Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/1721d8-aa46-4faa-ae15-c5e32c8272d7/1/WqwRx_f3MFpQyLjfXP7vz5X1p7w.roa
File:                     WqwRx_f3MFpQyLjfXP7vz5X1p7w.roa (raw, json)
Hash identifier:          FoPf3M9OSpw62mhW109ql8fzGS/Yexzg6UUdEuLtVV4=
Subject key identifier:   5A:AC:11:C7:F7:F7:30:5A:50:C8:B8:DF:5C:FE:EF:CF:95:F5:A7:BC
Certificate issuer:       /CN=46aa60676c130c6438e45b5a607210e9566b6832
Certificate serial:       01925177CF81B534FFEB39F8EDA7082B8D05
Authority key identifier: 46:AA:60:67:6C:13:0C:64:38:E4:5B:5A:60:72:10:E9:56:6B:68:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RqpgZ2wTDGQ45FtaYHIQ6VZraDI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/1721d8-aa46-4faa-ae15-c5e32c8272d7/1/WqwRx_f3MFpQyLjfXP7vz5X1p7w.roa
Signing time:             Thu 03 Oct 2024 08:20:59 +0000
ROA not before:           Thu 03 Oct 2024 08:20:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50346
IP address blocks:        193.104.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/1721d8-aa46-4faa-ae15-c5e32c8272d7/1/RqpgZ2wTDGQ45FtaYHIQ6VZraDI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/1721d8-aa46-4faa-ae15-c5e32c8272d7/1/RqpgZ2wTDGQ45FtaYHIQ6VZraDI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RqpgZ2wTDGQ45FtaYHIQ6VZraDI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:51:77:cf:81:b5:34:ff:eb:39:f8:ed:a7:08:2b:8d:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46aa60676c130c6438e45b5a607210e9566b6832
        Validity
            Not Before: Oct  3 08:20:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5aac11c7f7f7305a50c8b8df5cfeefcf95f5a7bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:d6:5d:d1:6e:75:4a:63:5c:3c:74:a4:c5:75:
                    c6:f2:05:1a:c8:c0:a3:03:c9:6f:2a:1b:2d:bc:02:
                    5d:4a:2d:94:0c:92:1b:09:98:4d:26:72:0a:04:ab:
                    44:45:3a:56:c0:75:f9:5c:92:ac:30:cf:89:3d:5b:
                    14:82:e6:4f:55:0e:ba:03:c7:bd:3a:29:03:1f:06:
                    e0:9c:5b:67:03:14:3e:62:f7:e8:11:d5:f8:cb:1d:
                    cc:d3:3d:09:3b:45:9b:f6:d5:5a:92:f1:8f:64:ae:
                    44:a8:ed:c6:ae:f9:a8:16:82:c4:00:c2:26:66:99:
                    24:e2:f2:24:aa:6b:33:77:f9:43:0e:6c:60:ab:90:
                    e9:4c:89:33:22:9f:9b:30:6f:36:bf:cb:38:97:95:
                    bc:7f:72:38:53:08:9f:be:ac:62:96:07:b8:06:51:
                    dc:fe:a1:de:e7:66:46:31:95:6d:1e:76:35:f2:43:
                    3e:4e:80:c9:fb:be:db:dd:a3:d8:b6:e6:fe:af:0e:
                    99:20:d3:e9:f1:b8:24:62:50:ff:33:7e:b6:a0:f6:
                    b6:cf:37:08:1e:63:af:24:ea:6d:3e:a2:30:f4:30:
                    3e:10:cb:b9:27:1d:0f:b8:d0:27:9d:8f:e8:5e:29:
                    5d:9e:c1:3d:43:85:c4:40:e4:33:f3:e3:c1:a1:a9:
                    c7:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:AC:11:C7:F7:F7:30:5A:50:C8:B8:DF:5C:FE:EF:CF:95:F5:A7:BC
            X509v3 Authority Key Identifier:
                keyid:46:AA:60:67:6C:13:0C:64:38:E4:5B:5A:60:72:10:E9:56:6B:68:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RqpgZ2wTDGQ45FtaYHIQ6VZraDI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/1721d8-aa46-4faa-ae15-c5e32c8272d7/1/WqwRx_f3MFpQyLjfXP7vz5X1p7w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/1721d8-aa46-4faa-ae15-c5e32c8272d7/1/RqpgZ2wTDGQ45FtaYHIQ6VZraDI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:78:e9:28:5c:e2:a8:29:2d:d8:bb:c3:2e:5d:14:b2:33:24:
         69:f4:d9:37:96:d9:de:3f:f6:80:46:f9:d8:e6:2d:cd:6c:a8:
         b0:d3:fd:a5:05:c5:2f:68:0d:0f:40:a3:46:b7:9e:29:18:0a:
         29:b5:4f:58:81:70:99:d4:bb:cb:b3:03:dc:42:32:a0:7c:4a:
         d3:0a:21:a9:06:48:38:b0:1a:2d:d2:7d:a2:31:93:3a:e1:73:
         6c:35:23:63:9d:8e:b0:dd:ef:3a:a8:67:a1:b0:44:ed:d3:c4:
         82:44:d6:05:c7:b4:ef:0f:ca:75:f0:60:4c:6f:cd:69:0d:15:
         4f:3c:0b:66:82:bc:df:a3:db:19:36:01:82:e8:60:9c:cf:59:
         84:e9:7b:a8:d9:d0:11:71:5e:16:e5:23:6c:07:e4:30:64:26:
         f9:f7:88:77:85:ba:14:1c:a3:87:1e:53:c1:de:2c:c8:5d:7d:
         36:03:6f:39:d6:d2:8f:a0:9a:29:8c:4b:c4:4e:da:41:b3:3d:
         1e:26:75:a5:01:0f:55:73:e1:3e:48:61:bf:e4:da:ee:1a:dd:
         25:dc:5b:02:56:46:7f:f0:ec:47:24:07:f9:a8:2e:93:92:47:
         3e:1a:47:16:42:72:7b:ee:aa:d6:c2:3a:96:a5:f1:89:5b:df:
         a0:8d:04:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJRd8+BtTT/6zn47acIK40FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2YWE2MDY3NmMxMzBjNjQzOGU0NWI1YTYwNzIxMGU5NTY2
YjY4MzIwHhcNMjQxMDAzMDgyMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWFjMTFjN2Y3ZjczMDVhNTBjOGI4ZGY1Y2ZlZWZjZjk1ZjVhN2JjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk9Zd0W51SmNcPHSkxXXG8gUayMCj
A8lvKhstvAJdSi2UDJIbCZhNJnIKBKtERTpWwHX5XJKsMM+JPVsUguZPVQ66A8e9
OikDHwbgnFtnAxQ+YvfoEdX4yx3M0z0JO0Wb9tVakvGPZK5EqO3GrvmoFoLEAMIm
Zpkk4vIkqmszd/lDDmxgq5DpTIkzIp+bMG82v8s4l5W8f3I4Uwifvqxilge4BlHc
/qHe52ZGMZVtHnY18kM+ToDJ+77b3aPYtub+rw6ZINPp8bgkYlD/M362oPa2zzcI
HmOvJOptPqIw9DA+EMu5Jx0PuNAnnY/oXildnsE9Q4XEQOQz8+PBoanH/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFqsEcf39zBaUMi431z+78+V9ae8MB8GA1UdIwQY
MBaAFEaqYGdsEwxkOORbWmByEOlWa2gyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnFwZ1oyd1RER1E0NUZ0YVlISVE2VlpyYURJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8xNzIxZDgtYWE0Ni00ZmFhLWFlMTUt
YzVlMzJjODI3MmQ3LzEvV3F3UnhfZjNNRnBReUxqZlhQN3Z6NVgxcDd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8xNzIxZDgtYWE0Ni00ZmFhLWFlMTUtYzVlMzJjODI3MmQ3
LzEvUnFwZ1oyd1RER1E0NUZ0YVlISVE2VlpyYURJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWjKMA0G
CSqGSIb3DQEBCwUAA4IBAQBVeOkoXOKoKS3Yu8MuXRSyMyRp9Nk3ltneP/aARvnY
5i3NbKiw0/2lBcUvaA0PQKNGt54pGAoptU9YgXCZ1LvLswPcQjKgfErTCiGpBkg4
sBot0n2iMZM64XNsNSNjnY6w3e86qGehsETt08SCRNYFx7TvD8p18GBMb81pDRVP
PAtmgrzfo9sZNgGC6GCcz1mE6Xuo2dARcV4W5SNsB+QwZCb594h3hboUHKOHHlPB
3izIXX02A2851tKPoJopjEvETtpBsz0eJnWlAQ9Vc+E+SGG/5NruGt0l3FsCVkZ/
8OxHJAf5qC6Tkkc+GkcWQnJ77qrWwjqWpfGJW9+gjQSH
-----END CERTIFICATE-----