Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/fefc12-2fc2-430d-9606-f4946f03f542/1/wGV9gdNmWFtWWUn9dwqAU6O3Xlw.roa
File:                     wGV9gdNmWFtWWUn9dwqAU6O3Xlw.roa (raw, json)
Hash identifier:          e5ewBGv57i41ziAigHZZOeL98kqI4hYVQ5SbzM8SjnI=
Subject key identifier:   C0:65:7D:81:D3:66:58:5B:56:59:49:FD:77:0A:80:53:A3:B7:5E:5C
Certificate issuer:       /CN=3400d9490983e7df32c7cf17ca1ead4f05f79646
Certificate serial:       019424B296755251A08F43496777B7AABEE0
Authority key identifier: 34:00:D9:49:09:83:E7:DF:32:C7:CF:17:CA:1E:AD:4F:05:F7:96:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NADZSQmD598yx88Xyh6tTwX3lkY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/fefc12-2fc2-430d-9606-f4946f03f542/1/wGV9gdNmWFtWWUn9dwqAU6O3Xlw.roa
Signing time:             Thu 02 Jan 2025 01:47:51 +0000
ROA not before:           Thu 02 Jan 2025 01:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12843
IP address blocks:        185.30.156.0/22 maxlen: 22
                          2a04:4b00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/fefc12-2fc2-430d-9606-f4946f03f542/1/NADZSQmD598yx88Xyh6tTwX3lkY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/fefc12-2fc2-430d-9606-f4946f03f542/1/NADZSQmD598yx88Xyh6tTwX3lkY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NADZSQmD598yx88Xyh6tTwX3lkY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:96:75:52:51:a0:8f:43:49:67:77:b7:aa:be:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3400d9490983e7df32c7cf17ca1ead4f05f79646
        Validity
            Not Before: Jan  2 01:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c0657d81d366585b565949fd770a8053a3b75e5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:e3:bf:6a:dd:8d:a5:d8:20:06:8a:c0:67:c5:
                    76:f4:52:23:94:37:58:f1:08:a5:59:df:72:89:ab:
                    96:e9:bb:d2:bf:e4:73:e0:05:cf:c6:3c:45:a6:1a:
                    bf:3a:e7:7f:b1:aa:28:f4:de:fd:2e:29:5e:77:8f:
                    55:4c:02:fb:51:c5:4a:3e:29:46:64:03:b1:9d:ef:
                    e6:8d:03:d5:2d:65:ef:48:e3:c6:36:9b:49:b4:5b:
                    53:10:69:44:a4:d6:b2:79:3f:6e:50:68:c8:1a:23:
                    cc:3d:22:b5:ff:fe:24:82:00:bf:30:38:82:80:16:
                    5b:11:6f:88:95:4a:52:b2:06:b5:ea:03:7c:81:20:
                    1b:20:42:eb:1c:43:fd:31:d9:3b:42:1b:b2:31:b1:
                    6c:da:e6:29:d8:cf:77:58:9d:ce:04:7e:86:b3:79:
                    62:dd:b8:33:3b:f9:df:ed:fc:8b:20:8b:e4:b5:ac:
                    68:34:ca:e5:f9:e2:7d:4f:a3:6b:f8:cf:88:66:49:
                    eb:4d:4a:12:cb:79:e5:3a:b5:5a:60:b1:9a:e1:11:
                    73:5e:90:06:f4:c6:69:77:05:28:bc:a4:d9:37:d8:
                    5a:e1:2f:96:dc:5e:31:55:45:88:a9:13:8f:90:b6:
                    b7:48:69:f9:b7:b0:07:06:9d:22:70:a7:af:7d:bf:
                    67:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:65:7D:81:D3:66:58:5B:56:59:49:FD:77:0A:80:53:A3:B7:5E:5C
            X509v3 Authority Key Identifier:
                keyid:34:00:D9:49:09:83:E7:DF:32:C7:CF:17:CA:1E:AD:4F:05:F7:96:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NADZSQmD598yx88Xyh6tTwX3lkY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/fefc12-2fc2-430d-9606-f4946f03f542/1/wGV9gdNmWFtWWUn9dwqAU6O3Xlw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/fefc12-2fc2-430d-9606-f4946f03f542/1/NADZSQmD598yx88Xyh6tTwX3lkY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.30.156.0/22
                IPv6:
                  2a04:4b00::/29

    Signature Algorithm: sha256WithRSAEncryption
         60:92:44:c3:9c:29:c5:b2:b8:46:dc:32:90:2f:9b:92:98:a9:
         a8:f9:37:96:a7:a3:f5:39:be:27:28:62:45:19:9c:0a:f8:97:
         36:90:20:dc:96:83:2a:d2:47:76:72:48:a9:70:f2:2e:18:06:
         9f:8f:95:11:74:f4:ba:24:9c:29:8e:27:91:89:de:da:04:0f:
         61:4b:a6:ea:9a:e9:aa:8f:20:ad:2f:67:2a:5d:c0:f7:b1:b6:
         5c:ee:77:18:23:f5:4b:7f:1b:76:22:af:bb:74:1b:76:a2:24:
         e3:64:d7:37:71:02:6d:d6:dd:d6:96:03:b2:9d:5d:bb:c8:cc:
         72:1e:d4:3c:50:b7:b8:07:39:9a:f2:28:d3:9b:1e:60:06:ee:
         98:a9:6b:83:45:3e:a0:a9:bb:75:b0:11:a6:41:4d:ef:aa:36:
         41:c8:75:2d:e0:38:0d:a2:a0:10:ef:9d:0e:66:bd:98:2a:bd:
         88:14:fc:4c:bb:c3:b3:9f:77:00:eb:72:88:27:c2:eb:c8:c3:
         02:4b:5f:e1:70:14:1d:5c:3d:23:d3:79:7a:43:c6:e8:38:04:
         dd:da:7d:76:61:ee:f1:ea:43:3e:30:9a:62:77:54:d8:28:d4:
         43:1d:02:6d:bc:ec:c7:71:b4:aa:ee:46:a7:53:5e:e6:38:1b:
         9a:5b:dd:cf
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQkspZ1UlGgj0NJZ3e3qr7gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0MDBkOTQ5MDk4M2U3ZGYzMmM3Y2YxN2NhMWVhZDRmMDVm
Nzk2NDYwHhcNMjUwMTAyMDE0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDY1N2Q4MWQzNjY1ODViNTY1OTQ5ZmQ3NzBhODA1M2EzYjc1ZTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4uO/at2NpdggBorAZ8V29FIjlDdY
8QilWd9yiauW6bvSv+Rz4AXPxjxFphq/Oud/saoo9N79Liled49VTAL7UcVKPilG
ZAOxne/mjQPVLWXvSOPGNptJtFtTEGlEpNayeT9uUGjIGiPMPSK1//4kggC/MDiC
gBZbEW+IlUpSsga16gN8gSAbIELrHEP9Mdk7QhuyMbFs2uYp2M93WJ3OBH6Gs3li
3bgzO/nf7fyLIIvktaxoNMrl+eJ9T6Nr+M+IZknrTUoSy3nlOrVaYLGa4RFzXpAG
9MZpdwUovKTZN9ha4S+W3F4xVUWIqROPkLa3SGn5t7AHBp0icKevfb9nWQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMBlfYHTZlhbVllJ/XcKgFOjt15cMB8GA1UdIwQY
MBaAFDQA2UkJg+ffMsfPF8oerU8F95ZGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkFEWlNRbUQ1OTh5eDg4WHloNnRUd1gzbGtZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy9mZWZjMTItMmZjMi00MzBkLTk2MDYt
ZjQ5NDZmMDNmNTQyLzEvd0dWOWdkTm1XRnRXV1VuOWR3cUFVNk8zWGx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy9mZWZjMTItMmZjMi00MzBkLTk2MDYtZjQ5NDZmMDNmNTQy
LzEvTkFEWlNRbUQ1OTh5eDg4WHloNnRUd1gzbGtZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuR6cMA0E
AgACMAcDBQMqBEsAMA0GCSqGSIb3DQEBCwUAA4IBAQBgkkTDnCnFsrhG3DKQL5uS
mKmo+TeWp6P1Ob4nKGJFGZwK+Jc2kCDcloMq0kd2ckipcPIuGAafj5URdPS6JJwp
jieRid7aBA9hS6bqmumqjyCtL2cqXcD3sbZc7ncYI/VLfxt2Iq+7dBt2oiTjZNc3
cQJt1t3WlgOynV27yMxyHtQ8ULe4Bzma8ijTmx5gBu6YqWuDRT6gqbt1sBGmQU3v
qjZByHUt4DgNoqAQ750OZr2YKr2IFPxMu8Ozn3cA63KIJ8LryMMCS1/hcBQdXD0j
03l6Q8boOATd2n12Ye7x6kM+MJpid1TYKNRDHQJtvOzHcbSq7kanU17mOBuaW93P
-----END CERTIFICATE-----