Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/WzBH8kAZVhitfGs3LpWEVIaX2DU.roa
File:                     WzBH8kAZVhitfGs3LpWEVIaX2DU.roa (raw, json)
Hash identifier:          yyE311L3mhjCKLl6ozIj/e45U2t4pgo+mFiZj5vWZ9E=
Subject key identifier:   5B:30:47:F2:40:19:56:18:AD:7C:6B:37:2E:95:84:54:86:97:D8:35
Certificate issuer:       /CN=4beccc9d1a76e91469cb63b12bf725d7debafb1b
Certificate serial:       019424B3B710D6A222A00C6427832C956CDF
Authority key identifier: 4B:EC:CC:9D:1A:76:E9:14:69:CB:63:B1:2B:F7:25:D7:DE:BA:FB:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S-zMnRp26RRpy2OxK_cl1966-xs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/WzBH8kAZVhitfGs3LpWEVIaX2DU.roa
Signing time:             Thu 02 Jan 2025 01:49:05 +0000
ROA not before:           Thu 02 Jan 2025 01:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30848
IP address blocks:        45.82.201.0/24 maxlen: 24
                          185.208.136.0/23 maxlen: 23
                          185.208.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/S-zMnRp26RRpy2OxK_cl1966-xs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/S-zMnRp26RRpy2OxK_cl1966-xs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S-zMnRp26RRpy2OxK_cl1966-xs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 22:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:b7:10:d6:a2:22:a0:0c:64:27:83:2c:95:6c:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4beccc9d1a76e91469cb63b12bf725d7debafb1b
        Validity
            Not Before: Jan  2 01:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5b3047f240195618ad7c6b372e9584548697d835
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:e3:90:a0:f9:db:9d:50:5e:d3:31:b1:07:0c:
                    3e:28:62:81:92:cf:a5:88:44:59:10:04:08:7a:9f:
                    1e:d7:1a:ba:86:f1:cd:25:d2:b6:7a:66:a9:e9:87:
                    7f:80:a4:0a:30:36:77:5b:b4:1c:e1:e1:a9:bd:03:
                    1a:fe:cd:4c:1f:21:08:3d:a4:d4:99:fc:43:b9:73:
                    0a:42:ce:aa:29:77:fb:90:af:59:88:c8:fd:ac:04:
                    ac:60:41:61:fa:85:ba:e8:00:8d:a4:e5:dd:d0:da:
                    dc:e5:05:38:85:0c:2f:af:2e:55:06:f1:45:d8:8a:
                    da:3f:eb:99:fe:d7:04:c8:d0:8e:56:ed:9c:75:f3:
                    b8:3a:c3:76:d6:81:e1:04:df:dd:c8:bd:b5:5d:62:
                    9a:7e:4f:27:dd:b6:1a:2d:cc:1f:66:cb:e1:19:d6:
                    31:c1:40:e6:72:04:52:cd:b5:ba:85:cc:97:cf:6f:
                    a4:15:61:37:b5:85:62:30:4c:11:2f:af:1c:2a:27:
                    ed:01:ad:0d:5c:4e:e0:d7:d0:61:e4:cb:51:60:b5:
                    5a:53:e6:94:71:3d:b4:09:8a:4b:38:9d:f5:d6:5a:
                    ca:35:e8:d8:39:2d:77:70:bf:5c:88:00:56:87:a5:
                    6c:6a:b5:c6:d8:27:0c:57:1f:f8:a8:a6:38:69:5b:
                    22:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:30:47:F2:40:19:56:18:AD:7C:6B:37:2E:95:84:54:86:97:D8:35
            X509v3 Authority Key Identifier:
                keyid:4B:EC:CC:9D:1A:76:E9:14:69:CB:63:B1:2B:F7:25:D7:DE:BA:FB:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S-zMnRp26RRpy2OxK_cl1966-xs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/WzBH8kAZVhitfGs3LpWEVIaX2DU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/S-zMnRp26RRpy2OxK_cl1966-xs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.201.0/24
                  185.208.136.0/23
                  185.208.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:1d:46:ae:83:d8:74:85:14:76:7f:bb:29:ac:bc:97:80:82:
         36:62:16:92:fd:19:e4:1e:9d:da:c1:23:37:81:4d:33:53:d6:
         ad:ca:75:6e:14:7e:4b:0e:54:e0:ec:28:65:e1:cb:8e:0c:0d:
         20:bd:d2:55:0f:e4:0c:c8:b9:b4:de:e9:6d:23:9b:2f:1f:87:
         04:f7:92:f3:f2:da:ba:ca:7b:50:8e:a5:a5:38:b5:a8:cb:58:
         ac:00:a9:34:68:0f:66:ef:0c:68:82:fa:a6:db:05:e4:b2:18:
         43:13:e4:66:cc:ca:33:75:71:03:82:97:11:9a:a0:13:00:ed:
         c8:06:79:b4:80:2d:ff:e5:ec:a9:5d:01:08:88:01:e4:99:32:
         dd:dd:5b:a9:63:68:2a:eb:51:a5:96:56:62:fb:78:b1:a1:2e:
         c5:46:f9:e6:17:14:7f:e8:b0:16:a4:ce:08:b5:8a:99:1d:8c:
         b9:ce:b6:87:6d:47:01:4b:2d:d7:01:20:fc:61:07:26:00:91:
         cd:5c:4f:0a:85:12:f3:c5:da:2d:85:f8:64:b6:b9:88:bd:87:
         23:0c:16:41:58:64:70:4e:de:a6:93:38:9c:29:8d:95:e1:21:
         61:cf:5a:74:7e:5e:01:1e:92:0e:cf:6f:99:91:53:97:df:d8:
         93:e2:ba:a5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQks7cQ1qIioAxkJ4MslWzfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiZWNjYzlkMWE3NmU5MTQ2OWNiNjNiMTJiZjcyNWQ3ZGVi
YWZiMWIwHhcNMjUwMTAyMDE0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjMwNDdmMjQwMTk1NjE4YWQ3YzZiMzcyZTk1ODQ1NDg2OTdkODM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqeOQoPnbnVBe0zGxBww+KGKBks+l
iERZEAQIep8e1xq6hvHNJdK2emap6Yd/gKQKMDZ3W7Qc4eGpvQMa/s1MHyEIPaTU
mfxDuXMKQs6qKXf7kK9ZiMj9rASsYEFh+oW66ACNpOXd0Nrc5QU4hQwvry5VBvFF
2IraP+uZ/tcEyNCOVu2cdfO4OsN21oHhBN/dyL21XWKafk8n3bYaLcwfZsvhGdYx
wUDmcgRSzbW6hcyXz2+kFWE3tYViMEwRL68cKiftAa0NXE7g19Bh5MtRYLVaU+aU
cT20CYpLOJ311lrKNejYOS13cL9ciABWh6VsarXG2CcMVx/4qKY4aVsi0wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFswR/JAGVYYrXxrNy6VhFSGl9g1MB8GA1UdIwQY
MBaAFEvszJ0adukUactjsSv3JdfeuvsbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUy16TW5ScDI2UlJweTJPeEtfY2wxOTY2LXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS83NjhmMTQtYTcyMS00NmYwLTkxOTkt
NGY0Yjk5NGUwZWIyLzEvV3pCSDhrQVpWaGl0ZkdzM0xwV0VWSWFYMkRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS83NjhmMTQtYTcyMS00NmYwLTkxOTktNGY0Yjk5NGUwZWIy
LzEvUy16TW5ScDI2UlJweTJPeEtfY2wxOTY2LXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALVLJAwQB
udCIAwQAudCLMA0GCSqGSIb3DQEBCwUAA4IBAQAnHUaug9h0hRR2f7sprLyXgII2
YhaS/RnkHp3awSM3gU0zU9atynVuFH5LDlTg7Chl4cuODA0gvdJVD+QMyLm03ult
I5svH4cE95Lz8tq6yntQjqWlOLWoy1isAKk0aA9m7wxogvqm2wXkshhDE+RmzMoz
dXEDgpcRmqATAO3IBnm0gC3/5eypXQEIiAHkmTLd3VupY2gq61GlllZi+3ixoS7F
RvnmFxR/6LAWpM4ItYqZHYy5zraHbUcBSy3XASD8YQcmAJHNXE8KhRLzxdothfhk
trmIvYcjDBZBWGRwTt6mkzicKY2V4SFhz1p0fl4BHpIOz2+ZkVOX39iT4rql
-----END CERTIFICATE-----