Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/W4Wt9LXoPwV5z2Z7UIqRMaW1Eo8.roa
File:                     W4Wt9LXoPwV5z2Z7UIqRMaW1Eo8.roa (raw, json)
Hash identifier:          VvmRbcJsNnKcxQfYZNmOeHtCtlqjecuCCFd9OBYlBb8=
Subject key identifier:   5B:85:AD:F4:B5:E8:3F:05:79:CF:66:7B:50:8A:91:31:A5:B5:12:8F
Certificate issuer:       /CN=97024ffc4927bfe35289435d9d0280420b8ecdcb
Certificate serial:       0192BF77E18834A7A64D4EF9ADFB17C09AEF
Authority key identifier: 97:02:4F:FC:49:27:BF:E3:52:89:43:5D:9D:02:80:42:0B:8E:CD:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lwJP_Eknv-NSiUNdnQKAQguOzcs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/W4Wt9LXoPwV5z2Z7UIqRMaW1Eo8.roa
Signing time:             Thu 24 Oct 2024 16:59:17 +0000
ROA not before:           Thu 24 Oct 2024 16:59:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210037
IP address blocks:        193.37.192.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/lwJP_Eknv-NSiUNdnQKAQguOzcs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/lwJP_Eknv-NSiUNdnQKAQguOzcs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lwJP_Eknv-NSiUNdnQKAQguOzcs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:bf:77:e1:88:34:a7:a6:4d:4e:f9:ad:fb:17:c0:9a:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97024ffc4927bfe35289435d9d0280420b8ecdcb
        Validity
            Not Before: Oct 24 16:59:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b85adf4b5e83f0579cf667b508a9131a5b5128f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:1c:40:9b:98:70:73:92:68:f7:5c:e5:e2:21:
                    4e:6a:ad:4a:79:ba:92:6f:2f:40:64:2c:d2:35:d3:
                    eb:3d:e0:55:fe:7d:98:8b:68:bf:04:91:ca:e1:28:
                    00:a3:fe:36:0e:f1:b1:9f:c4:24:18:dc:a8:11:37:
                    bc:5d:26:52:07:91:1c:60:3d:0a:58:e0:ac:65:ba:
                    3e:35:9c:6a:08:49:ee:bb:e6:3d:98:e9:6d:b7:3a:
                    a8:ca:3e:e3:83:e1:70:d6:4b:68:82:a7:fe:72:de:
                    3a:d1:87:73:47:24:94:6d:e6:dc:d4:86:a9:c8:fd:
                    6a:b6:10:92:98:59:54:32:a0:f3:4d:01:f8:dd:bc:
                    c5:f7:04:aa:af:99:d9:8c:a1:ef:2d:78:8a:54:da:
                    b4:eb:c7:8c:47:17:23:94:24:ed:dc:05:0b:60:d0:
                    c2:1e:7f:35:fc:d9:5f:70:68:0e:ee:e8:af:d8:14:
                    cd:4e:72:e4:43:bb:ba:7d:43:36:f8:af:30:41:d7:
                    3d:82:09:98:1a:2d:77:6b:2a:fa:31:a1:55:cc:0f:
                    d8:c7:20:f9:a0:e5:6f:20:b6:df:12:6d:bf:b2:3d:
                    59:fe:d6:53:b6:00:de:e8:7d:d3:bb:95:9f:df:40:
                    e8:96:db:23:e7:30:40:c0:e0:16:6c:10:62:59:9d:
                    66:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:85:AD:F4:B5:E8:3F:05:79:CF:66:7B:50:8A:91:31:A5:B5:12:8F
            X509v3 Authority Key Identifier:
                keyid:97:02:4F:FC:49:27:BF:E3:52:89:43:5D:9D:02:80:42:0B:8E:CD:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lwJP_Eknv-NSiUNdnQKAQguOzcs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/W4Wt9LXoPwV5z2Z7UIqRMaW1Eo8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/lwJP_Eknv-NSiUNdnQKAQguOzcs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7e:15:c2:60:16:59:98:5f:03:14:f3:1a:ee:37:c3:91:e9:e1:
         8e:73:e7:de:5e:3c:dc:ab:fa:ae:7a:89:7e:3e:aa:80:2a:ef:
         f5:fc:07:ca:8c:a4:30:0b:8e:f4:76:a4:52:79:43:fa:ab:e5:
         2f:3c:88:67:71:74:7e:37:75:3a:d6:0b:ef:dc:84:45:d2:48:
         d9:67:43:f0:30:e1:e6:9c:38:58:91:22:fb:d3:86:a1:cc:4b:
         5d:00:88:08:46:e3:bc:17:3b:b1:42:3a:ee:74:21:49:09:dd:
         8d:6a:e2:74:6a:ab:8b:ce:c7:6d:71:94:3b:53:2f:d5:9f:e1:
         b9:b3:c7:f9:a9:ce:90:92:63:f7:1b:d1:90:4e:5f:8f:0d:de:
         c3:cd:27:2c:25:3c:28:e6:5b:bb:12:93:bd:21:df:a7:49:30:
         a7:d5:21:70:6a:f0:70:d8:55:cd:3b:46:48:9f:4e:02:8f:06:
         49:89:63:03:38:fe:9f:df:c8:db:0b:08:c4:2d:24:bc:25:2f:
         fa:b9:89:21:f4:c5:4a:2c:70:51:05:6b:fa:96:19:6a:c2:17:
         eb:36:a5:bb:b8:2b:31:e0:51:7e:77:64:27:6a:bd:59:72:75:
         21:e0:b2:85:6e:30:58:78:a7:d3:cd:8f:ad:82:08:32:20:4a:
         d6:c9:fe:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZK/d+GINKemTU75rfsXwJrvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3MDI0ZmZjNDkyN2JmZTM1Mjg5NDM1ZDlkMDI4MDQyMGI4
ZWNkY2IwHhcNMjQxMDI0MTY1OTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Yjg1YWRmNGI1ZTgzZjA1NzljZjY2N2I1MDhhOTEzMWE1YjUxMjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyhxAm5hwc5Jo91zl4iFOaq1KebqS
by9AZCzSNdPrPeBV/n2Yi2i/BJHK4SgAo/42DvGxn8QkGNyoETe8XSZSB5EcYD0K
WOCsZbo+NZxqCEnuu+Y9mOlttzqoyj7jg+Fw1ktogqf+ct460YdzRySUbebc1Iap
yP1qthCSmFlUMqDzTQH43bzF9wSqr5nZjKHvLXiKVNq068eMRxcjlCTt3AULYNDC
Hn81/NlfcGgO7uiv2BTNTnLkQ7u6fUM2+K8wQdc9ggmYGi13ayr6MaFVzA/YxyD5
oOVvILbfEm2/sj1Z/tZTtgDe6H3Tu5Wf30Doltsj5zBAwOAWbBBiWZ1mSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFuFrfS16D8Fec9me1CKkTGltRKPMB8GA1UdIwQY
MBaAFJcCT/xJJ7/jUolDXZ0CgEILjs3LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHdKUF9Fa252LU5TaVVOZG5RS0FRZ3VPemNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC83MTcyMjEtMWQwMy00ZDEzLTkwNDkt
NDAxYmRhNDQ3N2I1LzEvVzRXdDlMWG9Qd1Y1ejJaN1VJcVJNYVcxRW84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC83MTcyMjEtMWQwMy00ZDEzLTkwNDktNDAxYmRhNDQ3N2I1
LzEvbHdKUF9Fa252LU5TaVVOZG5RS0FRZ3VPemNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwSXAMA0G
CSqGSIb3DQEBCwUAA4IBAQB+FcJgFlmYXwMU8xruN8OR6eGOc+feXjzcq/queol+
PqqAKu/1/AfKjKQwC470dqRSeUP6q+UvPIhncXR+N3U61gvv3IRF0kjZZ0PwMOHm
nDhYkSL704ahzEtdAIgIRuO8FzuxQjrudCFJCd2NauJ0aquLzsdtcZQ7Uy/Vn+G5
s8f5qc6QkmP3G9GQTl+PDd7DzScsJTwo5lu7EpO9Id+nSTCn1SFwavBw2FXNO0ZI
n04CjwZJiWMDOP6f38jbCwjELSS8JS/6uYkh9MVKLHBRBWv6lhlqwhfrNqW7uCsx
4FF+d2Qnar1ZcnUh4LKFbjBYeKfTzY+tgggyIErWyf7h
-----END CERTIFICATE-----