Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/W9W5fWTDkN3fJtttH2-_x0S_7iQ.roa
File:                     W9W5fWTDkN3fJtttH2-_x0S_7iQ.roa (raw, json)
Hash identifier:          ErZn1ShjxJE/rdOZ3/J5WlUHDedL3BhtAOwc79HsgzI=
Subject key identifier:   5B:D5:B9:7D:64:C3:90:DD:DF:26:DB:6D:1F:6F:BF:C7:44:BF:EE:24
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       019427B38DF8BC4EB26B46335AC7284C8396
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/W9W5fWTDkN3fJtttH2-_x0S_7iQ.roa
Signing time:             Thu 02 Jan 2025 15:47:46 +0000
ROA not before:           Thu 02 Jan 2025 15:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3758
IP address blocks:        45.135.4.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b3:8d:f8:bc:4e:b2:6b:46:33:5a:c7:28:4c:83:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Jan  2 15:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5bd5b97d64c390dddf26db6d1f6fbfc744bfee24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:76:15:6c:53:9e:46:cd:ad:e5:bd:4f:f9:8a:
                    34:74:aa:85:15:40:df:8e:fa:3b:75:17:ee:e1:be:
                    a6:61:e2:59:fd:21:06:55:66:f1:01:b9:ec:32:ce:
                    68:fd:8f:b8:1a:36:55:d1:b8:da:d5:e9:d8:77:13:
                    24:e9:9a:fb:bd:32:75:6f:3f:11:b1:ec:93:a4:02:
                    83:10:b9:db:6f:33:46:c1:f1:70:3e:9b:bf:85:f7:
                    03:47:5e:50:c4:6e:40:46:de:96:db:57:57:c1:f9:
                    08:a9:66:a4:f0:f5:39:4e:68:b2:f3:82:3a:29:56:
                    4e:7b:93:91:f6:8f:69:6f:1d:c8:6a:95:b1:94:96:
                    90:ba:70:cb:6a:16:9f:df:d2:83:72:a4:53:4d:1c:
                    6b:fd:9a:b7:9b:f0:5a:f0:6c:cb:ce:c7:78:3c:42:
                    19:c7:24:bf:af:64:23:6f:ef:4a:f5:f4:7e:c0:b5:
                    fb:ea:71:15:22:65:ca:73:f1:e6:19:9e:6e:1b:45:
                    6f:a6:53:e3:0a:a6:cf:39:1a:9b:d8:ea:aa:11:76:
                    fa:0e:60:57:6a:df:c6:dd:8b:45:f5:b2:b5:8c:d1:
                    f9:eb:1b:d0:c7:31:80:26:bc:c3:f0:dd:6e:24:2f:
                    3e:5f:70:54:9c:75:1e:1a:9f:1c:49:5b:64:56:21:
                    06:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:D5:B9:7D:64:C3:90:DD:DF:26:DB:6D:1F:6F:BF:C7:44:BF:EE:24
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/W9W5fWTDkN3fJtttH2-_x0S_7iQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         26:59:f8:ab:85:86:6a:c9:a5:f0:5f:0b:39:f3:76:6d:23:b8:
         e2:67:ce:62:bc:df:21:23:d6:2b:ff:06:65:17:e3:18:d7:7b:
         3d:a2:1b:c7:f8:62:8f:1f:ea:13:c9:75:22:e5:99:ff:cd:94:
         b5:b2:6b:e8:52:cd:54:2f:c7:48:ef:1a:da:1f:61:e7:03:05:
         5c:db:24:f2:fe:26:c4:64:e7:13:99:4c:35:cc:e9:dd:a3:86:
         80:ec:9a:ce:e1:0a:8f:9a:e7:80:3c:9f:ad:c0:bb:03:c1:67:
         54:8a:64:40:b2:92:3e:75:5d:dd:ab:a5:5f:a8:46:91:c8:05:
         d1:8d:81:e4:69:26:0d:cb:d5:6c:49:2e:b8:f5:28:42:d4:17:
         bc:52:ce:30:d1:f2:4c:7c:d3:1e:2f:20:2b:82:b4:2e:5e:5a:
         d5:84:5d:9b:b5:43:9a:1b:55:a4:44:d3:d7:cc:4d:84:9f:05:
         5d:48:11:df:44:22:0b:da:c6:35:17:f2:df:df:06:57:7c:bc:
         16:54:f8:a3:c5:fb:55:db:47:f0:d9:b8:1e:23:5e:12:91:fd:
         dd:04:8d:e9:17:fe:a4:95:38:1b:24:43:8c:eb:f0:86:71:80:
         67:d8:63:98:b4:bf:22:3a:9a:90:c5:eb:9e:11:40:be:e9:44:
         76:dd:fd:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQns434vE6ya0YzWscoTIOWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjUwMTAyMTU0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmQ1Yjk3ZDY0YzM5MGRkZGYyNmRiNmQxZjZmYmZjNzQ0YmZlZTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnnYVbFOeRs2t5b1P+Yo0dKqFFUDf
jvo7dRfu4b6mYeJZ/SEGVWbxAbnsMs5o/Y+4GjZV0bja1enYdxMk6Zr7vTJ1bz8R
seyTpAKDELnbbzNGwfFwPpu/hfcDR15QxG5ARt6W21dXwfkIqWak8PU5Tmiy84I6
KVZOe5OR9o9pbx3IapWxlJaQunDLahaf39KDcqRTTRxr/Zq3m/Ba8GzLzsd4PEIZ
xyS/r2Qjb+9K9fR+wLX76nEVImXKc/HmGZ5uG0VvplPjCqbPORqb2OqqEXb6DmBX
at/G3YtF9bK1jNH56xvQxzGAJrzD8N1uJC8+X3BUnHUeGp8cSVtkViEG3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFvVuX1kw5Dd3ybbbR9vv8dEv+4kMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvVzlXNWZXVERrTjNmSnR0dEgyLV94MFNfN2lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYcEMA0G
CSqGSIb3DQEBCwUAA4IBAQAmWfirhYZqyaXwXws583ZtI7jiZ85ivN8hI9Yr/wZl
F+MY13s9ohvH+GKPH+oTyXUi5Zn/zZS1smvoUs1UL8dI7xraH2HnAwVc2yTy/ibE
ZOcTmUw1zOndo4aA7JrO4QqPmueAPJ+twLsDwWdUimRAspI+dV3dq6VfqEaRyAXR
jYHkaSYNy9VsSS649ShC1Be8Us4w0fJMfNMeLyArgrQuXlrVhF2btUOaG1WkRNPX
zE2EnwVdSBHfRCIL2sY1F/Lf3wZXfLwWVPijxftV20fw2bgeI14Skf3dBI3pF/6k
lTgbJEOM6/CGcYBn2GOYtL8iOpqQxeueEUC+6UR23f25
-----END CERTIFICATE-----