Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/w5_xzg68siU1xwo2TRNx9ptuZUg.roa
File:                     w5_xzg68siU1xwo2TRNx9ptuZUg.roa (raw, json)
Hash identifier:          dz0710YGDAoK//WB0wD9yVfkTEtuo0ioNy/ODQjxKRM=
Subject key identifier:   C3:9F:F1:CE:0E:BC:B2:25:35:C7:0A:36:4D:13:71:F6:9B:6E:65:48
Certificate issuer:       /CN=3aba1172472ea80265d12982967de0a8b0bc5901
Certificate serial:       019424B272CEB40184718B8CB39D832567CE
Authority key identifier: 3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/w5_xzg68siU1xwo2TRNx9ptuZUg.roa
Signing time:             Thu 02 Jan 2025 01:47:42 +0000
ROA not before:           Thu 02 Jan 2025 01:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137409
IP address blocks:        185.243.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 18:56:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:72:ce:b4:01:84:71:8b:8c:b3:9d:83:25:67:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aba1172472ea80265d12982967de0a8b0bc5901
        Validity
            Not Before: Jan  2 01:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c39ff1ce0ebcb22535c70a364d1371f69b6e6548
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:1d:d9:13:66:6b:1d:58:d0:f8:c9:53:05:d4:
                    e4:95:8c:72:5e:57:0e:55:3c:f4:96:4e:47:d5:64:
                    0e:26:7f:d0:32:57:f5:fe:56:58:7a:e5:a5:0b:4c:
                    ca:ea:da:58:cf:9a:c8:fa:f4:36:ce:a7:61:ca:2b:
                    0b:1d:61:7a:4a:3d:c9:43:8d:5c:5f:7a:1c:f0:14:
                    dc:02:d8:c5:cb:65:94:a2:e8:4a:1f:01:e4:f4:aa:
                    51:89:80:53:b3:28:4b:9b:c8:f8:7f:ab:a6:20:a0:
                    00:c3:02:de:f8:22:1e:8c:b3:a9:59:9a:10:e3:36:
                    6b:29:0b:b3:5d:4c:5e:a4:6d:ea:bb:9c:4f:e5:0a:
                    0a:05:e8:d9:c4:64:8d:79:6e:8d:b6:b3:4d:6c:a3:
                    9a:d5:6f:92:11:6f:4a:2e:33:75:83:fa:db:9f:6f:
                    5f:58:82:45:cd:51:88:62:70:76:40:c4:1a:6b:d7:
                    7f:39:06:9d:ac:69:9e:55:4a:47:c9:9e:49:4e:e5:
                    c6:9e:a7:a6:03:06:f2:00:4d:22:4e:e2:28:0f:38:
                    e3:df:1e:69:10:56:3c:03:e5:3b:30:a3:75:ec:41:
                    68:93:1e:20:d3:6c:88:c6:82:26:3a:0f:9d:48:82:
                    a9:4f:ae:ba:4d:4d:af:a7:2d:1b:67:cb:ce:fe:1b:
                    58:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:9F:F1:CE:0E:BC:B2:25:35:C7:0A:36:4D:13:71:F6:9B:6E:65:48
            X509v3 Authority Key Identifier:
                keyid:3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/w5_xzg68siU1xwo2TRNx9ptuZUg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:3e:37:1c:ea:34:b7:e7:c5:65:a8:7e:e3:98:ba:03:ef:fe:
         1a:5c:63:ae:5a:50:e7:ae:a8:3e:7d:3f:ea:33:08:b3:f6:c3:
         a8:33:cf:9e:fb:f1:9e:ab:62:8a:4f:8f:ac:48:9f:cc:88:8c:
         73:bc:5f:a3:a1:57:78:e4:70:b2:9c:bb:1b:a8:e0:02:d7:11:
         6e:03:34:f2:1d:c3:8d:88:32:3d:18:3e:23:ad:8d:8e:0a:6f:
         25:c8:c2:6c:1b:e9:34:da:84:3f:b7:56:07:23:71:ef:17:02:
         58:52:5a:0a:7f:fc:40:89:7d:4c:b5:2f:d0:05:00:6d:39:75:
         d0:67:63:18:d9:13:da:c3:f7:51:72:a3:6c:16:8a:88:bf:47:
         95:fb:27:39:0a:be:78:0e:92:50:37:e5:9a:0c:4d:b1:18:66:
         5b:27:02:0e:05:2b:12:55:b9:c7:59:9b:07:a3:cf:d6:53:ba:
         3e:a0:11:31:c3:36:38:15:a5:6b:77:e4:e7:ca:c1:31:d1:9f:
         38:8c:7c:6a:93:b5:bd:5e:62:1f:0e:0c:9a:61:84:b9:1e:19:
         79:d2:6e:9c:9a:45:2a:e0:3b:d6:a5:f5:93:fb:04:24:2c:8a:
         ea:b9:ea:ed:f3:eb:ec:0f:c2:fa:29:4d:49:8e:94:36:27:f6:
         72:1f:fb:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQksnLOtAGEcYuMs52DJWfOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYmExMTcyNDcyZWE4MDI2NWQxMjk4Mjk2N2RlMGE4YjBi
YzU5MDEwHhcNMjUwMTAyMDE0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzlmZjFjZTBlYmNiMjI1MzVjNzBhMzY0ZDEzNzFmNjliNmU2NTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyR3ZE2ZrHVjQ+MlTBdTklYxyXlcO
VTz0lk5H1WQOJn/QMlf1/lZYeuWlC0zK6tpYz5rI+vQ2zqdhyisLHWF6Sj3JQ41c
X3oc8BTcAtjFy2WUouhKHwHk9KpRiYBTsyhLm8j4f6umIKAAwwLe+CIejLOpWZoQ
4zZrKQuzXUxepG3qu5xP5QoKBejZxGSNeW6NtrNNbKOa1W+SEW9KLjN1g/rbn29f
WIJFzVGIYnB2QMQaa9d/OQadrGmeVUpHyZ5JTuXGnqemAwbyAE0iTuIoDzjj3x5p
EFY8A+U7MKN17EFokx4g02yIxoImOg+dSIKpT666TU2vpy0bZ8vO/htYcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMOf8c4OvLIlNccKNk0TcfabbmVIMB8GA1UdIwQY
MBaAFDq6EXJHLqgCZdEpgpZ94KiwvFkBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgt
NGRkMDQzNDZhYmMzLzEvdzVfeHpnNjhzaVUxeHdvMlRSTng5cHR1WlVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgtNGRkMDQzNDZhYmMz
LzEvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufOZMA0G
CSqGSIb3DQEBCwUAA4IBAQAEPjcc6jS358VlqH7jmLoD7/4aXGOuWlDnrqg+fT/q
Mwiz9sOoM8+e+/Geq2KKT4+sSJ/MiIxzvF+joVd45HCynLsbqOAC1xFuAzTyHcON
iDI9GD4jrY2OCm8lyMJsG+k02oQ/t1YHI3HvFwJYUloKf/xAiX1MtS/QBQBtOXXQ
Z2MY2RPaw/dRcqNsFoqIv0eV+yc5Cr54DpJQN+WaDE2xGGZbJwIOBSsSVbnHWZsH
o8/WU7o+oBExwzY4FaVrd+TnysEx0Z84jHxqk7W9XmIfDgyaYYS5Hhl50m6cmkUq
4DvWpfWT+wQkLIrquert8+vsD8L6KU1JjpQ2J/ZyH/tp
-----END CERTIFICATE-----