Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/WDj-WX2TFdm1vGzea5zwWAKnmXg.roa
File:                     WDj-WX2TFdm1vGzea5zwWAKnmXg.roa (raw, json)
Hash identifier:          +iMwOn3eQVj68GFHeC3/38BqQPjbYorhASbLudYfkZc=
Subject key identifier:   58:38:FE:59:7D:93:15:D9:B5:BC:6C:DE:6B:9C:F0:58:02:A7:99:78
Certificate issuer:       /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial:       019505069EC9395E2ED972FCBA1376BE8F6E
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/WDj-WX2TFdm1vGzea5zwWAKnmXg.roa
Signing time:             Fri 14 Feb 2025 15:14:34 +0000
ROA not before:           Fri 14 Feb 2025 15:14:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12722
IP address blocks:        46.150.248.0/24 maxlen: 24
                          46.150.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 18:08:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:05:06:9e:c9:39:5e:2e:d9:72:fc:ba:13:76:be:8f:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
        Validity
            Not Before: Feb 14 15:14:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5838fe597d9315d9b5bc6cde6b9cf05802a79978
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:ed:0f:5f:9f:e9:6b:96:07:56:74:7f:e9:11:
                    52:03:29:d6:c2:bc:c9:39:7c:a7:72:32:15:66:d4:
                    85:37:87:90:37:f9:76:fa:31:c1:0a:9e:5f:63:81:
                    6d:d5:0d:39:9c:4d:38:26:ce:e2:32:18:ad:a4:b0:
                    2e:f0:c2:92:e5:92:29:35:48:bb:09:1b:93:3b:65:
                    18:dc:34:40:56:14:68:0e:1a:98:2c:31:51:f9:92:
                    1b:f7:52:33:ce:54:59:8f:f9:f2:3c:8a:ad:f6:50:
                    9a:ba:7d:e8:a9:d1:cc:98:26:15:c7:0e:5d:af:a4:
                    16:28:f3:04:86:6e:cf:db:6d:7b:18:5a:90:7f:f4:
                    01:a4:4b:d4:58:e0:0a:1b:71:bb:f0:ac:8f:bb:6f:
                    42:27:c7:f3:99:02:29:88:32:91:e6:f0:72:f0:6d:
                    cf:ed:e2:17:04:fe:56:24:a2:54:29:e7:a2:9e:ae:
                    80:53:70:f8:12:40:8d:1d:0c:c4:14:a1:67:3d:00:
                    43:39:d2:42:7e:e8:85:78:04:d7:37:ee:8e:eb:e6:
                    5a:3e:34:55:e2:28:43:d0:93:b4:6c:d5:d0:8b:c4:
                    a3:f3:5e:2e:fd:68:a5:fc:09:11:4a:1b:a6:37:94:
                    8f:cd:7c:1b:9e:5a:93:05:44:b9:b6:29:e5:fa:7d:
                    0d:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:38:FE:59:7D:93:15:D9:B5:BC:6C:DE:6B:9C:F0:58:02:A7:99:78
            X509v3 Authority Key Identifier:
                keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/WDj-WX2TFdm1vGzea5zwWAKnmXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.150.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6d:87:17:e4:eb:25:89:e8:10:5e:76:d7:74:73:31:27:94:a4:
         de:a2:e2:49:db:22:c4:8c:1b:21:16:de:23:3b:7a:87:2a:5d:
         f0:d0:d6:35:08:dc:b4:36:2c:28:1c:b9:50:64:70:a8:b3:20:
         37:a0:29:d6:91:84:c6:10:4b:9b:6c:67:e5:74:87:fc:72:f1:
         e6:1b:bc:41:1a:aa:1d:c3:e5:8a:b1:31:71:bb:e2:59:00:e6:
         ad:40:07:e1:fa:61:6c:6c:a5:74:ca:ae:91:79:ca:23:10:1d:
         22:54:82:7a:4d:ed:44:c5:2e:d8:22:28:c6:c9:6a:35:96:f0:
         b1:df:45:43:fa:ff:b2:8e:9b:3d:9f:1d:eb:98:b4:eb:fe:24:
         a9:16:f4:5c:0f:cb:d1:54:3a:7b:ac:04:07:2f:15:38:4b:fb:
         fd:15:12:55:4a:30:b7:68:08:60:4e:03:56:26:df:3d:1d:3d:
         72:1e:ff:47:07:7c:4a:72:13:93:81:65:6a:98:da:0f:e1:fd:
         fc:73:dd:cd:00:40:de:69:e3:54:4d:f1:66:cf:fe:ed:f9:5b:
         ac:06:7a:73:bb:31:a5:5b:ba:fd:ea:ef:89:d0:d6:16:e7:3b:
         82:a0:41:65:98:32:17:c4:18:bf:33:78:ca:d1:e8:1b:4c:6c:
         ff:59:af:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUFBp7JOV4u2XL8uhN2vo9uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjUwMjE0MTUxNDM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODM4ZmU1OTdkOTMxNWQ5YjViYzZjZGU2YjljZjA1ODAyYTc5OTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2e0PX5/pa5YHVnR/6RFSAynWwrzJ
OXyncjIVZtSFN4eQN/l2+jHBCp5fY4Ft1Q05nE04Js7iMhitpLAu8MKS5ZIpNUi7
CRuTO2UY3DRAVhRoDhqYLDFR+ZIb91IzzlRZj/nyPIqt9lCaun3oqdHMmCYVxw5d
r6QWKPMEhm7P2217GFqQf/QBpEvUWOAKG3G78KyPu29CJ8fzmQIpiDKR5vBy8G3P
7eIXBP5WJKJUKeeinq6AU3D4EkCNHQzEFKFnPQBDOdJCfuiFeATXN+6O6+ZaPjRV
4ihD0JO0bNXQi8Sj814u/Wil/AkRShumN5SPzXwbnlqTBUS5tinl+n0N8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFg4/ll9kxXZtbxs3muc8FgCp5l4MB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvV0RqLVdYMlRGZG0xdkd6ZWE1endXQUtubVhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLpb4MA0G
CSqGSIb3DQEBCwUAA4IBAQBthxfk6yWJ6BBedtd0czEnlKTeouJJ2yLEjBshFt4j
O3qHKl3w0NY1CNy0NiwoHLlQZHCosyA3oCnWkYTGEEubbGfldIf8cvHmG7xBGqod
w+WKsTFxu+JZAOatQAfh+mFsbKV0yq6RecojEB0iVIJ6Te1ExS7YIijGyWo1lvCx
30VD+v+yjps9nx3rmLTr/iSpFvRcD8vRVDp7rAQHLxU4S/v9FRJVSjC3aAhgTgNW
Jt89HT1yHv9HB3xKchOTgWVqmNoP4f38c93NAEDeaeNUTfFmz/7t+VusBnpzuzGl
W7r96u+J0NYW5zuCoEFlmDIXxBi/M3jK0egbTGz/Wa+y
-----END CERTIFICATE-----