Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/wxZtKKgCuX_XkT9wjC8PBIL2aLI.roa
File:                     wxZtKKgCuX_XkT9wjC8PBIL2aLI.roa (raw, json)
Hash identifier:          tIV+HptpEfjZ8DjgmHhOJU8c4e/cERhkwqc7ixWl0UI=
Subject key identifier:   C3:16:6D:28:A8:02:B9:7F:D7:91:3F:70:8C:2F:0F:04:82:F6:68:B2
Certificate issuer:       /CN=621310302018a387c692146a35efd33a6ed6b1ef
Certificate serial:       019427B5981C9A1D30725E69C3813965AE35
Authority key identifier: 62:13:10:30:20:18:A3:87:C6:92:14:6A:35:EF:D3:3A:6E:D6:B1:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YhMQMCAYo4fGkhRqNe_TOm7Wse8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/wxZtKKgCuX_XkT9wjC8PBIL2aLI.roa
Signing time:             Thu 02 Jan 2025 15:49:59 +0000
ROA not before:           Thu 02 Jan 2025 15:49:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        185.151.146.0/24 maxlen: 24
                          185.179.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/YhMQMCAYo4fGkhRqNe_TOm7Wse8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/YhMQMCAYo4fGkhRqNe_TOm7Wse8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YhMQMCAYo4fGkhRqNe_TOm7Wse8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 12:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:98:1c:9a:1d:30:72:5e:69:c3:81:39:65:ae:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=621310302018a387c692146a35efd33a6ed6b1ef
        Validity
            Not Before: Jan  2 15:49:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c3166d28a802b97fd7913f708c2f0f0482f668b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:50:1b:d6:2f:ba:33:1d:7d:67:38:77:4c:65:
                    6e:27:fa:4b:48:b6:d4:30:9c:a3:76:6d:7c:1e:ef:
                    ee:fa:72:83:40:61:54:7a:4d:e0:17:69:8c:e5:75:
                    f9:eb:f6:20:cd:01:12:41:f0:75:25:12:8a:69:64:
                    20:a8:8a:c5:fe:f6:c7:a0:9f:51:dd:14:bc:47:16:
                    7e:66:c4:03:de:11:91:df:cd:67:63:36:0d:47:18:
                    6d:86:89:ff:63:af:68:85:58:d4:d5:fe:45:81:c4:
                    60:4d:22:9b:19:b4:89:a6:ff:9a:c8:9d:cc:aa:b2:
                    a9:2a:12:e1:1e:97:29:52:65:92:0d:97:55:4e:ca:
                    43:65:ab:02:7c:10:4f:a1:34:e6:29:91:f5:9b:6b:
                    fd:4d:ed:79:02:31:e2:15:f0:76:64:ce:89:be:c1:
                    68:15:48:32:58:c3:f9:7f:64:4d:8a:05:2b:73:19:
                    96:65:b7:63:b9:01:58:30:5a:2d:fe:31:57:12:0b:
                    11:3c:93:5a:1d:8b:b5:bc:c7:64:4a:12:f2:9f:49:
                    c0:9b:73:d6:38:37:e8:cb:0d:b7:8d:d5:85:53:db:
                    d4:d9:71:9d:81:83:5b:d1:48:b4:32:b2:7e:e2:62:
                    ef:33:f9:85:0f:92:2f:ca:a2:8d:66:f4:b2:b6:07:
                    8d:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:16:6D:28:A8:02:B9:7F:D7:91:3F:70:8C:2F:0F:04:82:F6:68:B2
            X509v3 Authority Key Identifier:
                keyid:62:13:10:30:20:18:A3:87:C6:92:14:6A:35:EF:D3:3A:6E:D6:B1:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YhMQMCAYo4fGkhRqNe_TOm7Wse8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/wxZtKKgCuX_XkT9wjC8PBIL2aLI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/YhMQMCAYo4fGkhRqNe_TOm7Wse8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.151.146.0/24
                  185.179.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:87:86:0e:aa:41:f6:d6:4e:f9:5b:23:aa:b5:35:53:a9:99:
         a3:ac:53:f4:7f:ca:42:0a:6c:82:0c:42:9a:4e:95:e5:89:8f:
         b5:28:d6:11:3f:e5:40:68:2e:26:ec:af:2d:38:3b:bd:91:a0:
         db:6b:e3:76:69:d9:b2:0f:0f:45:de:e9:41:be:4a:6e:bc:f3:
         0e:3a:04:2b:eb:04:2c:4e:4e:0d:62:69:29:45:cc:7f:fb:8f:
         65:9d:2e:3d:83:df:bc:d8:5e:98:1f:91:92:ea:e4:38:28:a4:
         ed:cf:38:18:27:01:bd:ef:71:c6:ff:ff:f3:3a:44:ad:f9:f2:
         ea:27:a0:85:b3:57:ae:a9:27:e2:c4:0d:c5:2c:50:81:a7:0e:
         2c:67:d2:1a:1d:26:85:63:ab:1f:2b:1b:17:49:cf:78:4f:f8:
         f5:36:f4:47:3e:f2:36:ce:ca:c6:80:b9:7f:21:f2:75:e4:c8:
         42:82:61:af:99:7c:8f:20:7f:43:d6:23:7f:dc:8f:1e:38:51:
         46:dc:75:02:a0:49:45:55:21:fd:24:95:be:61:4d:b6:6d:88:
         54:b7:b5:45:99:83:ba:40:99:b0:22:15:f1:42:f5:43:5d:ea:
         8e:9a:a0:0c:cc:f4:33:e5:cf:e2:d4:f0:28:8d:b6:86:59:de:
         bc:00:3e:33
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQntZgcmh0wcl5pw4E5Za41MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMTMxMDMwMjAxOGEzODdjNjkyMTQ2YTM1ZWZkMzNhNmVk
NmIxZWYwHhcNMjUwMTAyMTU0OTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzE2NmQyOGE4MDJiOTdmZDc5MTNmNzA4YzJmMGYwNDgyZjY2OGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj1Ab1i+6Mx19Zzh3TGVuJ/pLSLbU
MJyjdm18Hu/u+nKDQGFUek3gF2mM5XX56/YgzQESQfB1JRKKaWQgqIrF/vbHoJ9R
3RS8RxZ+ZsQD3hGR381nYzYNRxhthon/Y69ohVjU1f5FgcRgTSKbGbSJpv+ayJ3M
qrKpKhLhHpcpUmWSDZdVTspDZasCfBBPoTTmKZH1m2v9Te15AjHiFfB2ZM6JvsFo
FUgyWMP5f2RNigUrcxmWZbdjuQFYMFot/jFXEgsRPJNaHYu1vMdkShLyn0nAm3PW
ODfoyw23jdWFU9vU2XGdgYNb0Ui0MrJ+4mLvM/mFD5IvyqKNZvSytgeNjwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMMWbSioArl/15E/cIwvDwSC9miyMB8GA1UdIwQY
MBaAFGITEDAgGKOHxpIUajXv0zpu1rHvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWhNUU1DQVlvNGZHa2hScU5lX1RPbTdXc2U4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9mNThhYzgtNTNlOS00Y2E2LWFjYjIt
YmU1N2Q3ZGZhMGRlLzEvd3hadEtLZ0N1WF9Ya1Q5d2pDOFBCSUwyYUxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9mNThhYzgtNTNlOS00Y2E2LWFjYjItYmU1N2Q3ZGZhMGRl
LzEvWWhNUU1DQVlvNGZHa2hScU5lX1RPbTdXc2U4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuZeSAwQA
ubNbMA0GCSqGSIb3DQEBCwUAA4IBAQAdh4YOqkH21k75WyOqtTVTqZmjrFP0f8pC
CmyCDEKaTpXliY+1KNYRP+VAaC4m7K8tODu9kaDba+N2admyDw9F3ulBvkpuvPMO
OgQr6wQsTk4NYmkpRcx/+49lnS49g9+82F6YH5GS6uQ4KKTtzzgYJwG973HG///z
OkSt+fLqJ6CFs1euqSfixA3FLFCBpw4sZ9IaHSaFY6sfKxsXSc94T/j1NvRHPvI2
zsrGgLl/IfJ15MhCgmGvmXyPIH9D1iN/3I8eOFFG3HUCoElFVSH9JJW+YU22bYhU
t7VFmYO6QJmwIhXxQvVDXeqOmqAMzPQz5c/i1PAojbaGWd68AD4z
-----END CERTIFICATE-----