Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/wfITNTDyqiUe-LVecDlYFKVimrQ.roa
File:                     wfITNTDyqiUe-LVecDlYFKVimrQ.roa (raw, json)
Hash identifier:          uHfloZAuyQCzkgpTWOj4j4RrVw11dgC68w6de5byQNE=
Subject key identifier:   C1:F2:13:35:30:F2:AA:25:1E:F8:B5:5E:70:39:58:14:A5:62:9A:B4
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       019424B3AD2AE7E41CAD7CBBFD9A3483A6FF
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/wfITNTDyqiUe-LVecDlYFKVimrQ.roa
Signing time:             Thu 02 Jan 2025 01:49:02 +0000
ROA not before:           Thu 02 Jan 2025 01:49:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43624
IP address blocks:        94.131.96.0/24 maxlen: 24
                          94.131.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:19:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:ad:2a:e7:e4:1c:ad:7c:bb:fd:9a:34:83:a6:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Jan  2 01:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c1f2133530f2aa251ef8b55e70395814a5629ab4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:48:f2:a2:3b:72:09:f0:3f:12:e0:ac:3a:10:
                    1c:85:9d:7f:ba:6e:68:08:7d:1e:40:38:9c:41:b8:
                    1c:fc:69:82:90:02:84:63:b3:62:a4:9c:df:ab:00:
                    b9:a1:b8:5e:83:88:42:5e:83:08:fd:3c:fe:d5:ef:
                    7a:e4:47:c8:6a:35:f2:6e:a0:f6:36:20:2d:25:a6:
                    f9:d3:19:c9:85:8e:15:04:fa:e3:85:ed:80:c4:d3:
                    5f:ab:2e:52:af:11:71:94:56:1a:94:89:f0:ba:d6:
                    7c:46:13:7b:ba:eb:4f:10:78:71:27:c3:75:be:4f:
                    3d:20:91:b9:9b:2c:85:d3:df:3e:03:1a:d8:3a:61:
                    b3:cb:20:5a:99:31:5d:63:0c:0d:6b:4f:96:aa:d8:
                    88:57:c9:0f:a1:77:5b:ee:23:89:9d:c0:da:92:47:
                    6b:da:b5:7c:07:fc:26:62:70:63:b3:45:06:cc:62:
                    c6:88:85:be:7c:73:b3:4c:33:49:13:b3:8e:fd:8a:
                    67:12:7e:76:aa:00:15:90:c8:6f:03:b0:07:bb:9f:
                    4e:2f:09:64:4e:d7:c3:c5:ae:d9:f7:ab:c7:ae:4f:
                    ef:93:ef:d8:0e:0b:6f:0c:01:18:ab:d3:e5:7c:a4:
                    94:b7:85:84:fa:ee:c4:84:54:82:86:74:ef:a6:15:
                    c7:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:F2:13:35:30:F2:AA:25:1E:F8:B5:5E:70:39:58:14:A5:62:9A:B4
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/wfITNTDyqiUe-LVecDlYFKVimrQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.96.0/23

    Signature Algorithm: sha256WithRSAEncryption
         61:ee:01:40:3e:53:dd:bf:f7:ba:b0:32:4d:c2:10:4f:ef:39:
         f2:78:5e:4d:6a:86:16:c8:ee:69:ec:0e:88:60:6c:e2:89:b9:
         94:05:8e:db:fb:a0:bf:28:27:a7:fa:a3:ad:01:c3:e5:4e:eb:
         5d:9d:fe:78:78:f7:4a:d5:6c:0e:ff:fb:06:28:1f:89:af:df:
         4c:f3:6e:8d:d5:a5:27:cd:de:1b:72:05:93:5b:50:76:93:40:
         56:1d:f5:75:df:3b:d0:b4:fc:32:c9:d5:e6:b5:8f:4b:51:bc:
         d4:ea:d9:8f:1c:45:34:d2:d1:5f:51:41:3a:28:78:5f:80:52:
         f2:b7:b1:61:8f:8c:01:1e:e2:94:07:11:27:ff:c1:72:6e:00:
         51:9a:de:49:af:18:93:83:56:2f:c6:05:56:5e:79:88:6e:e7:
         8d:6f:c1:7f:ba:70:71:66:80:5f:bf:7b:b8:17:ed:9c:c7:98:
         2d:57:5c:5c:ef:16:6c:61:b1:7c:08:eb:45:ea:3a:c8:e5:7a:
         3e:ef:68:f7:c3:ff:c9:7b:aa:4c:5b:93:08:42:2a:de:97:e8:
         d6:67:01:5b:3d:15:a8:03:bd:00:4b:d4:99:a2:d8:a9:59:53:
         97:f8:05:7c:07:c2:5f:4d:94:61:d2:f8:a2:9f:bb:c5:84:50:
         61:50:8b:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks60q5+QcrXy7/Zo0g6b/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjUwMTAyMDE0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWYyMTMzNTMwZjJhYTI1MWVmOGI1NWU3MDM5NTgxNGE1NjI5YWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn0jyojtyCfA/EuCsOhAchZ1/um5o
CH0eQDicQbgc/GmCkAKEY7NipJzfqwC5obheg4hCXoMI/Tz+1e965EfIajXybqD2
NiAtJab50xnJhY4VBPrjhe2AxNNfqy5SrxFxlFYalInwutZ8RhN7uutPEHhxJ8N1
vk89IJG5myyF098+AxrYOmGzyyBamTFdYwwNa0+WqtiIV8kPoXdb7iOJncDakkdr
2rV8B/wmYnBjs0UGzGLGiIW+fHOzTDNJE7OO/YpnEn52qgAVkMhvA7AHu59OLwlk
TtfDxa7Z96vHrk/vk+/YDgtvDAEYq9PlfKSUt4WE+u7EhFSChnTvphXHuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMHyEzUw8qolHvi1XnA5WBSlYpq0MB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvd2ZJVE5URHlxaVVlLUxWZWNEbFlGS1ZpbXJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXoNgMA0G
CSqGSIb3DQEBCwUAA4IBAQBh7gFAPlPdv/e6sDJNwhBP7znyeF5NaoYWyO5p7A6I
YGziibmUBY7b+6C/KCen+qOtAcPlTutdnf54ePdK1WwO//sGKB+Jr99M826N1aUn
zd4bcgWTW1B2k0BWHfV13zvQtPwyydXmtY9LUbzU6tmPHEU00tFfUUE6KHhfgFLy
t7Fhj4wBHuKUBxEn/8FybgBRmt5JrxiTg1YvxgVWXnmIbueNb8F/unBxZoBfv3u4
F+2cx5gtV1xc7xZsYbF8COtF6jrI5Xo+72j3w//Je6pMW5MIQirel+jWZwFbPRWo
A70AS9SZotipWVOX+AV8B8JfTZRh0viin7vFhFBhUItv
-----END CERTIFICATE-----