Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/6f9b09-a59e-4f90-87c7-72448352b807/1/WgQVJKeVLT_kgntaKcqG82tQ5Ac.roa
File:                     WgQVJKeVLT_kgntaKcqG82tQ5Ac.roa (raw, json)
Hash identifier:          51Ibz0/tlPs1DjPAcM3P0vri4IWZhMdelX47aEpOyXk=
Subject key identifier:   5A:04:15:24:A7:95:2D:3F:E4:82:7B:5A:29:CA:86:F3:6B:50:E4:07
Certificate issuer:       /CN=8d64e43c75bdc511d524f0c85d009cba76956144
Certificate serial:       019421446A37699EB921724A822240FF2DD3
Authority key identifier: 8D:64:E4:3C:75:BD:C5:11:D5:24:F0:C8:5D:00:9C:BA:76:95:61:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jWTkPHW9xRHVJPDIXQCcunaVYUQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/6f9b09-a59e-4f90-87c7-72448352b807/1/WgQVJKeVLT_kgntaKcqG82tQ5Ac.roa
Signing time:             Wed 01 Jan 2025 09:48:39 +0000
ROA not before:           Wed 01 Jan 2025 09:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     38965
IP address blocks:        193.178.197.0/24 maxlen: 24
                          2a04:4345:10::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/6f9b09-a59e-4f90-87c7-72448352b807/1/jWTkPHW9xRHVJPDIXQCcunaVYUQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/6f9b09-a59e-4f90-87c7-72448352b807/1/jWTkPHW9xRHVJPDIXQCcunaVYUQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jWTkPHW9xRHVJPDIXQCcunaVYUQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 14:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:6a:37:69:9e:b9:21:72:4a:82:22:40:ff:2d:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d64e43c75bdc511d524f0c85d009cba76956144
        Validity
            Not Before: Jan  1 09:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5a041524a7952d3fe4827b5a29ca86f36b50e407
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:4c:dd:ba:5c:d7:54:e8:86:ab:bc:d0:c0:71:
                    ac:66:f7:c5:58:09:c4:bd:f8:7c:7d:40:f8:6b:8e:
                    08:86:10:b8:2d:b2:7a:cb:dc:d9:d0:97:53:7c:ed:
                    7d:b0:bb:53:da:52:d5:31:b4:b7:e9:04:91:e5:2d:
                    79:4b:b2:84:60:4f:77:9c:8c:e9:c9:2b:1c:b4:56:
                    9f:62:04:d8:db:b3:5c:93:cf:d7:6f:88:b6:74:fb:
                    b1:b8:3e:6b:7b:24:a2:dd:32:02:73:06:af:a5:fe:
                    a7:f3:14:d9:69:9b:a0:ff:9d:86:55:37:d8:8d:e6:
                    b4:77:51:6e:0f:4a:af:c7:f2:08:e8:37:a2:a6:06:
                    fc:38:dc:2e:80:e1:2d:7d:db:3f:d3:dd:64:ca:b8:
                    70:58:99:5b:ea:c1:62:b5:70:6b:c8:a6:44:85:c7:
                    42:c4:00:66:3c:23:b9:66:ca:a4:da:52:cd:2a:77:
                    ac:11:61:54:27:ef:b0:3d:04:50:90:f2:f8:9d:99:
                    1c:1b:be:b1:9f:da:c1:25:b3:cf:6d:69:34:b2:aa:
                    9b:d0:d6:35:86:97:13:78:81:30:bf:23:b9:70:d5:
                    be:0e:59:ef:6f:b2:12:f2:81:fd:59:08:60:d6:46:
                    d7:d3:a6:2c:0c:c7:7f:66:68:6e:02:80:48:80:7b:
                    c9:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:04:15:24:A7:95:2D:3F:E4:82:7B:5A:29:CA:86:F3:6B:50:E4:07
            X509v3 Authority Key Identifier:
                keyid:8D:64:E4:3C:75:BD:C5:11:D5:24:F0:C8:5D:00:9C:BA:76:95:61:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jWTkPHW9xRHVJPDIXQCcunaVYUQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/6f9b09-a59e-4f90-87c7-72448352b807/1/WgQVJKeVLT_kgntaKcqG82tQ5Ac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/6f9b09-a59e-4f90-87c7-72448352b807/1/jWTkPHW9xRHVJPDIXQCcunaVYUQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.178.197.0/24
                IPv6:
                  2a04:4345:10::/44

    Signature Algorithm: sha256WithRSAEncryption
         e4:db:3b:0e:43:c9:e2:7d:4a:12:fa:ae:53:c7:0f:f1:52:a3:
         b3:0e:89:0a:8f:8d:98:76:cd:2e:6c:dd:f5:05:52:99:40:3b:
         18:77:d0:f5:cf:a2:2c:48:75:e3:f9:f2:4d:1b:61:91:2e:8d:
         b2:6d:ca:7c:c9:ff:a2:2e:7b:8a:3c:2f:26:36:53:05:8b:7c:
         a3:d2:a7:7d:15:6a:f1:ba:ab:bb:a8:57:a1:74:17:30:0a:1f:
         25:0c:8f:60:be:2a:76:b2:be:0d:92:b0:d9:e1:66:59:a2:03:
         4c:55:c1:b1:62:28:b6:23:11:f9:54:6f:d3:5d:7d:40:f5:d3:
         be:6e:27:09:6a:b8:de:ca:1a:5c:0a:c9:68:35:cf:c6:08:fc:
         3a:a3:bd:d6:f0:be:94:73:69:81:e5:7d:d1:e1:41:24:68:80:
         99:57:4e:03:0e:c3:7d:b1:10:bb:bc:07:ac:84:97:14:48:59:
         dc:05:e1:6a:fc:17:29:b6:87:d5:fb:6d:6f:28:90:79:41:cd:
         98:e1:1d:3b:b9:2f:f7:fc:0c:91:39:d6:48:98:8e:9b:c8:9c:
         69:f7:47:21:84:ba:44:7f:92:50:25:2e:a7:08:bd:63:8b:80:
         c3:68:17:a4:60:50:2f:1c:7b:76:80:6c:87:75:44:55:ae:31:
         28:1f:94:83
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQhRGo3aZ65IXJKgiJA/y3TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNjRlNDNjNzViZGM1MTFkNTI0ZjBjODVkMDA5Y2JhNzY5
NTYxNDQwHhcNMjUwMTAxMDk0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTA0MTUyNGE3OTUyZDNmZTQ4MjdiNWEyOWNhODZmMzZiNTBlNDA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzkzdulzXVOiGq7zQwHGsZvfFWAnE
vfh8fUD4a44IhhC4LbJ6y9zZ0JdTfO19sLtT2lLVMbS36QSR5S15S7KEYE93nIzp
ySsctFafYgTY27Nck8/Xb4i2dPuxuD5reySi3TICcwavpf6n8xTZaZug/52GVTfY
jea0d1FuD0qvx/II6Deipgb8ONwugOEtfds/091kyrhwWJlb6sFitXBryKZEhcdC
xABmPCO5Zsqk2lLNKnesEWFUJ++wPQRQkPL4nZkcG76xn9rBJbPPbWk0sqqb0NY1
hpcTeIEwvyO5cNW+Dlnvb7IS8oH9WQhg1kbX06YsDMd/ZmhuAoBIgHvJUwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFoEFSSnlS0/5IJ7WinKhvNrUOQHMB8GA1UdIwQY
MBaAFI1k5Dx1vcUR1STwyF0AnLp2lWFEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaldUa1BIVzl4UkhWSlBESVhRQ2N1bmFWWVVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS82ZjliMDktYTU5ZS00ZjkwLTg3Yzct
NzI0NDgzNTJiODA3LzEvV2dRVkpLZVZMVF9rZ250YUtjcUc4MnRRNUFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS82ZjliMDktYTU5ZS00ZjkwLTg3YzctNzI0NDgzNTJiODA3
LzEvaldUa1BIVzl4UkhWSlBESVhRQ2N1bmFWWVVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwbLFMA8E
AgACMAkDBwQqBENFABAwDQYJKoZIhvcNAQELBQADggEBAOTbOw5DyeJ9ShL6rlPH
D/FSo7MOiQqPjZh2zS5s3fUFUplAOxh30PXPoixIdeP58k0bYZEujbJtynzJ/6Iu
e4o8LyY2UwWLfKPSp30VavG6q7uoV6F0FzAKHyUMj2C+Knayvg2SsNnhZlmiA0xV
wbFiKLYjEflUb9NdfUD1075uJwlquN7KGlwKyWg1z8YI/DqjvdbwvpRzaYHlfdHh
QSRogJlXTgMOw32xELu8B6yElxRIWdwF4Wr8Fym2h9X7bW8okHlBzZjhHTu5L/f8
DJE51kiYjpvInGn3RyGEukR/klAlLqcIvWOLgMNoF6RgUC8ce3aAbId1RFWuMSgf
lIM=
-----END CERTIFICATE-----