:d7:5e:e4:
                    73:a2:d5:aa:29:1b:01:d7:3d:be:5f:c1:2a:ea:cf:
                    3c:68:59:00:eb:9d:de:f7:46:d8:a0:85:32:64:fd:
                    8c:35:8f:8a:40:2b:36:ad:6c:05:4f:a7:95:93:4a:
                    02:fe:63:ee:f8:26:44:b1:ec:c2:1a:f9:00:25:da:
                    d7:ad:42:a2:99:d0:5f:a9:3f:2a:75:48:c1:ef:10:
                    42:a5:60:9d:22:d6:ff:c1:84:d1:98:6d:94:01:5e:
                    fb:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:95:FC:A5:45:20:CE:D0:31:E7:38:84:50:EE:E9:74:E3:DA:62:96
            X509v3 Authority Key Identifier:
                keyid:B4:3D:4E:9F:E3:A5:48:7D:20:F1:00:01:91:62:91:50:F6:28:F3:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tD1On-OlSH0g8QABkWKRUPYo86E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/18d035-3494-4ab7-a5cb-9f788fd27520/1/WJX8pUUgztAx5ziEUO7pdOPaYpY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/18d035-3494-4ab7-a5cb-9f788fd27520/1/tD1On-OlSH0g8QABkWKRUPYo86E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.120.0/24
                IPv6:
                  2a0f:af00::/32

    Signature Algorithm: sha256WithRSAEncryption
         69:b2:dd:ce:0b:42:0f:8b:36:af:f0:00:1b:98:29:97:a0:18:
         9e:ad:00:27:04:09:cf:57:f7:a3:28:77:5b:10:c9:ee:9a:77:
         3b:8f:2e:ca:d5:f6:04:f4:b8:7e:c8:d4:1b:3e:45:d8:e0:a6:
         30:27:b7:75:c8:e6:f5:c1:24:a0:7d:05:13:ed:a4:38:a3:9d:
         2f:51:d4:bb:64:3a:3e:4c:b4:34:5f:6f:83:67:76:68:14:35:
         e3:12:23:70:50:c7:bc:fd:58:e2:83:3a:db:18:19:bb:5e:7a:
         12:b9:09:ce:c1:30:26:19:da:d5:1d:4e:44:ca:2d:13:b0:b5:
         dc:fe:3d:56:e1:67:74:a1:df:25:3e:8f:67:01:6b:ae:14:ed:
         6c:53:29:8c:ed:92:3b:ac:1c:87:65:44:d5:6c:07:21:65:b1:
         73:07:61:52:6c:bf:12:6e:d2:a5:1e:0b:a4:c1:65:79:dc:18:
         94:f0:de:3c:30:fc:d7:dc:14:1d:4b:2f:43:53:ac:32:2d:da:
         bc:a8:46:d8:a2:68:ab:32:60:3f:e3:2c:4e:d0:0a:3d:37:3c:
         1c:75:46:ce:f0:9d:b1:c4:28:93:93:d6:9c:a1:b4:eb:47:36:
         59:12:b7:42:e5:b5:a1:5e:15:db:0b:a5:19:f7:ef:6e:5b:ba:
         23:bf:b6:7a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQgaAktnxDenE19mjejxLkDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0M2Q0ZTlmZTNhNTQ4N2QyMGYxMDAwMTkxNjI5MTUwZjYy
OGYzYTEwHhcNMjUwMTAxMDU0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODk1ZmNhNTQ1MjBjZWQwMzFlNzM4ODQ1MGVlZTk3NGUzZGE2Mjk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7JezuEFtfeRx7j11Bdcd6HZvv8RG
3E5tQ2sBakFui6699ie3ySD0VoEaFhAMNHQn1RvkY2j4RUp6tmo0UdKQRb668QGj
fveGMH4vro6AbVLZ0BSu+RF3jkSpqFrjRl/LmURa5N4xr8Iix/vTIMi48kBn0DXa
DCV9o/lAhBzyi+mAPgJ1tvStr3fVSTHF1kEQqofu0R9+bI2pGsi6EwLr0kPXXuRz
otWqKRsB1z2+X8Eq6s88aFkA653e90bYoIUyZP2MNY+KQCs2rWwFT6eVk0oC/mPu
+CZEsezCGvkAJdrXrUKimdBfqT8qdUjB7xBCpWCdItb/wYTRmG2UAV77XQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFiV/KVFIM7QMec4hFDu6XTj2mKWMB8GA1UdIwQY
MBaAFLQ9Tp/jpUh9IPEAAZFikVD2KPOhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEQxT24tT2xTSDBnOFFBQmtXS1JVUFlvODZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi8xOGQwMzUtMzQ5NC00YWI3LWE1Y2It
OWY3ODhmZDI3NTIwLzEvV0pYOHBVVWd6dEF4NXppRVVPN3BkT1BhWXBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi8xOGQwMzUtMzQ5NC00YWI3LWE1Y2ItOWY3ODhmZDI3NTIw
LzEvdEQxT24tT2xTSDBnOFFBQmtXS1JVUFlvODZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALZl4MA0E
AgACMAcDBQAqD68AMA0GCSqGSIb3DQEBCwUAA4IBAQBpst3OC0IPizav8AAbmCmX
oBierQAnBAnPV/ejKHdbEMnumnc7jy7K1fYE9Lh+yNQbPkXY4KYwJ7d1yOb1wSSg
fQUT7aQ4o50vUdS7ZDo+TLQ0X2+DZ3ZoFDXjEiNwUMe8/VjigzrbGBm7XnoSuQnO
wTAmGdrVHU5Eyi0TsLXc/j1W4Wd0od8lPo9nAWuuFO1sUymM7ZI7rByHZUTVbAch
ZbFzB2FSbL8SbtKlHgukwWV53BiU8N48MPzX3BQdSy9DU6wyLdq8qEbYomirMmA/
4yxO0Ao9NzwcdUbO8J2xxCiTk9acobTrRzZZErdC5bWhXhXbC6UZ9+9uW7ojv7Z6
-----END CERTIFICATE-----