Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/WRheQN0amA9-_VCQME57u4bK-ks.roa
File:                     WRheQN0amA9-_VCQME57u4bK-ks.roa (raw, json)
Hash identifier:          blzydWxPl2ahI62ziLjMaHt088mTMKIJq9ZUkNAzqD0=
Subject key identifier:   59:18:5E:40:DD:1A:98:0F:7E:FD:50:90:30:4E:7B:BB:86:CA:FA:4B
Certificate issuer:       /CN=27a39e4794c34612e7f22569b1a6a81710260ae5
Certificate serial:       019427479A1444CE172074577C6CD03619ED
Authority key identifier: 27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/WRheQN0amA9-_VCQME57u4bK-ks.roa
Signing time:             Thu 02 Jan 2025 13:49:51 +0000
ROA not before:           Thu 02 Jan 2025 13:49:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43415
IP address blocks:        217.218.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:9a:14:44:ce:17:20:74:57:7c:6c:d0:36:19:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27a39e4794c34612e7f22569b1a6a81710260ae5
        Validity
            Not Before: Jan  2 13:49:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=59185e40dd1a980f7efd5090304e7bbb86cafa4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:7a:36:cd:bc:c2:30:85:68:34:34:67:14:c3:
                    81:32:c3:3e:4b:16:70:99:c2:6e:25:75:47:a9:b8:
                    3b:5e:b9:a8:29:76:76:bf:9a:b1:c3:d9:d1:79:8e:
                    5a:c5:06:b6:e6:fe:f0:75:ce:05:59:a6:9d:d3:db:
                    13:f4:57:9c:4e:8e:d7:63:23:67:ef:52:3a:7c:d2:
                    2e:df:18:a9:47:9e:8d:69:5a:a5:0d:98:3e:9d:d9:
                    86:0f:b1:ce:b7:25:90:5e:a7:12:79:0f:ca:61:a7:
                    7a:be:0f:c5:3d:bd:2b:13:89:03:fe:27:11:b4:38:
                    d9:1b:6b:2a:7b:db:07:b6:56:a9:86:4e:62:d2:7a:
                    6e:e3:11:8c:ea:b7:ab:54:46:b0:22:27:eb:71:c8:
                    df:e2:82:73:eb:88:51:3c:1e:dd:48:43:6f:85:04:
                    a5:38:74:b0:e8:0b:85:14:50:87:12:99:9f:27:e1:
                    30:49:6b:2b:de:2d:39:55:a7:e7:56:35:d7:d7:e1:
                    8b:c4:52:8b:c3:a9:b3:dc:04:f4:52:d6:05:fb:ef:
                    a0:df:47:79:ab:25:81:a9:7c:50:a4:25:69:29:ff:
                    2a:dc:12:3c:2f:13:2b:b4:5f:84:e4:eb:d0:03:d3:
                    b1:30:1c:bb:ae:c6:fd:65:6d:dd:e7:f9:e5:c1:d1:
                    70:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:18:5E:40:DD:1A:98:0F:7E:FD:50:90:30:4E:7B:BB:86:CA:FA:4B
            X509v3 Authority Key Identifier:
                keyid:27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/WRheQN0amA9-_VCQME57u4bK-ks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.218.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:37:dc:d8:1c:d9:e5:c3:a7:97:90:d9:d7:fc:14:21:cb:8e:
         61:b8:f5:48:bf:0a:83:f8:f7:6e:50:43:87:dd:74:a2:d0:91:
         d4:f4:50:06:be:4d:98:14:f4:89:27:1d:8a:de:e6:16:9e:29:
         91:66:6e:54:ba:b0:71:1a:bb:38:6b:44:00:52:34:6a:73:aa:
         07:4c:74:a5:77:53:5e:f2:47:d4:6e:c7:d6:42:ea:a2:44:49:
         50:05:47:1f:ad:95:eb:6e:06:ff:1a:fb:46:81:20:fc:c9:3f:
         a5:2a:84:6c:61:d5:40:22:26:94:6d:2c:ec:74:e9:00:e8:24:
         29:55:21:1c:39:7c:83:ad:61:4f:69:9b:57:b4:c6:73:0d:78:
         38:6d:ed:51:4a:3e:c6:78:09:d8:f0:dd:e3:b8:b7:6d:aa:04:
         72:b0:8f:c5:82:b9:7b:7c:4c:df:73:2e:ae:21:08:e3:1e:aa:
         ff:df:a6:ec:8e:bc:ff:5b:5f:ef:c4:29:f5:d3:d7:03:bb:0a:
         77:bf:3c:cc:09:94:98:c1:3e:92:2b:2e:e4:0a:b4:79:96:95:
         b2:17:ff:6b:4b:a3:4f:7e:48:e3:96:e7:08:17:56:77:9a:2d:
         8a:5e:82:1d:b5:8d:d9:cb:65:85:05:c5:7e:f1:80:75:a3:8d:
         54:c4:b6:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR5oURM4XIHRXfGzQNhntMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YTM5ZTQ3OTRjMzQ2MTJlN2YyMjU2OWIxYTZhODE3MTAy
NjBhZTUwHhcNMjUwMTAyMTM0OTUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTE4NWU0MGRkMWE5ODBmN2VmZDUwOTAzMDRlN2JiYjg2Y2FmYTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxXo2zbzCMIVoNDRnFMOBMsM+SxZw
mcJuJXVHqbg7XrmoKXZ2v5qxw9nReY5axQa25v7wdc4FWaad09sT9FecTo7XYyNn
71I6fNIu3xipR56NaVqlDZg+ndmGD7HOtyWQXqcSeQ/KYad6vg/FPb0rE4kD/icR
tDjZG2sqe9sHtlaphk5i0npu4xGM6rerVEawIifrccjf4oJz64hRPB7dSENvhQSl
OHSw6AuFFFCHEpmfJ+EwSWsr3i05VafnVjXX1+GLxFKLw6mz3AT0UtYF+++g30d5
qyWBqXxQpCVpKf8q3BI8LxMrtF+E5OvQA9OxMBy7rsb9ZW3d5/nlwdFwewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFkYXkDdGpgPfv1QkDBOe7uGyvpLMB8GA1UdIwQY
MBaAFCejnkeUw0YS5/IlabGmqBcQJgrlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMt
Zjc0ZDk1MTg1NzZjLzEvV1JoZVFOMGFtQTktX1ZDUU1FNTd1NGJLLWtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMtZjc0ZDk1MTg1NzZj
LzEvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2dotMA0G
CSqGSIb3DQEBCwUAA4IBAQAYN9zYHNnlw6eXkNnX/BQhy45huPVIvwqD+PduUEOH
3XSi0JHU9FAGvk2YFPSJJx2K3uYWnimRZm5UurBxGrs4a0QAUjRqc6oHTHSld1Ne
8kfUbsfWQuqiRElQBUcfrZXrbgb/GvtGgSD8yT+lKoRsYdVAIiaUbSzsdOkA6CQp
VSEcOXyDrWFPaZtXtMZzDXg4be1RSj7GeAnY8N3juLdtqgRysI/Fgrl7fEzfcy6u
IQjjHqr/36bsjrz/W1/vxCn109cDuwp3vzzMCZSYwT6SKy7kCrR5lpWyF/9rS6NP
fkjjlucIF1Z3mi2KXoIdtY3Zy2WFBcV+8YB1o41UxLbL
-----END CERTIFICATE-----