Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/wWbDK40S4dgNgIeoUbg-t_w6Qx0.roa
File:                     wWbDK40S4dgNgIeoUbg-t_w6Qx0.roa (raw, json)
Hash identifier:          SQUX4nOmlr/84KlBRvNtQfHH9k/9TOfWpMlz56zCIZQ=
Subject key identifier:   C1:66:C3:2B:8D:12:E1:D8:0D:80:87:A8:51:B8:3E:B7:FC:3A:43:1D
Certificate issuer:       /CN=abc8dbe52083ad335c9f1fde6016ec8b49293140
Certificate serial:       0194228D3D42BA15BB8CE449C5A29A5D516B
Authority key identifier: AB:C8:DB:E5:20:83:AD:33:5C:9F:1F:DE:60:16:EC:8B:49:29:31:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/wWbDK40S4dgNgIeoUbg-t_w6Qx0.roa
Signing time:             Wed 01 Jan 2025 15:47:49 +0000
ROA not before:           Wed 01 Jan 2025 15:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210353
IP address blocks:        195.114.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:3d:42:ba:15:bb:8c:e4:49:c5:a2:9a:5d:51:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abc8dbe52083ad335c9f1fde6016ec8b49293140
        Validity
            Not Before: Jan  1 15:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c166c32b8d12e1d80d8087a851b83eb7fc3a431d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:0a:a6:64:89:6e:85:4f:4a:2f:79:e1:f9:8a:
                    fa:7f:f0:34:6c:b2:b1:ef:91:73:7c:7d:2b:69:26:
                    07:bb:dd:19:ea:8f:7f:36:91:e2:1d:03:0b:71:7e:
                    43:0d:44:88:7f:82:50:c6:57:1b:82:2a:9d:7c:a4:
                    fd:cd:1a:96:3d:18:97:0c:23:5c:fd:96:c5:dd:b7:
                    4b:7e:2e:dd:37:2a:b5:2b:2a:d1:1f:0d:23:8e:39:
                    dd:1d:99:d5:a0:a6:86:51:97:20:07:30:85:cb:cc:
                    c2:fc:36:36:7b:89:27:43:6d:64:f6:6b:17:df:23:
                    d6:64:64:b7:c6:8d:37:be:6e:30:65:c5:65:6e:09:
                    be:40:c8:e0:e4:07:a7:5b:53:c8:07:39:34:1c:0e:
                    0d:f1:b7:10:32:b4:f9:11:4b:44:a5:d8:a4:78:1e:
                    71:58:0a:79:4b:f1:44:02:2a:79:71:02:49:16:cf:
                    1a:1c:b8:91:40:4f:c8:c6:15:3c:ea:34:59:44:f9:
                    5c:4f:7b:47:02:96:d0:08:2e:ac:25:cc:c0:38:6f:
                    5a:d5:8b:0f:e1:69:eb:7f:8c:da:f6:c4:71:12:98:
                    95:38:d0:c3:04:5b:fa:33:40:82:41:cb:5d:28:f0:
                    8d:81:d4:55:14:06:25:f3:33:a9:2a:26:89:a7:9e:
                    af:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:66:C3:2B:8D:12:E1:D8:0D:80:87:A8:51:B8:3E:B7:FC:3A:43:1D
            X509v3 Authority Key Identifier:
                keyid:AB:C8:DB:E5:20:83:AD:33:5C:9F:1F:DE:60:16:EC:8B:49:29:31:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/wWbDK40S4dgNgIeoUbg-t_w6Qx0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.114.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:df:c0:4c:d2:32:56:d9:77:83:68:1c:91:76:3f:88:84:9d:
         95:3a:5d:45:7e:84:4f:c7:b1:25:8f:5a:28:04:2a:b4:6e:36:
         d7:5f:e7:0b:f2:86:3a:24:66:0e:c0:55:53:d2:8b:fb:30:60:
         0d:69:d3:fb:d1:2e:cf:22:b4:52:0a:c9:ef:92:dc:36:e5:13:
         c2:92:97:40:fe:93:69:3c:56:b3:63:67:e0:45:db:e2:0c:a9:
         8b:27:1f:fd:3a:77:57:d4:cc:62:e6:2d:83:41:f6:39:f5:e5:
         12:2d:12:59:6f:ee:42:b1:07:c2:37:63:0f:f5:28:c0:1a:6f:
         09:71:af:52:36:01:b8:e1:80:d7:8b:aa:d1:2b:98:c1:7f:f4:
         ed:ef:57:89:0f:3c:ec:e9:c8:e6:3c:0c:b4:d2:03:d3:dc:39:
         18:e0:78:2b:b0:78:64:75:78:a7:13:ad:a7:42:09:fc:ad:02:
         a7:36:76:3e:5e:81:e7:c3:df:28:6d:2b:09:05:d6:50:ff:66:
         2a:c9:b6:2e:88:e8:9b:20:84:7f:93:5a:20:10:62:4a:b8:5a:
         21:40:77:bf:d9:1d:48:53:e0:39:05:9b:15:73:e4:d1:93:9e:
         6f:e8:44:c1:f6:ff:e8:9c:f6:b4:59:4f:48:9b:59:f5:44:b7:
         96:5f:0c:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijT1CuhW7jORJxaKaXVFrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiYzhkYmU1MjA4M2FkMzM1YzlmMWZkZTYwMTZlYzhiNDky
OTMxNDAwHhcNMjUwMTAxMTU0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTY2YzMyYjhkMTJlMWQ4MGQ4MDg3YTg1MWI4M2ViN2ZjM2E0MzFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAugqmZIluhU9KL3nh+Yr6f/A0bLKx
75FzfH0raSYHu90Z6o9/NpHiHQMLcX5DDUSIf4JQxlcbgiqdfKT9zRqWPRiXDCNc
/ZbF3bdLfi7dNyq1KyrRHw0jjjndHZnVoKaGUZcgBzCFy8zC/DY2e4knQ21k9msX
3yPWZGS3xo03vm4wZcVlbgm+QMjg5AenW1PIBzk0HA4N8bcQMrT5EUtEpdikeB5x
WAp5S/FEAip5cQJJFs8aHLiRQE/IxhU86jRZRPlcT3tHApbQCC6sJczAOG9a1YsP
4Wnrf4za9sRxEpiVONDDBFv6M0CCQctdKPCNgdRVFAYl8zOpKiaJp56v3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMFmwyuNEuHYDYCHqFG4Prf8OkMdMB8GA1UdIwQY
MBaAFKvI2+Ugg60zXJ8f3mAW7ItJKTFAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcThqYjVTQ0RyVE5jbnhfZVlCYnNpMGtwTVVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9jZTZjY2ItMjVjZi00OTE3LWIzY2Qt
MzA1NmFmOWEzMzVlLzEvd1diREs0MFM0ZGdOZ0llb1ViZy10X3c2UXgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9jZTZjY2ItMjVjZi00OTE3LWIzY2QtMzA1NmFmOWEzMzVl
LzEvcThqYjVTQ0RyVE5jbnhfZVlCYnNpMGtwTVVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw3KCMA0G
CSqGSIb3DQEBCwUAA4IBAQCR38BM0jJW2XeDaByRdj+IhJ2VOl1FfoRPx7Elj1oo
BCq0bjbXX+cL8oY6JGYOwFVT0ov7MGANadP70S7PIrRSCsnvktw25RPCkpdA/pNp
PFazY2fgRdviDKmLJx/9OndX1Mxi5i2DQfY59eUSLRJZb+5CsQfCN2MP9SjAGm8J
ca9SNgG44YDXi6rRK5jBf/Tt71eJDzzs6cjmPAy00gPT3DkY4HgrsHhkdXinE62n
Qgn8rQKnNnY+XoHnw98obSsJBdZQ/2YqybYuiOibIIR/k1ogEGJKuFohQHe/2R1I
U+A5BZsVc+TRk55v6ETB9v/onPa0WU9Im1n1RLeWXwwc
-----END CERTIFICATE-----