Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/W1J1-YCCiOxiAdhCBpIGiI6-ens.roa
File:                     W1J1-YCCiOxiAdhCBpIGiI6-ens.roa (raw, json)
Hash identifier:          qQljpaYP6KShT3JCLBM16HPQvI04wWe99FsoBr17EDc=
Subject key identifier:   5B:52:75:F9:80:82:88:EC:62:01:D8:42:06:92:06:88:8E:BE:7A:7B
Certificate issuer:       /CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
Certificate serial:       019424456DD7FF9A8A2C4CFD07BE6F921BF0
Authority key identifier: 30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/W1J1-YCCiOxiAdhCBpIGiI6-ens.roa
Signing time:             Wed 01 Jan 2025 23:48:37 +0000
ROA not before:           Wed 01 Jan 2025 23:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210995
IP address blocks:        195.53.239.0/24 maxlen: 24
                          195.76.62.0/23 maxlen: 23
                          195.76.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 02:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:6d:d7:ff:9a:8a:2c:4c:fd:07:be:6f:92:1b:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
        Validity
            Not Before: Jan  1 23:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5b5275f9808288ec6201d842069206888ebe7a7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:66:52:85:2b:42:0b:00:96:b9:e5:44:a7:d0:
                    e8:8d:b3:c2:8c:61:ac:d0:47:e9:f1:81:13:93:aa:
                    a9:ce:c4:aa:58:a4:71:d1:b4:b4:0e:eb:c9:50:9a:
                    96:b2:a2:53:c2:3e:8d:2f:93:b1:60:86:27:c0:e2:
                    14:f6:7e:06:50:94:5d:ea:23:d2:7f:73:57:17:c0:
                    45:f5:11:5b:12:90:98:03:62:2c:35:d2:9b:36:58:
                    e7:49:a6:a8:41:6c:10:32:33:cd:3e:b2:36:9a:fc:
                    41:0b:0e:8e:db:12:20:dc:48:39:8c:e4:26:6f:ae:
                    62:b9:57:8a:d4:b1:6e:37:48:20:32:18:4e:0f:7a:
                    9a:91:34:9e:65:45:c4:1b:c8:5e:78:ab:44:c2:e2:
                    b8:db:86:2c:90:a1:cf:a5:3d:84:7d:b4:d7:47:f0:
                    1b:6e:c8:7e:5a:99:58:e7:1a:a2:3f:b1:18:e9:7c:
                    b6:2c:e5:50:6f:6b:4e:94:01:95:ab:48:29:30:ed:
                    aa:04:59:ac:b4:15:2d:09:61:be:32:87:33:c5:2c:
                    5b:b3:3e:ae:5b:0b:4a:8b:fb:a6:97:0a:f4:60:59:
                    e1:2d:9c:c4:8f:27:4b:15:d3:d9:75:6c:cb:f1:a4:
                    a3:76:97:a6:5a:27:60:dd:d1:ea:6e:8b:0f:15:6f:
                    eb:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:52:75:F9:80:82:88:EC:62:01:D8:42:06:92:06:88:8E:BE:7A:7B
            X509v3 Authority Key Identifier:
                keyid:30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/W1J1-YCCiOxiAdhCBpIGiI6-ens.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.53.239.0/24
                  195.76.62.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1f:67:86:b1:80:d7:14:f5:5e:3f:99:ef:e1:0d:dd:60:56:25:
         de:3c:e7:e8:60:b7:13:1b:50:9a:3c:a6:7c:53:ce:53:98:f5:
         8b:27:7e:f4:ad:cd:4a:c0:55:32:1a:cf:bd:06:4e:87:57:eb:
         01:df:9c:14:be:2d:c4:a6:63:ef:2c:5d:99:ae:a8:0a:c3:ef:
         0c:d2:69:76:d0:72:46:c9:c0:38:3d:25:dd:2a:aa:d1:78:22:
         41:23:3f:37:99:f5:73:26:b0:52:d8:ef:f7:8f:a2:c1:e0:1e:
         19:27:dc:3c:55:21:ba:05:c0:ff:75:94:5b:5b:b3:31:76:f7:
         fe:ff:17:7a:a2:9d:4b:27:8f:49:94:fc:f2:e1:05:d0:7b:6d:
         84:d1:bf:c4:7b:4b:1d:9e:ac:d8:7d:86:6d:a9:65:7f:b2:7c:
         b0:b6:97:16:cf:5d:84:b5:30:ca:b5:3c:9a:85:f8:45:1f:45:
         85:8b:ef:1f:21:f8:c1:b5:71:8a:a4:23:f1:fb:60:db:7b:95:
         4d:ec:32:b8:b8:ed:c3:1c:53:57:db:79:ed:32:01:28:fb:bd:
         1f:56:6d:ca:59:f4:ae:46:ed:45:1f:9e:23:17:81:4e:aa:81:
         c7:00:2a:e5:6c:fb:a7:4f:f3:af:76:ca:be:e1:d9:cf:7d:2d:
         6a:a1:22:d6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQkRW3X/5qKLEz9B75vkhvwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwN2Y1ZmUyNzQwYTJiNmRlNGMzNzA5ZDI5NjQxMTViM2M5
NjdkYTEwHhcNMjUwMTAxMjM0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjUyNzVmOTgwODI4OGVjNjIwMWQ4NDIwNjkyMDY4ODhlYmU3YTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArWZShStCCwCWueVEp9DojbPCjGGs
0Efp8YETk6qpzsSqWKRx0bS0DuvJUJqWsqJTwj6NL5OxYIYnwOIU9n4GUJRd6iPS
f3NXF8BF9RFbEpCYA2IsNdKbNljnSaaoQWwQMjPNPrI2mvxBCw6O2xIg3Eg5jOQm
b65iuVeK1LFuN0ggMhhOD3qakTSeZUXEG8heeKtEwuK424YskKHPpT2EfbTXR/Ab
bsh+WplY5xqiP7EY6Xy2LOVQb2tOlAGVq0gpMO2qBFmstBUtCWG+MoczxSxbsz6u
WwtKi/umlwr0YFnhLZzEjydLFdPZdWzL8aSjdpemWidg3dHqbosPFW/r7QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFtSdfmAgojsYgHYQgaSBoiOvnp7MB8GA1UdIwQY
MBaAFDB/X+J0Citt5MNwnSlkEVs8ln2hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQt
NGJhMmY4ZjFmODNiLzEvVzFKMS1ZQ0NpT3hpQWRoQ0JwSUdpSTYtZW5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQtNGJhMmY4ZjFmODNi
LzEvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwzXvAwQB
w0w+MA0GCSqGSIb3DQEBCwUAA4IBAQAfZ4axgNcU9V4/me/hDd1gViXePOfoYLcT
G1CaPKZ8U85TmPWLJ370rc1KwFUyGs+9Bk6HV+sB35wUvi3EpmPvLF2ZrqgKw+8M
0ml20HJGycA4PSXdKqrReCJBIz83mfVzJrBS2O/3j6LB4B4ZJ9w8VSG6BcD/dZRb
W7Mxdvf+/xd6op1LJ49JlPzy4QXQe22E0b/Ee0sdnqzYfYZtqWV/snywtpcWz12E
tTDKtTyahfhFH0WFi+8fIfjBtXGKpCPx+2Dbe5VN7DK4uO3DHFNX23ntMgEo+70f
Vm3KWfSuRu1FH54jF4FOqoHHACrlbPunT/Ovdsq+4dnPfS1qoSLW
-----END CERTIFICATE-----