Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/W8pbaE9SITvmp3StMfJ7E--X4M0.roa
File:                     W8pbaE9SITvmp3StMfJ7E--X4M0.roa (raw, json)
Hash identifier:          uRUesuHnpXbWgYa8xNv9zFt/fxahoQmchuNu9Hzil3c=
Subject key identifier:   5B:CA:5B:68:4F:52:21:3B:E6:A7:74:AD:31:F2:7B:13:EF:97:E0:CD
Certificate issuer:       /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial:       01941FFA01865E15D3E099060F2B707F72C1
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/W8pbaE9SITvmp3StMfJ7E--X4M0.roa
Signing time:             Wed 01 Jan 2025 03:47:45 +0000
ROA not before:           Wed 01 Jan 2025 03:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49755
IP address blocks:        185.177.112.0/24 maxlen: 24
                          2a0a:c3c5:f000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 17:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:01:86:5e:15:d3:e0:99:06:0f:2b:70:7f:72:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
        Validity
            Not Before: Jan  1 03:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5bca5b684f52213be6a774ad31f27b13ef97e0cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:27:85:5b:6b:df:54:31:bf:76:dc:6c:1d:62:
                    be:b8:ef:de:73:3c:37:51:cb:db:a5:13:04:ce:74:
                    5f:d1:cd:f8:3e:b6:0f:4b:52:12:d3:11:68:44:b4:
                    22:96:80:97:ab:d7:f2:25:3a:17:0e:e3:24:86:ff:
                    07:f5:d0:c4:31:9a:dc:de:24:68:73:ea:81:97:d0:
                    fe:0c:a2:3d:9f:b3:0d:3b:d6:d5:47:df:63:26:54:
                    2c:1e:93:0b:90:89:bd:7e:94:28:cd:c0:51:e5:5f:
                    ef:86:d3:89:ca:3d:cb:aa:be:e9:87:68:09:ea:bc:
                    17:d5:ea:e4:53:e0:7b:71:ac:25:23:82:9d:25:1d:
                    d9:4b:09:fe:12:11:59:bc:fe:79:34:53:3f:ca:1f:
                    10:c6:ab:4a:8b:46:42:fc:fb:09:8f:03:7a:98:15:
                    d5:06:67:8d:95:a7:b1:6d:82:8e:7b:fd:93:6d:36:
                    30:40:ea:d5:33:a2:c5:e8:0d:c0:0b:75:e8:bd:29:
                    0a:51:66:ad:1b:a4:0b:c5:68:0a:7e:23:d4:8f:79:
                    35:68:44:01:a1:f7:7c:d3:a4:c0:c7:7b:22:bd:cb:
                    a0:a2:6f:88:0e:35:ed:87:42:74:25:a1:06:6b:b1:
                    23:19:a2:f6:d9:75:77:e9:f0:b6:c0:e5:ec:4f:08:
                    ce:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:CA:5B:68:4F:52:21:3B:E6:A7:74:AD:31:F2:7B:13:EF:97:E0:CD
            X509v3 Authority Key Identifier:
                keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/W8pbaE9SITvmp3StMfJ7E--X4M0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.177.112.0/24
                IPv6:
                  2a0a:c3c5:f000::/36

    Signature Algorithm: sha256WithRSAEncryption
         66:96:ea:30:0e:fe:54:c6:9a:3b:0d:d9:90:f8:a8:fc:9c:25:
         85:b6:91:0a:e3:a6:29:24:b1:9b:b3:5d:55:7b:2f:08:05:43:
         0f:13:9f:e7:53:b5:16:43:17:3b:9e:4f:a3:1d:92:5c:0e:f2:
         09:12:a2:75:d4:ae:72:a1:74:1f:12:a2:39:7d:d1:91:4f:72:
         de:e8:41:aa:8c:84:ba:5d:81:cf:67:1c:84:0c:f4:9e:f1:7e:
         6c:01:c9:5d:dd:0d:cf:d1:1a:27:65:69:13:46:f6:f5:ae:3b:
         ed:bc:57:58:e7:59:37:bf:d1:80:2f:88:f2:2c:39:c4:ba:3b:
         51:5f:a7:41:2e:97:8b:3a:5b:33:96:c1:39:b9:fe:f5:4f:57:
         6d:b3:f9:f3:8f:bb:13:a6:8b:79:5f:ce:ac:4d:43:8b:99:94:
         6d:e2:75:ed:e4:49:27:02:4a:dd:90:0f:3d:64:27:ad:02:04:
         90:36:36:d2:97:8d:39:ea:7c:af:cc:9c:60:b5:7c:64:7f:15:
         f0:90:ce:19:1c:7c:e7:03:0d:58:0c:80:30:3e:44:d8:fc:e5:
         8a:10:4d:45:18:37:8e:58:ce:12:23:b6:b9:37:81:0a:56:6c:
         f9:f4:0c:07:c1:54:21:1f:1b:31:18:91:cc:e7:6c:63:ef:9c:
         3b:3b:75:b3
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQf+gGGXhXT4JkGDytwf3LBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjUwMTAxMDM0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmNhNWI2ODRmNTIyMTNiZTZhNzc0YWQzMWYyN2IxM2VmOTdlMGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwyeFW2vfVDG/dtxsHWK+uO/eczw3
UcvbpRMEznRf0c34PrYPS1IS0xFoRLQiloCXq9fyJToXDuMkhv8H9dDEMZrc3iRo
c+qBl9D+DKI9n7MNO9bVR99jJlQsHpMLkIm9fpQozcBR5V/vhtOJyj3Lqr7ph2gJ
6rwX1erkU+B7cawlI4KdJR3ZSwn+EhFZvP55NFM/yh8QxqtKi0ZC/PsJjwN6mBXV
BmeNlaexbYKOe/2TbTYwQOrVM6LF6A3AC3XovSkKUWatG6QLxWgKfiPUj3k1aEQB
ofd806TAx3sivcugom+IDjXth0J0JaEGa7EjGaL22XV36fC2wOXsTwjOkwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFFvKW2hPUiE75qd0rTHyexPvl+DNMB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvVzhwYmFFOVNJVHZtcDNTdE1mSjdFLS1YNE0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAubFwMA4E
AgACMAgDBgQqCsPF8DANBgkqhkiG9w0BAQsFAAOCAQEAZpbqMA7+VMaaOw3ZkPio
/JwlhbaRCuOmKSSxm7NdVXsvCAVDDxOf51O1FkMXO55Pox2SXA7yCRKiddSucqF0
HxKiOX3RkU9y3uhBqoyEul2Bz2cchAz0nvF+bAHJXd0Nz9EaJ2VpE0b29a477bxX
WOdZN7/RgC+I8iw5xLo7UV+nQS6XizpbM5bBObn+9U9XbbP584+7E6aLeV/OrE1D
i5mUbeJ17eRJJwJK3ZAPPWQnrQIEkDY20peNOep8r8ycYLV8ZH8V8JDOGRx85wMN
WAyAMD5E2PzlihBNRRg3jljOEiO2uTeBClZs+fQMB8FUIR8bMRiRzOdsY++cOzt1
sw==
-----END CERTIFICATE-----