Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/WSOdSOYvm6saAH25MRzt_HJ4S3k.roa
File:                     WSOdSOYvm6saAH25MRzt_HJ4S3k.roa (raw, json)
Hash identifier:          TJxgEsEuOY9iF8bVQ+aKArmMfYxB5sJS4Q7nszP7Vdw=
Subject key identifier:   59:23:9D:48:E6:2F:9B:AB:1A:00:7D:B9:31:1C:ED:FC:72:78:4B:79
Certificate issuer:       /CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
Certificate serial:       019425FCB7092E73D03A797C60B00CEB2014
Authority key identifier: 68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/WSOdSOYvm6saAH25MRzt_HJ4S3k.roa
Signing time:             Thu 02 Jan 2025 07:48:26 +0000
ROA not before:           Thu 02 Jan 2025 07:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203756
IP address blocks:        212.91.15.0/24 maxlen: 24
                          2001:1a68:53::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:b7:09:2e:73:d0:3a:79:7c:60:b0:0c:eb:20:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
        Validity
            Not Before: Jan  2 07:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=59239d48e62f9bab1a007db9311cedfc72784b79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:8a:ab:2d:dd:9b:b9:70:f2:a2:8b:cf:a7:69:
                    f0:48:7f:36:a5:d1:2c:2f:f0:79:39:14:e7:5c:d2:
                    9a:86:14:19:67:b6:ba:02:56:91:74:3f:1c:74:a6:
                    05:0b:81:a1:28:09:62:9f:5f:cd:b5:c7:8b:96:97:
                    51:47:af:06:ce:28:d2:f1:a3:35:26:c0:25:0b:cd:
                    17:15:8d:f8:e5:b9:06:5d:4d:6f:fd:64:89:2d:c5:
                    75:bb:47:f9:0e:5f:f8:18:1c:87:3b:a1:ca:db:05:
                    b9:59:71:a2:fd:5e:25:97:e0:dd:e6:f4:36:7f:95:
                    3a:1a:11:cf:7c:fa:67:ee:29:73:30:0d:2f:16:58:
                    e7:da:a8:05:0b:a5:b3:2e:c4:36:e7:d3:8a:ee:f4:
                    97:4a:c3:f5:01:90:a3:c9:8d:e5:ba:b7:fa:6d:5a:
                    0b:3d:d6:81:31:3c:18:d3:c9:92:46:cf:80:97:49:
                    19:ac:32:03:a3:3a:29:50:14:20:7d:43:dd:f2:b8:
                    6a:f2:78:5d:7f:f9:d7:97:29:fe:d3:60:9f:60:df:
                    f3:7f:1d:1a:02:43:c5:e4:e2:38:a5:18:80:63:ea:
                    83:f0:08:f6:df:fa:1a:df:17:41:54:83:72:66:99:
                    8d:08:11:03:8d:16:e0:4f:56:1d:45:77:7e:d0:9c:
                    6f:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:23:9D:48:E6:2F:9B:AB:1A:00:7D:B9:31:1C:ED:FC:72:78:4B:79
            X509v3 Authority Key Identifier:
                keyid:68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/WSOdSOYvm6saAH25MRzt_HJ4S3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.91.15.0/24
                IPv6:
                  2001:1a68:53::/48

    Signature Algorithm: sha256WithRSAEncryption
         9d:38:2a:b3:a4:48:4e:6b:53:c6:11:33:bf:51:91:3c:1d:37:
         d8:a1:e3:e0:37:93:b2:90:7c:51:59:b0:d9:60:37:52:89:87:
         24:b8:6f:23:cc:64:87:ce:5f:a9:04:d5:7c:8b:58:0f:c3:e8:
         53:bf:2f:b8:a3:e9:dc:2f:bb:b2:74:2b:73:df:eb:70:8c:db:
         ec:db:e1:85:ac:1c:8f:99:33:f5:5f:89:da:8f:10:c1:2a:35:
         9d:5a:60:38:95:2c:dd:2e:96:4f:70:70:5f:fb:ce:8c:39:2b:
         8c:e7:12:c2:41:14:e0:4e:c6:86:8b:91:28:0e:54:81:4e:3b:
         6c:36:57:80:0c:0b:1d:f5:48:06:81:d4:d3:d0:6f:08:de:71:
         b4:0b:31:47:9e:82:71:77:3b:5e:88:9f:9b:71:df:68:8b:d5:
         e6:e6:9f:d0:4e:29:59:fd:15:ad:e7:6b:b8:c8:c4:2d:c8:de:
         ea:7d:b3:7b:12:1d:9f:c9:a3:8c:5d:77:36:f7:a8:09:12:ce:
         9f:6f:a5:5c:e9:48:e5:75:8a:9f:4d:09:d4:aa:1b:d1:99:67:
         48:c6:54:f1:1a:5a:c1:4b:14:ce:c0:25:f9:87:0a:51:2f:9c:
         fd:4b:16:4c:59:20:3c:c1:cc:70:ca:45:bd:2a:0d:ed:aa:81:
         62:c1:0a:3c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQl/LcJLnPQOnl8YLAM6yAUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YzUxMGZjOWI4NjVkOTZlM2FmYzdjNTYwNTZlZmFkOWEz
MzBjNWIwHhcNMjUwMTAyMDc0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTIzOWQ0OGU2MmY5YmFiMWEwMDdkYjkzMTFjZWRmYzcyNzg0Yjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnYqrLd2buXDyoovPp2nwSH82pdEs
L/B5ORTnXNKahhQZZ7a6AlaRdD8cdKYFC4GhKAlin1/NtceLlpdRR68GzijS8aM1
JsAlC80XFY345bkGXU1v/WSJLcV1u0f5Dl/4GByHO6HK2wW5WXGi/V4ll+Dd5vQ2
f5U6GhHPfPpn7ilzMA0vFljn2qgFC6WzLsQ259OK7vSXSsP1AZCjyY3lurf6bVoL
PdaBMTwY08mSRs+Al0kZrDIDozopUBQgfUPd8rhq8nhdf/nXlyn+02CfYN/zfx0a
AkPF5OI4pRiAY+qD8Aj23/oa3xdBVINyZpmNCBEDjRbgT1YdRXd+0JxvsQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFkjnUjmL5urGgB9uTEc7fxyeEt5MB8GA1UdIwQY
MBaAFGjFEPybhl2W46/HxWBW762aMwxbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEt
NWQ2NjVlOTk4ZjZhLzEvV1NPZFNPWXZtNnNhQUgyNU1SenRfSEo0UzNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEtNWQ2NjVlOTk4ZjZh
LzEvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQA1FsPMA8E
AgACMAkDBwAgARpoAFMwDQYJKoZIhvcNAQELBQADggEBAJ04KrOkSE5rU8YRM79R
kTwdN9ih4+A3k7KQfFFZsNlgN1KJhyS4byPMZIfOX6kE1XyLWA/D6FO/L7ij6dwv
u7J0K3Pf63CM2+zb4YWsHI+ZM/VfidqPEMEqNZ1aYDiVLN0ulk9wcF/7zow5K4zn
EsJBFOBOxoaLkSgOVIFOO2w2V4AMCx31SAaB1NPQbwjecbQLMUeegnF3O16In5tx
32iL1ebmn9BOKVn9Fa3na7jIxC3I3up9s3sSHZ/Jo4xddzb3qAkSzp9vpVzpSOV1
ip9NCdSqG9GZZ0jGVPEaWsFLFM7AJfmHClEvnP1LFkxZIDzBzHDKRb0qDe2qgWLB
Cjw=
-----END CERTIFICATE-----