Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/wjXJ43WDMsyXqsT32yhLrj0rMH4.roa
File:                     wjXJ43WDMsyXqsT32yhLrj0rMH4.roa (raw, json)
Hash identifier:          CceYvXEzMqteqnbJHZv3aEfnMz/0nLpBGyOgVP8j3TU=
Subject key identifier:   C2:35:C9:E3:75:83:32:CC:97:AA:C4:F7:DB:28:4B:AE:3D:2B:30:7E
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       01942747C98F582D00AC9AF2BCD18A508283
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/wjXJ43WDMsyXqsT32yhLrj0rMH4.roa
Signing time:             Thu 02 Jan 2025 13:50:03 +0000
ROA not before:           Thu 02 Jan 2025 13:50:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13627
IP address blocks:        85.202.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:c9:8f:58:2d:00:ac:9a:f2:bc:d1:8a:50:82:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  2 13:50:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c235c9e3758332cc97aac4f7db284bae3d2b307e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:32:9d:8e:b7:7c:21:1e:39:89:5a:da:28:25:
                    9a:c7:8b:bc:91:70:97:66:00:58:73:f3:d6:33:7b:
                    ce:91:95:80:b6:83:52:2b:aa:66:d6:24:34:08:7f:
                    51:3f:7a:9b:13:d8:26:28:81:0f:ae:2c:c5:aa:45:
                    7a:d9:1c:88:90:4b:d6:56:26:ef:12:52:c0:26:21:
                    9b:5b:ee:4d:d1:7f:1c:d5:f7:06:24:b9:33:73:fa:
                    b3:a9:50:03:fa:0d:92:03:d4:2a:1c:d3:f6:bb:71:
                    65:7f:ab:37:b3:37:45:bc:b8:41:38:f6:94:c0:fb:
                    3e:cf:c0:06:e2:1b:e0:37:a2:3b:77:39:29:5c:22:
                    d7:ff:94:f8:a1:60:bc:f8:10:fa:c4:49:37:dd:cc:
                    bd:79:5e:dd:93:af:c8:ce:60:e6:b6:11:b0:44:3e:
                    0a:4c:3b:c8:aa:5d:3e:2c:b6:fc:be:42:20:7d:5c:
                    a8:e8:b8:fb:f8:21:1e:70:0d:08:26:06:c5:dd:89:
                    6b:31:d0:38:db:cb:3b:d0:82:4a:5e:da:dc:47:c0:
                    ec:78:a5:3e:ab:f8:f8:d3:ea:a0:a9:cb:9e:d7:77:
                    84:74:34:28:23:c2:cc:fe:38:ac:80:a3:a7:4f:13:
                    79:68:f9:e8:fa:c0:a6:26:85:f2:f8:7f:75:c4:3b:
                    7a:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:35:C9:E3:75:83:32:CC:97:AA:C4:F7:DB:28:4B:AE:3D:2B:30:7E
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/wjXJ43WDMsyXqsT32yhLrj0rMH4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.202.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:72:0a:9e:56:8e:ff:a7:38:28:be:56:82:23:ea:26:8c:62:
         57:c7:67:91:85:50:7b:bd:40:16:b8:6d:11:a8:d7:00:43:2a:
         71:d2:a4:63:4e:b9:6f:45:89:2c:fc:68:7d:90:77:90:a6:6c:
         38:89:6b:0e:bd:63:9b:5d:2c:cf:61:8a:33:59:ce:ce:c8:ab:
         bf:de:4f:f9:a0:1c:0c:71:05:3c:3b:8b:bf:44:2b:3e:d6:46:
         df:11:b4:ce:43:7c:af:f1:04:45:1a:1c:ce:19:9a:bd:04:71:
         41:7d:60:9a:03:f6:c1:2a:de:eb:d5:8f:9d:62:20:b6:b6:84:
         5c:5c:59:45:9f:e5:38:6a:e8:85:d9:a5:b9:9a:81:b4:f8:22:
         8c:19:a3:6d:da:ea:3c:06:77:d5:9c:54:7d:1c:34:22:41:a6:
         55:09:93:01:3b:c2:a1:12:8e:53:cf:d7:a7:d9:12:38:f8:ad:
         1b:31:42:e6:1c:f4:df:55:44:e9:84:78:ac:e2:75:6d:e7:e9:
         51:e3:64:56:d5:25:63:c7:5f:2e:44:92:89:03:be:69:96:fb:
         b7:20:cc:0a:3c:b6:2e:f5:6c:10:9d:34:1e:0a:81:24:da:ce:
         30:50:04:67:df:69:30:f5:fd:ec:16:be:9a:c1:ba:d9:dc:ac:
         ab:f0:8b:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR8mPWC0ArJryvNGKUIKDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjUwMTAyMTM1MDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjM1YzllMzc1ODMzMmNjOTdhYWM0ZjdkYjI4NGJhZTNkMmIzMDdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjKdjrd8IR45iVraKCWax4u8kXCX
ZgBYc/PWM3vOkZWAtoNSK6pm1iQ0CH9RP3qbE9gmKIEPrizFqkV62RyIkEvWVibv
ElLAJiGbW+5N0X8c1fcGJLkzc/qzqVAD+g2SA9QqHNP2u3Flf6s3szdFvLhBOPaU
wPs+z8AG4hvgN6I7dzkpXCLX/5T4oWC8+BD6xEk33cy9eV7dk6/IzmDmthGwRD4K
TDvIql0+LLb8vkIgfVyo6Lj7+CEecA0IJgbF3YlrMdA428s70IJKXtrcR8DseKU+
q/j40+qgqcue13eEdDQoI8LM/jisgKOnTxN5aPno+sCmJoXy+H91xDt6fQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMI1yeN1gzLMl6rE99soS649KzB+MB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvd2pYSjQzV0RNc3lYcXNUMzJ5aExyajByTUg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcqgMA0G
CSqGSIb3DQEBCwUAA4IBAQB9cgqeVo7/pzgovlaCI+omjGJXx2eRhVB7vUAWuG0R
qNcAQypx0qRjTrlvRYks/Gh9kHeQpmw4iWsOvWObXSzPYYozWc7OyKu/3k/5oBwM
cQU8O4u/RCs+1kbfEbTOQ3yv8QRFGhzOGZq9BHFBfWCaA/bBKt7r1Y+dYiC2toRc
XFlFn+U4auiF2aW5moG0+CKMGaNt2uo8BnfVnFR9HDQiQaZVCZMBO8KhEo5Tz9en
2RI4+K0bMULmHPTfVUTphHis4nVt5+lR42RW1SVjx18uRJKJA75plvu3IMwKPLYu
9WwQnTQeCoEk2s4wUARn32kw9f3sFr6awbrZ3Kyr8Itc
-----END CERTIFICATE-----