Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/nwUsD1fndRShZT-s5ssppnOFmiI.roa
File:                     nwUsD1fndRShZT-s5ssppnOFmiI.roa (raw, json)
Hash identifier:          5Gw61qVpay4Kz2GbqbYja1rnv6svDc1Ma6KW2KgO/Fk=
Subject key identifier:   9F:05:2C:0F:57:E7:75:14:A1:65:3F:AC:E6:CB:29:A6:73:85:9A:22
Certificate issuer:       /CN=29be02dea0a086e9880f564c86872bbc597cc672
Certificate serial:       0194228E0BB7D7E99A1B2CACDAF73356CD2A
Authority key identifier: 29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/nwUsD1fndRShZT-s5ssppnOFmiI.roa
Signing time:             Wed 01 Jan 2025 15:48:41 +0000
ROA not before:           Wed 01 Jan 2025 15:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25462
IP address blocks:        87.245.216.0/21 maxlen: 21
                          149.255.128.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:0b:b7:d7:e9:9a:1b:2c:ac:da:f7:33:56:cd:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29be02dea0a086e9880f564c86872bbc597cc672
        Validity
            Not Before: Jan  1 15:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9f052c0f57e77514a1653face6cb29a673859a22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:c4:a5:90:a8:a4:7c:99:03:aa:84:be:3b:ed:
                    47:e1:24:84:86:24:b3:6e:91:74:4b:c2:be:d7:f0:
                    8a:a0:48:6f:7e:6f:97:21:9f:b2:ed:42:27:16:c9:
                    ad:90:32:27:3f:4e:6b:45:3a:78:04:2c:6d:0c:f6:
                    a2:fd:2e:39:09:06:cc:e4:90:15:d5:da:54:93:9e:
                    d2:ad:59:fe:1d:3c:c0:97:c5:e4:6d:9a:52:f2:7b:
                    69:ba:b2:39:32:81:8e:88:aa:0d:78:65:a0:59:13:
                    9e:87:51:f4:96:32:bc:83:c4:31:53:66:7e:e1:3f:
                    8b:ce:81:66:2a:8d:86:a8:f8:20:56:ef:fe:bc:16:
                    d3:e8:0d:96:7a:8c:47:9a:28:b4:b5:72:65:13:83:
                    a8:83:4a:a7:26:11:2b:5e:c8:88:ee:a9:af:ec:92:
                    cd:79:b1:d4:2b:01:6e:95:69:0b:64:8f:8c:4b:97:
                    7e:7b:b7:81:d7:52:33:04:21:35:78:20:eb:70:3e:
                    3a:63:ac:4c:fe:96:76:a3:0a:35:77:3b:29:72:f9:
                    b8:7a:16:1e:04:e5:cd:5c:f5:0f:3b:00:07:a2:60:
                    be:2b:91:38:10:d8:79:f5:87:c1:6d:32:66:db:e4:
                    e7:1f:b1:2c:a5:fa:83:f6:ee:c6:d4:18:4f:6f:fe:
                    71:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:05:2C:0F:57:E7:75:14:A1:65:3F:AC:E6:CB:29:A6:73:85:9A:22
            X509v3 Authority Key Identifier:
                keyid:29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/nwUsD1fndRShZT-s5ssppnOFmiI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.245.216.0/21
                  149.255.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         05:b8:83:e3:48:62:03:33:f8:c8:1c:82:9c:57:ea:4d:3a:be:
         73:36:ee:cc:25:d1:76:f1:52:9b:fc:15:06:f2:c3:48:ca:34:
         6b:08:c0:77:1c:46:20:95:1c:39:58:9b:7d:49:1a:f4:3d:53:
         90:fc:6b:8d:54:0a:ea:e1:7c:e3:64:b7:a8:c1:82:a0:24:23:
         a0:e8:89:a3:16:56:60:ef:21:ce:be:c5:2c:17:ac:b0:aa:71:
         c8:23:cd:88:c8:b3:0d:e1:d5:6c:96:30:42:c8:f3:ba:ae:fe:
         d4:5b:17:66:64:08:0f:00:25:b8:ac:51:ed:93:15:27:80:ef:
         da:ba:c2:59:23:43:a7:83:b4:d1:3f:dc:ea:ad:1e:91:6e:c9:
         15:2e:ce:65:f4:dc:23:68:96:1c:a9:43:0d:fb:7e:b9:d8:da:
         45:26:7d:f1:e1:dc:d1:45:b7:8b:12:aa:8b:40:3c:4d:62:65:
         5e:cc:d7:56:ce:c9:86:f5:aa:e7:73:ad:6a:97:f0:b4:7e:a4:
         5c:09:b0:10:e3:e5:a7:7a:97:96:ff:31:ef:65:5e:17:53:12:
         86:19:90:b5:23:1f:e0:20:f8:80:cd:45:5d:2a:24:14:9d:a8:
         58:db:8c:46:c6:9b:c1:76:42:99:68:29:a5:d6:00:16:cd:16:
         ed:47:18:de
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQijgu31+maGyys2vczVs0qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YmUwMmRlYTBhMDg2ZTk4ODBmNTY0Yzg2ODcyYmJjNTk3
Y2M2NzIwHhcNMjUwMTAxMTU0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjA1MmMwZjU3ZTc3NTE0YTE2NTNmYWNlNmNiMjlhNjczODU5YTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMSlkKikfJkDqoS+O+1H4SSEhiSz
bpF0S8K+1/CKoEhvfm+XIZ+y7UInFsmtkDInP05rRTp4BCxtDPai/S45CQbM5JAV
1dpUk57SrVn+HTzAl8XkbZpS8ntpurI5MoGOiKoNeGWgWROeh1H0ljK8g8QxU2Z+
4T+LzoFmKo2GqPggVu/+vBbT6A2WeoxHmii0tXJlE4Oog0qnJhErXsiI7qmv7JLN
ebHUKwFulWkLZI+MS5d+e7eB11IzBCE1eCDrcD46Y6xM/pZ2owo1dzspcvm4ehYe
BOXNXPUPOwAHomC+K5E4ENh59YfBbTJm2+TnH7EspfqD9u7G1BhPb/5xVwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ8FLA9X53UUoWU/rObLKaZzhZoiMB8GA1UdIwQY
MBaAFCm+At6goIbpiA9WTIaHK7xZfMZyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMt
MDAzYTE1NjhiZjNmLzEvbndVc0QxZm5kUlNoWlQtczVzc3Bwbk9GbWlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMtMDAzYTE1NjhiZjNm
LzEvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDV/XYAwQC
lf+AMA0GCSqGSIb3DQEBCwUAA4IBAQAFuIPjSGIDM/jIHIKcV+pNOr5zNu7MJdF2
8VKb/BUG8sNIyjRrCMB3HEYglRw5WJt9SRr0PVOQ/GuNVArq4XzjZLeowYKgJCOg
6ImjFlZg7yHOvsUsF6ywqnHII82IyLMN4dVsljBCyPO6rv7UWxdmZAgPACW4rFHt
kxUngO/ausJZI0Ong7TRP9zqrR6RbskVLs5l9NwjaJYcqUMN+3652NpFJn3x4dzR
RbeLEqqLQDxNYmVezNdWzsmG9arnc61ql/C0fqRcCbAQ4+WnepeW/zHvZV4XUxKG
GZC1Ix/gIPiAzUVdKiQUnahY24xGxpvBdkKZaCml1gAWzRbtRxje
-----END CERTIFICATE-----