Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/WGGEycOX3zgRzUE5YHVYaj7iPzM.roa
File:                     WGGEycOX3zgRzUE5YHVYaj7iPzM.roa (raw, json)
Hash identifier:          gBrCBKJP8Om0ceVo/bYBRnmXP9Fb4oBSgH7gu3Dni1Y=
Subject key identifier:   58:61:84:C9:C3:97:DF:38:11:CD:41:39:60:75:58:6A:3E:E2:3F:33
Certificate issuer:       /CN=25cf9d8d552cdc7d8c0dc6f649b301f2351409ee
Certificate serial:       019302CF04AD01BF6FBE58EF95AA5F1425F4
Authority key identifier: 25:CF:9D:8D:55:2C:DC:7D:8C:0D:C6:F6:49:B3:01:F2:35:14:09:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Jc-djVUs3H2MDcb2SbMB8jUUCe4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/WGGEycOX3zgRzUE5YHVYaj7iPzM.roa
Signing time:             Wed 06 Nov 2024 18:49:01 +0000
ROA not before:           Wed 06 Nov 2024 18:49:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47482
IP address blocks:        45.66.32.0/24 maxlen: 24
                          45.66.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/Jc-djVUs3H2MDcb2SbMB8jUUCe4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/Jc-djVUs3H2MDcb2SbMB8jUUCe4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Jc-djVUs3H2MDcb2SbMB8jUUCe4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:02:cf:04:ad:01:bf:6f:be:58:ef:95:aa:5f:14:25:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25cf9d8d552cdc7d8c0dc6f649b301f2351409ee
        Validity
            Not Before: Nov  6 18:49:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=586184c9c397df3811cd41396075586a3ee23f33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:56:d1:cc:29:43:45:49:c1:73:c4:e6:ad:be:
                    07:92:c5:21:ab:66:27:b6:1c:9d:84:1c:53:5c:87:
                    fb:da:95:19:bb:36:55:10:26:48:7d:e3:ab:9d:15:
                    d8:b8:0e:58:ff:07:3a:24:08:3e:54:28:fd:85:65:
                    e1:1a:08:4f:f3:94:93:a4:19:5d:0a:93:94:1e:6f:
                    9a:41:b9:4d:65:c6:42:0b:8a:e4:70:be:20:ae:62:
                    d1:ac:2a:95:32:2d:8e:71:7b:86:8c:8d:cd:1b:cf:
                    fe:41:1a:33:95:78:ac:1b:af:5c:3a:77:9b:2a:b4:
                    de:a2:db:2a:70:c2:9f:53:7d:7a:a5:27:e9:b5:04:
                    4d:3d:33:b0:5a:c3:95:7e:6b:e3:9c:7c:fc:d3:d4:
                    79:55:23:0f:7e:0b:c3:b3:46:de:86:c7:46:f5:3d:
                    61:8a:c4:be:8e:70:96:7e:25:a7:1d:5d:f7:40:f2:
                    60:b6:1b:9c:29:c6:55:d9:a1:29:8e:54:4b:70:62:
                    73:9d:00:d1:f3:b1:3c:d3:9d:87:62:eb:2b:95:2a:
                    4f:a8:9a:2b:16:80:4a:cb:65:ce:c1:ad:dd:39:95:
                    a8:22:47:c0:03:c5:33:20:f5:85:74:06:2a:95:45:
                    3f:b6:94:13:a3:61:79:81:c9:a7:59:0c:b6:af:7e:
                    51:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:61:84:C9:C3:97:DF:38:11:CD:41:39:60:75:58:6A:3E:E2:3F:33
            X509v3 Authority Key Identifier:
                keyid:25:CF:9D:8D:55:2C:DC:7D:8C:0D:C6:F6:49:B3:01:F2:35:14:09:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jc-djVUs3H2MDcb2SbMB8jUUCe4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/WGGEycOX3zgRzUE5YHVYaj7iPzM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/Jc-djVUs3H2MDcb2SbMB8jUUCe4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.32.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1f:ab:d4:2e:c6:5e:46:3c:b7:ab:81:62:2a:4a:df:ea:0b:d1:
         b2:44:c2:f2:94:b7:e0:48:5b:14:8c:37:e6:5b:bf:54:93:e1:
         66:d6:1d:4c:6d:b3:60:73:4e:df:76:f3:f5:ca:d7:84:3f:c0:
         2b:e5:4f:91:c0:7d:f4:4c:5e:ca:c7:42:8d:a8:a0:5f:93:b0:
         32:63:84:a0:23:65:3d:bf:63:96:66:4a:bc:78:b2:fd:c0:cc:
         20:64:ea:6e:ca:69:f1:a0:2e:68:41:c1:a4:c7:fd:f5:a4:b2:
         5e:a7:16:65:18:7b:e5:35:11:c5:31:e8:15:9d:aa:6e:08:fc:
         c6:10:94:b5:ea:f4:1d:02:07:67:0f:c8:d9:b1:de:aa:e1:f8:
         73:d7:89:d8:34:e2:ec:40:a9:8f:ef:9b:dd:c7:3b:6a:ce:14:
         ff:c4:90:19:6d:da:27:b3:2c:58:b9:5f:2c:ae:22:24:6f:88:
         de:a9:fb:77:87:9a:28:6f:38:bc:bb:91:ea:3e:0e:03:3a:aa:
         bd:b2:1a:d7:1d:ec:6b:37:35:02:a0:04:ad:14:0f:2d:44:a5:
         d1:3f:35:7f:b9:22:29:e0:c6:2e:1d:b2:de:bb:cf:ee:4e:0c:
         a3:e2:70:1d:16:80:c7:30:bd:cb:a1:26:7a:8f:82:0f:35:61:
         3a:d2:a6:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMCzwStAb9vvljvlapfFCX0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1Y2Y5ZDhkNTUyY2RjN2Q4YzBkYzZmNjQ5YjMwMWYyMzUx
NDA5ZWUwHhcNMjQxMTA2MTg0OTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODYxODRjOWMzOTdkZjM4MTFjZDQxMzk2MDc1NTg2YTNlZTIzZjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlbRzClDRUnBc8Tmrb4HksUhq2Yn
thydhBxTXIf72pUZuzZVECZIfeOrnRXYuA5Y/wc6JAg+VCj9hWXhGghP85STpBld
CpOUHm+aQblNZcZCC4rkcL4grmLRrCqVMi2OcXuGjI3NG8/+QRozlXisG69cOneb
KrTeotsqcMKfU316pSfptQRNPTOwWsOVfmvjnHz809R5VSMPfgvDs0behsdG9T1h
isS+jnCWfiWnHV33QPJgthucKcZV2aEpjlRLcGJznQDR87E8052HYusrlSpPqJor
FoBKy2XOwa3dOZWoIkfAA8UzIPWFdAYqlUU/tpQTo2F5gcmnWQy2r35RZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFhhhMnDl984Ec1BOWB1WGo+4j8zMB8GA1UdIwQY
MBaAFCXPnY1VLNx9jA3G9kmzAfI1FAnuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmMtZGpWVXMzSDJNRGNiMlNiTUI4alVVQ2U0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi9hMGUwOGEtOWZmMC00NGI0LWJjYzQt
YTEwNjkwYTc0NGU0LzEvV0dHRXljT1gzemdSelVFNVlIVllhajdpUHpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi9hMGUwOGEtOWZmMC00NGI0LWJjYzQtYTEwNjkwYTc0NGU0
LzEvSmMtZGpWVXMzSDJNRGNiMlNiTUI4alVVQ2U0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLUIgMA0G
CSqGSIb3DQEBCwUAA4IBAQAfq9Quxl5GPLergWIqSt/qC9GyRMLylLfgSFsUjDfm
W79Uk+Fm1h1MbbNgc07fdvP1yteEP8Ar5U+RwH30TF7Kx0KNqKBfk7AyY4SgI2U9
v2OWZkq8eLL9wMwgZOpuymnxoC5oQcGkx/31pLJepxZlGHvlNRHFMegVnapuCPzG
EJS16vQdAgdnD8jZsd6q4fhz14nYNOLsQKmP75vdxztqzhT/xJAZbdonsyxYuV8s
riIkb4jeqft3h5oobzi8u5HqPg4DOqq9shrXHexrNzUCoAStFA8tRKXRPzV/uSIp
4MYuHbLeu8/uTgyj4nAdFoDHML3LoSZ6j4IPNWE60qYm
-----END CERTIFICATE-----