Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/wss4DHVRQkG3MknK-G-LgbR_mNQ.roa
File:                     wss4DHVRQkG3MknK-G-LgbR_mNQ.roa (raw, json)
Hash identifier:          B2e8BwlzWE2Bfx1HrsL4rlI5Lr1sImy0bUk626fh87Q=
Subject key identifier:   C2:CB:38:0C:75:51:42:41:B7:32:49:CA:F8:6F:8B:81:B4:7F:98:D4
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019421441B2C8A0D37A65253AAD183845CC3
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/wss4DHVRQkG3MknK-G-LgbR_mNQ.roa
Signing time:             Wed 01 Jan 2025 09:48:19 +0000
ROA not before:           Wed 01 Jan 2025 09:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212783
IP address blocks:        81.168.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:1b:2c:8a:0d:37:a6:52:53:aa:d1:83:84:5c:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c2cb380c75514241b73249caf86f8b81b47f98d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:4f:84:71:eb:33:78:9c:df:7a:ff:f1:38:89:
                    1b:74:0f:81:4d:0c:e6:c3:3d:d3:4a:b7:c5:bb:63:
                    f0:1b:65:be:71:ac:8b:fe:0e:71:fb:cd:1f:ef:1b:
                    b9:66:e2:f7:11:c6:7d:96:e9:ca:77:f1:c8:fd:fa:
                    d0:77:39:ee:90:e2:0a:67:bb:ed:a8:44:50:25:12:
                    01:07:9a:cd:6b:31:d2:ab:66:4e:b8:b4:43:f9:7a:
                    28:cd:26:c9:bd:49:ed:d4:4a:fa:72:95:15:93:b3:
                    05:d1:46:17:d9:2c:2b:6c:99:6b:c4:95:7e:49:31:
                    20:5f:21:99:15:e2:47:a0:62:a5:f7:d3:26:9c:91:
                    07:87:7f:c8:54:7a:a6:fa:94:25:ca:b5:ee:44:54:
                    39:90:23:b2:4c:e6:bd:2f:a4:53:af:81:0e:6f:d1:
                    19:3b:50:2d:33:63:1f:d1:70:88:dc:fc:b9:b1:0a:
                    0c:6b:7f:f3:e2:31:42:fc:14:23:7b:61:2f:86:6b:
                    be:b6:8f:fb:af:fd:9f:86:f1:3e:08:ce:eb:f9:9a:
                    67:09:7a:b0:5b:26:38:a0:c7:a5:66:a6:49:d6:6b:
                    e9:de:76:7d:39:b1:48:e3:57:01:ac:19:b9:1d:da:
                    a2:63:c2:07:c1:d6:92:31:5d:c0:41:ed:d4:81:79:
                    ac:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:CB:38:0C:75:51:42:41:B7:32:49:CA:F8:6F:8B:81:B4:7F:98:D4
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/wss4DHVRQkG3MknK-G-LgbR_mNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:e7:91:61:d2:69:0a:84:90:2b:e1:60:e4:47:91:ab:b6:8e:
         24:3d:04:f9:92:e8:f3:a1:d2:94:d7:a9:b8:94:ff:aa:3b:b4:
         85:2a:54:a7:71:ee:cf:ac:9b:f1:38:98:7d:d9:f5:1b:3b:03:
         1f:8a:88:c5:21:43:4d:98:04:8f:a5:41:fb:3c:e6:4b:2e:cc:
         43:22:cc:e5:25:c9:a0:4a:72:3e:a5:f0:a8:7b:05:b5:59:d8:
         58:39:44:b6:05:9a:50:95:be:b8:60:5c:e5:70:9e:9c:82:25:
         fb:26:69:06:ac:3d:6b:73:f3:00:be:95:ce:cc:f9:5c:ff:8e:
         01:6c:09:6a:c1:d6:31:1c:37:4c:09:24:7b:39:bc:e9:06:7a:
         ea:01:85:b2:3b:08:74:c8:8c:39:fa:9d:76:53:9a:3d:45:86:
         6e:da:d2:92:d3:cf:4d:1d:4e:04:0f:42:03:8d:03:16:43:94:
         bc:0b:12:6f:05:4a:ad:d8:2f:f4:5f:7a:fc:7c:36:21:d2:00:
         14:72:0c:9e:0f:71:c5:60:94:ba:e9:1f:1d:9b:ce:21:df:b4:
         6d:b6:98:8a:99:c0:2c:d4:fc:14:e8:41:61:fb:ef:9b:22:17:
         d5:b4:f2:29:8c:23:4a:62:68:cd:df:d9:c6:42:ff:c4:f2:c6:
         01:f5:8a:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRBssig03plJTqtGDhFzDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmNiMzgwYzc1NTE0MjQxYjczMjQ5Y2FmODZmOGI4MWI0N2Y5OGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8U+EceszeJzfev/xOIkbdA+BTQzm
wz3TSrfFu2PwG2W+cayL/g5x+80f7xu5ZuL3EcZ9lunKd/HI/frQdznukOIKZ7vt
qERQJRIBB5rNazHSq2ZOuLRD+XoozSbJvUnt1Er6cpUVk7MF0UYX2SwrbJlrxJV+
STEgXyGZFeJHoGKl99MmnJEHh3/IVHqm+pQlyrXuRFQ5kCOyTOa9L6RTr4EOb9EZ
O1AtM2Mf0XCI3Py5sQoMa3/z4jFC/BQje2Evhmu+to/7r/2fhvE+CM7r+ZpnCXqw
WyY4oMelZqZJ1mvp3nZ9ObFI41cBrBm5HdqiY8IHwdaSMV3AQe3UgXmsBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMLLOAx1UUJBtzJJyvhvi4G0f5jUMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvd3NzNERIVlJRa0czTWtuSy1HLUxnYlJfbU5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUagjMA0G
CSqGSIb3DQEBCwUAA4IBAQCI55Fh0mkKhJAr4WDkR5Grto4kPQT5kujzodKU16m4
lP+qO7SFKlSnce7PrJvxOJh92fUbOwMfiojFIUNNmASPpUH7POZLLsxDIszlJcmg
SnI+pfCoewW1WdhYOUS2BZpQlb64YFzlcJ6cgiX7JmkGrD1rc/MAvpXOzPlc/44B
bAlqwdYxHDdMCSR7ObzpBnrqAYWyOwh0yIw5+p12U5o9RYZu2tKS089NHU4ED0ID
jQMWQ5S8CxJvBUqt2C/0X3r8fDYh0gAUcgyeD3HFYJS66R8dm84h37RttpiKmcAs
1PwU6EFh+++bIhfVtPIpjCNKYmjN39nGQv/E8sYB9Yoj
-----END CERTIFICATE-----