Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/1ed3e2-a09c-49c2-9928-c5c082a313f7/1/WEolIktBESdvgc8hNiaPN7u1uwc.roa
File:                     WEolIktBESdvgc8hNiaPN7u1uwc.roa (raw, json)
Hash identifier:          epUS51OLDZ6qazQuvjy3IHtOX7T0vUZAhescISw2oWI=
Subject key identifier:   58:4A:25:22:4B:41:11:27:6F:81:CF:21:36:26:8F:37:BB:B5:BB:07
Certificate issuer:       /CN=45962ea566054656ef82aace2d71c76d1b0b88bb
Certificate serial:       0194221F78FCDD8AF4EADA8682C18E26CB05
Authority key identifier: 45:96:2E:A5:66:05:46:56:EF:82:AA:CE:2D:71:C7:6D:1B:0B:88:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RZYupWYFRlbvgqrOLXHHbRsLiLs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/1ed3e2-a09c-49c2-9928-c5c082a313f7/1/WEolIktBESdvgc8hNiaPN7u1uwc.roa
Signing time:             Wed 01 Jan 2025 13:47:55 +0000
ROA not before:           Wed 01 Jan 2025 13:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        130.193.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/1ed3e2-a09c-49c2-9928-c5c082a313f7/1/RZYupWYFRlbvgqrOLXHHbRsLiLs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/1ed3e2-a09c-49c2-9928-c5c082a313f7/1/RZYupWYFRlbvgqrOLXHHbRsLiLs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RZYupWYFRlbvgqrOLXHHbRsLiLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:78:fc:dd:8a:f4:ea:da:86:82:c1:8e:26:cb:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45962ea566054656ef82aace2d71c76d1b0b88bb
        Validity
            Not Before: Jan  1 13:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=584a25224b4111276f81cf2136268f37bbb5bb07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:f9:f5:12:65:13:6d:87:7b:b2:e1:e2:7a:d1:
                    ac:d0:59:a1:e2:ef:8a:28:9e:07:1d:f5:38:4f:77:
                    c8:1c:7d:3f:aa:33:72:eb:3d:af:e6:20:af:1f:32:
                    75:e8:2f:95:6d:67:8d:39:22:b1:f7:bc:14:16:ae:
                    64:c6:82:e6:7a:78:9b:48:1c:31:49:c8:38:4a:83:
                    fe:a0:f3:b7:b4:4d:bf:e9:8b:5d:01:7b:da:be:c9:
                    76:e2:19:59:70:4d:dc:f3:66:69:1c:09:bb:dd:e1:
                    56:67:f4:b5:c5:a3:6f:ae:75:da:5b:08:5a:c8:89:
                    5b:83:48:a0:6f:b7:17:b1:d7:fa:a6:e0:60:7a:28:
                    a1:d0:e9:30:3d:c1:8d:95:da:27:e7:63:79:be:be:
                    84:2d:33:43:38:b0:a4:6e:48:b5:20:c7:c9:eb:00:
                    b1:d7:eb:4e:78:b9:35:43:1a:73:c6:8d:0c:5e:b7:
                    96:e7:cd:d8:36:6d:a4:db:d2:3d:ea:36:96:95:c7:
                    19:40:52:d7:04:88:53:9a:89:75:1b:70:52:b0:d5:
                    b1:dc:be:cc:83:df:dd:fd:dc:a5:18:07:af:ac:f6:
                    30:6b:18:83:5c:bb:e1:48:85:02:f6:3f:7e:f3:8c:
                    35:a1:d5:f8:d8:57:6b:14:dc:a7:a4:b1:31:18:b6:
                    d9:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:4A:25:22:4B:41:11:27:6F:81:CF:21:36:26:8F:37:BB:B5:BB:07
            X509v3 Authority Key Identifier:
                keyid:45:96:2E:A5:66:05:46:56:EF:82:AA:CE:2D:71:C7:6D:1B:0B:88:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RZYupWYFRlbvgqrOLXHHbRsLiLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/1ed3e2-a09c-49c2-9928-c5c082a313f7/1/WEolIktBESdvgc8hNiaPN7u1uwc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/1ed3e2-a09c-49c2-9928-c5c082a313f7/1/RZYupWYFRlbvgqrOLXHHbRsLiLs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.193.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:a6:3c:ce:5b:d1:4b:61:1b:11:38:38:1e:f1:24:4d:a6:34:
         82:a7:4a:85:21:87:63:d6:2b:8f:4d:05:68:37:52:67:98:c4:
         5d:94:7d:4e:b4:8a:c7:cf:5f:5d:1f:32:59:1a:24:75:81:0e:
         ef:2f:39:1a:d6:6c:68:90:f9:b7:75:e6:bc:f6:22:aa:79:a1:
         be:e2:f8:bf:6c:27:9c:89:93:a1:34:00:75:74:56:fe:b7:24:
         70:44:aa:53:99:74:5c:12:6e:f3:c2:6c:66:be:44:86:1a:a4:
         52:13:8b:37:a7:11:1a:e4:f5:e7:e6:fe:b9:28:90:3c:8d:a1:
         25:fe:06:d5:c3:91:48:6f:42:46:f2:5a:26:57:69:35:03:fd:
         af:50:92:ce:7d:01:50:64:4b:d6:40:49:13:a2:d6:b2:a0:f8:
         7b:da:b0:23:87:40:f3:03:6f:ff:58:ee:6b:84:8a:60:77:b0:
         85:a7:f1:47:43:ca:42:0f:2d:2d:c1:8b:43:aa:8b:6c:94:ac:
         9d:4b:03:36:c0:12:90:07:47:99:eb:fe:58:c5:47:1a:ff:20:
         35:39:90:82:de:40:10:01:bc:59:1a:21:82:f0:0f:22:16:de:
         a7:7b:04:e9:9e:e9:d1:85:5e:33:de:12:b8:24:0b:ec:74:fb:
         fb:9e:36:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH3j83Yr06tqGgsGOJssFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1OTYyZWE1NjYwNTQ2NTZlZjgyYWFjZTJkNzFjNzZkMWIw
Yjg4YmIwHhcNMjUwMTAxMTM0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODRhMjUyMjRiNDExMTI3NmY4MWNmMjEzNjI2OGYzN2JiYjViYjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvn1EmUTbYd7suHietGs0Fmh4u+K
KJ4HHfU4T3fIHH0/qjNy6z2v5iCvHzJ16C+VbWeNOSKx97wUFq5kxoLmenibSBwx
Scg4SoP+oPO3tE2/6YtdAXvavsl24hlZcE3c82ZpHAm73eFWZ/S1xaNvrnXaWwha
yIlbg0igb7cXsdf6puBgeiih0OkwPcGNldon52N5vr6ELTNDOLCkbki1IMfJ6wCx
1+tOeLk1Qxpzxo0MXreW583YNm2k29I96jaWlccZQFLXBIhTmol1G3BSsNWx3L7M
g9/d/dylGAevrPYwaxiDXLvhSIUC9j9+84w1odX42FdrFNynpLExGLbZrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFhKJSJLQREnb4HPITYmjze7tbsHMB8GA1UdIwQY
MBaAFEWWLqVmBUZW74Kqzi1xx20bC4i7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlpZdXBXWUZSbGJ2Z3FyT0xYSEhiUnNMaUxzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8xZWQzZTItYTA5Yy00OWMyLTk5Mjgt
YzVjMDgyYTMxM2Y3LzEvV0VvbElrdEJFU2R2Z2M4aE5pYVBON3UxdXdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8xZWQzZTItYTA5Yy00OWMyLTk5MjgtYzVjMDgyYTMxM2Y3
LzEvUlpZdXBXWUZSbGJ2Z3FyT0xYSEhiUnNMaUxzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAgsECMA0G
CSqGSIb3DQEBCwUAA4IBAQCMpjzOW9FLYRsRODge8SRNpjSCp0qFIYdj1iuPTQVo
N1JnmMRdlH1OtIrHz19dHzJZGiR1gQ7vLzka1mxokPm3dea89iKqeaG+4vi/bCec
iZOhNAB1dFb+tyRwRKpTmXRcEm7zwmxmvkSGGqRSE4s3pxEa5PXn5v65KJA8jaEl
/gbVw5FIb0JG8lomV2k1A/2vUJLOfQFQZEvWQEkTotayoPh72rAjh0DzA2//WO5r
hIpgd7CFp/FHQ8pCDy0twYtDqotslKydSwM2wBKQB0eZ6/5YxUca/yA1OZCC3kAQ
AbxZGiGC8A8iFt6newTpnunRhV4z3hK4JAvsdPv7njbH
-----END CERTIFICATE-----