Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/f67aa8-51c2-43b2-b022-6d560debf7b3/1/WmpFDBZIecoNLuE1fAPBucxb25s.roa
File:                     WmpFDBZIecoNLuE1fAPBucxb25s.roa (raw, json)
Hash identifier:          CVFI0AtBd1CzpeCb3OrHxMzLwBv39HpruY5loDuWyFE=
Subject key identifier:   5A:6A:45:0C:16:48:79:CA:0D:2E:E1:35:7C:03:C1:B9:CC:5B:DB:9B
Certificate issuer:       /CN=d8012faf98275ae4f3f8d87f084ee4ff8420c485
Certificate serial:       01942143DF02B38ACB874812A9FB9ED5D31D
Authority key identifier: D8:01:2F:AF:98:27:5A:E4:F3:F8:D8:7F:08:4E:E4:FF:84:20:C4:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2AEvr5gnWuTz-Nh_CE7k_4QgxIU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/f67aa8-51c2-43b2-b022-6d560debf7b3/1/WmpFDBZIecoNLuE1fAPBucxb25s.roa
Signing time:             Wed 01 Jan 2025 09:48:03 +0000
ROA not before:           Wed 01 Jan 2025 09:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64457
IP address blocks:        185.224.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/f67aa8-51c2-43b2-b022-6d560debf7b3/1/2AEvr5gnWuTz-Nh_CE7k_4QgxIU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/f67aa8-51c2-43b2-b022-6d560debf7b3/1/2AEvr5gnWuTz-Nh_CE7k_4QgxIU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2AEvr5gnWuTz-Nh_CE7k_4QgxIU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 21:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:df:02:b3:8a:cb:87:48:12:a9:fb:9e:d5:d3:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8012faf98275ae4f3f8d87f084ee4ff8420c485
        Validity
            Not Before: Jan  1 09:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5a6a450c164879ca0d2ee1357c03c1b9cc5bdb9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:18:10:c7:8b:1c:e8:7b:d2:a6:d3:d8:ae:ae:
                    43:82:f2:d1:69:e5:9f:98:0a:d8:8c:be:90:22:83:
                    c6:3b:b5:e0:cf:14:fa:49:51:6c:0a:b1:c2:2a:ae:
                    88:f4:e0:03:18:cf:2f:dd:55:e6:46:90:87:6d:54:
                    0f:aa:bf:08:60:41:5e:bf:75:73:1e:6c:25:02:87:
                    5a:e3:1b:e8:54:c6:a9:c5:37:b9:94:59:66:57:fe:
                    af:9d:ad:93:ab:02:a7:ee:5f:88:30:56:b0:3b:da:
                    2b:c9:52:49:04:dc:34:73:b5:5f:e7:49:59:49:79:
                    eb:69:e6:93:22:af:9b:ba:80:07:d7:98:23:20:9a:
                    c4:50:2f:e1:8b:b7:ac:49:2c:48:0e:ec:ed:74:b1:
                    80:50:c1:d0:06:57:0d:6c:ff:a3:2e:5c:ca:a5:1e:
                    d3:1a:e1:ea:47:d2:7c:69:98:6b:b3:12:f3:23:2e:
                    2f:9c:b6:79:62:dd:16:24:59:25:fa:9c:e0:8a:6f:
                    d2:c5:b0:e7:98:6d:2a:4a:9b:e5:e9:05:06:ff:71:
                    94:45:aa:4a:2c:82:26:48:31:85:eb:43:04:35:c0:
                    30:0c:fa:03:ad:fb:83:a6:d5:14:b9:e8:ac:b3:9b:
                    0f:19:33:88:63:56:5a:34:17:0b:5f:cc:62:93:36:
                    0a:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:6A:45:0C:16:48:79:CA:0D:2E:E1:35:7C:03:C1:B9:CC:5B:DB:9B
            X509v3 Authority Key Identifier:
                keyid:D8:01:2F:AF:98:27:5A:E4:F3:F8:D8:7F:08:4E:E4:FF:84:20:C4:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2AEvr5gnWuTz-Nh_CE7k_4QgxIU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/f67aa8-51c2-43b2-b022-6d560debf7b3/1/WmpFDBZIecoNLuE1fAPBucxb25s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/f67aa8-51c2-43b2-b022-6d560debf7b3/1/2AEvr5gnWuTz-Nh_CE7k_4QgxIU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:5f:05:86:7b:0c:ef:42:ab:4b:80:1c:98:6d:82:88:68:f4:
         27:aa:dd:53:53:cc:43:5b:c8:9b:63:a6:80:61:56:78:6f:d1:
         4f:52:7b:25:d1:5a:79:44:6a:bb:fe:ec:dc:f1:a2:28:cc:64:
         30:ed:6a:3c:ec:dc:bf:04:88:e8:f6:75:6c:76:33:ec:bb:9c:
         65:7a:9c:82:fe:c2:7a:5f:32:8a:78:bb:21:8f:46:0b:58:8d:
         22:a9:e7:46:1e:2d:45:1a:85:d6:df:06:02:6a:63:28:ac:b9:
         9a:38:e2:5a:a5:ec:75:8a:34:36:60:04:38:fe:82:44:a5:0f:
         c5:b1:fb:87:e4:5f:95:14:6a:63:14:b0:95:f6:23:2c:5c:27:
         25:c8:44:f9:02:eb:76:90:4c:31:dc:8a:ba:c9:06:ab:fe:39:
         dd:5d:1d:7d:67:69:f2:dd:18:a9:4c:87:a4:1c:6b:8d:d5:e4:
         29:cc:58:23:86:79:3e:3f:83:07:f0:d5:b6:13:1f:72:56:13:
         30:e0:3f:e8:1d:a0:a3:17:ae:4b:bc:95:b9:d8:92:25:88:0b:
         c8:09:d5:42:ae:71:3b:a1:aa:7e:cc:5b:92:c0:8d:f2:73:74:
         53:97:5f:0f:52:82:65:bf:25:f6:ff:c5:d6:a1:55:dc:01:b4:
         2e:c3:43:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ98Cs4rLh0gSqfue1dMdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4MDEyZmFmOTgyNzVhZTRmM2Y4ZDg3ZjA4NGVlNGZmODQy
MGM0ODUwHhcNMjUwMTAxMDk0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTZhNDUwYzE2NDg3OWNhMGQyZWUxMzU3YzAzYzFiOWNjNWJkYjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnxgQx4sc6HvSptPYrq5DgvLRaeWf
mArYjL6QIoPGO7XgzxT6SVFsCrHCKq6I9OADGM8v3VXmRpCHbVQPqr8IYEFev3Vz
HmwlAoda4xvoVMapxTe5lFlmV/6vna2TqwKn7l+IMFawO9oryVJJBNw0c7Vf50lZ
SXnraeaTIq+buoAH15gjIJrEUC/hi7esSSxIDuztdLGAUMHQBlcNbP+jLlzKpR7T
GuHqR9J8aZhrsxLzIy4vnLZ5Yt0WJFkl+pzgim/SxbDnmG0qSpvl6QUG/3GURapK
LIImSDGF60MENcAwDPoDrfuDptUUueiss5sPGTOIY1ZaNBcLX8xikzYKjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFpqRQwWSHnKDS7hNXwDwbnMW9ubMB8GA1UdIwQY
MBaAFNgBL6+YJ1rk8/jYfwhO5P+EIMSFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkFFdnI1Z25XdVR6LU5oX0NFN2tfNFFneElVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC9mNjdhYTgtNTFjMi00M2IyLWIwMjIt
NmQ1NjBkZWJmN2IzLzEvV21wRkRCWkllY29OTHVFMWZBUEJ1Y3hiMjVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC9mNjdhYTgtNTFjMi00M2IyLWIwMjItNmQ1NjBkZWJmN2Iz
LzEvMkFFdnI1Z25XdVR6LU5oX0NFN2tfNFFneElVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueADMA0G
CSqGSIb3DQEBCwUAA4IBAQA7XwWGewzvQqtLgByYbYKIaPQnqt1TU8xDW8ibY6aA
YVZ4b9FPUnsl0Vp5RGq7/uzc8aIozGQw7Wo87Ny/BIjo9nVsdjPsu5xlepyC/sJ6
XzKKeLshj0YLWI0iqedGHi1FGoXW3wYCamMorLmaOOJapex1ijQ2YAQ4/oJEpQ/F
sfuH5F+VFGpjFLCV9iMsXCclyET5Aut2kEwx3Iq6yQar/jndXR19Z2ny3RipTIek
HGuN1eQpzFgjhnk+P4MH8NW2Ex9yVhMw4D/oHaCjF65LvJW52JIliAvICdVCrnE7
oap+zFuSwI3yc3RTl18PUoJlvyX2/8XWoVXcAbQuw0Ow
-----END CERTIFICATE-----