Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/92b0df-e0db-4276-8334-8db944e13810/1/wkcnsTzQjgo9eEySS50APSZKqWQ.roa
File:                     wkcnsTzQjgo9eEySS50APSZKqWQ.roa (raw, json)
Hash identifier:          SKv++65s2nAU0vbkJDBqrGiZUMw6xX7YKBnglQkJRuE=
Subject key identifier:   C2:47:27:B1:3C:D0:8E:0A:3D:78:4C:92:4B:9D:00:3D:26:4A:A9:64
Certificate issuer:       /CN=ddceb08a4b40f1f85e4eba17cdc7c83e47bb597d
Certificate serial:       019425FC20BBA9E96D14F1C01DAA78FFC60F
Authority key identifier: DD:CE:B0:8A:4B:40:F1:F8:5E:4E:BA:17:CD:C7:C8:3E:47:BB:59:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3c6wiktA8fheTroXzcfIPke7WX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/92b0df-e0db-4276-8334-8db944e13810/1/wkcnsTzQjgo9eEySS50APSZKqWQ.roa
Signing time:             Thu 02 Jan 2025 07:47:47 +0000
ROA not before:           Thu 02 Jan 2025 07:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49407
IP address blocks:        91.212.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/92b0df-e0db-4276-8334-8db944e13810/1/3c6wiktA8fheTroXzcfIPke7WX0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/92b0df-e0db-4276-8334-8db944e13810/1/3c6wiktA8fheTroXzcfIPke7WX0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3c6wiktA8fheTroXzcfIPke7WX0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:20:bb:a9:e9:6d:14:f1:c0:1d:aa:78:ff:c6:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddceb08a4b40f1f85e4eba17cdc7c83e47bb597d
        Validity
            Not Before: Jan  2 07:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c24727b13cd08e0a3d784c924b9d003d264aa964
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:be:50:78:3d:47:69:bf:34:09:f7:0b:1a:c0:
                    78:ef:c6:32:05:21:7b:34:8b:08:0e:2c:ca:3c:d9:
                    cf:26:fb:ce:19:c2:ea:0b:cc:97:51:4a:67:05:b9:
                    74:fb:6c:69:02:96:88:f9:3d:cf:b9:8f:ad:b3:8b:
                    64:8f:0c:a5:ad:8a:30:57:c7:16:1b:04:1f:7d:e6:
                    59:3d:4b:ff:48:f8:1a:0d:7f:c3:e4:97:40:64:6e:
                    b4:df:c8:0a:fa:2d:3c:f6:7d:01:ab:43:11:4e:d2:
                    f9:e3:73:48:41:ed:9c:b1:52:24:d3:79:a0:3a:ee:
                    14:1b:2d:98:bc:af:ee:17:44:48:0d:e2:95:3c:3a:
                    de:49:e9:76:04:cf:ce:18:25:b5:bb:62:3c:7c:92:
                    5c:1e:cf:6c:da:8c:90:99:92:fa:86:3f:e9:28:e8:
                    b1:d9:b3:95:69:43:59:83:f4:f5:a6:45:fc:9d:e8:
                    ff:65:21:05:94:bd:25:94:52:c1:4a:17:61:01:4c:
                    55:85:13:fc:70:6f:de:44:94:58:fa:6a:06:af:a8:
                    7b:13:3c:a8:ba:a0:5a:9f:63:69:0c:dd:90:30:77:
                    28:23:ef:05:e6:bf:af:c2:40:76:6f:ec:bb:f7:fd:
                    d1:27:77:74:f0:f9:f6:be:6e:cf:a7:4e:4e:a0:d6:
                    3f:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:47:27:B1:3C:D0:8E:0A:3D:78:4C:92:4B:9D:00:3D:26:4A:A9:64
            X509v3 Authority Key Identifier:
                keyid:DD:CE:B0:8A:4B:40:F1:F8:5E:4E:BA:17:CD:C7:C8:3E:47:BB:59:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c6wiktA8fheTroXzcfIPke7WX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/92b0df-e0db-4276-8334-8db944e13810/1/wkcnsTzQjgo9eEySS50APSZKqWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/92b0df-e0db-4276-8334-8db944e13810/1/3c6wiktA8fheTroXzcfIPke7WX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:92:c3:c7:73:33:72:58:23:41:61:1b:16:b0:54:11:54:58:
         ab:3d:bd:ae:d4:9c:ea:07:f4:23:e7:07:a8:2d:80:15:b4:48:
         9d:aa:cd:b8:ab:bd:82:f0:76:b6:7f:3a:68:fa:6c:94:c8:fc:
         3d:7e:ad:83:5d:07:70:e9:be:ea:71:19:b5:b4:37:21:a6:34:
         0f:e3:ab:be:0a:5f:42:02:dd:13:7f:ff:b7:c5:91:c8:6a:6b:
         19:8d:26:6d:56:c2:d0:64:33:82:f1:9c:72:5e:47:71:9a:3d:
         70:87:5e:40:6f:2f:0f:13:98:d3:65:99:e8:70:fa:c9:fe:5c:
         d4:16:f9:d2:06:bb:07:da:d1:b4:b8:82:53:ca:6a:c2:bc:00:
         dc:c2:d2:94:d7:87:3a:d5:83:9e:87:c0:8b:6f:2e:bb:ea:c5:
         1c:44:45:e1:f0:2b:b6:5d:0d:07:df:60:11:b8:37:74:19:11:
         1e:5f:51:67:18:99:0b:a1:81:ac:26:f9:74:94:e0:ee:57:2e:
         b1:88:a3:48:a2:43:8b:55:ac:75:fe:cf:77:1c:88:81:c6:e6:
         2a:b5:58:bb:54:b7:a5:c9:e4:b7:47:4a:8e:ff:cd:84:e3:cf:
         f2:41:9b:a4:17:71:87:6b:72:9a:ca:4b:32:ee:36:b1:fc:b1:
         7d:26:65:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/CC7qeltFPHAHap4/8YPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkY2ViMDhhNGI0MGYxZjg1ZTRlYmExN2NkYzdjODNlNDdi
YjU5N2QwHhcNMjUwMTAyMDc0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjQ3MjdiMTNjZDA4ZTBhM2Q3ODRjOTI0YjlkMDAzZDI2NGFhOTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAor5QeD1Hab80CfcLGsB478YyBSF7
NIsIDizKPNnPJvvOGcLqC8yXUUpnBbl0+2xpApaI+T3PuY+ts4tkjwylrYowV8cW
GwQffeZZPUv/SPgaDX/D5JdAZG6038gK+i089n0Bq0MRTtL543NIQe2csVIk03mg
Ou4UGy2YvK/uF0RIDeKVPDreSel2BM/OGCW1u2I8fJJcHs9s2oyQmZL6hj/pKOix
2bOVaUNZg/T1pkX8nej/ZSEFlL0llFLBShdhAUxVhRP8cG/eRJRY+moGr6h7Ezyo
uqBan2NpDN2QMHcoI+8F5r+vwkB2b+y79/3RJ3d08Pn2vm7Pp05OoNY/OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMJHJ7E80I4KPXhMkkudAD0mSqlkMB8GA1UdIwQY
MBaAFN3OsIpLQPH4Xk66F83HyD5Hu1l9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2M2d2lrdEE4ZmhlVHJvWHpjZklQa2U3V1gwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi85MmIwZGYtZTBkYi00Mjc2LTgzMzQt
OGRiOTQ0ZTEzODEwLzEvd2tjbnNUelFqZ285ZUV5U1M1MEFQU1pLcVdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi85MmIwZGYtZTBkYi00Mjc2LTgzMzQtOGRiOTQ0ZTEzODEw
LzEvM2M2d2lrdEE4ZmhlVHJvWHpjZklQa2U3V1gwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9TQMA0G
CSqGSIb3DQEBCwUAA4IBAQBYksPHczNyWCNBYRsWsFQRVFirPb2u1JzqB/Qj5weo
LYAVtEidqs24q72C8Ha2fzpo+myUyPw9fq2DXQdw6b7qcRm1tDchpjQP46u+Cl9C
At0Tf/+3xZHIamsZjSZtVsLQZDOC8ZxyXkdxmj1wh15Aby8PE5jTZZnocPrJ/lzU
FvnSBrsH2tG0uIJTymrCvADcwtKU14c61YOeh8CLby676sUcREXh8Cu2XQ0H32AR
uDd0GREeX1FnGJkLoYGsJvl0lODuVy6xiKNIokOLVax1/s93HIiBxuYqtVi7VLel
yeS3R0qO/82E48/yQZukF3GHa3Kayksy7jax/LF9JmWq
-----END CERTIFICATE-----