Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/632dc0-4d2d-40c2-ab65-c38b1f9d457c/1/wwWaYglYvidSGODSVzyMsR7AE4k.roa
File:                     wwWaYglYvidSGODSVzyMsR7AE4k.roa (raw, json)
Hash identifier:          GL1hAfbFxjEmGpVQaoVaKQIBWoyn5obmjisb8HeWcZY=
Subject key identifier:   C3:05:9A:62:09:58:BE:27:52:18:E0:D2:57:3C:8C:B1:1E:C0:13:89
Certificate issuer:       /CN=bc35904e24db0e990495a3445e77d1136ed618d7
Certificate serial:       019426D96E4715B376D48F4F2A1F4D7B76C2
Authority key identifier: BC:35:90:4E:24:DB:0E:99:04:95:A3:44:5E:77:D1:13:6E:D6:18:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vDWQTiTbDpkElaNEXnfRE27WGNc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/632dc0-4d2d-40c2-ab65-c38b1f9d457c/1/wwWaYglYvidSGODSVzyMsR7AE4k.roa
Signing time:             Thu 02 Jan 2025 11:49:31 +0000
ROA not before:           Thu 02 Jan 2025 11:49:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     398704
IP address blocks:        213.165.32.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/632dc0-4d2d-40c2-ab65-c38b1f9d457c/1/vDWQTiTbDpkElaNEXnfRE27WGNc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/632dc0-4d2d-40c2-ab65-c38b1f9d457c/1/vDWQTiTbDpkElaNEXnfRE27WGNc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vDWQTiTbDpkElaNEXnfRE27WGNc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:6e:47:15:b3:76:d4:8f:4f:2a:1f:4d:7b:76:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc35904e24db0e990495a3445e77d1136ed618d7
        Validity
            Not Before: Jan  2 11:49:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c3059a620958be275218e0d2573c8cb11ec01389
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:6d:6d:fc:c3:e1:cc:31:f3:30:f2:2c:23:fd:
                    d3:5d:2b:2e:83:d0:55:17:72:ff:82:39:b5:15:93:
                    bd:8f:9f:eb:4c:f5:28:4a:77:f2:e0:0a:8e:ab:f5:
                    f9:f8:2e:dd:0b:0b:ce:e9:02:4e:47:9f:7c:14:bd:
                    0f:67:e6:8d:01:05:89:e8:04:c9:d9:93:fb:54:2a:
                    8c:44:e8:2f:41:27:74:ec:fb:d3:b9:b6:40:23:f6:
                    c7:64:e5:c9:a0:04:57:1e:26:b5:9d:b0:dc:77:e0:
                    c3:94:03:30:c5:d4:02:e0:7a:0a:b2:bf:ca:41:cd:
                    33:db:5e:b5:19:6a:24:66:37:6a:c7:43:5e:48:bf:
                    1f:01:5a:3b:32:96:1c:aa:12:8a:ae:b8:22:eb:9a:
                    79:42:90:e7:2e:26:93:32:9d:b7:a9:4c:e7:d0:7d:
                    ee:8e:4a:65:8b:e4:23:eb:0a:97:af:ea:77:48:f8:
                    82:ce:0b:75:5d:4c:33:21:07:d9:7c:fc:28:7b:cf:
                    2a:45:56:1d:b2:c2:cc:f4:84:36:18:0d:81:68:44:
                    6a:5f:6c:c8:5e:9a:7e:8a:3b:c0:ce:83:b9:6e:d2:
                    27:64:54:43:6b:b1:87:01:dd:f2:b6:ea:75:2d:95:
                    4a:b7:84:f4:3d:52:85:13:8b:47:dc:23:29:9c:21:
                    5f:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:05:9A:62:09:58:BE:27:52:18:E0:D2:57:3C:8C:B1:1E:C0:13:89
            X509v3 Authority Key Identifier:
                keyid:BC:35:90:4E:24:DB:0E:99:04:95:A3:44:5E:77:D1:13:6E:D6:18:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vDWQTiTbDpkElaNEXnfRE27WGNc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/632dc0-4d2d-40c2-ab65-c38b1f9d457c/1/wwWaYglYvidSGODSVzyMsR7AE4k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/632dc0-4d2d-40c2-ab65-c38b1f9d457c/1/vDWQTiTbDpkElaNEXnfRE27WGNc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.165.32.0/21

    Signature Algorithm: sha256WithRSAEncryption
         36:97:07:12:51:7c:43:d8:62:6e:51:e2:2c:b4:18:63:b8:e2:
         a8:00:c0:64:23:a3:ce:df:ea:53:9e:6b:dc:c1:a1:44:cf:ef:
         87:25:40:5d:0e:2a:bf:4d:bd:b0:52:df:67:70:01:27:6f:87:
         8d:4b:a4:01:5c:cf:d2:b0:bb:92:aa:6b:6b:42:82:3b:0b:da:
         53:46:88:84:ca:72:6c:75:08:a9:17:7c:54:5a:3e:b9:39:49:
         f1:1d:e7:d3:17:f6:f1:05:3f:8f:93:be:3c:5f:55:5e:7d:65:
         a8:97:40:83:d2:90:3f:b5:35:f9:74:6a:60:05:65:8f:a2:7a:
         d9:06:ae:71:f5:c5:ee:a1:84:20:42:74:74:39:5a:1a:7b:3a:
         52:1f:91:f1:3f:42:be:c9:8c:67:5b:72:bf:32:7a:16:17:5a:
         d9:da:f6:aa:25:e5:d5:4e:34:01:c5:39:2a:50:92:24:19:ba:
         5a:f9:30:e2:56:d8:bd:ac:a6:bb:d3:29:f2:06:d9:49:af:53:
         e9:e2:98:bc:d6:b0:cd:ea:24:2b:67:e9:cd:01:02:62:88:3a:
         c5:69:20:43:0c:8c:51:19:3b:80:46:2b:96:31:91:81:4b:53:
         bd:1e:a8:fb:69:2f:27:ba:db:26:06:fe:26:a4:d5:da:75:23:
         0e:3f:82:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2W5HFbN21I9PKh9Ne3bCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjMzU5MDRlMjRkYjBlOTkwNDk1YTM0NDVlNzdkMTEzNmVk
NjE4ZDcwHhcNMjUwMTAyMTE0OTMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzA1OWE2MjA5NThiZTI3NTIxOGUwZDI1NzNjOGNiMTFlYzAxMzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoG1t/MPhzDHzMPIsI/3TXSsug9BV
F3L/gjm1FZO9j5/rTPUoSnfy4AqOq/X5+C7dCwvO6QJOR598FL0PZ+aNAQWJ6ATJ
2ZP7VCqMROgvQSd07PvTubZAI/bHZOXJoARXHia1nbDcd+DDlAMwxdQC4HoKsr/K
Qc0z2161GWokZjdqx0NeSL8fAVo7MpYcqhKKrrgi65p5QpDnLiaTMp23qUzn0H3u
jkpli+Qj6wqXr+p3SPiCzgt1XUwzIQfZfPwoe88qRVYdssLM9IQ2GA2BaERqX2zI
Xpp+ijvAzoO5btInZFRDa7GHAd3ytup1LZVKt4T0PVKFE4tH3CMpnCFfNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMMFmmIJWL4nUhjg0lc8jLEewBOJMB8GA1UdIwQY
MBaAFLw1kE4k2w6ZBJWjRF530RNu1hjXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkRXUVRpVGJEcGtFbGFORVhuZlJFMjdXR05jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy82MzJkYzAtNGQyZC00MGMyLWFiNjUt
YzM4YjFmOWQ0NTdjLzEvd3dXYVlnbFl2aWRTR09EU1Z6eU1zUjdBRTRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy82MzJkYzAtNGQyZC00MGMyLWFiNjUtYzM4YjFmOWQ0NTdj
LzEvdkRXUVRpVGJEcGtFbGFORVhuZlJFMjdXR05jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD1aUgMA0G
CSqGSIb3DQEBCwUAA4IBAQA2lwcSUXxD2GJuUeIstBhjuOKoAMBkI6PO3+pTnmvc
waFEz++HJUBdDiq/Tb2wUt9ncAEnb4eNS6QBXM/SsLuSqmtrQoI7C9pTRoiEynJs
dQipF3xUWj65OUnxHefTF/bxBT+Pk748X1VefWWol0CD0pA/tTX5dGpgBWWPonrZ
Bq5x9cXuoYQgQnR0OVoaezpSH5HxP0K+yYxnW3K/MnoWF1rZ2vaqJeXVTjQBxTkq
UJIkGbpa+TDiVti9rKa70ynyBtlJr1Pp4pi81rDN6iQrZ+nNAQJiiDrFaSBDDIxR
GTuARiuWMZGBS1O9Hqj7aS8nutsmBv4mpNXadSMOP4IL
-----END CERTIFICATE-----