Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/8a6ae1-7148-4e57-aaa9-3b81aa26f7c6/1/Wov-rogss9nwzo0EqvEMesDtem8.roa
File:                     Wov-rogss9nwzo0EqvEMesDtem8.roa (raw, json)
Hash identifier:          ajFMqrFV3/ilI/Icdeg3WVYYBJHDgZFZXDWmXuDh9DU=
Subject key identifier:   5A:8B:FE:AE:88:2C:B3:D9:F0:CE:8D:04:AA:F1:0C:7A:C0:ED:7A:6F
Certificate issuer:       /CN=bd45aecb062d9b446e05421bc1faaf58bb0769ec
Certificate serial:       0194236A2344B98461F514905AB6199FC83F
Authority key identifier: BD:45:AE:CB:06:2D:9B:44:6E:05:42:1B:C1:FA:AF:58:BB:07:69:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vUWuywYtm0RuBUIbwfqvWLsHaew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/8a6ae1-7148-4e57-aaa9-3b81aa26f7c6/1/Wov-rogss9nwzo0EqvEMesDtem8.roa
Signing time:             Wed 01 Jan 2025 19:49:05 +0000
ROA not before:           Wed 01 Jan 2025 19:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24641
IP address blocks:        91.224.48.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/8a6ae1-7148-4e57-aaa9-3b81aa26f7c6/1/vUWuywYtm0RuBUIbwfqvWLsHaew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/8a6ae1-7148-4e57-aaa9-3b81aa26f7c6/1/vUWuywYtm0RuBUIbwfqvWLsHaew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vUWuywYtm0RuBUIbwfqvWLsHaew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:23:44:b9:84:61:f5:14:90:5a:b6:19:9f:c8:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd45aecb062d9b446e05421bc1faaf58bb0769ec
        Validity
            Not Before: Jan  1 19:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5a8bfeae882cb3d9f0ce8d04aaf10c7ac0ed7a6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:94:2b:b5:86:49:5b:be:ec:d1:1e:03:b1:dc:
                    e5:4b:20:ce:ee:3a:7b:d2:b6:20:79:80:cf:dd:33:
                    f9:5a:92:4c:ba:73:67:e8:23:fc:d2:5f:14:ab:34:
                    20:37:7c:6c:6d:0e:be:8d:7e:04:00:30:ad:db:8a:
                    31:bd:0d:f4:86:79:e1:e2:6c:45:61:dd:4f:0d:f3:
                    a9:26:d0:6b:ea:99:0c:21:cb:1a:c9:56:e7:0f:90:
                    bc:b9:a8:34:58:95:3b:eb:47:a8:8b:d3:1a:5b:8b:
                    fe:a0:88:bb:20:b6:9f:d9:04:60:0b:97:8b:23:73:
                    d5:0d:3f:a9:40:b7:9f:75:f2:12:2f:a8:2c:cf:28:
                    5d:dc:75:ce:2c:3b:8b:05:21:e2:8f:ee:b2:e0:e0:
                    00:06:11:a6:c9:a7:c2:30:87:23:3d:40:a8:ef:27:
                    43:b3:86:9e:67:3e:5a:12:05:d9:e3:10:29:c4:87:
                    87:65:1c:19:f3:68:94:09:a4:87:d4:a2:bf:a2:73:
                    27:0f:40:03:63:b5:c1:fa:a6:2a:e2:47:7d:a2:77:
                    37:19:ea:05:91:f6:44:a0:2b:3e:60:53:0a:f5:95:
                    d5:7b:30:2f:82:c8:ff:79:39:08:b7:ae:0f:01:78:
                    64:62:50:a0:df:59:2d:e4:21:fa:aa:6c:4a:b8:86:
                    3e:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:8B:FE:AE:88:2C:B3:D9:F0:CE:8D:04:AA:F1:0C:7A:C0:ED:7A:6F
            X509v3 Authority Key Identifier:
                keyid:BD:45:AE:CB:06:2D:9B:44:6E:05:42:1B:C1:FA:AF:58:BB:07:69:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vUWuywYtm0RuBUIbwfqvWLsHaew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/8a6ae1-7148-4e57-aaa9-3b81aa26f7c6/1/Wov-rogss9nwzo0EqvEMesDtem8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/8a6ae1-7148-4e57-aaa9-3b81aa26f7c6/1/vUWuywYtm0RuBUIbwfqvWLsHaew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.48.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a7:c3:fa:92:2f:52:d3:cf:c4:61:e0:11:26:e5:00:03:d1:de:
         d2:5e:16:ab:a0:2c:30:80:7c:a1:1a:d6:30:5e:08:c5:07:f6:
         5d:3f:22:81:63:4c:bc:da:ca:59:33:65:f9:70:f5:22:ee:3a:
         44:89:bc:8a:01:2d:fb:16:a2:d9:e5:e1:23:48:07:ad:ea:d7:
         91:a2:fe:6a:08:b9:fd:ea:fc:e4:5e:fe:15:8f:11:f9:e6:fb:
         4a:64:fc:53:cc:5b:75:40:af:33:2a:ea:16:ff:c7:49:16:dd:
         5f:fb:5c:5b:c4:20:ce:2d:a0:11:6b:90:79:de:fe:63:d4:5a:
         61:0a:cd:ef:a0:fc:76:06:0a:6d:e2:a8:a2:60:61:98:d5:be:
         a8:4f:18:39:06:6c:2c:c5:fe:11:aa:29:f9:7d:5f:35:a8:23:
         33:e6:70:a6:9e:f4:f5:89:b0:7b:e7:92:c2:2c:be:65:20:47:
         09:46:49:c8:43:b8:0f:c1:35:31:c5:ec:35:e1:c7:f9:8b:76:
         b8:c6:85:c9:b0:68:46:8c:c6:90:ca:24:5f:48:ee:71:22:84:
         0c:30:53:c8:94:4b:a2:29:8d:43:d6:ce:a8:9c:0b:ef:da:ab:
         e5:e9:4c:bc:85:0b:24:ba:f0:bb:b0:71:ad:56:06:0f:00:0c:
         93:a6:74:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaiNEuYRh9RSQWrYZn8g/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkNDVhZWNiMDYyZDliNDQ2ZTA1NDIxYmMxZmFhZjU4YmIw
NzY5ZWMwHhcNMjUwMTAxMTk0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YThiZmVhZTg4MmNiM2Q5ZjBjZThkMDRhYWYxMGM3YWMwZWQ3YTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyZQrtYZJW77s0R4DsdzlSyDO7jp7
0rYgeYDP3TP5WpJMunNn6CP80l8UqzQgN3xsbQ6+jX4EADCt24oxvQ30hnnh4mxF
Yd1PDfOpJtBr6pkMIcsayVbnD5C8uag0WJU760eoi9MaW4v+oIi7ILaf2QRgC5eL
I3PVDT+pQLefdfISL6gszyhd3HXOLDuLBSHij+6y4OAABhGmyafCMIcjPUCo7ydD
s4aeZz5aEgXZ4xApxIeHZRwZ82iUCaSH1KK/onMnD0ADY7XB+qYq4kd9onc3GeoF
kfZEoCs+YFMK9ZXVezAvgsj/eTkIt64PAXhkYlCg31kt5CH6qmxKuIY+OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFqL/q6ILLPZ8M6NBKrxDHrA7XpvMB8GA1UdIwQY
MBaAFL1FrssGLZtEbgVCG8H6r1i7B2nsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlVXdXl3WXRtMFJ1QlVJYndmcXZXTHNIYWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS84YTZhZTEtNzE0OC00ZTU3LWFhYTkt
M2I4MWFhMjZmN2M2LzEvV292LXJvZ3NzOW53em8wRXF2RU1lc0R0ZW04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS84YTZhZTEtNzE0OC00ZTU3LWFhYTktM2I4MWFhMjZmN2M2
LzEvdlVXdXl3WXRtMFJ1QlVJYndmcXZXTHNIYWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+AwMA0G
CSqGSIb3DQEBCwUAA4IBAQCnw/qSL1LTz8Rh4BEm5QAD0d7SXharoCwwgHyhGtYw
XgjFB/ZdPyKBY0y82spZM2X5cPUi7jpEibyKAS37FqLZ5eEjSAet6teRov5qCLn9
6vzkXv4VjxH55vtKZPxTzFt1QK8zKuoW/8dJFt1f+1xbxCDOLaARa5B53v5j1Fph
Cs3voPx2Bgpt4qiiYGGY1b6oTxg5Bmwsxf4Rqin5fV81qCMz5nCmnvT1ibB755LC
LL5lIEcJRknIQ7gPwTUxxew14cf5i3a4xoXJsGhGjMaQyiRfSO5xIoQMMFPIlEui
KY1D1s6onAvv2qvl6Uy8hQskuvC7sHGtVgYPAAyTpnTc
-----END CERTIFICATE-----