Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/0e0c90-717f-40ea-b17e-e6f9db74139d/1/WfIQgLqg5iDOkRknXs8LwTd___8.roa
File:                     WfIQgLqg5iDOkRknXs8LwTd___8.roa (raw, json)
Hash identifier:          2fUIvuzipETi107axsQwvDcKefOjWiKRaZgxPs7El0w=
Subject key identifier:   59:F2:10:80:BA:A0:E6:20:CE:91:19:27:5E:CF:0B:C1:37:7F:FF:FF
Certificate issuer:       /CN=1627573c68929ab2a4590e92a51abc40ea9e5817
Certificate serial:       019427B3EAEF93BC9957A0E7F2CA67AD11FF
Authority key identifier: 16:27:57:3C:68:92:9A:B2:A4:59:0E:92:A5:1A:BC:40:EA:9E:58:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FidXPGiSmrKkWQ6SpRq8QOqeWBc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/0e0c90-717f-40ea-b17e-e6f9db74139d/1/WfIQgLqg5iDOkRknXs8LwTd___8.roa
Signing time:             Thu 02 Jan 2025 15:48:09 +0000
ROA not before:           Thu 02 Jan 2025 15:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50033
IP address blocks:        185.60.162.0/24 maxlen: 24
                          185.161.124.0/22 maxlen: 22
                          185.211.52.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/0e0c90-717f-40ea-b17e-e6f9db74139d/1/FidXPGiSmrKkWQ6SpRq8QOqeWBc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/0e0c90-717f-40ea-b17e-e6f9db74139d/1/FidXPGiSmrKkWQ6SpRq8QOqeWBc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FidXPGiSmrKkWQ6SpRq8QOqeWBc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b3:ea:ef:93:bc:99:57:a0:e7:f2:ca:67:ad:11:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1627573c68929ab2a4590e92a51abc40ea9e5817
        Validity
            Not Before: Jan  2 15:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=59f21080baa0e620ce9119275ecf0bc1377fffff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:9a:26:a9:54:2a:5c:be:ab:2f:a3:10:11:a9:
                    59:a4:60:52:2e:86:fe:77:12:1e:1a:40:e9:c0:f5:
                    29:0d:a5:c7:38:68:5c:04:07:d0:aa:7b:13:30:35:
                    6b:6c:9d:3b:d0:a2:f3:92:ae:d2:8a:34:5a:b0:cb:
                    67:b5:ac:26:69:0d:62:aa:12:cd:76:42:01:7b:e5:
                    82:8a:42:50:bf:f8:65:cb:56:47:cd:14:43:2b:e2:
                    c0:65:51:5b:68:fe:3a:57:ec:75:e9:5c:92:c6:e7:
                    fb:c8:63:6c:57:30:f6:25:5c:fa:f4:19:75:f6:37:
                    7e:47:bd:77:cb:7f:a5:a5:6d:7c:95:10:4b:aa:ef:
                    cb:6f:b3:74:af:27:66:75:6c:b4:37:27:71:12:03:
                    ae:8d:49:e3:87:26:27:e2:eb:4f:7f:77:f6:cc:6e:
                    d9:62:9d:98:33:5f:78:48:82:01:3c:e8:7f:83:37:
                    09:a9:50:98:c7:fa:1e:20:2b:63:5a:25:aa:eb:ee:
                    d7:06:37:f2:7f:ee:08:c1:cd:d5:60:f8:8f:16:e0:
                    bc:88:89:d4:f0:96:a9:f2:05:30:4e:8b:83:e3:96:
                    f7:c2:3d:9f:c2:f0:1a:1f:87:80:ab:68:32:64:e6:
                    e4:ee:8e:a2:e8:7c:32:43:e4:2c:ff:09:04:f3:2d:
                    ca:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:F2:10:80:BA:A0:E6:20:CE:91:19:27:5E:CF:0B:C1:37:7F:FF:FF
            X509v3 Authority Key Identifier:
                keyid:16:27:57:3C:68:92:9A:B2:A4:59:0E:92:A5:1A:BC:40:EA:9E:58:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FidXPGiSmrKkWQ6SpRq8QOqeWBc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/0e0c90-717f-40ea-b17e-e6f9db74139d/1/WfIQgLqg5iDOkRknXs8LwTd___8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/0e0c90-717f-40ea-b17e-e6f9db74139d/1/FidXPGiSmrKkWQ6SpRq8QOqeWBc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.60.162.0/24
                  185.161.124.0/22
                  185.211.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         06:a9:e5:bb:3e:f4:ff:1e:b9:19:59:7f:c0:4a:1e:67:46:2e:
         bc:6c:c5:d3:84:bf:6b:06:5b:af:3a:6d:79:27:ea:cd:8f:fe:
         df:d2:1c:ca:27:f4:54:1d:59:b0:ce:72:20:7e:40:6e:5c:2d:
         42:4b:29:98:0c:3c:50:8a:43:a9:7c:54:ea:83:68:fe:01:12:
         13:f7:bd:8f:04:35:c9:95:32:3f:bb:61:73:71:fa:22:08:71:
         97:c8:5b:82:9a:3e:23:d2:29:38:73:dd:0b:22:0c:ba:b4:37:
         6f:3f:02:79:0e:86:7a:be:a3:bd:df:70:d0:9e:ad:58:f6:fc:
         92:fd:22:12:ad:35:35:04:8c:ab:71:3a:fb:04:c6:23:3f:32:
         94:03:f3:2e:c2:54:55:c8:21:1f:18:05:f4:12:9f:12:41:1a:
         56:92:6d:0d:64:8f:c2:d7:67:ee:1d:c9:42:5b:9f:13:d8:73:
         18:6b:5b:62:38:09:8f:90:5b:bf:e3:ea:ca:22:8d:99:28:f9:
         be:49:73:dd:a8:bf:d3:ad:43:d4:19:82:8d:7b:2a:87:db:23:
         c0:62:f2:cc:d8:8c:f1:63:e8:d1:d6:2b:40:05:26:c5:2b:a1:
         59:54:97:a9:5b:b3:f7:cf:b3:00:22:80:78:54:1e:8d:a7:8e:
         2e:d9:61:a6
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQns+rvk7yZV6Dn8spnrRH/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2Mjc1NzNjNjg5MjlhYjJhNDU5MGU5MmE1MWFiYzQwZWE5
ZTU4MTcwHhcNMjUwMTAyMTU0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWYyMTA4MGJhYTBlNjIwY2U5MTE5Mjc1ZWNmMGJjMTM3N2ZmZmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2JomqVQqXL6rL6MQEalZpGBSLob+
dxIeGkDpwPUpDaXHOGhcBAfQqnsTMDVrbJ070KLzkq7SijRasMtntawmaQ1iqhLN
dkIBe+WCikJQv/hly1ZHzRRDK+LAZVFbaP46V+x16VySxuf7yGNsVzD2JVz69Bl1
9jd+R713y3+lpW18lRBLqu/Lb7N0rydmdWy0NydxEgOujUnjhyYn4utPf3f2zG7Z
Yp2YM194SIIBPOh/gzcJqVCYx/oeICtjWiWq6+7XBjfyf+4Iwc3VYPiPFuC8iInU
8Jap8gUwTouD45b3wj2fwvAaH4eAq2gyZObk7o6i6HwyQ+Qs/wkE8y3KeQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFnyEIC6oOYgzpEZJ17PC8E3f///MB8GA1UdIwQY
MBaAFBYnVzxokpqypFkOkqUavEDqnlgXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmlkWFBHaVNtcktrV1E2U3BScThRT3FlV0JjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi8wZTBjOTAtNzE3Zi00MGVhLWIxN2Ut
ZTZmOWRiNzQxMzlkLzEvV2ZJUWdMcWc1aURPa1JrblhzOEx3VGRfX184LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi8wZTBjOTAtNzE3Zi00MGVhLWIxN2UtZTZmOWRiNzQxMzlk
LzEvRmlkWFBHaVNtcktrV1E2U3BScThRT3FlV0JjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAuTyiAwQC
uaF8AwQCudM0MA0GCSqGSIb3DQEBCwUAA4IBAQAGqeW7PvT/HrkZWX/ASh5nRi68
bMXThL9rBluvOm15J+rNj/7f0hzKJ/RUHVmwznIgfkBuXC1CSymYDDxQikOpfFTq
g2j+ARIT972PBDXJlTI/u2FzcfoiCHGXyFuCmj4j0ik4c90LIgy6tDdvPwJ5DoZ6
vqO933DQnq1Y9vyS/SISrTU1BIyrcTr7BMYjPzKUA/MuwlRVyCEfGAX0Ep8SQRpW
km0NZI/C12fuHclCW58T2HMYa1tiOAmPkFu/4+rKIo2ZKPm+SXPdqL/TrUPUGYKN
eyqH2yPAYvLM2IzxY+jR1itABSbFK6FZVJepW7P3z7MAIoB4VB6Np44u2WGm
-----END CERTIFICATE-----