Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/9be856-0e32-400f-8e89-369cd8be25fe/1/WfTKVc2urWFHINs-H7ByO8d8wxU.roa
File:                     WfTKVc2urWFHINs-H7ByO8d8wxU.roa (raw, json)
Hash identifier:          vrGq1fPxckNV2umjKEkVDvs5jt8ww7idFEdo+nD8HaU=
Subject key identifier:   59:F4:CA:55:CD:AE:AD:61:47:20:DB:3E:1F:B0:72:3B:C7:7C:C3:15
Certificate issuer:       /CN=c011ee066641750a51147d8dc99a1b105658d203
Certificate serial:       01941FFAA75C0F382B50839DDEB329252711
Authority key identifier: C0:11:EE:06:66:41:75:0A:51:14:7D:8D:C9:9A:1B:10:56:58:D2:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wBHuBmZBdQpRFH2NyZobEFZY0gM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/9be856-0e32-400f-8e89-369cd8be25fe/1/WfTKVc2urWFHINs-H7ByO8d8wxU.roa
Signing time:             Wed 01 Jan 2025 03:48:28 +0000
ROA not before:           Wed 01 Jan 2025 03:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43232
IP address blocks:        185.123.184.0/22 maxlen: 22
                          2a03:9120::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/9be856-0e32-400f-8e89-369cd8be25fe/1/wBHuBmZBdQpRFH2NyZobEFZY0gM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/9be856-0e32-400f-8e89-369cd8be25fe/1/wBHuBmZBdQpRFH2NyZobEFZY0gM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wBHuBmZBdQpRFH2NyZobEFZY0gM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 15:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:a7:5c:0f:38:2b:50:83:9d:de:b3:29:25:27:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c011ee066641750a51147d8dc99a1b105658d203
        Validity
            Not Before: Jan  1 03:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=59f4ca55cdaead614720db3e1fb0723bc77cc315
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:7c:ae:9b:7b:72:df:49:36:02:91:a3:87:e4:
                    72:8a:9c:63:1d:8f:24:31:d9:15:b8:99:74:db:df:
                    e6:14:8d:ec:43:68:3e:53:b7:4f:c7:e6:fe:a4:0f:
                    c4:bd:a9:2c:47:f5:e0:7c:21:f9:3f:9a:ae:97:2e:
                    3a:7e:9b:48:c4:68:21:ee:60:10:33:4b:28:9c:63:
                    f7:46:a0:19:13:92:75:c2:24:e7:b4:ab:b9:42:a1:
                    ed:26:b3:5f:eb:46:1d:28:db:0a:d4:a8:af:01:ba:
                    a0:7f:18:c2:8a:32:ad:9d:23:bf:ea:4d:7b:81:a1:
                    9f:2c:33:70:1a:d0:92:5c:de:b9:1b:5e:d0:aa:62:
                    01:d3:98:4b:08:86:57:a5:04:3e:47:cf:0d:98:1f:
                    b9:5b:1a:a5:e3:1b:55:7e:0c:04:08:5b:15:7e:78:
                    86:21:39:3a:47:37:c9:93:53:f6:e8:bb:83:91:6a:
                    fc:32:45:f6:6b:6a:cb:72:75:2b:c2:59:90:f2:38:
                    d7:5a:c3:0b:e4:4d:b5:19:16:c8:e6:90:c4:a0:67:
                    87:2b:2d:d0:32:1b:91:f7:80:2f:5b:d8:9e:75:f0:
                    16:b2:f0:10:ad:ff:84:d0:6e:df:56:7f:f0:c8:3f:
                    b9:a2:b9:4f:0e:ed:73:ac:4e:ed:86:7d:9b:6a:14:
                    67:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:F4:CA:55:CD:AE:AD:61:47:20:DB:3E:1F:B0:72:3B:C7:7C:C3:15
            X509v3 Authority Key Identifier:
                keyid:C0:11:EE:06:66:41:75:0A:51:14:7D:8D:C9:9A:1B:10:56:58:D2:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wBHuBmZBdQpRFH2NyZobEFZY0gM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/9be856-0e32-400f-8e89-369cd8be25fe/1/WfTKVc2urWFHINs-H7ByO8d8wxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/9be856-0e32-400f-8e89-369cd8be25fe/1/wBHuBmZBdQpRFH2NyZobEFZY0gM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.123.184.0/22
                IPv6:
                  2a03:9120::/32

    Signature Algorithm: sha256WithRSAEncryption
         54:d7:a3:28:85:35:ec:18:50:3d:1c:27:01:28:e5:94:5b:ea:
         d7:ee:26:8a:09:0e:20:a4:5e:6f:59:5e:42:3e:f6:7a:b1:41:
         22:9e:0b:b2:eb:e1:e4:c9:77:56:84:54:07:99:cd:18:df:0d:
         12:96:d8:74:39:5c:14:e8:14:de:e8:db:d2:9b:a2:8d:90:54:
         29:de:ce:28:56:c4:fd:b0:8f:05:5a:41:29:74:9c:ce:4e:04:
         fa:88:24:06:49:b0:bb:db:a5:b4:84:f9:5f:de:78:0a:41:e1:
         0e:b7:d0:1e:3c:49:f8:af:84:04:d1:74:ba:0f:89:2e:08:b3:
         58:0f:de:e4:5c:58:62:10:64:07:e4:58:8a:cf:6f:20:66:73:
         fd:db:97:41:ce:20:48:6e:41:6f:6d:cb:45:4b:d5:60:20:d0:
         68:27:a2:63:85:eb:53:39:65:c3:d5:b0:76:61:24:db:c0:fd:
         dc:97:90:b4:ab:40:1f:24:45:46:81:49:f5:df:b3:3d:74:12:
         c2:6d:2d:e4:3d:82:94:06:bf:3a:da:e9:d6:7d:a6:54:69:c3:
         d6:13:00:81:90:2f:f0:b2:d9:95:3a:31:78:b7:f5:64:6a:6f:
         36:9c:1a:45:f8:6d:25:ad:42:d5:7b:3f:01:db:3e:02:7a:b5:
         c9:a4:fa:31
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQf+qdcDzgrUIOd3rMpJScRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwMTFlZTA2NjY0MTc1MGE1MTE0N2Q4ZGM5OWExYjEwNTY1
OGQyMDMwHhcNMjUwMTAxMDM0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWY0Y2E1NWNkYWVhZDYxNDcyMGRiM2UxZmIwNzIzYmM3N2NjMzE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHyum3ty30k2ApGjh+RyipxjHY8k
MdkVuJl029/mFI3sQ2g+U7dPx+b+pA/EvaksR/XgfCH5P5quly46fptIxGgh7mAQ
M0sonGP3RqAZE5J1wiTntKu5QqHtJrNf60YdKNsK1KivAbqgfxjCijKtnSO/6k17
gaGfLDNwGtCSXN65G17QqmIB05hLCIZXpQQ+R88NmB+5Wxql4xtVfgwECFsVfniG
ITk6RzfJk1P26LuDkWr8MkX2a2rLcnUrwlmQ8jjXWsML5E21GRbI5pDEoGeHKy3Q
MhuR94AvW9iedfAWsvAQrf+E0G7fVn/wyD+5orlPDu1zrE7thn2bahRn5QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFn0ylXNrq1hRyDbPh+wcjvHfMMVMB8GA1UdIwQY
MBaAFMAR7gZmQXUKURR9jcmaGxBWWNIDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0JIdUJtWkJkUXBSRkgyTnlab2JFRlpZMGdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi85YmU4NTYtMGUzMi00MDBmLThlODkt
MzY5Y2Q4YmUyNWZlLzEvV2ZUS1ZjMnVyV0ZISU5zLUg3QnlPOGQ4d3hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi85YmU4NTYtMGUzMi00MDBmLThlODktMzY5Y2Q4YmUyNWZl
LzEvd0JIdUJtWkJkUXBSRkgyTnlab2JFRlpZMGdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuXu4MA0E
AgACMAcDBQAqA5EgMA0GCSqGSIb3DQEBCwUAA4IBAQBU16MohTXsGFA9HCcBKOWU
W+rX7iaKCQ4gpF5vWV5CPvZ6sUEinguy6+HkyXdWhFQHmc0Y3w0Slth0OVwU6BTe
6NvSm6KNkFQp3s4oVsT9sI8FWkEpdJzOTgT6iCQGSbC726W0hPlf3ngKQeEOt9Ae
PEn4r4QE0XS6D4kuCLNYD97kXFhiEGQH5FiKz28gZnP925dBziBIbkFvbctFS9Vg
INBoJ6JjhetTOWXD1bB2YSTbwP3cl5C0q0AfJEVGgUn137M9dBLCbS3kPYKUBr86
2unWfaZUacPWEwCBkC/wstmVOjF4t/Vkam82nBpF+G0lrULVez8B2z4CerXJpPox
-----END CERTIFICATE-----