Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/Wt8q81G3lq42cpbQgi--7hMpnzk.roa
File:                     Wt8q81G3lq42cpbQgi--7hMpnzk.roa (raw, json)
Hash identifier:          3wzOUsBnY0js90eLihw9wHKZneTkdasUVemnQb+Ppys=
Subject key identifier:   5A:DF:2A:F3:51:B7:96:AE:36:72:96:D0:82:2F:BE:EE:13:29:9F:39
Certificate issuer:       /CN=b914961f67f22c61e84a66c8ad9c1a8ce51d099b
Certificate serial:       0195CD1CC615FDB9BCED6C114FFBAD718C7D
Authority key identifier: B9:14:96:1F:67:F2:2C:61:E8:4A:66:C8:AD:9C:1A:8C:E5:1D:09:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uRSWH2fyLGHoSmbIrZwajOUdCZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/Wt8q81G3lq42cpbQgi--7hMpnzk.roa
Signing time:             Tue 25 Mar 2025 11:42:49 +0000
ROA not before:           Tue 25 Mar 2025 11:42:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56882
IP address blocks:        213.192.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/uRSWH2fyLGHoSmbIrZwajOUdCZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/uRSWH2fyLGHoSmbIrZwajOUdCZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uRSWH2fyLGHoSmbIrZwajOUdCZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 21:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:cd:1c:c6:15:fd:b9:bc:ed:6c:11:4f:fb:ad:71:8c:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b914961f67f22c61e84a66c8ad9c1a8ce51d099b
        Validity
            Not Before: Mar 25 11:42:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5adf2af351b796ae367296d0822fbeee13299f39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:66:88:cc:fe:5e:89:ee:22:84:47:2d:9b:7b:
                    30:8c:98:a9:36:75:67:26:4f:ea:55:ca:a3:95:f5:
                    4b:70:33:1c:e6:aa:5f:a8:7f:f6:02:f7:2e:09:36:
                    e5:cb:c0:58:21:01:0f:02:f6:fa:18:bd:6c:ca:74:
                    4b:93:ba:30:65:cc:38:6d:eb:b0:d8:86:cf:fe:5c:
                    a9:b5:83:53:0d:24:26:4e:10:6d:15:02:db:09:82:
                    21:88:18:ae:d8:20:85:a9:2e:b5:c1:3f:59:12:b7:
                    27:ed:48:1e:c8:c6:cd:37:dc:50:86:c2:80:c2:0d:
                    37:79:54:e4:0e:74:81:83:a4:f2:e2:07:02:e4:f5:
                    c8:28:63:10:4b:e9:17:04:70:60:c6:c3:81:85:45:
                    e7:54:f7:f4:14:05:e5:4c:d1:f5:da:8e:b2:98:68:
                    56:51:03:8b:c4:68:3e:17:50:4e:10:07:c1:73:7f:
                    8a:1e:3f:a1:54:9c:d5:57:45:d9:76:8b:2f:a5:ce:
                    78:49:f2:77:ba:d3:47:ad:35:bf:42:15:49:2c:37:
                    71:46:06:1d:71:bc:77:f5:6c:54:82:39:c1:40:51:
                    2c:33:f9:1c:24:b5:a2:af:44:d5:57:38:cc:f7:14:
                    e6:3d:5d:59:96:f0:19:c8:3b:0e:22:1b:cc:53:14:
                    8d:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:DF:2A:F3:51:B7:96:AE:36:72:96:D0:82:2F:BE:EE:13:29:9F:39
            X509v3 Authority Key Identifier:
                keyid:B9:14:96:1F:67:F2:2C:61:E8:4A:66:C8:AD:9C:1A:8C:E5:1D:09:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uRSWH2fyLGHoSmbIrZwajOUdCZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/Wt8q81G3lq42cpbQgi--7hMpnzk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/uRSWH2fyLGHoSmbIrZwajOUdCZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.192.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:8b:e4:e0:eb:c2:a8:bb:9c:d4:c2:0e:46:00:b7:71:d1:f4:
         d9:d5:fe:34:70:d0:f5:76:12:8d:e3:fb:5d:ff:db:5c:54:14:
         9e:8e:40:fb:3e:c3:a4:f2:21:cd:37:e9:d4:d4:6f:fb:46:77:
         69:aa:be:15:ec:39:24:56:64:0b:a0:cc:27:63:e9:8c:e5:bc:
         75:3e:fa:22:e0:70:17:1d:ef:c1:48:81:01:c0:5c:bf:34:5f:
         12:5b:9f:ee:0a:b5:cc:20:4f:96:00:74:ec:6f:86:6f:69:f2:
         ac:6e:53:09:5b:43:e4:1f:48:f0:aa:2f:b8:8d:d0:ec:f5:63:
         fd:00:04:a9:cb:73:2c:6c:e5:73:36:34:22:cc:93:0b:09:3a:
         52:27:2b:4e:0f:50:7d:30:1d:ae:4b:f6:43:97:ac:55:8c:04:
         17:77:32:41:11:c4:93:ad:22:e7:c0:07:6f:15:4d:53:31:3f:
         e7:d7:a3:fc:15:d0:bd:dd:93:45:34:40:d8:3b:b7:ab:0c:f3:
         f6:ae:bb:3e:c0:af:75:9f:71:d9:c3:57:18:0e:ee:a1:52:b2:
         e4:81:4b:f7:f5:fc:06:2e:af:a7:51:a0:db:56:58:0e:7b:be:
         1e:3e:f4:20:8d:d7:75:e9:48:f4:2d:39:4f:0b:b0:0f:74:73:
         d8:7c:83:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXNHMYV/bm87WwRT/utcYx9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5MTQ5NjFmNjdmMjJjNjFlODRhNjZjOGFkOWMxYThjZTUx
ZDA5OWIwHhcNMjUwMzI1MTE0MjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWRmMmFmMzUxYjc5NmFlMzY3Mjk2ZDA4MjJmYmVlZTEzMjk5ZjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjWaIzP5eie4ihEctm3swjJipNnVn
Jk/qVcqjlfVLcDMc5qpfqH/2AvcuCTbly8BYIQEPAvb6GL1synRLk7owZcw4beuw
2IbP/lyptYNTDSQmThBtFQLbCYIhiBiu2CCFqS61wT9ZErcn7UgeyMbNN9xQhsKA
wg03eVTkDnSBg6Ty4gcC5PXIKGMQS+kXBHBgxsOBhUXnVPf0FAXlTNH12o6ymGhW
UQOLxGg+F1BOEAfBc3+KHj+hVJzVV0XZdosvpc54SfJ3utNHrTW/QhVJLDdxRgYd
cbx39WxUgjnBQFEsM/kcJLWir0TVVzjM9xTmPV1ZlvAZyDsOIhvMUxSNIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFrfKvNRt5auNnKW0IIvvu4TKZ85MB8GA1UdIwQY
MBaAFLkUlh9n8ixh6EpmyK2cGozlHQmbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVJTV0gyZnlMR0hvU21iSXJad2FqT1VkQ1pzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8wOTE3YTctOWViZC00NWI5LTlkZTIt
Mjc0NzNjYTYxMmRlLzEvV3Q4cTgxRzNscTQyY3BiUWdpLS03aE1wbnprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8wOTE3YTctOWViZC00NWI5LTlkZTItMjc0NzNjYTYxMmRl
LzEvdVJTV0gyZnlMR0hvU21iSXJad2FqT1VkQ1pzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1cDLMA0G
CSqGSIb3DQEBCwUAA4IBAQBki+Tg68Kou5zUwg5GALdx0fTZ1f40cND1dhKN4/td
/9tcVBSejkD7PsOk8iHNN+nU1G/7Rndpqr4V7DkkVmQLoMwnY+mM5bx1Pvoi4HAX
He/BSIEBwFy/NF8SW5/uCrXMIE+WAHTsb4ZvafKsblMJW0PkH0jwqi+4jdDs9WP9
AASpy3MsbOVzNjQizJMLCTpSJytOD1B9MB2uS/ZDl6xVjAQXdzJBEcSTrSLnwAdv
FU1TMT/n16P8FdC93ZNFNEDYO7erDPP2rrs+wK91n3HZw1cYDu6hUrLkgUv39fwG
Lq+nUaDbVlgOe74ePvQgjdd16Uj0LTlPC7APdHPYfIMl
-----END CERTIFICATE-----