Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/WR7z7m7JZCweB81LV8VsoLwZDDI.roa
File:                     WR7z7m7JZCweB81LV8VsoLwZDDI.roa (raw, json)
Hash identifier:          n+zNUpOUwgPN3iy+Ul6bCia4Bw0P9Lb0d3EbTWyw+/I=
Subject key identifier:   59:1E:F3:EE:6E:C9:64:2C:1E:07:CD:4B:57:C5:6C:A0:BC:19:0C:32
Certificate issuer:       /CN=b72588c00eef715809eb5fdd6d6717cc28c0dfac
Certificate serial:       019428279EBDEEC9CBB6309FC7627F073FF5
Authority key identifier: B7:25:88:C0:0E:EF:71:58:09:EB:5F:DD:6D:67:17:CC:28:C0:DF:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tyWIwA7vcVgJ61_dbWcXzCjA36w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/WR7z7m7JZCweB81LV8VsoLwZDDI.roa
Signing time:             Thu 02 Jan 2025 17:54:32 +0000
ROA not before:           Thu 02 Jan 2025 17:54:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198580
IP address blocks:        193.32.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/tyWIwA7vcVgJ61_dbWcXzCjA36w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/tyWIwA7vcVgJ61_dbWcXzCjA36w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tyWIwA7vcVgJ61_dbWcXzCjA36w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:9e:bd:ee:c9:cb:b6:30:9f:c7:62:7f:07:3f:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72588c00eef715809eb5fdd6d6717cc28c0dfac
        Validity
            Not Before: Jan  2 17:54:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=591ef3ee6ec9642c1e07cd4b57c56ca0bc190c32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:e3:7e:d2:c1:4c:71:aa:81:13:9c:c5:b4:54:
                    32:34:8f:5b:48:3f:2a:15:d1:da:de:dd:3e:b8:c9:
                    3d:67:15:f7:27:89:81:2b:26:7a:51:28:ae:1b:04:
                    20:80:bd:bf:22:f1:64:0a:0d:bd:f5:37:c6:56:31:
                    47:95:40:5a:be:80:54:cf:09:11:0b:c5:9a:2d:e6:
                    92:1f:e0:f7:d5:95:92:bf:9b:e6:16:d1:7e:b7:e0:
                    ea:55:60:f7:b9:0d:3d:48:e5:fb:88:16:a6:e4:be:
                    65:ba:fa:76:a5:c2:4f:fc:24:54:e0:61:dd:9c:80:
                    dc:e0:86:ef:c4:cc:6d:05:fc:d5:a7:43:fc:65:7f:
                    e8:0f:da:7b:f2:13:27:03:a0:3c:95:24:33:4c:28:
                    94:7c:55:5f:7f:6d:20:a4:20:18:10:23:57:26:1b:
                    e3:b2:7e:d9:82:98:65:29:6f:78:54:c5:24:79:8d:
                    59:0f:19:37:59:d4:07:83:54:54:60:1f:27:66:e2:
                    57:69:45:fc:8c:dc:5b:56:53:78:85:0d:3b:fc:c6:
                    b8:31:b0:92:f5:49:46:fa:d5:9e:36:db:54:9f:09:
                    9d:e6:64:6c:49:4e:9c:1c:d8:1f:5d:f2:33:df:a6:
                    96:7f:8c:f6:79:71:eb:64:70:d4:28:ac:e3:37:7a:
                    a6:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:1E:F3:EE:6E:C9:64:2C:1E:07:CD:4B:57:C5:6C:A0:BC:19:0C:32
            X509v3 Authority Key Identifier:
                keyid:B7:25:88:C0:0E:EF:71:58:09:EB:5F:DD:6D:67:17:CC:28:C0:DF:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tyWIwA7vcVgJ61_dbWcXzCjA36w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/WR7z7m7JZCweB81LV8VsoLwZDDI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/tyWIwA7vcVgJ61_dbWcXzCjA36w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:9e:1f:8c:0c:b1:fd:75:39:b4:88:76:7b:34:7e:df:67:e9:
         13:a5:12:58:ef:30:95:18:2b:9c:fc:86:dc:26:67:e1:d4:3c:
         e3:c5:7a:32:a6:55:72:ee:f0:26:d5:34:d0:31:a8:98:4f:e9:
         34:91:16:1f:78:29:fd:96:3d:90:91:e5:d8:02:15:cd:0d:bd:
         fb:85:ad:e8:6b:d7:94:ed:54:a5:91:14:1d:59:56:00:b3:7c:
         43:ab:77:f7:99:97:c0:37:d4:a3:47:f1:ee:f7:2b:46:91:1b:
         db:2b:22:3d:1b:57:00:61:6c:07:7f:ec:e8:13:18:36:b5:80:
         48:8a:3e:a3:a6:5b:c5:64:dd:5b:15:3a:86:2b:76:87:61:42:
         7f:06:f6:0d:8a:9b:30:35:4a:3f:51:84:51:4e:0f:1b:3f:8d:
         1a:8e:96:b4:37:07:5c:ff:9e:3c:dd:1b:f3:e3:1d:74:6f:7a:
         56:4d:ad:32:eb:4e:fb:bc:df:b6:67:63:86:41:0a:ff:7e:31:
         c1:4b:76:0f:b8:7e:36:23:e3:a3:5b:64:e3:79:c9:c2:f3:33:
         4c:40:72:a5:37:99:45:2a:38:67:97:69:6c:8c:42:be:71:56:
         fb:44:55:0a:ec:10:a4:78:f4:06:b8:87:18:98:0d:d5:01:c7:
         57:1f:7e:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJ5697snLtjCfx2J/Bz/1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3MjU4OGMwMGVlZjcxNTgwOWViNWZkZDZkNjcxN2NjMjhj
MGRmYWMwHhcNMjUwMTAyMTc1NDMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTFlZjNlZTZlYzk2NDJjMWUwN2NkNGI1N2M1NmNhMGJjMTkwYzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquN+0sFMcaqBE5zFtFQyNI9bSD8q
FdHa3t0+uMk9ZxX3J4mBKyZ6USiuGwQggL2/IvFkCg299TfGVjFHlUBavoBUzwkR
C8WaLeaSH+D31ZWSv5vmFtF+t+DqVWD3uQ09SOX7iBam5L5luvp2pcJP/CRU4GHd
nIDc4IbvxMxtBfzVp0P8ZX/oD9p78hMnA6A8lSQzTCiUfFVff20gpCAYECNXJhvj
sn7ZgphlKW94VMUkeY1ZDxk3WdQHg1RUYB8nZuJXaUX8jNxbVlN4hQ07/Ma4MbCS
9UlG+tWeNttUnwmd5mRsSU6cHNgfXfIz36aWf4z2eXHrZHDUKKzjN3qmfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFke8+5uyWQsHgfNS1fFbKC8GQwyMB8GA1UdIwQY
MBaAFLcliMAO73FYCetf3W1nF8wowN+sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlXSXdBN3ZjVmdKNjFfZGJXY1h6Q2pBMzZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9lYmJhYzktZmVlNy00ZjNiLThjZDUt
N2E0MTI1NGVhYWNhLzEvV1I3ejdtN0paQ3dlQjgxTFY4VnNvTHdaRERJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9lYmJhYzktZmVlNy00ZjNiLThjZDUtN2E0MTI1NGVhYWNh
LzEvdHlXSXdBN3ZjVmdKNjFfZGJXY1h6Q2pBMzZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSDLMA0G
CSqGSIb3DQEBCwUAA4IBAQCUnh+MDLH9dTm0iHZ7NH7fZ+kTpRJY7zCVGCuc/Ibc
Jmfh1DzjxXoyplVy7vAm1TTQMaiYT+k0kRYfeCn9lj2QkeXYAhXNDb37ha3oa9eU
7VSlkRQdWVYAs3xDq3f3mZfAN9SjR/Hu9ytGkRvbKyI9G1cAYWwHf+zoExg2tYBI
ij6jplvFZN1bFTqGK3aHYUJ/BvYNipswNUo/UYRRTg8bP40ajpa0Nwdc/5483Rvz
4x10b3pWTa0y6077vN+2Z2OGQQr/fjHBS3YPuH42I+OjW2TjecnC8zNMQHKlN5lF
Kjhnl2lsjEK+cVb7RFUK7BCkePQGuIcYmA3VAcdXH35T
-----END CERTIFICATE-----