Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/c766fa-515e-4bb7-a6a5-e1ef14274630/1/WEeODF8AeAMrqQn5JDaTnapaiqE.roa
File:                     WEeODF8AeAMrqQn5JDaTnapaiqE.roa (raw, json)
Hash identifier:          0JaW88/5jjO1ic3oyD2oJbM3cvaS1uYv5p0lLZ/M7WQ=
Subject key identifier:   58:47:8E:0C:5F:00:78:03:2B:A9:09:F9:24:36:93:9D:AA:5A:8A:A1
Certificate issuer:       /CN=1a59e9a3fc3fb5b0d582056a3b24553c56bd27f0
Certificate serial:       019425FC127DFB055A5D5AA1EC134499507A
Authority key identifier: 1A:59:E9:A3:FC:3F:B5:B0:D5:82:05:6A:3B:24:55:3C:56:BD:27:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Glnpo_w_tbDVggVqOyRVPFa9J_A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/c766fa-515e-4bb7-a6a5-e1ef14274630/1/WEeODF8AeAMrqQn5JDaTnapaiqE.roa
Signing time:             Thu 02 Jan 2025 07:47:44 +0000
ROA not before:           Thu 02 Jan 2025 07:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199631
IP address blocks:        94.46.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/c766fa-515e-4bb7-a6a5-e1ef14274630/1/Glnpo_w_tbDVggVqOyRVPFa9J_A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/c766fa-515e-4bb7-a6a5-e1ef14274630/1/Glnpo_w_tbDVggVqOyRVPFa9J_A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Glnpo_w_tbDVggVqOyRVPFa9J_A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:12:7d:fb:05:5a:5d:5a:a1:ec:13:44:99:50:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a59e9a3fc3fb5b0d582056a3b24553c56bd27f0
        Validity
            Not Before: Jan  2 07:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=58478e0c5f0078032ba909f92436939daa5a8aa1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:29:52:f8:9c:a8:ca:da:4d:1e:9c:d4:d3:dc:
                    25:dd:89:80:41:07:f4:53:aa:2e:10:63:91:2e:d4:
                    ab:b5:2c:7c:c9:bd:ac:07:c0:56:6c:f0:7a:8d:4c:
                    f8:8a:6a:3d:55:31:2a:2a:05:60:e5:1f:30:19:37:
                    a8:af:23:0c:b8:89:a0:4f:b9:b0:25:05:0f:81:fe:
                    fa:a1:1c:2f:ba:74:84:dc:3a:e5:a5:be:52:47:90:
                    24:6b:ec:90:fd:e2:9a:93:fb:fd:01:fe:ef:50:f2:
                    2b:f7:97:7d:57:69:81:41:64:88:28:13:de:d5:11:
                    39:10:01:5b:7c:e6:75:d5:0f:a3:ac:74:76:89:e5:
                    e6:63:14:6c:34:8b:a2:7b:21:5c:a8:60:07:cc:94:
                    01:92:2d:35:7e:28:04:a4:87:04:1b:9e:c3:e4:db:
                    91:30:97:ec:45:15:6a:df:fa:49:de:d8:89:d0:7f:
                    30:28:c0:e0:0a:eb:ff:69:2b:f9:5e:fe:9f:dd:4d:
                    da:10:e1:fc:57:f8:69:a9:11:7c:87:3e:77:8a:99:
                    5c:bd:8a:2f:dd:58:03:ad:6d:9f:2f:58:9d:be:09:
                    a8:98:db:5a:0f:47:18:4f:c7:d1:14:0d:55:6b:75:
                    eb:50:fb:17:5a:d4:b9:0d:0b:37:36:82:41:b6:44:
                    81:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:47:8E:0C:5F:00:78:03:2B:A9:09:F9:24:36:93:9D:AA:5A:8A:A1
            X509v3 Authority Key Identifier:
                keyid:1A:59:E9:A3:FC:3F:B5:B0:D5:82:05:6A:3B:24:55:3C:56:BD:27:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Glnpo_w_tbDVggVqOyRVPFa9J_A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c766fa-515e-4bb7-a6a5-e1ef14274630/1/WEeODF8AeAMrqQn5JDaTnapaiqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c766fa-515e-4bb7-a6a5-e1ef14274630/1/Glnpo_w_tbDVggVqOyRVPFa9J_A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.46.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:a9:a2:ae:54:f2:f7:17:6c:7f:00:2d:96:bb:d4:9f:67:de:
         2a:50:2a:79:34:4b:dc:bf:cd:04:3e:dc:c0:d2:eb:17:4a:cc:
         1e:21:2b:8b:4d:e8:e1:a9:bb:b5:39:76:f2:e7:94:7e:81:e1:
         47:19:7e:4d:3f:6d:f5:21:53:36:d7:dc:04:0e:77:c6:9f:cf:
         67:5f:83:8e:16:3c:10:fa:ca:67:b9:e6:f5:dd:bf:46:4f:6c:
         5e:39:f9:4f:79:b0:43:3d:08:55:5a:44:af:1f:69:e6:00:b9:
         31:91:1f:dc:fc:4c:45:5c:fd:dc:72:45:1a:a5:f1:13:bb:62:
         c2:aa:bc:26:37:9e:49:17:b5:58:c6:87:51:a0:41:b4:aa:67:
         2d:0c:40:88:21:f5:b3:dc:32:db:0f:71:39:eb:d2:11:f6:cd:
         5a:82:e1:43:ec:67:70:c6:50:6d:2a:1c:61:5d:1f:49:e6:72:
         9d:bb:87:69:d2:ab:62:8d:28:06:87:10:27:85:8a:fe:fb:d9:
         7d:0c:94:4a:57:1b:28:7b:be:92:f3:da:f8:ca:3f:ad:46:36:
         2b:c8:eb:0a:7b:ec:e0:a9:45:e3:43:b8:56:a8:d1:d3:26:26:
         1f:41:52:8d:60:65:b5:dc:cf:96:7b:59:5a:69:a4:be:6a:55:
         9c:10:69:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/BJ9+wVaXVqh7BNEmVB6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNTllOWEzZmMzZmI1YjBkNTgyMDU2YTNiMjQ1NTNjNTZi
ZDI3ZjAwHhcNMjUwMTAyMDc0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODQ3OGUwYzVmMDA3ODAzMmJhOTA5ZjkyNDM2OTM5ZGFhNWE4YWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ClS+JyoytpNHpzU09wl3YmAQQf0
U6ouEGORLtSrtSx8yb2sB8BWbPB6jUz4imo9VTEqKgVg5R8wGTeoryMMuImgT7mw
JQUPgf76oRwvunSE3Drlpb5SR5Aka+yQ/eKak/v9Af7vUPIr95d9V2mBQWSIKBPe
1RE5EAFbfOZ11Q+jrHR2ieXmYxRsNIuieyFcqGAHzJQBki01figEpIcEG57D5NuR
MJfsRRVq3/pJ3tiJ0H8wKMDgCuv/aSv5Xv6f3U3aEOH8V/hpqRF8hz53iplcvYov
3VgDrW2fL1idvgmomNtaD0cYT8fRFA1Va3XrUPsXWtS5DQs3NoJBtkSBvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFhHjgxfAHgDK6kJ+SQ2k52qWoqhMB8GA1UdIwQY
MBaAFBpZ6aP8P7Ww1YIFajskVTxWvSfwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2xucG9fd190YkRWZ2dWcU95UlZQRmE5Sl9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9jNzY2ZmEtNTE1ZS00YmI3LWE2YTUt
ZTFlZjE0Mjc0NjMwLzEvV0VlT0RGOEFlQU1ycVFuNUpEYVRuYXBhaXFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9jNzY2ZmEtNTE1ZS00YmI3LWE2YTUtZTFlZjE0Mjc0NjMw
LzEvR2xucG9fd190YkRWZ2dWcU95UlZQRmE5Sl9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXi7uMA0G
CSqGSIb3DQEBCwUAA4IBAQAoqaKuVPL3F2x/AC2Wu9SfZ94qUCp5NEvcv80EPtzA
0usXSsweISuLTejhqbu1OXby55R+geFHGX5NP231IVM219wEDnfGn89nX4OOFjwQ
+spnueb13b9GT2xeOflPebBDPQhVWkSvH2nmALkxkR/c/ExFXP3cckUapfETu2LC
qrwmN55JF7VYxodRoEG0qmctDECIIfWz3DLbD3E569IR9s1aguFD7GdwxlBtKhxh
XR9J5nKdu4dp0qtijSgGhxAnhYr++9l9DJRKVxsoe76S89r4yj+tRjYryOsKe+zg
qUXjQ7hWqNHTJiYfQVKNYGW13M+We1laaaS+alWcEGmn
-----END CERTIFICATE-----