Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/4a3068-ea9d-4966-be55-7943d9a79bd2/1/BR-wwst0Mwoj4cW4aMMLkST0T08.roa
File:                     BR-wwst0Mwoj4cW4aMMLkST0T08.roa (raw, json)
Hash identifier:          KhuoTa1EwW+NDwJopflLn+SOxpsU8qTU0jm6Bsplu/Y=
Subject key identifier:   05:1F:B0:C2:CB:74:33:0A:23:E1:C5:B8:68:C3:0B:91:24:F4:4F:4F
Certificate issuer:       /CN=427df95ee10a2ad4eaf082dfac159838b37d3450
Certificate serial:       01941F8C44FBFFB23816D15D7746890D29CB
Authority key identifier: 42:7D:F9:5E:E1:0A:2A:D4:EA:F0:82:DF:AC:15:98:38:B3:7D:34:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qn35XuEKKtTq8ILfrBWYOLN9NFA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/4a3068-ea9d-4966-be55-7943d9a79bd2/1/BR-wwst0Mwoj4cW4aMMLkST0T08.roa
Signing time:             Wed 01 Jan 2025 01:47:53 +0000
ROA not before:           Wed 01 Jan 2025 01:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59635
IP address blocks:        91.247.66.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/4a3068-ea9d-4966-be55-7943d9a79bd2/1/Qn35XuEKKtTq8ILfrBWYOLN9NFA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/4a3068-ea9d-4966-be55-7943d9a79bd2/1/Qn35XuEKKtTq8ILfrBWYOLN9NFA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qn35XuEKKtTq8ILfrBWYOLN9NFA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:44:fb:ff:b2:38:16:d1:5d:77:46:89:0d:29:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=427df95ee10a2ad4eaf082dfac159838b37d3450
        Validity
            Not Before: Jan  1 01:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=051fb0c2cb74330a23e1c5b868c30b9124f44f4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:32:8a:92:d5:24:b7:3b:da:ed:6d:e4:97:a0:
                    08:00:d1:5e:9c:29:9d:4d:16:cb:f1:02:af:aa:42:
                    55:04:ff:3d:bb:ba:22:55:9a:cf:f2:cd:fe:a4:04:
                    14:d6:96:70:85:d5:59:e4:7d:8a:90:5a:78:1c:83:
                    ae:53:ab:94:1d:64:59:f8:8b:79:6f:b1:bb:c8:82:
                    4e:2e:b8:f9:a4:18:47:aa:fe:17:28:a0:e2:2e:d6:
                    59:0a:2e:69:0a:32:d2:2d:d8:7c:52:78:42:dd:71:
                    6f:77:d8:4f:6d:65:62:4b:f5:46:45:73:d7:a3:85:
                    9b:40:a7:bc:a8:f5:5a:1c:50:5a:54:f2:14:ae:a1:
                    a3:47:6f:2f:d9:fa:63:1b:b2:f6:22:58:9d:d0:0f:
                    de:95:78:2d:60:07:be:1c:3e:c1:5a:d0:9d:32:c9:
                    1e:36:42:fb:a8:d6:97:fa:8e:79:b5:0c:96:6f:a0:
                    df:5a:db:c0:9d:00:8b:fc:ca:33:1a:a8:2a:ae:e4:
                    2c:15:fa:da:ca:d4:f2:e8:a1:8e:e2:43:8d:f4:85:
                    09:24:24:04:38:cb:f1:65:7b:70:66:4f:68:3b:63:
                    c5:03:8b:ab:94:64:60:79:04:35:94:76:54:e5:a5:
                    c3:d9:20:80:81:3e:4f:6c:7c:33:c7:90:6f:21:53:
                    a4:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:1F:B0:C2:CB:74:33:0A:23:E1:C5:B8:68:C3:0B:91:24:F4:4F:4F
            X509v3 Authority Key Identifier:
                keyid:42:7D:F9:5E:E1:0A:2A:D4:EA:F0:82:DF:AC:15:98:38:B3:7D:34:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qn35XuEKKtTq8ILfrBWYOLN9NFA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/4a3068-ea9d-4966-be55-7943d9a79bd2/1/BR-wwst0Mwoj4cW4aMMLkST0T08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/4a3068-ea9d-4966-be55-7943d9a79bd2/1/Qn35XuEKKtTq8ILfrBWYOLN9NFA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.247.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         aa:92:a1:fb:05:76:a2:d8:01:8e:b4:3b:b3:cf:08:b0:c9:87:
         30:78:6d:58:df:61:ac:d1:6a:c2:0e:6e:50:9e:31:d1:68:15:
         2f:f7:68:2b:4e:c4:47:fd:b5:e1:4e:b7:a6:21:49:a6:59:ef:
         b0:68:a2:2c:46:53:4c:be:c5:b0:59:0c:b2:42:25:c7:c1:20:
         2f:8c:87:5a:61:c0:4f:2d:0f:e4:1d:69:9c:75:4f:d1:09:24:
         d5:61:46:29:93:61:2d:dc:99:e4:95:f7:e5:70:49:3a:46:18:
         66:05:8b:91:2d:50:4a:3a:62:03:c6:bd:a5:00:c8:69:37:9e:
         58:b2:2a:52:81:1e:b9:ff:0e:2e:54:51:a7:4d:39:56:3a:7a:
         3b:49:eb:19:1b:e6:53:30:13:b5:60:ac:14:fe:91:3f:b8:e3:
         ad:60:17:fe:e4:c1:a0:f2:da:08:a9:fc:7a:ff:d8:ac:8b:c3:
         79:d7:7a:c1:76:34:77:66:47:0b:24:af:fd:a4:98:28:98:c3:
         38:c2:41:02:15:14:08:c2:b8:32:5f:7f:a6:97:39:92:1a:fd:
         a6:4c:27:17:cd:cb:4e:3f:28:8d:8a:dc:b5:ce:38:45:dc:af:
         1b:c7:b7:02:49:41:b9:3c:82:5c:f7:9f:07:72:d7:d3:99:b1:
         21:d0:5f:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjET7/7I4FtFdd0aJDSnLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyN2RmOTVlZTEwYTJhZDRlYWYwODJkZmFjMTU5ODM4YjM3
ZDM0NTAwHhcNMjUwMTAxMDE0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTFmYjBjMmNiNzQzMzBhMjNlMWM1Yjg2OGMzMGI5MTI0ZjQ0ZjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvDKKktUktzva7W3kl6AIANFenCmd
TRbL8QKvqkJVBP89u7oiVZrP8s3+pAQU1pZwhdVZ5H2KkFp4HIOuU6uUHWRZ+It5
b7G7yIJOLrj5pBhHqv4XKKDiLtZZCi5pCjLSLdh8UnhC3XFvd9hPbWViS/VGRXPX
o4WbQKe8qPVaHFBaVPIUrqGjR28v2fpjG7L2Ilid0A/elXgtYAe+HD7BWtCdMske
NkL7qNaX+o55tQyWb6DfWtvAnQCL/MozGqgqruQsFfraytTy6KGO4kON9IUJJCQE
OMvxZXtwZk9oO2PFA4urlGRgeQQ1lHZU5aXD2SCAgT5PbHwzx5BvIVOkLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAUfsMLLdDMKI+HFuGjDC5Ek9E9PMB8GA1UdIwQY
MBaAFEJ9+V7hCirU6vCC36wVmDizfTRQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUW4zNVh1RUtLdFRxOElMZnJCV1lPTE45TkZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC80YTMwNjgtZWE5ZC00OTY2LWJlNTUt
Nzk0M2Q5YTc5YmQyLzEvQlItd3dzdDBNd29qNGNXNGFNTUxrU1QwVDA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC80YTMwNjgtZWE5ZC00OTY2LWJlNTUtNzk0M2Q5YTc5YmQy
LzEvUW4zNVh1RUtLdFRxOElMZnJCV1lPTE45TkZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW/dCMA0G
CSqGSIb3DQEBCwUAA4IBAQCqkqH7BXai2AGOtDuzzwiwyYcweG1Y32Gs0WrCDm5Q
njHRaBUv92grTsRH/bXhTremIUmmWe+waKIsRlNMvsWwWQyyQiXHwSAvjIdaYcBP
LQ/kHWmcdU/RCSTVYUYpk2Et3JnklfflcEk6RhhmBYuRLVBKOmIDxr2lAMhpN55Y
sipSgR65/w4uVFGnTTlWOno7SesZG+ZTMBO1YKwU/pE/uOOtYBf+5MGg8toIqfx6
/9isi8N513rBdjR3ZkcLJK/9pJgomMM4wkECFRQIwrgyX3+mlzmSGv2mTCcXzctO
PyiNity1zjhF3K8bx7cCSUG5PIJc958HctfTmbEh0F9f
-----END CERTIFICATE-----