Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/WWSW__MVqK6dx_k6tsS9bRZ--CI.roa
File:                     WWSW__MVqK6dx_k6tsS9bRZ--CI.roa (raw, json)
Hash identifier:          0n+w/A4d8z6b0u844BV3PGZBGD8lEvEB6AFFqVVHQn8=
Subject key identifier:   59:64:96:FF:F3:15:A8:AE:9D:C7:F9:3A:B6:C4:BD:6D:16:7E:F8:22
Certificate issuer:       /CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
Certificate serial:       019421B1DC33775BD2DFD7C87E3E1EABE1C4
Authority key identifier: F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/WWSW__MVqK6dx_k6tsS9bRZ--CI.roa
Signing time:             Wed 01 Jan 2025 11:48:11 +0000
ROA not before:           Wed 01 Jan 2025 11:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59448
IP address blocks:        217.20.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 05:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:dc:33:77:5b:d2:df:d7:c8:7e:3e:1e:ab:e1:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
        Validity
            Not Before: Jan  1 11:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=596496fff315a8ae9dc7f93ab6c4bd6d167ef822
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:c9:24:d7:22:7d:31:78:7f:45:f9:46:03:51:
                    97:86:25:fc:e3:6d:a7:ec:71:af:ca:69:0c:5b:97:
                    ef:5e:c0:b4:6d:a3:64:fb:85:48:8c:e8:37:d8:e1:
                    d6:d1:cf:0b:34:1f:80:71:b8:03:5f:bd:65:2a:bd:
                    6e:c7:4a:52:aa:44:04:f1:a3:f3:07:45:7a:d0:0a:
                    d3:22:fd:51:1d:0f:49:27:33:44:fb:ea:54:ba:31:
                    e0:e5:17:7c:88:e2:3c:c2:9e:f4:18:cb:e2:88:d5:
                    b3:6a:7c:0e:76:e8:f2:1a:85:b6:6f:12:d1:73:34:
                    ab:5d:3f:70:d8:db:e9:aa:70:27:36:e2:c6:ae:8d:
                    79:27:4a:58:d1:01:bf:54:5b:15:f1:f7:3e:6b:78:
                    1c:90:97:48:28:e6:1d:4b:12:d8:6d:cf:d6:55:35:
                    5e:23:a6:1f:57:28:35:bd:96:fd:da:b9:4d:ec:f4:
                    b3:23:bb:07:72:5b:bb:eb:b6:90:94:4f:7e:07:b9:
                    61:12:b1:1f:f2:e2:30:dd:e5:43:3b:79:f5:79:75:
                    06:94:93:68:52:39:27:98:6a:3c:64:81:72:da:6b:
                    13:87:f0:1c:47:68:a8:7a:01:9c:b6:10:82:57:6d:
                    31:38:97:4c:e2:66:bb:98:7f:1e:1b:f5:51:5d:6d:
                    a5:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:64:96:FF:F3:15:A8:AE:9D:C7:F9:3A:B6:C4:BD:6D:16:7E:F8:22
            X509v3 Authority Key Identifier:
                keyid:F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/WWSW__MVqK6dx_k6tsS9bRZ--CI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.20.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:3e:e3:c1:b8:0f:91:73:55:9e:b4:92:5f:90:5b:d4:c4:a6:
         bb:6c:b7:af:97:0f:c8:76:3e:5f:96:d6:22:f5:43:c8:ec:d1:
         30:ff:68:3b:af:91:84:90:8d:66:9a:0a:89:a9:96:9b:63:22:
         b2:0a:e2:82:53:e6:a8:1f:60:34:6a:d5:d8:4b:0a:a7:07:4e:
         65:16:e4:86:7a:d7:46:f6:26:fc:9b:76:86:da:45:cc:a9:3b:
         92:90:a6:ed:9c:cc:a8:08:93:08:bf:45:15:53:b3:35:7a:a5:
         f3:4d:bb:ac:0f:01:d6:ea:ea:77:34:83:76:47:b0:2b:09:fe:
         c2:ff:9c:00:96:6a:2f:2c:74:ab:36:eb:29:20:84:b4:b0:94:
         aa:f4:b5:ce:ea:61:8e:e3:a8:2d:7f:c5:3d:2e:46:a8:9c:cf:
         51:a8:e4:ba:3e:95:34:24:6b:7a:0b:bc:12:70:bb:a0:e2:59:
         31:7f:d4:57:a9:5b:87:bf:ae:43:50:28:18:0a:7e:bf:ea:a3:
         1b:1a:a3:fa:f5:74:4a:a6:23:3d:51:a3:24:61:5a:98:b8:0e:
         b6:0f:84:36:15:09:9b:e0:b4:17:a2:50:b8:3c:a6:24:7b:31:
         2a:d4:ec:18:70:e9:01:c0:09:be:cd:97:c8:4a:9a:e1:b9:fa:
         01:59:2f:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsdwzd1vS39fIfj4eq+HEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMmRhYzYwNWY0NjU5NzE4YzBhMTVlMWY3MzJjYmQ0ZjQ4
YWFlN2IwHhcNMjUwMTAxMTE0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTY0OTZmZmYzMTVhOGFlOWRjN2Y5M2FiNmM0YmQ2ZDE2N2VmODIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0skk1yJ9MXh/RflGA1GXhiX8422n
7HGvymkMW5fvXsC0baNk+4VIjOg32OHW0c8LNB+AcbgDX71lKr1ux0pSqkQE8aPz
B0V60ArTIv1RHQ9JJzNE++pUujHg5Rd8iOI8wp70GMviiNWzanwOdujyGoW2bxLR
czSrXT9w2NvpqnAnNuLGro15J0pY0QG/VFsV8fc+a3gckJdIKOYdSxLYbc/WVTVe
I6YfVyg1vZb92rlN7PSzI7sHclu767aQlE9+B7lhErEf8uIw3eVDO3n1eXUGlJNo
UjknmGo8ZIFy2msTh/AcR2ioegGcthCCV20xOJdM4ma7mH8eG/VRXW2lFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFlklv/zFaiuncf5OrbEvW0WfvgiMB8GA1UdIwQY
MBaAFPAtrGBfRllxjAoV4fcyy9T0iq57MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYt
MjkyYWU0NmU2MzAyLzEvV1dTV19fTVZxSzZkeF9rNnRzUzliUlotLUNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYtMjkyYWU0NmU2MzAy
LzEvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RSAMA0G
CSqGSIb3DQEBCwUAA4IBAQAwPuPBuA+Rc1WetJJfkFvUxKa7bLevlw/Idj5fltYi
9UPI7NEw/2g7r5GEkI1mmgqJqZabYyKyCuKCU+aoH2A0atXYSwqnB05lFuSGetdG
9ib8m3aG2kXMqTuSkKbtnMyoCJMIv0UVU7M1eqXzTbusDwHW6up3NIN2R7ArCf7C
/5wAlmovLHSrNuspIIS0sJSq9LXO6mGO46gtf8U9LkaonM9RqOS6PpU0JGt6C7wS
cLug4lkxf9RXqVuHv65DUCgYCn6/6qMbGqP69XRKpiM9UaMkYVqYuA62D4Q2FQmb
4LQXolC4PKYkezEq1OwYcOkBwAm+zZfISprhufoBWS9S
-----END CERTIFICATE-----