Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/wboa4GFuKPAHSjlL19CraoPZtI0.roa
File:                     wboa4GFuKPAHSjlL19CraoPZtI0.roa (raw, json)
Hash identifier:          q0p0Ewl3YQdtiZtG8VyV1iiK+dSNeMPQkM8753mzfJ4=
Subject key identifier:   C1:BA:1A:E0:61:6E:28:F0:07:4A:39:4B:D7:D0:AB:6A:83:D9:B4:8D
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       01973B4E9FB9582216C7267BA01E353AFF05
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/wboa4GFuKPAHSjlL19CraoPZtI0.roa
Signing time:             Wed 04 Jun 2025 14:18:17 +0000
ROA not before:           Wed 04 Jun 2025 14:18:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        109.121.43.0/24 maxlen: 24
                          185.47.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3b:4e:9f:b9:58:22:16:c7:26:7b:a0:1e:35:3a:ff:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Jun  4 14:18:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c1ba1ae0616e28f0074a394bd7d0ab6a83d9b48d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:8f:fd:0e:ff:34:60:9c:63:65:d9:2c:56:46:
                    9c:5e:6b:b0:09:ab:9d:63:80:51:c9:e5:6c:e0:e5:
                    9e:4e:a2:e6:b4:24:04:23:c1:25:b8:f1:30:6b:be:
                    66:45:e8:7a:ba:dc:70:4e:d4:69:fe:0f:6e:3f:66:
                    73:d8:8e:77:bd:f7:12:75:5d:21:6a:23:bc:b7:be:
                    6a:0b:35:f0:56:23:cc:46:b1:85:fe:47:e1:31:01:
                    6c:e7:8b:f1:2c:ec:f9:61:96:24:3a:bc:03:93:7c:
                    11:eb:f1:77:58:d4:47:95:16:ae:56:b1:aa:4f:b0:
                    1c:36:39:75:82:01:f6:85:30:93:b5:01:61:26:fb:
                    66:80:74:e7:af:49:0c:0d:a6:9a:db:38:d3:7d:29:
                    d6:ba:c4:53:0d:6b:35:30:37:c5:b1:d8:c0:56:b8:
                    df:b6:8b:4a:4e:32:d9:e2:de:7a:87:94:fc:ca:0e:
                    b7:19:2d:c8:3d:fb:77:51:a6:62:54:a2:db:ba:74:
                    06:ad:e6:c7:64:78:b8:e2:cf:0a:8a:39:76:9c:71:
                    35:86:d6:b1:99:81:e4:6c:19:3e:10:0a:9f:4f:5c:
                    6b:0d:c4:71:f3:9b:23:8b:51:3b:a1:21:f9:05:35:
                    56:43:b4:3e:28:b2:0e:3e:d5:c6:ee:da:e9:f5:9d:
                    79:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:BA:1A:E0:61:6E:28:F0:07:4A:39:4B:D7:D0:AB:6A:83:D9:B4:8D
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/wboa4GFuKPAHSjlL19CraoPZtI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.121.43.0/24
                  185.47.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:a3:8e:ee:75:df:de:69:a5:59:7a:f8:34:75:68:21:a2:6e:
         9b:55:0c:ff:2b:b5:e7:df:98:a3:d5:aa:fc:7b:df:38:e9:d0:
         a7:1b:77:b2:1a:4e:c9:ef:86:b0:b4:58:44:ad:15:e6:a6:b8:
         c2:21:17:28:9d:54:95:7e:9d:38:55:30:0e:b8:ba:44:6e:e5:
         46:f9:a0:c3:35:e8:bd:96:e8:13:a6:77:76:24:da:08:67:15:
         cc:23:c6:b8:d9:8a:a1:51:0a:af:ff:66:a8:33:27:ae:cb:f0:
         0a:d9:32:2e:15:32:65:fb:57:73:3c:5f:5c:7d:a3:71:1e:ce:
         f6:4f:59:99:3c:e0:97:6c:47:da:af:22:bd:55:38:5b:56:9f:
         1c:f0:62:d8:be:23:dc:90:c7:57:e4:2e:71:62:33:b0:d6:cb:
         17:8e:b1:f8:9e:ab:28:47:78:71:95:93:23:6d:35:fb:fc:85:
         66:fa:dc:01:92:b5:61:68:d8:9d:b6:d6:f0:11:d7:95:10:af:
         bf:33:d8:6c:62:68:4e:4b:9e:b1:69:99:b4:01:1e:c2:d4:80:
         08:0b:62:19:ff:d7:89:f2:f2:41:c3:87:34:5c:66:99:76:93:
         27:f2:ed:46:a4:bd:e1:be:52:7f:b1:b8:11:07:f0:ed:f6:e7:
         5a:ee:a8:32
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZc7Tp+5WCIWxyZ7oB41Ov8FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjUwNjA0MTQxODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWJhMWFlMDYxNmUyOGYwMDc0YTM5NGJkN2QwYWI2YTgzZDliNDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApo/9Dv80YJxjZdksVkacXmuwCaud
Y4BRyeVs4OWeTqLmtCQEI8EluPEwa75mReh6utxwTtRp/g9uP2Zz2I53vfcSdV0h
aiO8t75qCzXwViPMRrGF/kfhMQFs54vxLOz5YZYkOrwDk3wR6/F3WNRHlRauVrGq
T7AcNjl1ggH2hTCTtQFhJvtmgHTnr0kMDaaa2zjTfSnWusRTDWs1MDfFsdjAVrjf
totKTjLZ4t56h5T8yg63GS3IPft3UaZiVKLbunQGrebHZHi44s8Kijl2nHE1htax
mYHkbBk+EAqfT1xrDcRx85sji1E7oSH5BTVWQ7Q+KLIOPtXG7trp9Z15aQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMG6GuBhbijwB0o5S9fQq2qD2bSNMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvd2JvYTRHRnVLUEFIU2psTDE5Q3Jhb1BadEkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbXkrAwQA
uS9bMA0GCSqGSIb3DQEBCwUAA4IBAQBZo47udd/eaaVZevg0dWghom6bVQz/K7Xn
35ij1ar8e9846dCnG3eyGk7J74awtFhErRXmprjCIRconVSVfp04VTAOuLpEbuVG
+aDDNei9lugTpnd2JNoIZxXMI8a42YqhUQqv/2aoMyeuy/AK2TIuFTJl+1dzPF9c
faNxHs72T1mZPOCXbEfaryK9VThbVp8c8GLYviPckMdX5C5xYjOw1ssXjrH4nqso
R3hxlZMjbTX7/IVm+twBkrVhaNidttbwEdeVEK+/M9hsYmhOS56xaZm0AR7C1IAI
C2IZ/9eJ8vJBw4c0XGaZdpMn8u1GpL3hvlJ/sbgRB/Dt9uda7qgy
-----END CERTIFICATE-----