Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/WhKzVDUi8DcVQRZuEN6A_F-qR34.roa
File:                     WhKzVDUi8DcVQRZuEN6A_F-qR34.roa (raw, json)
Hash identifier:          ZhsnSmI1l4ujTt7J/dvfHtZhoQUOvBLUqbxqn6FdNi4=
Subject key identifier:   5A:12:B3:54:35:22:F0:37:15:41:16:6E:10:DE:80:FC:5F:AA:47:7E
Certificate issuer:       /CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
Certificate serial:       019427B61ACD416421B12F56D6206844F3E5
Authority key identifier: 21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/WhKzVDUi8DcVQRZuEN6A_F-qR34.roa
Signing time:             Thu 02 Jan 2025 15:50:33 +0000
ROA not before:           Thu 02 Jan 2025 15:50:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202369
IP address blocks:        147.234.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 21:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:1a:cd:41:64:21:b1:2f:56:d6:20:68:44:f3:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
        Validity
            Not Before: Jan  2 15:50:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5a12b3543522f0371541166e10de80fc5faa477e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:fb:b5:f8:c1:fe:aa:92:ad:e6:68:e0:4e:25:
                    bc:3c:3d:08:ff:e9:01:ae:46:de:eb:56:14:e4:c4:
                    fb:ac:e1:c0:e7:36:28:67:47:3d:ee:8d:ff:e5:5a:
                    24:c8:3a:69:3c:71:5e:5e:5d:49:65:b5:af:58:9b:
                    f6:a9:00:b1:55:30:d3:d0:58:25:c5:35:56:a7:23:
                    37:06:89:4d:51:af:0a:ff:d9:cd:e3:b5:93:1d:5b:
                    d2:71:e3:b5:cc:4c:af:e0:27:de:2d:33:e3:8d:4b:
                    24:40:98:83:88:39:3f:76:c2:70:31:df:74:63:e3:
                    6e:9c:b1:b5:b5:14:bd:a6:bd:e8:5e:8e:b5:10:5b:
                    6d:e4:68:9b:b7:b5:cd:fb:d1:75:49:19:d3:09:b3:
                    29:2a:2e:bc:74:2a:1e:b2:0c:e7:92:7d:52:1c:b9:
                    2b:a1:06:cc:e2:c0:5f:58:a1:c1:02:08:e8:2a:39:
                    c5:c1:32:c4:7a:71:14:9e:8d:08:fa:d8:f3:b9:82:
                    d8:2f:f9:99:7d:a0:dc:23:ff:fd:14:3e:31:7a:04:
                    ba:ec:04:12:67:32:f1:8b:81:1c:b4:a9:80:38:17:
                    e7:7d:cc:20:e7:0c:c0:37:e3:e7:7e:c9:4e:c4:c5:
                    33:7f:8a:f3:0d:0b:55:3e:27:e3:09:cf:81:e5:9d:
                    49:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:12:B3:54:35:22:F0:37:15:41:16:6E:10:DE:80:FC:5F:AA:47:7E
            X509v3 Authority Key Identifier:
                keyid:21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/WhKzVDUi8DcVQRZuEN6A_F-qR34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.234.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:22:86:e7:9d:e5:59:45:d5:87:d5:4d:35:83:ed:31:83:5a:
         f7:bc:d0:fe:07:f9:34:47:70:6e:cb:1e:fe:95:03:29:58:81:
         0e:08:fe:e7:55:29:ff:8c:3f:ac:c2:73:8d:94:39:69:ac:f4:
         e3:d9:64:a4:f0:df:80:e5:a0:f2:59:dc:72:11:39:34:b8:e9:
         dd:ad:91:e6:1e:5d:ab:27:6b:a6:32:d1:6b:42:46:be:98:48:
         ce:97:bb:7c:06:41:26:75:35:12:8a:a6:33:3f:2c:af:29:36:
         f8:c4:2f:c6:84:c8:de:90:5f:29:94:ce:c5:68:c9:31:0b:b4:
         71:ae:2d:1b:e0:45:99:b1:46:00:00:50:af:b7:40:03:1c:1f:
         1b:31:59:26:36:a9:3a:3b:81:29:2e:71:68:f9:d7:22:47:fa:
         a0:82:b3:82:bf:8a:f3:4c:d1:c1:50:52:67:58:c5:e5:9f:ef:
         25:ea:ab:23:ad:d1:6b:05:9a:12:8c:74:97:5a:6a:32:bd:d7:
         75:03:59:03:41:80:dd:c0:66:39:fe:de:f4:35:7b:00:66:a4:
         57:41:ec:f1:e9:e1:2e:95:43:2c:38:b0:85:f0:57:8e:cf:87:
         4d:c5:eb:64:18:ad:76:60:d1:a9:a0:15:f4:2b:9b:bc:c9:07:
         7a:88:a0:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnthrNQWQhsS9W1iBoRPPlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYmFkNzRlN2Y2YzA5NDlhMjczNmE1NzQ3ODQ5NmQ3ZDhi
NDUwZTYwHhcNMjUwMTAyMTU1MDMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTEyYjM1NDM1MjJmMDM3MTU0MTE2NmUxMGRlODBmYzVmYWE0NzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvPu1+MH+qpKt5mjgTiW8PD0I/+kB
rkbe61YU5MT7rOHA5zYoZ0c97o3/5VokyDppPHFeXl1JZbWvWJv2qQCxVTDT0Fgl
xTVWpyM3BolNUa8K/9nN47WTHVvSceO1zEyv4CfeLTPjjUskQJiDiDk/dsJwMd90
Y+NunLG1tRS9pr3oXo61EFtt5Gibt7XN+9F1SRnTCbMpKi68dCoesgznkn1SHLkr
oQbM4sBfWKHBAgjoKjnFwTLEenEUno0I+tjzuYLYL/mZfaDcI//9FD4xegS67AQS
ZzLxi4EctKmAOBfnfcwg5wzAN+PnfslOxMUzf4rzDQtVPifjCc+B5Z1JnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFoSs1Q1IvA3FUEWbhDegPxfqkd+MB8GA1UdIwQY
MBaAFCG6105/bAlJonNqV0eEltfYtFDmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQt
NDQzMzIyOWE4NDczLzEvV2hLelZEVWk4RGNWUVJadUVONkFfRi1xUjM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQtNDQzMzIyOWE4NDcz
LzEvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk+ohMA0G
CSqGSIb3DQEBCwUAA4IBAQCHIobnneVZRdWH1U01g+0xg1r3vND+B/k0R3Buyx7+
lQMpWIEOCP7nVSn/jD+swnONlDlprPTj2WSk8N+A5aDyWdxyETk0uOndrZHmHl2r
J2umMtFrQka+mEjOl7t8BkEmdTUSiqYzPyyvKTb4xC/GhMjekF8plM7FaMkxC7Rx
ri0b4EWZsUYAAFCvt0ADHB8bMVkmNqk6O4EpLnFo+dciR/qggrOCv4rzTNHBUFJn
WMXln+8l6qsjrdFrBZoSjHSXWmoyvdd1A1kDQYDdwGY5/t70NXsAZqRXQezx6eEu
lUMsOLCF8FeOz4dNxetkGK12YNGpoBX0K5u8yQd6iKDL
-----END CERTIFICATE-----