Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/b2ace7-48db-4f7d-917f-306189d5c049/1/WpAem0y3mJRbP65lGL1BbYc7ewY.roa
File:                     WpAem0y3mJRbP65lGL1BbYc7ewY.roa (raw, json)
Hash identifier:          9FtB6GE1KbOq2c/Ao/RtTSsyLPIeyA8GKr7sC11YD4c=
Subject key identifier:   5A:90:1E:9B:4C:B7:98:94:5B:3F:AE:65:18:BD:41:6D:87:3B:7B:06
Certificate issuer:       /CN=a2ca37ded1b70c81b74a430f9b4d7acc62805ed8
Certificate serial:       019427B62396DF13CA4CBF96B6058AD45EB6
Authority key identifier: A2:CA:37:DE:D1:B7:0C:81:B7:4A:43:0F:9B:4D:7A:CC:62:80:5E:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oso33tG3DIG3SkMPm016zGKAXtg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/b2ace7-48db-4f7d-917f-306189d5c049/1/WpAem0y3mJRbP65lGL1BbYc7ewY.roa
Signing time:             Thu 02 Jan 2025 15:50:35 +0000
ROA not before:           Thu 02 Jan 2025 15:50:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47474
IP address blocks:        185.45.97.0/24 maxlen: 24
                          2a04:a181::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/b2ace7-48db-4f7d-917f-306189d5c049/1/oso33tG3DIG3SkMPm016zGKAXtg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/b2ace7-48db-4f7d-917f-306189d5c049/1/oso33tG3DIG3SkMPm016zGKAXtg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oso33tG3DIG3SkMPm016zGKAXtg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:23:96:df:13:ca:4c:bf:96:b6:05:8a:d4:5e:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2ca37ded1b70c81b74a430f9b4d7acc62805ed8
        Validity
            Not Before: Jan  2 15:50:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5a901e9b4cb798945b3fae6518bd416d873b7b06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ad:63:2f:1f:4a:0c:1d:bc:53:69:26:8c:4f:
                    bc:ba:77:4b:e7:ca:b8:d9:3b:48:5d:c3:f3:0b:eb:
                    64:9a:29:7a:b2:e9:98:f7:63:d4:93:4d:cc:6c:4b:
                    ff:55:47:0c:4c:fd:a7:d3:d6:4d:70:28:95:81:09:
                    b5:42:1b:d5:b0:b8:0c:8f:0a:aa:f6:25:cc:10:82:
                    a0:0f:7e:f3:e8:61:b4:a7:bc:c5:4a:b2:7e:c8:ca:
                    64:e8:91:2b:67:9e:cb:dc:e8:59:d2:91:a2:84:e2:
                    57:4a:8c:31:51:ec:ee:3d:30:91:29:ac:83:d4:59:
                    da:4c:20:eb:99:8e:a4:ed:9e:5d:1e:f4:b4:25:c4:
                    1b:ec:bf:51:26:4e:87:ea:6f:ed:f5:31:d5:7c:7e:
                    10:5b:7e:ae:9a:45:7e:61:63:8b:d5:ab:31:a0:9c:
                    57:ce:3c:02:d6:f4:61:5a:b0:1a:7f:31:5f:e2:1d:
                    f3:35:d5:0d:77:d8:43:78:f8:98:94:f6:79:84:55:
                    1a:62:15:b3:cf:86:c5:be:41:3a:b8:db:1d:47:26:
                    59:71:66:d2:29:bb:24:f5:ef:e0:be:25:ba:32:a4:
                    76:e7:19:eb:49:dd:04:16:79:fb:d5:a5:0b:c5:cc:
                    e9:46:4c:52:66:24:75:82:1f:9d:be:4e:28:77:68:
                    33:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:90:1E:9B:4C:B7:98:94:5B:3F:AE:65:18:BD:41:6D:87:3B:7B:06
            X509v3 Authority Key Identifier:
                keyid:A2:CA:37:DE:D1:B7:0C:81:B7:4A:43:0F:9B:4D:7A:CC:62:80:5E:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oso33tG3DIG3SkMPm016zGKAXtg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/b2ace7-48db-4f7d-917f-306189d5c049/1/WpAem0y3mJRbP65lGL1BbYc7ewY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/b2ace7-48db-4f7d-917f-306189d5c049/1/oso33tG3DIG3SkMPm016zGKAXtg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.45.97.0/24
                IPv6:
                  2a04:a181::/32

    Signature Algorithm: sha256WithRSAEncryption
         0f:47:f6:ec:1c:2d:b7:68:84:1a:f0:53:e5:c2:01:55:74:18:
         8a:cd:8d:eb:a4:81:2c:8a:df:1a:4c:3b:d7:1d:a9:43:ee:36:
         4b:42:c3:97:96:de:f7:cc:c8:8c:23:0b:78:57:12:50:a9:a0:
         d8:18:6f:01:3f:b6:7e:12:49:f2:4e:d2:dc:99:6e:ab:8d:a3:
         49:6e:96:2a:82:20:c8:70:1d:02:38:68:a9:86:c6:69:24:22:
         8d:ee:52:e1:04:82:57:2c:63:32:bc:a9:b1:fb:f3:e6:2f:40:
         ff:79:11:bd:94:74:05:e3:8d:30:2e:43:d0:91:1f:ca:ed:6c:
         3e:c4:36:ac:42:9b:67:a1:c4:ff:55:01:41:32:c8:ce:e5:35:
         29:38:c2:f9:05:52:b2:e2:65:fd:da:8b:c0:80:10:99:56:49:
         fb:2f:9f:8a:20:ef:91:d5:eb:16:40:1e:6a:3f:f6:6f:5a:d4:
         77:26:5e:3d:eb:16:8e:c4:3f:ba:33:67:2e:ee:f0:09:74:a0:
         7f:84:7b:ef:94:c2:6b:f7:d2:40:e8:23:37:9d:bd:ac:02:ce:
         82:40:61:c4:61:b5:24:88:02:ee:2e:46:0b:ed:e0:0d:8f:cb:
         c1:68:5f:c4:a8:0e:58:66:b3:60:9d:ec:e8:73:13:58:53:8e:
         b0:25:c4:5d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQntiOW3xPKTL+WtgWK1F62MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyY2EzN2RlZDFiNzBjODFiNzRhNDMwZjliNGQ3YWNjNjI4
MDVlZDgwHhcNMjUwMTAyMTU1MDM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTkwMWU5YjRjYjc5ODk0NWIzZmFlNjUxOGJkNDE2ZDg3M2I3YjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt61jLx9KDB28U2kmjE+8undL58q4
2TtIXcPzC+tkmil6sumY92PUk03MbEv/VUcMTP2n09ZNcCiVgQm1QhvVsLgMjwqq
9iXMEIKgD37z6GG0p7zFSrJ+yMpk6JErZ57L3OhZ0pGihOJXSowxUezuPTCRKayD
1FnaTCDrmY6k7Z5dHvS0JcQb7L9RJk6H6m/t9THVfH4QW36umkV+YWOL1asxoJxX
zjwC1vRhWrAafzFf4h3zNdUNd9hDePiYlPZ5hFUaYhWzz4bFvkE6uNsdRyZZcWbS
Kbsk9e/gviW6MqR25xnrSd0EFnn71aULxczpRkxSZiR1gh+dvk4od2gzkwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFqQHptMt5iUWz+uZRi9QW2HO3sGMB8GA1UdIwQY
MBaAFKLKN97RtwyBt0pDD5tNesxigF7YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3NvMzN0RzNESUczU2tNUG0wMTZ6R0tBWHRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9iMmFjZTctNDhkYi00ZjdkLTkxN2Yt
MzA2MTg5ZDVjMDQ5LzEvV3BBZW0weTNtSlJiUDY1bEdMMUJiWWM3ZXdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9iMmFjZTctNDhkYi00ZjdkLTkxN2YtMzA2MTg5ZDVjMDQ5
LzEvb3NvMzN0RzNESUczU2tNUG0wMTZ6R0tBWHRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuS1hMA0E
AgACMAcDBQAqBKGBMA0GCSqGSIb3DQEBCwUAA4IBAQAPR/bsHC23aIQa8FPlwgFV
dBiKzY3rpIEsit8aTDvXHalD7jZLQsOXlt73zMiMIwt4VxJQqaDYGG8BP7Z+Ekny
TtLcmW6rjaNJbpYqgiDIcB0COGiphsZpJCKN7lLhBIJXLGMyvKmx+/PmL0D/eRG9
lHQF440wLkPQkR/K7Ww+xDasQptnocT/VQFBMsjO5TUpOML5BVKy4mX92ovAgBCZ
Vkn7L5+KIO+R1esWQB5qP/ZvWtR3Jl496xaOxD+6M2cu7vAJdKB/hHvvlMJr99JA
6CM3nb2sAs6CQGHEYbUkiALuLkYL7eANj8vBaF/EqA5YZrNgnezocxNYU46wJcRd
-----END CERTIFICATE-----