Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/f6d2dd-03a7-4f1f-b890-cd9ff0552f92/1/wXoIWeTQJHkXu9XoUihBMthRkSA.roa
File:                     wXoIWeTQJHkXu9XoUihBMthRkSA.roa (raw, json)
Hash identifier:          CounkqLJLR1NgaMlvIjAZph0Mee7Au4wuj3jTinKD8E=
Subject key identifier:   C1:7A:08:59:E4:D0:24:79:17:BB:D5:E8:52:28:41:32:D8:51:91:20
Certificate issuer:       /CN=b9f4779575cb9bf058243287e98234deca911fc9
Certificate serial:       019425FC2194EB8A009AA6E25B411FAB2B9A
Authority key identifier: B9:F4:77:95:75:CB:9B:F0:58:24:32:87:E9:82:34:DE:CA:91:1F:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ufR3lXXLm_BYJDKH6YI03sqRH8k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/f6d2dd-03a7-4f1f-b890-cd9ff0552f92/1/wXoIWeTQJHkXu9XoUihBMthRkSA.roa
Signing time:             Thu 02 Jan 2025 07:47:48 +0000
ROA not before:           Thu 02 Jan 2025 07:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208675
IP address blocks:        45.89.136.0/24 maxlen: 24
                          45.89.137.0/24 maxlen: 24
                          45.89.138.0/24 maxlen: 24
                          45.89.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/f6d2dd-03a7-4f1f-b890-cd9ff0552f92/1/ufR3lXXLm_BYJDKH6YI03sqRH8k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/f6d2dd-03a7-4f1f-b890-cd9ff0552f92/1/ufR3lXXLm_BYJDKH6YI03sqRH8k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ufR3lXXLm_BYJDKH6YI03sqRH8k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 21:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:21:94:eb:8a:00:9a:a6:e2:5b:41:1f:ab:2b:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9f4779575cb9bf058243287e98234deca911fc9
        Validity
            Not Before: Jan  2 07:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c17a0859e4d0247917bbd5e852284132d8519120
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:e2:dc:1c:8e:27:10:0e:c5:d0:a3:34:5a:64:
                    c6:8e:8c:75:c1:66:ee:37:31:60:a2:70:0f:2e:42:
                    1a:6c:0d:4b:56:d7:d8:9b:41:54:9f:37:35:e4:ab:
                    77:14:b8:38:75:33:1e:26:87:1d:57:48:ac:a7:c7:
                    81:8b:87:81:a6:c4:d7:c3:c0:0c:bc:90:6e:32:22:
                    3c:8e:56:d3:c2:80:09:4b:f2:08:a8:01:af:71:d6:
                    ea:0d:b4:bc:2d:9b:1a:68:c5:68:6d:fd:e8:a9:6b:
                    df:b1:03:9e:ba:1c:38:90:59:b3:51:3e:61:94:06:
                    c6:80:05:df:5a:d7:ba:df:81:25:66:6b:bf:28:ad:
                    a8:a5:f8:e0:94:3e:44:b5:18:f9:35:9f:d1:10:06:
                    d7:79:95:ec:03:4d:32:b2:94:e3:c6:2f:66:22:f1:
                    80:c7:a5:ba:c0:19:93:32:5c:b0:ed:01:82:ef:76:
                    ee:54:b4:0f:91:59:91:c7:37:d5:5e:bc:2c:00:96:
                    65:9b:59:92:bf:47:bd:d0:76:b4:ba:7f:63:aa:d0:
                    1f:a2:5f:e7:72:14:86:25:5b:ec:a4:b7:b3:c2:38:
                    78:22:5f:b9:7e:6e:82:ce:31:73:53:83:dd:13:a9:
                    f8:03:7c:c1:cf:7b:1d:a9:fc:7e:83:fc:9e:95:38:
                    59:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:7A:08:59:E4:D0:24:79:17:BB:D5:E8:52:28:41:32:D8:51:91:20
            X509v3 Authority Key Identifier:
                keyid:B9:F4:77:95:75:CB:9B:F0:58:24:32:87:E9:82:34:DE:CA:91:1F:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ufR3lXXLm_BYJDKH6YI03sqRH8k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/f6d2dd-03a7-4f1f-b890-cd9ff0552f92/1/wXoIWeTQJHkXu9XoUihBMthRkSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/f6d2dd-03a7-4f1f-b890-cd9ff0552f92/1/ufR3lXXLm_BYJDKH6YI03sqRH8k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:c1:5e:29:e6:a7:e3:37:6d:37:8f:a2:71:2c:87:ff:ae:5a:
         07:ab:65:08:cc:68:11:7c:7a:67:9d:2a:20:f1:5a:b9:18:f8:
         35:d1:7f:d7:2a:eb:44:07:0f:53:a2:ad:2b:1a:5f:7a:08:0f:
         23:84:c1:47:37:06:b3:1e:2c:07:39:66:5b:c8:81:dd:f5:ec:
         e1:b8:63:1f:c7:85:dd:f8:f4:6b:d9:ac:47:8f:7c:e2:e7:7b:
         5c:2f:cc:78:cb:f3:23:81:97:93:e7:30:bb:2f:2c:e6:f6:67:
         26:bd:6e:31:8d:b8:5b:7d:ff:d6:05:da:aa:c6:61:5e:6c:48:
         7c:26:36:6e:11:ed:f2:d8:11:42:fa:d7:cb:c6:1e:70:41:97:
         03:af:c6:14:bb:ee:82:88:6a:fb:0e:af:fd:57:e5:c5:ab:72:
         55:00:72:9a:69:ae:ef:16:7e:35:6b:e1:56:09:f4:cb:dc:43:
         fc:11:41:da:e1:e4:fc:84:c9:12:cf:e3:4b:95:a5:2a:36:89:
         a5:15:40:bd:da:12:01:55:30:6c:a9:1e:1d:aa:7c:65:8b:3d:
         68:29:b5:f3:e7:f7:17:0a:98:85:fd:29:1c:c7:ac:92:e5:96:
         72:2b:a7:4b:78:02:47:97:95:f9:e8:4a:0e:08:50:d1:45:c1:
         6d:4b:7a:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/CGU64oAmqbiW0EfqyuaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZjQ3Nzk1NzVjYjliZjA1ODI0MzI4N2U5ODIzNGRlY2E5
MTFmYzkwHhcNMjUwMTAyMDc0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTdhMDg1OWU0ZDAyNDc5MTdiYmQ1ZTg1MjI4NDEzMmQ4NTE5MTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqOLcHI4nEA7F0KM0WmTGjox1wWbu
NzFgonAPLkIabA1LVtfYm0FUnzc15Kt3FLg4dTMeJocdV0isp8eBi4eBpsTXw8AM
vJBuMiI8jlbTwoAJS/IIqAGvcdbqDbS8LZsaaMVobf3oqWvfsQOeuhw4kFmzUT5h
lAbGgAXfWte634ElZmu/KK2opfjglD5EtRj5NZ/REAbXeZXsA00yspTjxi9mIvGA
x6W6wBmTMlyw7QGC73buVLQPkVmRxzfVXrwsAJZlm1mSv0e90Ha0un9jqtAfol/n
chSGJVvspLezwjh4Il+5fm6CzjFzU4PdE6n4A3zBz3sdqfx+g/yelThZlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMF6CFnk0CR5F7vV6FIoQTLYUZEgMB8GA1UdIwQY
MBaAFLn0d5V1y5vwWCQyh+mCNN7KkR/JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWZSM2xYWExtX0JZSkRLSDZZSTAzc3FSSDhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC9mNmQyZGQtMDNhNy00ZjFmLWI4OTAt
Y2Q5ZmYwNTUyZjkyLzEvd1hvSVdlVFFKSGtYdTlYb1VpaEJNdGhSa1NBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC9mNmQyZGQtMDNhNy00ZjFmLWI4OTAtY2Q5ZmYwNTUyZjky
LzEvdWZSM2xYWExtX0JZSkRLSDZZSTAzc3FSSDhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVmIMA0G
CSqGSIb3DQEBCwUAA4IBAQCKwV4p5qfjN203j6JxLIf/rloHq2UIzGgRfHpnnSog
8Vq5GPg10X/XKutEBw9Toq0rGl96CA8jhMFHNwazHiwHOWZbyIHd9ezhuGMfx4Xd
+PRr2axHj3zi53tcL8x4y/MjgZeT5zC7Lyzm9mcmvW4xjbhbff/WBdqqxmFebEh8
JjZuEe3y2BFC+tfLxh5wQZcDr8YUu+6CiGr7Dq/9V+XFq3JVAHKaaa7vFn41a+FW
CfTL3EP8EUHa4eT8hMkSz+NLlaUqNomlFUC92hIBVTBsqR4dqnxliz1oKbXz5/cX
CpiF/Skcx6yS5ZZyK6dLeAJHl5X56EoOCFDRRcFtS3oO
-----END CERTIFICATE-----