Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/WTBCbSxb7h1w4Up4KNg9SZTnE6c.roa
File:                     WTBCbSxb7h1w4Up4KNg9SZTnE6c.roa (raw, json)
Hash identifier:          zGDl99MvN6NddN0ACg6xKrKwSNupTCXGaQXZUdGsWZY=
Subject key identifier:   59:30:42:6D:2C:5B:EE:1D:70:E1:4A:78:28:D8:3D:49:94:E7:13:A7
Certificate issuer:       /CN=0551605b675ece4e0fce7175ae31a93fa8272ba6
Certificate serial:       0194274746ADCF805AA9CCBADEDFD5A009C2
Authority key identifier: 05:51:60:5B:67:5E:CE:4E:0F:CE:71:75:AE:31:A9:3F:A8:27:2B:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/WTBCbSxb7h1w4Up4KNg9SZTnE6c.roa
Signing time:             Thu 02 Jan 2025 13:49:30 +0000
ROA not before:           Thu 02 Jan 2025 13:49:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     136744
IP address blocks:        185.104.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:46:ad:cf:80:5a:a9:cc:ba:de:df:d5:a0:09:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0551605b675ece4e0fce7175ae31a93fa8272ba6
        Validity
            Not Before: Jan  2 13:49:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5930426d2c5bee1d70e14a7828d83d4994e713a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:87:36:a2:2d:0a:2f:d3:e5:54:59:86:3d:df:
                    f1:5a:8e:90:7d:e4:c3:97:7e:a3:87:c8:f5:15:37:
                    d9:2f:72:70:7d:7e:24:d3:d9:26:02:24:f8:25:f1:
                    8a:75:d9:a2:3f:9c:a0:8f:97:a4:f6:cd:9b:7b:5c:
                    f5:a8:82:3b:56:39:50:9f:3a:31:25:c9:d3:b4:30:
                    d0:ec:d2:eb:83:14:86:2c:57:09:30:77:2f:5e:96:
                    3b:c7:9b:2a:9b:bf:1e:3e:8c:c4:66:3e:a2:b6:88:
                    ed:5b:37:98:1d:16:ef:d9:a1:8c:42:91:a9:98:28:
                    0d:46:62:0d:d3:44:3d:89:1f:fa:2f:b7:af:c4:a8:
                    d2:ba:55:4e:a4:af:3f:70:6e:fd:f2:bd:2b:5b:d1:
                    e8:de:8a:0e:3d:26:f3:24:7e:5b:e1:64:b7:bb:c8:
                    fa:8d:66:3a:27:bd:65:c4:c8:c1:7e:c8:3f:c4:ad:
                    16:6d:bd:d8:ba:05:19:eb:c3:80:d7:b0:62:4a:7f:
                    78:57:9a:00:11:38:41:69:da:a2:d1:84:fd:4c:df:
                    0a:74:0b:0d:72:e1:8c:98:65:89:54:30:03:96:91:
                    ec:fc:6f:90:b0:42:e5:fd:ad:64:ea:3a:78:f9:56:
                    bc:16:00:bd:ed:c7:65:d9:03:37:ab:88:cb:3e:86:
                    aa:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:30:42:6D:2C:5B:EE:1D:70:E1:4A:78:28:D8:3D:49:94:E7:13:A7
            X509v3 Authority Key Identifier:
                keyid:05:51:60:5B:67:5E:CE:4E:0F:CE:71:75:AE:31:A9:3F:A8:27:2B:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/WTBCbSxb7h1w4Up4KNg9SZTnE6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.104.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:2d:de:98:35:0d:8c:78:82:da:31:af:d8:e7:97:3d:53:39:
         3c:23:eb:31:29:6b:70:2c:7a:4e:59:b2:b4:30:67:1c:3f:8d:
         72:f9:28:9b:98:52:53:a9:70:96:b9:80:2e:b3:15:fd:70:62:
         af:ff:96:59:90:1b:d4:bb:1f:f3:bf:a0:30:58:ff:59:9b:2b:
         0e:1b:4d:0f:70:e2:78:88:84:ec:48:f0:c5:35:f7:49:43:31:
         3e:1d:29:7f:e9:93:64:4a:11:68:c0:6f:d1:c8:df:92:46:e7:
         4b:af:a5:a3:b3:21:c1:c3:34:07:a2:0b:8b:22:89:a6:4d:4e:
         a8:2f:57:dc:6b:90:48:31:94:cb:86:8c:0e:cc:72:3a:56:2f:
         51:27:2c:86:15:20:a9:58:56:05:fb:58:62:7d:fa:17:b8:55:
         8f:60:9a:82:bf:62:39:ad:04:5a:ec:21:95:8c:c3:e8:0c:b1:
         2a:11:bb:1d:e5:12:01:bb:71:3e:f6:69:55:ad:4c:ee:92:cf:
         81:74:02:ef:49:f3:64:ca:f6:8b:f7:88:a3:6e:54:da:90:3c:
         69:de:66:0a:76:fd:41:c1:d3:51:fd:39:c9:35:34:d4:14:9b:
         36:29:5e:27:9d:ef:44:01:41:6d:18:24:9a:af:93:44:38:dd:
         c6:a7:3e:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR0atz4Baqcy63t/VoAnCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NTE2MDViNjc1ZWNlNGUwZmNlNzE3NWFlMzFhOTNmYTgy
NzJiYTYwHhcNMjUwMTAyMTM0OTMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTMwNDI2ZDJjNWJlZTFkNzBlMTRhNzgyOGQ4M2Q0OTk0ZTcxM2E3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4c2oi0KL9PlVFmGPd/xWo6QfeTD
l36jh8j1FTfZL3JwfX4k09kmAiT4JfGKddmiP5ygj5ek9s2be1z1qII7VjlQnzox
JcnTtDDQ7NLrgxSGLFcJMHcvXpY7x5sqm78ePozEZj6itojtWzeYHRbv2aGMQpGp
mCgNRmIN00Q9iR/6L7evxKjSulVOpK8/cG798r0rW9Ho3ooOPSbzJH5b4WS3u8j6
jWY6J71lxMjBfsg/xK0Wbb3YugUZ68OA17BiSn94V5oAEThBadqi0YT9TN8KdAsN
cuGMmGWJVDADlpHs/G+QsELl/a1k6jp4+Va8FgC97cdl2QM3q4jLPoaqfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFkwQm0sW+4dcOFKeCjYPUmU5xOnMB8GA1UdIwQY
MBaAFAVRYFtnXs5OD85xda4xqT+oJyumMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlZGZ1cyZGV6azRQem5GMXJqR3BQNmduSzZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yOGVhNDUtN2QzMC00NmRmLThmMmEt
MDc3OWY0OGVjZWEwLzEvV1RCQ2JTeGI3aDF3NFVwNEtOZzlTWlRuRTZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yOGVhNDUtN2QzMC00NmRmLThmMmEtMDc3OWY0OGVjZWEw
LzEvQlZGZ1cyZGV6azRQem5GMXJqR3BQNmduSzZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWgMMA0G
CSqGSIb3DQEBCwUAA4IBAQBSLd6YNQ2MeILaMa/Y55c9Uzk8I+sxKWtwLHpOWbK0
MGccP41y+SibmFJTqXCWuYAusxX9cGKv/5ZZkBvUux/zv6AwWP9ZmysOG00PcOJ4
iITsSPDFNfdJQzE+HSl/6ZNkShFowG/RyN+SRudLr6WjsyHBwzQHoguLIommTU6o
L1fca5BIMZTLhowOzHI6Vi9RJyyGFSCpWFYF+1hiffoXuFWPYJqCv2I5rQRa7CGV
jMPoDLEqEbsd5RIBu3E+9mlVrUzuks+BdALvSfNkyvaL94ijblTakDxp3mYKdv1B
wdNR/TnJNTTUFJs2KV4nne9EAUFtGCSar5NEON3Gpz7Z
-----END CERTIFICATE-----