Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/b35be1-6673-4811-a707-ad027e95c5c7/1/wdTC4RawEs-5fFZUa4R_HIRxO2U.roa
File:                     wdTC4RawEs-5fFZUa4R_HIRxO2U.roa (raw, json)
Hash identifier:          Rtc4DEopTsErPd8Vo2cqobz/fHQCAfYf819UnyzhAlA=
Subject key identifier:   C1:D4:C2:E1:16:B0:12:CF:B9:7C:56:54:6B:84:7F:1C:84:71:3B:65
Certificate issuer:       /CN=f4ef5dba100a92b2444f3e512d01a592c01951c2
Certificate serial:       0194236A42C0A69904FCCDBB95C67F9209E8
Authority key identifier: F4:EF:5D:BA:10:0A:92:B2:44:4F:3E:51:2D:01:A5:92:C0:19:51:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9O9duhAKkrJETz5RLQGlksAZUcI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/b35be1-6673-4811-a707-ad027e95c5c7/1/wdTC4RawEs-5fFZUa4R_HIRxO2U.roa
Signing time:             Wed 01 Jan 2025 19:49:13 +0000
ROA not before:           Wed 01 Jan 2025 19:49:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215687
IP address blocks:        45.148.212.0/24 maxlen: 24
                          45.148.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/b35be1-6673-4811-a707-ad027e95c5c7/1/9O9duhAKkrJETz5RLQGlksAZUcI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/b35be1-6673-4811-a707-ad027e95c5c7/1/9O9duhAKkrJETz5RLQGlksAZUcI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9O9duhAKkrJETz5RLQGlksAZUcI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:42:c0:a6:99:04:fc:cd:bb:95:c6:7f:92:09:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4ef5dba100a92b2444f3e512d01a592c01951c2
        Validity
            Not Before: Jan  1 19:49:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c1d4c2e116b012cfb97c56546b847f1c84713b65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:8f:6f:3e:d5:ee:47:36:83:fb:93:9c:5a:7b:
                    10:a2:8f:9a:20:fd:da:2d:dd:5a:d2:a5:fa:37:ba:
                    1e:7c:10:67:cf:d1:c6:0f:2d:40:ff:cf:d5:b2:34:
                    04:29:62:cc:f7:75:2d:c7:98:4b:63:ac:16:1a:57:
                    cb:d4:bc:23:06:17:5f:17:7c:a2:19:96:4f:b2:e6:
                    09:1f:5a:08:08:fe:85:2f:16:d5:79:28:63:5a:9a:
                    7b:cd:a7:2f:04:bd:35:bb:f6:2d:a4:d5:8e:1b:08:
                    64:50:0b:aa:e0:3f:9c:da:69:de:8b:41:8e:f3:ce:
                    2a:43:59:d4:af:77:8e:9d:af:de:e7:47:3b:a6:72:
                    fb:ef:0b:19:cd:b2:24:c0:90:aa:e7:79:69:37:1a:
                    d8:05:24:ce:91:22:11:3b:92:39:8d:6a:c2:27:49:
                    52:c8:27:2f:c4:81:55:94:ee:a0:66:08:6b:d4:db:
                    39:7d:50:70:97:ec:26:7c:80:9c:91:a0:8a:16:6c:
                    61:1f:a9:73:cf:01:88:d6:5c:2e:e6:fd:16:3e:97:
                    9b:be:f3:8f:d1:79:9a:f7:2e:ee:84:3f:bf:96:1f:
                    dc:06:4c:bc:22:a4:4c:1c:93:e5:0a:21:3b:ce:3f:
                    ce:27:1b:56:93:b6:fc:74:58:0e:26:7c:3f:b0:18:
                    0b:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:D4:C2:E1:16:B0:12:CF:B9:7C:56:54:6B:84:7F:1C:84:71:3B:65
            X509v3 Authority Key Identifier:
                keyid:F4:EF:5D:BA:10:0A:92:B2:44:4F:3E:51:2D:01:A5:92:C0:19:51:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9O9duhAKkrJETz5RLQGlksAZUcI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/b35be1-6673-4811-a707-ad027e95c5c7/1/wdTC4RawEs-5fFZUa4R_HIRxO2U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/b35be1-6673-4811-a707-ad027e95c5c7/1/9O9duhAKkrJETz5RLQGlksAZUcI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.212.0/23

    Signature Algorithm: sha256WithRSAEncryption
         13:02:b2:60:41:d4:ae:16:0f:85:ea:03:aa:1d:d6:83:d2:96:
         4a:fc:8a:fe:0f:d9:53:e3:42:a2:01:5e:a5:de:ae:ba:77:24:
         f5:6b:52:94:5c:02:99:7e:3c:1f:a9:44:2b:26:ee:87:67:f9:
         4c:92:51:2c:17:14:7d:e9:cf:9a:58:cd:6c:47:a1:b1:40:a9:
         80:59:18:8f:b1:9a:58:f5:82:55:3f:30:5d:a6:3a:02:4e:ec:
         81:96:d4:d2:69:35:6c:f6:07:31:ca:64:37:41:86:ac:3d:ff:
         47:3d:dd:e8:dd:a4:c7:8c:f9:64:58:a8:41:74:08:21:c5:c0:
         e3:e9:7a:26:72:29:be:13:d9:a0:d7:1c:65:89:99:f5:e4:17:
         6c:9c:a9:dc:c2:25:b2:24:5f:cd:e6:f1:dd:38:1b:79:a9:88:
         f9:6b:4c:7e:16:e9:70:4f:e3:82:ff:64:d3:b9:85:9d:e2:0d:
         6b:99:49:c1:c2:9d:89:e4:e2:98:44:a2:ac:e6:0b:cc:fc:06:
         bd:50:c8:8f:2c:26:6c:b8:8f:17:e5:0e:0d:fc:26:02:f4:0a:
         6e:ee:8f:1d:d8:6a:a6:2a:3d:e0:2a:ff:cc:cb:2c:a6:a4:3c:
         7d:34:2a:c5:73:ea:64:70:df:7f:32:52:01:e4:35:8b:42:31:
         90:5e:d8:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjakLAppkE/M27lcZ/kgnoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZWY1ZGJhMTAwYTkyYjI0NDRmM2U1MTJkMDFhNTkyYzAx
OTUxYzIwHhcNMjUwMTAxMTk0OTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWQ0YzJlMTE2YjAxMmNmYjk3YzU2NTQ2Yjg0N2YxYzg0NzEzYjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw49vPtXuRzaD+5OcWnsQoo+aIP3a
Ld1a0qX6N7oefBBnz9HGDy1A/8/VsjQEKWLM93Utx5hLY6wWGlfL1LwjBhdfF3yi
GZZPsuYJH1oICP6FLxbVeShjWpp7zacvBL01u/YtpNWOGwhkUAuq4D+c2mnei0GO
884qQ1nUr3eOna/e50c7pnL77wsZzbIkwJCq53lpNxrYBSTOkSIRO5I5jWrCJ0lS
yCcvxIFVlO6gZghr1Ns5fVBwl+wmfICckaCKFmxhH6lzzwGI1lwu5v0WPpebvvOP
0Xma9y7uhD+/lh/cBky8IqRMHJPlCiE7zj/OJxtWk7b8dFgOJnw/sBgLoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMHUwuEWsBLPuXxWVGuEfxyEcTtlMB8GA1UdIwQY
MBaAFPTvXboQCpKyRE8+US0BpZLAGVHCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU85ZHVoQUtrckpFVHo1UkxRR2xrc0FaVWNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9iMzViZTEtNjY3My00ODExLWE3MDct
YWQwMjdlOTVjNWM3LzEvd2RUQzRSYXdFcy01ZkZaVWE0Ul9ISVJ4TzJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9iMzViZTEtNjY3My00ODExLWE3MDctYWQwMjdlOTVjNWM3
LzEvOU85ZHVoQUtrckpFVHo1UkxRR2xrc0FaVWNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZTUMA0G
CSqGSIb3DQEBCwUAA4IBAQATArJgQdSuFg+F6gOqHdaD0pZK/Ir+D9lT40KiAV6l
3q66dyT1a1KUXAKZfjwfqUQrJu6HZ/lMklEsFxR96c+aWM1sR6GxQKmAWRiPsZpY
9YJVPzBdpjoCTuyBltTSaTVs9gcxymQ3QYasPf9HPd3o3aTHjPlkWKhBdAghxcDj
6Xomcim+E9mg1xxliZn15BdsnKncwiWyJF/N5vHdOBt5qYj5a0x+FulwT+OC/2TT
uYWd4g1rmUnBwp2J5OKYRKKs5gvM/Aa9UMiPLCZsuI8X5Q4N/CYC9Apu7o8d2Gqm
Kj3gKv/MyyympDx9NCrFc+pkcN9/MlIB5DWLQjGQXthn
-----END CERTIFICATE-----