Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/8c02ff-a9c5-4788-ae8b-18b9a8510539/1/WKXMRCbOe7azjRi4M3txfig4AbQ.roa
File:                     WKXMRCbOe7azjRi4M3txfig4AbQ.roa (raw, json)
Hash identifier:          misoRXqMC74XUm7CVVuJWe90Pkw4I/1hXuzduVdNB/4=
Subject key identifier:   58:A5:CC:44:26:CE:7B:B6:B3:8D:18:B8:33:7B:71:7E:28:38:01:B4
Certificate issuer:       /CN=b57c0fafa650dd94a3b5581739f63d88efa414f3
Certificate serial:       019589511F225D898902067F85F3C01156C0
Authority key identifier: B5:7C:0F:AF:A6:50:DD:94:A3:B5:58:17:39:F6:3D:88:EF:A4:14:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tXwPr6ZQ3ZSjtVgXOfY9iO-kFPM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/8c02ff-a9c5-4788-ae8b-18b9a8510539/1/WKXMRCbOe7azjRi4M3txfig4AbQ.roa
Signing time:             Wed 12 Mar 2025 07:45:49 +0000
ROA not before:           Wed 12 Mar 2025 07:45:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206146
IP address blocks:        185.59.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/8c02ff-a9c5-4788-ae8b-18b9a8510539/1/tXwPr6ZQ3ZSjtVgXOfY9iO-kFPM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/8c02ff-a9c5-4788-ae8b-18b9a8510539/1/tXwPr6ZQ3ZSjtVgXOfY9iO-kFPM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tXwPr6ZQ3ZSjtVgXOfY9iO-kFPM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:89:51:1f:22:5d:89:89:02:06:7f:85:f3:c0:11:56:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b57c0fafa650dd94a3b5581739f63d88efa414f3
        Validity
            Not Before: Mar 12 07:45:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=58a5cc4426ce7bb6b38d18b8337b717e283801b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:37:fb:8d:f3:da:21:22:80:5b:9c:8d:96:2c:
                    c3:25:56:9f:b6:36:4c:93:b4:50:a4:a9:b7:90:6d:
                    b2:b1:87:2d:7c:3c:16:5d:46:f0:44:a8:8c:e6:1f:
                    23:05:af:f8:ee:a7:64:07:b6:87:c0:96:5c:61:fc:
                    3c:b1:87:35:19:ab:c3:6e:6f:01:5e:4b:c0:e0:6e:
                    a1:e3:d1:7b:c0:fa:89:00:42:02:2f:32:4c:86:85:
                    23:4f:65:88:e7:c4:e2:d0:2a:6c:0c:94:67:8f:9f:
                    07:48:a0:17:d3:09:b1:65:52:36:44:a4:ce:07:32:
                    3a:aa:58:68:80:24:68:2a:2f:c1:de:d1:99:90:56:
                    21:cf:3b:d4:63:0a:f1:b9:bc:27:ae:e6:b1:81:9f:
                    de:34:d3:1f:9b:49:0b:40:ea:b9:39:62:2e:ec:fb:
                    b2:15:f3:02:11:16:90:6f:e2:94:0c:d8:f3:b1:84:
                    28:9a:8c:35:6d:1c:5a:af:19:c3:10:f7:0b:92:da:
                    f9:f8:33:21:16:62:69:0d:d2:d9:89:ed:85:63:26:
                    fd:18:8a:85:d6:63:21:3a:db:8c:81:d5:3f:d7:c7:
                    71:d7:3b:95:b8:94:8c:b3:27:6b:6c:ae:5f:8c:ed:
                    ad:5c:90:22:98:d6:7d:66:88:de:bf:83:bc:45:64:
                    fb:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:A5:CC:44:26:CE:7B:B6:B3:8D:18:B8:33:7B:71:7E:28:38:01:B4
            X509v3 Authority Key Identifier:
                keyid:B5:7C:0F:AF:A6:50:DD:94:A3:B5:58:17:39:F6:3D:88:EF:A4:14:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tXwPr6ZQ3ZSjtVgXOfY9iO-kFPM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/8c02ff-a9c5-4788-ae8b-18b9a8510539/1/WKXMRCbOe7azjRi4M3txfig4AbQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/8c02ff-a9c5-4788-ae8b-18b9a8510539/1/tXwPr6ZQ3ZSjtVgXOfY9iO-kFPM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.59.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:f0:bf:70:61:6f:db:36:fc:33:e9:14:74:71:28:02:70:51:
         af:6d:38:bc:90:29:e8:85:cd:c4:d2:b4:28:43:31:16:6c:3a:
         a6:12:81:7f:2d:09:4c:98:dc:27:5b:a7:6d:2d:ca:3f:c7:09:
         5f:5d:ea:84:b9:55:29:60:20:41:8d:2b:0d:fa:b8:9c:de:b8:
         3c:65:98:98:24:1b:69:1d:a8:58:a5:c3:c7:7a:38:ba:c0:79:
         ce:8c:47:6c:ae:6a:5c:59:58:75:89:44:96:b9:c1:12:65:bb:
         26:25:cb:4f:a5:3b:28:21:2e:5c:39:b8:7a:12:bc:53:d1:ee:
         e2:98:c7:0d:5d:c7:31:4f:bd:68:57:be:27:ae:f4:64:68:04:
         06:a2:e0:1f:0c:23:2c:fc:8e:25:e7:86:50:c5:ac:e4:22:32:
         f5:2c:cb:61:51:e2:8a:e3:56:9b:ae:47:03:e1:70:b5:40:fa:
         9c:56:b7:5b:8a:bd:dc:2e:9a:14:b6:c6:8c:21:aa:fe:2e:fb:
         34:51:ed:ba:de:56:7a:74:53:d6:cf:97:f9:0e:bb:94:a5:c9:
         f8:00:fe:3b:66:2d:a4:36:b6:fa:9f:6a:99:7c:fe:88:bc:98:
         b9:1a:69:37:d5:a3:2f:dd:93:a7:72:02:95:3d:3f:20:ed:d0:
         08:b2:1d:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWJUR8iXYmJAgZ/hfPAEVbAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1N2MwZmFmYTY1MGRkOTRhM2I1NTgxNzM5ZjYzZDg4ZWZh
NDE0ZjMwHhcNMjUwMzEyMDc0NTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGE1Y2M0NDI2Y2U3YmI2YjM4ZDE4YjgzMzdiNzE3ZTI4MzgwMWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTf7jfPaISKAW5yNlizDJVaftjZM
k7RQpKm3kG2ysYctfDwWXUbwRKiM5h8jBa/47qdkB7aHwJZcYfw8sYc1GavDbm8B
XkvA4G6h49F7wPqJAEICLzJMhoUjT2WI58Ti0CpsDJRnj58HSKAX0wmxZVI2RKTO
BzI6qlhogCRoKi/B3tGZkFYhzzvUYwrxubwnruaxgZ/eNNMfm0kLQOq5OWIu7Puy
FfMCERaQb+KUDNjzsYQomow1bRxarxnDEPcLktr5+DMhFmJpDdLZie2FYyb9GIqF
1mMhOtuMgdU/18dx1zuVuJSMsydrbK5fjO2tXJAimNZ9Zojev4O8RWT7HQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFilzEQmznu2s40YuDN7cX4oOAG0MB8GA1UdIwQY
MBaAFLV8D6+mUN2Uo7VYFzn2PYjvpBTzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFh3UHI2WlEzWlNqdFZnWE9mWTlpTy1rRlBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS84YzAyZmYtYTljNS00Nzg4LWFlOGIt
MThiOWE4NTEwNTM5LzEvV0tYTVJDYk9lN2F6alJpNE0zdHhmaWc0QWJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS84YzAyZmYtYTljNS00Nzg4LWFlOGItMThiOWE4NTEwNTM5
LzEvdFh3UHI2WlEzWlNqdFZnWE9mWTlpTy1rRlBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTvbMA0G
CSqGSIb3DQEBCwUAA4IBAQBE8L9wYW/bNvwz6RR0cSgCcFGvbTi8kCnohc3E0rQo
QzEWbDqmEoF/LQlMmNwnW6dtLco/xwlfXeqEuVUpYCBBjSsN+ric3rg8ZZiYJBtp
HahYpcPHeji6wHnOjEdsrmpcWVh1iUSWucESZbsmJctPpTsoIS5cObh6ErxT0e7i
mMcNXccxT71oV74nrvRkaAQGouAfDCMs/I4l54ZQxazkIjL1LMthUeKK41abrkcD
4XC1QPqcVrdbir3cLpoUtsaMIar+Lvs0Ue263lZ6dFPWz5f5DruUpcn4AP47Zi2k
Nrb6n2qZfP6IvJi5Gmk31aMv3ZOncgKVPT8g7dAIsh1j
-----END CERTIFICATE-----