Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/da5b32-20a7-4e0a-b834-ef31715611aa/1/Wy1LhCK9kxP-C2UiE5R2K8JtffM.roa
File:                     Wy1LhCK9kxP-C2UiE5R2K8JtffM.roa (raw, json)
Hash identifier:          DYS7fnBaD9Os9bSnRtbqX/rsXfSVI5HQGNbOlzCHNGw=
Subject key identifier:   5B:2D:4B:84:22:BD:93:13:FE:0B:65:22:13:94:76:2B:C2:6D:7D:F3
Certificate issuer:       /CN=0a4a702f677f336d9b3e36c384ebc8c9fd8859f4
Certificate serial:       019425FC4346580D0206E29FD686CA095BD9
Authority key identifier: 0A:4A:70:2F:67:7F:33:6D:9B:3E:36:C3:84:EB:C8:C9:FD:88:59:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CkpwL2d_M22bPjbDhOvIyf2IWfQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/da5b32-20a7-4e0a-b834-ef31715611aa/1/Wy1LhCK9kxP-C2UiE5R2K8JtffM.roa
Signing time:             Thu 02 Jan 2025 07:47:56 +0000
ROA not before:           Thu 02 Jan 2025 07:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208395
IP address blocks:        45.139.136.0/22 maxlen: 22
                          2a0e:b940::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/da5b32-20a7-4e0a-b834-ef31715611aa/1/CkpwL2d_M22bPjbDhOvIyf2IWfQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/da5b32-20a7-4e0a-b834-ef31715611aa/1/CkpwL2d_M22bPjbDhOvIyf2IWfQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CkpwL2d_M22bPjbDhOvIyf2IWfQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:43:46:58:0d:02:06:e2:9f:d6:86:ca:09:5b:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a4a702f677f336d9b3e36c384ebc8c9fd8859f4
        Validity
            Not Before: Jan  2 07:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5b2d4b8422bd9313fe0b65221394762bc26d7df3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:b0:d1:88:13:22:87:e2:4f:06:c9:38:58:69:
                    e3:01:be:cc:a2:8d:21:41:7e:a5:3d:4a:61:55:30:
                    36:7e:fa:82:83:ee:06:64:5e:df:64:5a:49:30:e6:
                    cf:d1:96:79:0f:da:31:3e:12:dc:f4:4f:14:e0:5a:
                    be:c0:b2:4e:a5:c5:91:b0:38:23:3a:6f:16:56:ed:
                    30:de:4b:48:31:6e:32:88:1f:f9:c8:bf:f1:f9:c0:
                    72:1c:a9:5a:89:d7:5d:b9:1a:ec:73:4b:85:a6:29:
                    a6:1f:4c:03:92:05:38:dd:5e:4a:e6:28:c6:c5:44:
                    4b:60:68:ab:ed:43:c7:b4:18:28:43:89:54:56:d4:
                    8b:34:12:71:78:e5:92:c3:c5:a2:9b:a6:51:51:10:
                    3b:9b:5a:80:07:2b:55:9d:76:9e:0d:68:b6:6b:55:
                    b4:e4:21:05:35:71:de:e4:95:18:ae:ca:ff:1a:97:
                    ef:45:e6:ed:6f:ff:6a:05:a9:70:f3:22:fc:f7:d0:
                    b2:1d:13:56:1a:b8:31:73:f8:26:06:4a:32:46:86:
                    34:52:65:97:14:f2:1e:df:f4:4c:bf:ae:21:24:bc:
                    5e:f4:eb:ee:7d:3b:0e:8d:0e:a0:20:43:35:49:ce:
                    92:94:ec:6d:7b:36:af:7d:2a:04:d1:42:b4:a8:2a:
                    6a:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:2D:4B:84:22:BD:93:13:FE:0B:65:22:13:94:76:2B:C2:6D:7D:F3
            X509v3 Authority Key Identifier:
                keyid:0A:4A:70:2F:67:7F:33:6D:9B:3E:36:C3:84:EB:C8:C9:FD:88:59:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CkpwL2d_M22bPjbDhOvIyf2IWfQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/da5b32-20a7-4e0a-b834-ef31715611aa/1/Wy1LhCK9kxP-C2UiE5R2K8JtffM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/da5b32-20a7-4e0a-b834-ef31715611aa/1/CkpwL2d_M22bPjbDhOvIyf2IWfQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.136.0/22
                IPv6:
                  2a0e:b940::/29

    Signature Algorithm: sha256WithRSAEncryption
         b2:53:98:f4:ba:df:38:95:22:d0:21:57:e4:9d:43:03:a2:3e:
         42:c0:b8:df:8d:69:df:98:4f:c5:45:15:ae:0e:72:69:82:4a:
         04:0d:57:a5:16:27:79:a7:f0:a4:3a:af:f2:53:87:f9:3e:de:
         d7:22:e2:99:2b:2b:79:a6:3e:68:1e:c2:cd:98:ad:f3:f3:f5:
         55:f5:ab:6b:61:58:69:57:f1:95:72:97:b9:a9:68:1b:22:6d:
         35:ab:7d:e3:f4:69:a9:66:8a:07:5d:c1:6e:64:33:ae:9f:1b:
         d4:75:ed:75:3b:1a:c6:c8:c2:09:2a:1a:c9:36:c1:7b:7d:58:
         79:70:a0:1e:0a:dc:5a:d7:7f:aa:41:0c:84:43:7e:09:6d:08:
         ff:df:a2:3c:c8:6b:72:2e:30:e4:91:22:8c:3c:e0:74:bb:f6:
         9e:0a:19:07:9c:0c:91:b4:7d:f8:7d:93:51:d8:1d:5d:9f:a4:
         7f:1c:3e:42:52:18:52:ff:b8:a7:69:e5:3b:d1:9f:a8:17:71:
         40:9d:3e:f7:25:5f:01:c4:41:f4:18:07:e8:27:9f:5a:4c:6b:
         8d:04:b5:cb:c2:db:82:cb:ad:f9:95:4c:20:ef:8d:26:38:3d:
         d8:d7:4c:8d:b7:ac:68:06:d8:b3:57:ad:07:0b:75:7f:a9:b9:
         5e:45:11:27
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQl/ENGWA0CBuKf1obKCVvZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNGE3MDJmNjc3ZjMzNmQ5YjNlMzZjMzg0ZWJjOGM5ZmQ4
ODU5ZjQwHhcNMjUwMTAyMDc0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjJkNGI4NDIyYmQ5MzEzZmUwYjY1MjIxMzk0NzYyYmMyNmQ3ZGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7DRiBMih+JPBsk4WGnjAb7Moo0h
QX6lPUphVTA2fvqCg+4GZF7fZFpJMObP0ZZ5D9oxPhLc9E8U4Fq+wLJOpcWRsDgj
Om8WVu0w3ktIMW4yiB/5yL/x+cByHKlaiddduRrsc0uFpimmH0wDkgU43V5K5ijG
xURLYGir7UPHtBgoQ4lUVtSLNBJxeOWSw8Wim6ZRURA7m1qABytVnXaeDWi2a1W0
5CEFNXHe5JUYrsr/GpfvRebtb/9qBalw8yL899CyHRNWGrgxc/gmBkoyRoY0UmWX
FPIe3/RMv64hJLxe9OvufTsOjQ6gIEM1Sc6SlOxtezavfSoE0UK0qCpq1wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFstS4QivZMT/gtlIhOUdivCbX3zMB8GA1UdIwQY
MBaAFApKcC9nfzNtmz42w4TryMn9iFn0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2twd0wyZF9NMjJiUGpiRGhPdkl5ZjJJV2ZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kYTViMzItMjBhNy00ZTBhLWI4MzQt
ZWYzMTcxNTYxMWFhLzEvV3kxTGhDSzlreFAtQzJVaUU1UjJLOEp0ZmZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kYTViMzItMjBhNy00ZTBhLWI4MzQtZWYzMTcxNTYxMWFh
LzEvQ2twd0wyZF9NMjJiUGpiRGhPdkl5ZjJJV2ZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLYuIMA0E
AgACMAcDBQMqDrlAMA0GCSqGSIb3DQEBCwUAA4IBAQCyU5j0ut84lSLQIVfknUMD
oj5CwLjfjWnfmE/FRRWuDnJpgkoEDVelFid5p/CkOq/yU4f5Pt7XIuKZKyt5pj5o
HsLNmK3z8/VV9atrYVhpV/GVcpe5qWgbIm01q33j9GmpZooHXcFuZDOunxvUde11
OxrGyMIJKhrJNsF7fVh5cKAeCtxa13+qQQyEQ34JbQj/36I8yGtyLjDkkSKMPOB0
u/aeChkHnAyRtH34fZNR2B1dn6R/HD5CUhhS/7inaeU70Z+oF3FAnT73JV8BxEH0
GAfoJ59aTGuNBLXLwtuCy635lUwg740mOD3Y10yNt6xoBtizV60HC3V/qbleRREn
-----END CERTIFICATE-----