Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/57d908-207d-497c-ab18-de7be1e5c776/1/WFOxXq8-woghob55sftxvTt6FdI.roa
File:                     WFOxXq8-woghob55sftxvTt6FdI.roa (raw, json)
Hash identifier:          hwAy54H63vrYPhBgVny9CWYFBq69ABYXgCXp7pxF/eQ=
Subject key identifier:   58:53:B1:5E:AF:3E:C2:88:21:A1:BE:79:B1:FB:71:BD:3B:7A:15:D2
Certificate issuer:       /CN=e4984f8f36ebf9f8f54c12174f463664d7b23aee
Certificate serial:       019422FC463B0D4938AFA7FA53758FD35495
Authority key identifier: E4:98:4F:8F:36:EB:F9:F8:F5:4C:12:17:4F:46:36:64:D7:B2:3A:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5JhPjzbr-fj1TBIXT0Y2ZNeyOu4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/57d908-207d-497c-ab18-de7be1e5c776/1/WFOxXq8-woghob55sftxvTt6FdI.roa
Signing time:             Wed 01 Jan 2025 17:49:05 +0000
ROA not before:           Wed 01 Jan 2025 17:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203966
IP address blocks:        213.171.70.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/57d908-207d-497c-ab18-de7be1e5c776/1/5JhPjzbr-fj1TBIXT0Y2ZNeyOu4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/57d908-207d-497c-ab18-de7be1e5c776/1/5JhPjzbr-fj1TBIXT0Y2ZNeyOu4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5JhPjzbr-fj1TBIXT0Y2ZNeyOu4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 20:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:46:3b:0d:49:38:af:a7:fa:53:75:8f:d3:54:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4984f8f36ebf9f8f54c12174f463664d7b23aee
        Validity
            Not Before: Jan  1 17:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5853b15eaf3ec28821a1be79b1fb71bd3b7a15d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:1c:13:04:d5:4d:20:f0:89:b8:f2:5a:53:37:
                    33:78:70:a3:07:f3:0c:b2:ec:b8:da:c2:19:07:30:
                    aa:14:b2:ca:d8:97:a4:2f:5a:8a:cf:fb:1a:d1:1f:
                    3d:8a:db:d7:a0:6f:ce:fb:e3:cb:f4:2f:cf:ae:78:
                    48:84:9a:60:ab:f2:66:ec:9f:1b:ef:43:aa:74:1e:
                    f1:b7:80:42:ff:e1:20:87:08:2e:14:28:b8:0e:23:
                    df:c5:b5:5f:dd:80:2c:c4:ef:aa:18:3a:e7:dc:be:
                    04:76:e3:ff:65:f6:5c:ad:f8:45:52:d1:91:a8:f9:
                    29:8d:05:24:89:a5:31:0c:85:1f:81:ab:f9:3d:cb:
                    bb:b2:ef:9b:7f:93:97:73:dd:80:44:5c:53:cc:4b:
                    cb:5d:69:88:f9:e5:f1:04:f5:66:7e:7c:74:22:79:
                    dd:28:2f:fb:96:95:5f:11:19:b2:0a:ee:b8:3c:84:
                    fe:a6:ff:48:e9:5d:6b:42:fb:3f:8a:cf:60:54:94:
                    3d:a4:a9:f7:1f:39:42:fd:e3:21:2f:dd:0d:2b:80:
                    3c:80:31:de:23:e2:c9:6b:e6:03:8f:b3:01:02:7a:
                    fe:cf:8f:96:e0:fd:ca:fc:5e:de:34:10:60:29:0c:
                    71:cf:0e:55:c7:63:55:14:25:36:bc:7d:88:03:2f:
                    3d:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:53:B1:5E:AF:3E:C2:88:21:A1:BE:79:B1:FB:71:BD:3B:7A:15:D2
            X509v3 Authority Key Identifier:
                keyid:E4:98:4F:8F:36:EB:F9:F8:F5:4C:12:17:4F:46:36:64:D7:B2:3A:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5JhPjzbr-fj1TBIXT0Y2ZNeyOu4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/57d908-207d-497c-ab18-de7be1e5c776/1/WFOxXq8-woghob55sftxvTt6FdI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/57d908-207d-497c-ab18-de7be1e5c776/1/5JhPjzbr-fj1TBIXT0Y2ZNeyOu4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.171.70.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0a:84:fd:c7:13:19:2a:9f:b5:d2:43:3a:e8:98:9b:fb:ce:39:
         5d:eb:ea:db:2e:7e:42:e7:ab:95:9b:7c:9c:e5:56:f9:64:9d:
         91:65:c5:08:cf:62:ca:dd:06:52:dc:b0:19:a2:c8:a4:e5:c4:
         c4:f3:5a:eb:f8:92:e6:be:83:74:08:81:74:99:d8:f3:cd:83:
         61:18:a9:b0:72:29:46:65:97:57:5c:d9:da:b8:6c:58:6f:e4:
         5c:29:67:88:11:a9:03:11:f7:65:5d:81:9f:19:60:c8:6b:a5:
         53:11:b8:e2:7a:f6:d0:65:20:ad:5f:77:3f:cf:15:f0:70:d2:
         42:a8:ce:e4:c0:21:11:11:ae:9e:4b:07:63:4c:b1:04:6a:bf:
         dc:a8:d5:13:fa:3f:ac:25:8e:e7:0e:1f:94:80:da:86:84:11:
         2b:79:ba:ae:eb:5e:6f:6a:c3:a6:04:7f:66:af:f2:1f:f5:bf:
         32:92:46:bc:04:fd:62:6b:e3:f7:ac:46:0e:4d:15:b9:14:65:
         db:8b:30:2c:88:47:02:60:99:4e:8b:c2:dd:3e:e3:41:a7:0f:
         09:d6:97:76:90:51:10:29:cc:2b:8b:99:3f:4d:c7:b5:8c:ab:
         04:51:fd:b8:88:35:73:e1:1c:fc:90:9e:06:6e:c0:ed:2d:30:
         e3:6f:a8:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/EY7DUk4r6f6U3WP01SVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0OTg0ZjhmMzZlYmY5ZjhmNTRjMTIxNzRmNDYzNjY0ZDdi
MjNhZWUwHhcNMjUwMTAxMTc0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODUzYjE1ZWFmM2VjMjg4MjFhMWJlNzliMWZiNzFiZDNiN2ExNWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRwTBNVNIPCJuPJaUzczeHCjB/MM
suy42sIZBzCqFLLK2JekL1qKz/sa0R89itvXoG/O++PL9C/PrnhIhJpgq/Jm7J8b
70OqdB7xt4BC/+EghwguFCi4DiPfxbVf3YAsxO+qGDrn3L4EduP/ZfZcrfhFUtGR
qPkpjQUkiaUxDIUfgav5Pcu7su+bf5OXc92ARFxTzEvLXWmI+eXxBPVmfnx0Innd
KC/7lpVfERmyCu64PIT+pv9I6V1rQvs/is9gVJQ9pKn3HzlC/eMhL90NK4A8gDHe
I+LJa+YDj7MBAnr+z4+W4P3K/F7eNBBgKQxxzw5Vx2NVFCU2vH2IAy89TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFhTsV6vPsKIIaG+ebH7cb07ehXSMB8GA1UdIwQY
MBaAFOSYT4826/n49UwSF09GNmTXsjruMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUpoUGp6YnItZmoxVEJJWFQwWTJaTmV5T3U0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi81N2Q5MDgtMjA3ZC00OTdjLWFiMTgt
ZGU3YmUxZTVjNzc2LzEvV0ZPeFhxOC13b2dob2I1NXNmdHh2VHQ2RmRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi81N2Q5MDgtMjA3ZC00OTdjLWFiMTgtZGU3YmUxZTVjNzc2
LzEvNUpoUGp6YnItZmoxVEJJWFQwWTJaTmV5T3U0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1atGMA0G
CSqGSIb3DQEBCwUAA4IBAQAKhP3HExkqn7XSQzromJv7zjld6+rbLn5C56uVm3yc
5Vb5ZJ2RZcUIz2LK3QZS3LAZosik5cTE81rr+JLmvoN0CIF0mdjzzYNhGKmwcilG
ZZdXXNnauGxYb+RcKWeIEakDEfdlXYGfGWDIa6VTEbjievbQZSCtX3c/zxXwcNJC
qM7kwCEREa6eSwdjTLEEar/cqNUT+j+sJY7nDh+UgNqGhBErebqu615vasOmBH9m
r/If9b8ykka8BP1ia+P3rEYOTRW5FGXbizAsiEcCYJlOi8LdPuNBpw8J1pd2kFEQ
Kcwri5k/Tce1jKsEUf24iDVz4Rz8kJ4GbsDtLTDjb6gZ
-----END CERTIFICATE-----