Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/9ceea6-3218-4b39-97a7-cfaf6ef849d6/1/WecqEhgOSAbXZ3Im_QJkisWYch0.roa
File:                     WecqEhgOSAbXZ3Im_QJkisWYch0.roa (raw, json)
Hash identifier:          yP0d2DYh05Kav8sMdEFhk832MGjVh6BaMrRs10W9wIw=
Subject key identifier:   59:E7:2A:12:18:0E:48:06:D7:67:72:26:FD:02:64:8A:C5:98:72:1D
Certificate issuer:       /CN=77cf08ee9a289197b71100a5f00b19501d94c093
Certificate serial:       01945F99A17AFD9570F0F2AE0F621D86AE38
Authority key identifier: 77:CF:08:EE:9A:28:91:97:B7:11:00:A5:F0:0B:19:50:1D:94:C0:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d88I7pookZe3EQCl8AsZUB2UwJM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/9ceea6-3218-4b39-97a7-cfaf6ef849d6/1/WecqEhgOSAbXZ3Im_QJkisWYch0.roa
Signing time:             Mon 13 Jan 2025 12:18:11 +0000
ROA not before:           Mon 13 Jan 2025 12:18:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48873
IP address blocks:        45.142.32.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/9ceea6-3218-4b39-97a7-cfaf6ef849d6/1/d88I7pookZe3EQCl8AsZUB2UwJM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/9ceea6-3218-4b39-97a7-cfaf6ef849d6/1/d88I7pookZe3EQCl8AsZUB2UwJM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d88I7pookZe3EQCl8AsZUB2UwJM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:5f:99:a1:7a:fd:95:70:f0:f2:ae:0f:62:1d:86:ae:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77cf08ee9a289197b71100a5f00b19501d94c093
        Validity
            Not Before: Jan 13 12:18:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=59e72a12180e4806d7677226fd02648ac598721d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:fe:89:08:e2:1c:5f:fa:ff:e9:2d:f4:da:c6:
                    66:ef:e0:cc:50:f9:97:0a:6d:27:00:8e:d6:f4:a6:
                    21:af:3c:15:ba:34:e3:ff:de:3f:0e:80:69:91:cb:
                    10:09:ea:4c:4a:57:86:a6:e7:b7:36:1c:93:87:02:
                    f2:69:15:0d:41:81:31:d5:cc:c6:87:e9:60:08:44:
                    2a:7d:5d:62:a1:89:02:a1:d1:25:ba:1f:db:d7:7e:
                    65:e2:69:94:7e:a8:1a:c1:46:8e:e1:b4:df:ca:ad:
                    6d:e5:28:e0:d2:93:e4:c2:47:c7:32:3c:58:03:80:
                    de:c5:bb:4b:ff:7a:26:d4:73:6c:52:70:4c:cf:7c:
                    fa:21:6b:60:fc:f5:e6:d7:21:dc:99:c4:ff:20:40:
                    1e:9a:15:30:07:d3:be:8d:d0:9e:10:0a:eb:31:d2:
                    66:42:9e:20:7f:94:6c:9b:98:0e:e9:bf:27:2a:2c:
                    13:20:98:4f:4c:e1:a4:cf:3d:86:2c:fb:9e:0e:5f:
                    7e:e1:45:a0:fc:4c:c8:c9:80:81:07:91:0e:71:a9:
                    38:50:77:05:a2:0c:0c:52:68:ed:79:1b:12:aa:cb:
                    47:d8:df:34:ed:87:96:b3:b9:7d:5f:76:ad:ae:a6:
                    68:3e:99:9b:74:3b:0b:6a:e3:04:33:50:f4:73:fc:
                    db:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:E7:2A:12:18:0E:48:06:D7:67:72:26:FD:02:64:8A:C5:98:72:1D
            X509v3 Authority Key Identifier:
                keyid:77:CF:08:EE:9A:28:91:97:B7:11:00:A5:F0:0B:19:50:1D:94:C0:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d88I7pookZe3EQCl8AsZUB2UwJM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/9ceea6-3218-4b39-97a7-cfaf6ef849d6/1/WecqEhgOSAbXZ3Im_QJkisWYch0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/9ceea6-3218-4b39-97a7-cfaf6ef849d6/1/d88I7pookZe3EQCl8AsZUB2UwJM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         73:d0:c2:ce:55:a6:75:76:9b:5a:2d:0b:65:96:d0:3d:57:8a:
         98:82:07:da:32:b7:c0:b6:ad:5d:66:44:ae:89:06:38:01:15:
         0f:25:b3:b6:49:a6:31:9a:d8:ad:dc:d5:b2:e6:0e:92:4f:b6:
         74:09:cc:1c:ec:da:70:ad:13:43:10:5a:dc:f1:70:81:10:19:
         86:70:27:6a:bf:cb:37:cd:eb:8b:6f:4e:7a:35:d8:35:47:a9:
         04:a7:60:c9:df:e4:fd:e2:c2:0a:bc:67:e3:ec:03:e7:20:19:
         e8:29:07:4d:1f:6e:de:c6:65:ff:36:07:85:e4:d6:0a:13:b6:
         19:fb:ea:ae:38:a7:5b:71:6c:d0:6c:cf:27:c1:e7:4c:33:1e:
         ee:b6:ee:56:c7:ed:30:52:ee:b3:d5:06:70:70:54:9b:84:e0:
         da:bf:82:5d:f4:00:72:3c:47:d9:34:78:28:b9:eb:07:26:2e:
         74:95:6f:d2:eb:8b:b0:2b:bb:87:fb:52:d4:ef:f0:f6:78:b6:
         ad:44:10:7d:8b:de:52:df:62:12:4a:16:41:c4:81:f9:72:ab:
         15:5f:10:89:ec:04:7a:f7:e7:5f:dc:ca:74:52:79:58:6d:8a:
         32:1d:77:3f:fc:76:13:b8:94:e7:ad:1c:52:94:9d:a8:f8:cc:
         d3:31:ec:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRfmaF6/ZVw8PKuD2Idhq44MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3Y2YwOGVlOWEyODkxOTdiNzExMDBhNWYwMGIxOTUwMWQ5
NGMwOTMwHhcNMjUwMTEzMTIxODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWU3MmExMjE4MGU0ODA2ZDc2NzcyMjZmZDAyNjQ4YWM1OTg3MjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmv6JCOIcX/r/6S302sZm7+DMUPmX
Cm0nAI7W9KYhrzwVujTj/94/DoBpkcsQCepMSleGpue3NhyThwLyaRUNQYEx1czG
h+lgCEQqfV1ioYkCodEluh/b135l4mmUfqgawUaO4bTfyq1t5Sjg0pPkwkfHMjxY
A4DexbtL/3om1HNsUnBMz3z6IWtg/PXm1yHcmcT/IEAemhUwB9O+jdCeEArrMdJm
Qp4gf5Rsm5gO6b8nKiwTIJhPTOGkzz2GLPueDl9+4UWg/EzIyYCBB5EOcak4UHcF
ogwMUmjteRsSqstH2N807YeWs7l9X3atrqZoPpmbdDsLauMEM1D0c/zb6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFnnKhIYDkgG12dyJv0CZIrFmHIdMB8GA1UdIwQY
MBaAFHfPCO6aKJGXtxEApfALGVAdlMCTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDg4STdwb29rWmUzRVFDbDhBc1pVQjJVd0pNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85Y2VlYTYtMzIxOC00YjM5LTk3YTct
Y2ZhZjZlZjg0OWQ2LzEvV2VjcUVoZ09TQWJYWjNJbV9RSmtpc1dZY2gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85Y2VlYTYtMzIxOC00YjM5LTk3YTctY2ZhZjZlZjg0OWQ2
LzEvZDg4STdwb29rWmUzRVFDbDhBc1pVQjJVd0pNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLY4gMA0G
CSqGSIb3DQEBCwUAA4IBAQBz0MLOVaZ1dptaLQtlltA9V4qYggfaMrfAtq1dZkSu
iQY4ARUPJbO2SaYxmtit3NWy5g6ST7Z0Ccwc7NpwrRNDEFrc8XCBEBmGcCdqv8s3
zeuLb056Ndg1R6kEp2DJ3+T94sIKvGfj7APnIBnoKQdNH27exmX/NgeF5NYKE7YZ
++quOKdbcWzQbM8nwedMMx7utu5Wx+0wUu6z1QZwcFSbhODav4Jd9AByPEfZNHgo
uesHJi50lW/S64uwK7uH+1LU7/D2eLatRBB9i95S32ISShZBxIH5cqsVXxCJ7AR6
9+df3Mp0UnlYbYoyHXc//HYTuJTnrRxSlJ2o+MzTMeyU
-----END CERTIFICATE-----