Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/wOgDZdkiW7CNnk2a42GfpRveLMM.roa
File:                     wOgDZdkiW7CNnk2a42GfpRveLMM.roa (raw, json)
Hash identifier:          fZK2xuA5OS6VVpu9Qqe8Cfg/Fx5ihhnU//91+adop+w=
Subject key identifier:   C0:E8:03:65:D9:22:5B:B0:8D:9E:4D:9A:E3:61:9F:A5:1B:DE:2C:C3
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       0194266BC71217E2AB003969CD50E77DD958
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/wOgDZdkiW7CNnk2a42GfpRveLMM.roa
Signing time:             Thu 02 Jan 2025 09:49:45 +0000
ROA not before:           Thu 02 Jan 2025 09:49:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39885
IP address blocks:        212.183.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:c7:12:17:e2:ab:00:39:69:cd:50:e7:7d:d9:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Jan  2 09:49:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c0e80365d9225bb08d9e4d9ae3619fa51bde2cc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:ed:4a:0c:c3:28:68:bc:81:6e:6e:f1:d0:8b:
                    61:15:fb:1e:8b:0d:67:a3:63:a2:4a:03:33:02:28:
                    76:e9:de:1a:1c:64:ae:ad:46:ef:d5:75:34:4a:60:
                    b2:7d:42:99:5d:80:e3:31:93:fe:77:02:b6:e7:d6:
                    8b:7a:b7:4a:02:96:21:5e:a2:ee:74:6f:81:4d:95:
                    18:5e:92:88:67:fa:f5:31:e9:a4:b8:17:bc:f1:1d:
                    1a:75:be:e1:c5:5a:c2:d8:14:a8:19:fa:8e:0f:bc:
                    49:6f:3b:6f:74:b2:cf:13:6d:49:5e:6f:30:38:41:
                    f8:ac:25:70:fa:d8:7c:28:ba:77:be:0e:dc:5c:0b:
                    23:79:0a:f6:a4:c8:8d:59:17:5b:8c:af:73:3c:39:
                    20:38:70:63:18:b8:5a:8a:d7:0c:3c:da:1e:16:94:
                    d3:e3:8e:36:d1:0f:66:e0:c3:f0:5c:72:61:34:5c:
                    2e:a9:56:18:ec:45:6b:2a:f4:5d:08:7d:68:b4:fe:
                    5e:ea:51:73:da:71:84:a9:1d:6c:49:02:52:3b:66:
                    b8:8f:0d:99:a2:6e:14:3f:2f:12:a8:32:72:9c:87:
                    5a:60:85:a2:9a:0e:5c:a4:46:68:b3:91:6b:88:d7:
                    00:a7:3c:ac:00:a7:ba:eb:bd:3a:09:04:fb:0e:6d:
                    f0:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:E8:03:65:D9:22:5B:B0:8D:9E:4D:9A:E3:61:9F:A5:1B:DE:2C:C3
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/wOgDZdkiW7CNnk2a42GfpRveLMM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.183.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:f8:e1:96:75:31:2f:41:07:76:28:85:b6:b9:15:f4:08:4d:
         bc:81:f2:4c:e1:e8:45:81:1c:57:6f:f1:5c:7a:66:2f:40:bb:
         c8:50:4a:db:8b:cd:1b:bb:24:3b:25:06:60:c1:8b:8e:b3:59:
         70:93:06:f3:41:85:25:02:92:a6:48:b3:bc:61:bd:4d:c5:fe:
         c0:8b:4a:de:b6:09:fc:36:a3:0d:79:64:6e:58:10:8a:d8:07:
         2e:55:b3:dd:c1:cc:2c:5c:ea:58:f4:a0:15:a8:b0:f4:d5:bd:
         0d:a5:11:84:5a:9c:6a:54:ff:c5:1f:0d:cf:5b:d5:9c:f9:89:
         4a:45:f8:13:dc:24:f8:98:56:e8:32:e4:48:a0:43:23:cb:df:
         3f:ed:c4:4e:c8:13:dd:d9:ce:27:44:fe:66:96:1e:bc:d4:31:
         e9:01:13:e4:0f:fb:45:38:10:ae:10:59:99:a4:12:5d:12:35:
         d2:a1:6d:c1:cd:80:63:19:68:6a:03:d6:03:04:d7:82:02:f8:
         94:53:88:e1:98:42:4e:67:68:bf:f1:84:aa:5e:40:a1:29:93:
         c1:31:da:66:93:51:eb:91:a6:de:77:37:bf:f4:49:ad:34:be:
         2b:3e:5a:11:5e:e9:f1:0e:a7:80:d3:05:62:73:99:cb:e4:a0:
         a4:39:32:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma8cSF+KrADlpzVDnfdlYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjUwMTAyMDk0OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGU4MDM2NWQ5MjI1YmIwOGQ5ZTRkOWFlMzYxOWZhNTFiZGUyY2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7e1KDMMoaLyBbm7x0IthFfseiw1n
o2OiSgMzAih26d4aHGSurUbv1XU0SmCyfUKZXYDjMZP+dwK259aLerdKApYhXqLu
dG+BTZUYXpKIZ/r1MemkuBe88R0adb7hxVrC2BSoGfqOD7xJbztvdLLPE21JXm8w
OEH4rCVw+th8KLp3vg7cXAsjeQr2pMiNWRdbjK9zPDkgOHBjGLhaitcMPNoeFpTT
44420Q9m4MPwXHJhNFwuqVYY7EVrKvRdCH1otP5e6lFz2nGEqR1sSQJSO2a4jw2Z
om4UPy8SqDJynIdaYIWimg5cpEZos5FriNcApzysAKe66706CQT7Dm3w9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMDoA2XZIluwjZ5NmuNhn6Ub3izDMB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEvd09nRFpka2lXN0NObmsyYTQyR2ZwUnZlTE1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1LcXMA0G
CSqGSIb3DQEBCwUAA4IBAQAx+OGWdTEvQQd2KIW2uRX0CE28gfJM4ehFgRxXb/Fc
emYvQLvIUErbi80buyQ7JQZgwYuOs1lwkwbzQYUlApKmSLO8Yb1Nxf7Ai0retgn8
NqMNeWRuWBCK2AcuVbPdwcwsXOpY9KAVqLD01b0NpRGEWpxqVP/FHw3PW9Wc+YlK
RfgT3CT4mFboMuRIoEMjy98/7cROyBPd2c4nRP5mlh681DHpARPkD/tFOBCuEFmZ
pBJdEjXSoW3BzYBjGWhqA9YDBNeCAviUU4jhmEJOZ2i/8YSqXkChKZPBMdpmk1Hr
kabedze/9EmtNL4rPloRXunxDqeA0wVic5nL5KCkOTKj
-----END CERTIFICATE-----