Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/c22c3f-91e6-45fb-af76-68a8089701f4/1/9aWfFrVV6kNcSEVMyjUiJGRV2Hk.roa
File:                     9aWfFrVV6kNcSEVMyjUiJGRV2Hk.roa (raw, json)
Hash identifier:          2ggTFeYxBPxRF6Rq6dR3nlXwESWxYB6llxCNOaUOXlk=
Subject key identifier:   F5:A5:9F:16:B5:55:EA:43:5C:48:45:4C:CA:35:22:24:64:55:D8:79
Certificate issuer:       /CN=5814dbbab63e9117d0b02cbab56639e6fd0d40d9
Certificate serial:       019424458793494A55EC7A2E43158CE330C2
Authority key identifier: 58:14:DB:BA:B6:3E:91:17:D0:B0:2C:BA:B5:66:39:E6:FD:0D:40:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WBTburY-kRfQsCy6tWY55v0NQNk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/c22c3f-91e6-45fb-af76-68a8089701f4/1/9aWfFrVV6kNcSEVMyjUiJGRV2Hk.roa
Signing time:             Wed 01 Jan 2025 23:48:44 +0000
ROA not before:           Wed 01 Jan 2025 23:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        178.21.32.0/24 maxlen: 24
                          178.21.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/c22c3f-91e6-45fb-af76-68a8089701f4/1/WBTburY-kRfQsCy6tWY55v0NQNk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/c22c3f-91e6-45fb-af76-68a8089701f4/1/WBTburY-kRfQsCy6tWY55v0NQNk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WBTburY-kRfQsCy6tWY55v0NQNk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 02:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:87:93:49:4a:55:ec:7a:2e:43:15:8c:e3:30:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5814dbbab63e9117d0b02cbab56639e6fd0d40d9
        Validity
            Not Before: Jan  1 23:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f5a59f16b555ea435c48454cca3522246455d879
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:b1:ec:d2:5d:77:4d:b0:8f:da:72:75:c0:30:
                    29:68:38:dc:31:34:fc:fb:13:d3:be:ac:83:dd:1d:
                    b4:28:80:66:99:94:07:cd:a7:66:4d:90:64:3b:26:
                    b7:0a:d3:d2:07:66:3f:5f:dd:fa:35:b1:0b:6e:6e:
                    a2:df:47:3e:98:6a:05:29:a7:ba:cf:57:28:21:9e:
                    92:17:ef:69:77:68:35:76:e9:8b:ac:9f:b1:7f:57:
                    3d:78:f4:43:4c:a8:d6:33:af:35:84:25:17:a6:b9:
                    49:b5:1f:84:57:82:6a:50:e2:83:14:27:3a:08:4d:
                    d2:c1:2a:09:c9:a2:1b:22:b1:fa:18:6c:9f:96:57:
                    58:e7:da:f6:40:1f:68:3d:ec:82:38:d3:a7:c2:06:
                    d9:b9:1c:34:0a:54:9f:34:3a:80:c9:80:6c:67:a2:
                    b4:98:82:b4:d6:63:e0:ab:5e:bd:6e:f9:a4:eb:be:
                    3a:af:a8:19:7d:37:fd:e5:32:07:aa:c9:8b:ba:de:
                    43:8d:14:6e:c0:6f:ce:91:4c:4e:7f:4c:92:a2:3c:
                    69:f1:55:06:2d:96:bf:08:50:df:af:e5:21:65:e7:
                    60:a1:29:c9:28:c5:6a:0c:46:ee:b7:56:56:6b:ba:
                    5d:1b:10:9a:cc:d9:d5:36:c4:eb:5f:0e:1d:bb:eb:
                    9d:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:A5:9F:16:B5:55:EA:43:5C:48:45:4C:CA:35:22:24:64:55:D8:79
            X509v3 Authority Key Identifier:
                keyid:58:14:DB:BA:B6:3E:91:17:D0:B0:2C:BA:B5:66:39:E6:FD:0D:40:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WBTburY-kRfQsCy6tWY55v0NQNk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/c22c3f-91e6-45fb-af76-68a8089701f4/1/9aWfFrVV6kNcSEVMyjUiJGRV2Hk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/c22c3f-91e6-45fb-af76-68a8089701f4/1/WBTburY-kRfQsCy6tWY55v0NQNk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.21.32.0/23

    Signature Algorithm: sha256WithRSAEncryption
         43:7d:af:f7:c8:c7:21:29:53:b6:2b:39:74:da:5f:83:70:85:
         43:f3:7b:ac:80:3b:51:cb:77:21:d2:4f:2c:f9:87:9d:48:94:
         05:ee:af:9f:b2:5a:21:2b:ee:ce:8c:06:be:24:23:55:bc:d6:
         ac:16:01:3f:f7:14:79:b8:23:72:9f:4f:2e:3d:97:db:ed:da:
         4c:0d:92:90:22:b3:13:e6:84:2e:1e:58:03:bb:93:61:bc:7e:
         ad:a0:c6:db:03:59:3e:20:df:fa:c4:26:26:29:24:cf:81:85:
         be:b0:ad:8e:9d:5c:ec:70:d9:83:61:40:51:86:c2:b6:66:d9:
         7f:17:a9:a7:0b:6f:ff:09:20:97:19:5f:e8:c1:1c:e6:b8:33:
         25:56:98:e0:07:f7:bd:ce:a6:f2:e0:a0:b8:f4:88:2e:65:61:
         5d:5b:c1:a6:a2:88:f5:ed:af:bb:b7:6d:df:db:00:e0:45:99:
         2d:fe:27:ed:50:3c:8f:b8:5c:03:73:08:b8:03:15:11:8c:9e:
         36:e0:67:3b:8d:26:69:48:36:bb:c4:21:fc:fe:34:86:de:bd:
         c3:71:ff:48:a7:cd:95:47:3e:74:e6:96:c2:11:6c:7c:bb:24:
         92:06:ca:e7:07:2f:f1:ec:05:c0:f9:6e:ed:87:4f:01:3e:4c:
         83:76:ae:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRYeTSUpV7HouQxWM4zDCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4MTRkYmJhYjYzZTkxMTdkMGIwMmNiYWI1NjYzOWU2ZmQw
ZDQwZDkwHhcNMjUwMTAxMjM0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWE1OWYxNmI1NTVlYTQzNWM0ODQ1NGNjYTM1MjIyNDY0NTVkODc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlrHs0l13TbCP2nJ1wDApaDjcMTT8
+xPTvqyD3R20KIBmmZQHzadmTZBkOya3CtPSB2Y/X936NbELbm6i30c+mGoFKae6
z1coIZ6SF+9pd2g1dumLrJ+xf1c9ePRDTKjWM681hCUXprlJtR+EV4JqUOKDFCc6
CE3SwSoJyaIbIrH6GGyflldY59r2QB9oPeyCONOnwgbZuRw0ClSfNDqAyYBsZ6K0
mIK01mPgq169bvmk6746r6gZfTf95TIHqsmLut5DjRRuwG/OkUxOf0ySojxp8VUG
LZa/CFDfr+UhZedgoSnJKMVqDEbut1ZWa7pdGxCazNnVNsTrXw4du+udqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPWlnxa1VepDXEhFTMo1IiRkVdh5MB8GA1UdIwQY
MBaAFFgU27q2PpEX0LAsurVmOeb9DUDZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0JUYnVyWS1rUmZRc0N5NnRXWTU1djBOUU5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi9jMjJjM2YtOTFlNi00NWZiLWFmNzYt
NjhhODA4OTcwMWY0LzEvOWFXZkZyVlY2a05jU0VWTXlqVWlKR1JWMkhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi9jMjJjM2YtOTFlNi00NWZiLWFmNzYtNjhhODA4OTcwMWY0
LzEvV0JUYnVyWS1rUmZRc0N5NnRXWTU1djBOUU5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBshUgMA0G
CSqGSIb3DQEBCwUAA4IBAQBDfa/3yMchKVO2Kzl02l+DcIVD83usgDtRy3ch0k8s
+YedSJQF7q+fslohK+7OjAa+JCNVvNasFgE/9xR5uCNyn08uPZfb7dpMDZKQIrMT
5oQuHlgDu5NhvH6toMbbA1k+IN/6xCYmKSTPgYW+sK2OnVzscNmDYUBRhsK2Ztl/
F6mnC2//CSCXGV/owRzmuDMlVpjgB/e9zqby4KC49IguZWFdW8Gmooj17a+7t23f
2wDgRZkt/iftUDyPuFwDcwi4AxURjJ424Gc7jSZpSDa7xCH8/jSG3r3Dcf9Ip82V
Rz505pbCEWx8uySSBsrnBy/x7AXA+W7th08BPkyDdq54
-----END CERTIFICATE-----