Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/_WWxWL8Hn8pQ4epkeG1hkMzsULM.roa
File:                     _WWxWL8Hn8pQ4epkeG1hkMzsULM.roa (raw, json)
Hash identifier:          MsfVcxjNhCQJp9YqHylixAZChxNNKEXw3F+da8rjFfw=
Subject key identifier:   FD:65:B1:58:BF:07:9F:CA:50:E1:EA:64:78:6D:61:90:CC:EC:50:B3
Certificate issuer:       /CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
Certificate serial:       01941FFA7AA1A8A58590423BC9242F53F337
Authority key identifier: 17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/_WWxWL8Hn8pQ4epkeG1hkMzsULM.roa
Signing time:             Wed 01 Jan 2025 03:48:16 +0000
ROA not before:           Wed 01 Jan 2025 03:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204019
IP address blocks:        213.199.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:7a:a1:a8:a5:85:90:42:3b:c9:24:2f:53:f3:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
        Validity
            Not Before: Jan  1 03:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fd65b158bf079fca50e1ea64786d6190ccec50b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:b4:b7:0a:0f:c3:1c:74:58:3b:60:3b:11:64:
                    5e:79:a3:a6:c8:c7:d2:c8:cf:c6:01:7f:11:16:bf:
                    10:59:3a:c0:9d:ef:94:51:ac:5f:48:82:26:cb:10:
                    fa:69:88:0e:c8:95:4e:52:fb:1e:f5:ad:44:5a:19:
                    13:04:97:d1:14:b0:a8:6b:f6:81:92:b9:5c:de:fc:
                    b8:99:18:7e:18:66:a4:2a:02:0c:f7:cd:43:55:5b:
                    1a:04:81:a5:0d:cf:a0:20:69:8e:98:3e:08:4e:13:
                    d3:8f:78:56:d5:d9:07:5d:fd:4b:85:14:0f:97:71:
                    23:c0:ce:b1:59:a8:a8:03:25:f3:9b:04:7a:6d:87:
                    e9:00:fc:52:61:f0:92:3c:f8:70:b1:36:b1:59:93:
                    08:20:b6:19:35:2e:c8:a9:03:60:2a:e1:f4:c4:d1:
                    fb:36:ee:2c:e5:fd:10:34:34:7f:9f:6e:4d:d4:08:
                    0c:13:12:ad:fb:24:5c:0e:7f:75:26:9b:63:4c:09:
                    c7:a8:86:cc:68:9b:e4:00:30:8f:df:6f:89:68:17:
                    22:c5:37:d7:3f:99:fe:9d:ba:4e:31:1a:c8:c2:40:
                    14:d1:96:34:72:7e:c3:f9:c0:6a:b6:58:67:8c:5c:
                    8a:21:04:d8:fc:75:35:75:d8:44:c2:d6:8e:f2:47:
                    5d:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:65:B1:58:BF:07:9F:CA:50:E1:EA:64:78:6D:61:90:CC:EC:50:B3
            X509v3 Authority Key Identifier:
                keyid:17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/_WWxWL8Hn8pQ4epkeG1hkMzsULM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.199.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:b2:80:4a:cf:de:59:b6:86:67:c7:66:d0:82:0b:ec:ea:55:
         e4:1c:2f:8b:bd:59:c5:ba:26:ce:02:d1:a7:60:e6:b9:5e:5e:
         60:7f:fc:fb:f4:c2:28:af:66:ce:ed:62:2f:b8:83:69:ad:46:
         e2:e0:cd:eb:c9:3d:19:02:77:1f:8c:38:d0:0c:65:3a:23:1f:
         f0:97:91:8d:55:ae:dc:19:8c:87:d1:48:6f:d7:3e:ea:8a:6b:
         c7:e1:3c:c6:d9:8d:cc:72:fd:d6:60:c5:e5:9b:6f:2c:13:ee:
         5d:61:56:79:b9:db:e5:06:4c:b2:4c:d0:96:ea:31:49:5c:b9:
         75:79:38:08:22:96:c6:74:e1:6d:b9:83:cf:29:ec:0a:04:77:
         76:6e:f9:1b:f6:bf:12:cc:15:47:2b:41:1c:64:08:eb:64:74:
         ce:ea:e5:e9:02:6f:fe:9f:81:e1:a1:7e:30:6d:7d:98:47:2e:
         93:34:3a:45:9c:d1:6b:f4:06:96:86:e8:c6:e0:7a:4a:49:a0:
         6c:18:12:1c:79:1f:62:23:9b:86:c5:f3:46:90:53:4f:23:f8:
         47:09:18:2c:18:25:1d:03:8f:ae:d4:51:ee:85:06:18:46:bf:
         ff:3f:30:2b:36:b7:80:c0:25:62:db:95:f9:cd:c8:d4:36:d0:
         55:ed:91:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+nqhqKWFkEI7ySQvU/M3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3OTMwMWRjYzdmYWU0ZjdjZTAxZTQ5ODdhNzdjYjgyYTMz
NmFiZmYwHhcNMjUwMTAxMDM0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDY1YjE1OGJmMDc5ZmNhNTBlMWVhNjQ3ODZkNjE5MGNjZWM1MGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLS3Cg/DHHRYO2A7EWReeaOmyMfS
yM/GAX8RFr8QWTrAne+UUaxfSIImyxD6aYgOyJVOUvse9a1EWhkTBJfRFLCoa/aB
krlc3vy4mRh+GGakKgIM981DVVsaBIGlDc+gIGmOmD4IThPTj3hW1dkHXf1LhRQP
l3EjwM6xWaioAyXzmwR6bYfpAPxSYfCSPPhwsTaxWZMIILYZNS7IqQNgKuH0xNH7
Nu4s5f0QNDR/n25N1AgMExKt+yRcDn91JptjTAnHqIbMaJvkADCP32+JaBcixTfX
P5n+nbpOMRrIwkAU0ZY0cn7D+cBqtlhnjFyKIQTY/HU1ddhEwtaO8kdd7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP1lsVi/B5/KUOHqZHhtYZDM7FCzMB8GA1UdIwQY
MBaAFBeTAdzH+uT3zgHkmHp3y4KjNqv/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQt
YWZmOTJjMTZkOGUzLzEvX1dXeFdMOEhuOHBRNGVwa2VHMWhrTXpzVUxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQtYWZmOTJjMTZkOGUz
LzEvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1cfQMA0G
CSqGSIb3DQEBCwUAA4IBAQCssoBKz95ZtoZnx2bQggvs6lXkHC+LvVnFuibOAtGn
YOa5Xl5gf/z79MIor2bO7WIvuINprUbi4M3ryT0ZAncfjDjQDGU6Ix/wl5GNVa7c
GYyH0Uhv1z7qimvH4TzG2Y3Mcv3WYMXlm28sE+5dYVZ5udvlBkyyTNCW6jFJXLl1
eTgIIpbGdOFtuYPPKewKBHd2bvkb9r8SzBVHK0EcZAjrZHTO6uXpAm/+n4HhoX4w
bX2YRy6TNDpFnNFr9AaWhujG4HpKSaBsGBIceR9iI5uGxfNGkFNPI/hHCRgsGCUd
A4+u1FHuhQYYRr//PzArNreAwCVi25X5zcjUNtBV7ZEq
-----END CERTIFICATE-----