Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/6f46d9-3af0-42aa-b334-6eec77d9b985/1/W-3K5fzCzMBvM9WtH7NvbBMRwIA.roa
File:                     W-3K5fzCzMBvM9WtH7NvbBMRwIA.roa (raw, json)
Hash identifier:          RRZIltRS/dq6CUsYykb/8Cw+Mt7NFvaTFyBHpZDyvgA=
Subject key identifier:   5B:ED:CA:E5:FC:C2:CC:C0:6F:33:D5:AD:1F:B3:6F:6C:13:11:C0:80
Certificate issuer:       /CN=143239651db6aab1bcb67325f785b5ee1f4025cb
Certificate serial:       01941F8C26DD0DBD3DF2E56B0A261E0B3E68
Authority key identifier: 14:32:39:65:1D:B6:AA:B1:BC:B6:73:25:F7:85:B5:EE:1F:40:25:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FDI5ZR22qrG8tnMl94W17h9AJcs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/6f46d9-3af0-42aa-b334-6eec77d9b985/1/W-3K5fzCzMBvM9WtH7NvbBMRwIA.roa
Signing time:             Wed 01 Jan 2025 01:47:46 +0000
ROA not before:           Wed 01 Jan 2025 01:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210538
IP address blocks:        45.155.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/6f46d9-3af0-42aa-b334-6eec77d9b985/1/FDI5ZR22qrG8tnMl94W17h9AJcs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/6f46d9-3af0-42aa-b334-6eec77d9b985/1/FDI5ZR22qrG8tnMl94W17h9AJcs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FDI5ZR22qrG8tnMl94W17h9AJcs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:26:dd:0d:bd:3d:f2:e5:6b:0a:26:1e:0b:3e:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=143239651db6aab1bcb67325f785b5ee1f4025cb
        Validity
            Not Before: Jan  1 01:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5bedcae5fcc2ccc06f33d5ad1fb36f6c1311c080
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:ba:63:06:de:31:bc:2b:d0:f5:17:c3:01:96:
                    dc:72:5b:61:32:81:f3:4f:65:31:f8:67:26:4e:ef:
                    36:ba:e9:ee:97:fd:24:7b:5d:96:aa:34:a9:64:5e:
                    af:5f:ea:83:c8:93:49:c7:b2:50:84:fa:90:0d:ea:
                    6f:3f:18:50:86:0d:72:7e:bc:aa:0b:46:7a:6f:57:
                    d1:76:d7:d5:0a:4d:2f:61:bd:8b:c5:c3:1e:14:af:
                    c2:bb:48:ba:f7:ac:03:91:ed:a4:43:ce:92:13:11:
                    7e:9d:62:1d:7a:0b:ea:23:c4:12:19:6d:26:db:b6:
                    1c:14:f8:e2:15:8b:d3:86:c4:c7:bf:be:07:16:2a:
                    86:35:45:36:75:35:49:7b:7b:23:73:f9:7d:a7:10:
                    be:ff:c5:2b:af:ce:ab:e9:2c:74:4b:45:68:de:e8:
                    f8:45:f4:2e:b2:cc:8e:bb:1c:f7:00:22:8b:e5:c8:
                    8e:57:78:73:52:dc:ca:c5:d4:74:2b:a6:a1:29:00:
                    87:22:b6:f5:88:db:45:f1:0a:92:3b:ce:b8:b8:86:
                    97:6a:2f:1a:ad:cd:2e:23:fc:b4:f1:00:ea:ef:a7:
                    80:16:4c:9f:90:cc:42:a2:8e:1e:97:86:09:6b:b7:
                    b5:b0:f6:d9:a9:51:d2:ce:64:3c:d2:68:19:f9:b3:
                    d2:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:ED:CA:E5:FC:C2:CC:C0:6F:33:D5:AD:1F:B3:6F:6C:13:11:C0:80
            X509v3 Authority Key Identifier:
                keyid:14:32:39:65:1D:B6:AA:B1:BC:B6:73:25:F7:85:B5:EE:1F:40:25:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FDI5ZR22qrG8tnMl94W17h9AJcs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/6f46d9-3af0-42aa-b334-6eec77d9b985/1/W-3K5fzCzMBvM9WtH7NvbBMRwIA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/6f46d9-3af0-42aa-b334-6eec77d9b985/1/FDI5ZR22qrG8tnMl94W17h9AJcs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:b4:ac:88:e3:3e:31:9d:6e:d4:8f:1b:13:8e:01:ba:b7:50:
         cd:d6:e8:a3:a4:df:66:f5:e4:25:55:6f:3f:71:f6:b7:b5:7d:
         bd:db:80:af:c0:b4:f0:f9:8f:56:0b:54:f7:a8:f8:ff:17:be:
         ce:56:5f:e6:e9:18:bc:ef:4e:5e:97:3c:cc:22:25:a8:47:a6:
         b7:18:b8:1a:94:5e:87:39:43:ce:69:c1:cb:5c:5d:b4:bd:a3:
         1e:fb:9e:82:99:cf:68:cb:2a:37:76:9e:3f:1f:7a:cb:d0:02:
         c6:b1:14:c1:94:8f:5c:a2:31:b6:de:52:86:57:1e:05:ff:02:
         1d:12:7f:d6:6a:9a:70:f9:39:e6:d9:b9:e9:0b:35:46:c7:17:
         44:86:08:e8:05:d0:8a:08:53:20:fe:17:51:4f:d4:03:3d:41:
         55:b0:1a:4a:70:a7:3e:69:07:74:07:37:70:c5:45:c5:69:95:
         d0:70:c4:05:4a:a7:80:f0:a5:5f:ef:3d:58:b1:7f:ca:78:7f:
         5e:7c:12:5f:8c:36:75:06:88:a7:10:1e:d0:f1:10:3d:09:c8:
         90:72:bb:07:63:1e:ca:1e:95:e2:bb:06:17:db:94:24:c6:5a:
         71:b8:61:02:b4:0a:d0:e6:d6:fe:50:f8:44:3c:ab:b8:0d:72:
         1d:2b:63:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjCbdDb098uVrCiYeCz5oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0MzIzOTY1MWRiNmFhYjFiY2I2NzMyNWY3ODViNWVlMWY0
MDI1Y2IwHhcNMjUwMTAxMDE0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmVkY2FlNWZjYzJjY2MwNmYzM2Q1YWQxZmIzNmY2YzEzMTFjMDgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5LpjBt4xvCvQ9RfDAZbcclthMoHz
T2Ux+GcmTu82uunul/0ke12WqjSpZF6vX+qDyJNJx7JQhPqQDepvPxhQhg1yfryq
C0Z6b1fRdtfVCk0vYb2LxcMeFK/Cu0i696wDke2kQ86SExF+nWIdegvqI8QSGW0m
27YcFPjiFYvThsTHv74HFiqGNUU2dTVJe3sjc/l9pxC+/8Urr86r6Sx0S0Vo3uj4
RfQussyOuxz3ACKL5ciOV3hzUtzKxdR0K6ahKQCHIrb1iNtF8QqSO864uIaXai8a
rc0uI/y08QDq76eAFkyfkMxCoo4el4YJa7e1sPbZqVHSzmQ80mgZ+bPSqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFvtyuX8wszAbzPVrR+zb2wTEcCAMB8GA1UdIwQY
MBaAFBQyOWUdtqqxvLZzJfeFte4fQCXLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkRJNVpSMjJxckc4dG5NbDk0VzE3aDlBSmNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC82ZjQ2ZDktM2FmMC00MmFhLWIzMzQt
NmVlYzc3ZDliOTg1LzEvVy0zSzVmekN6TUJ2TTlXdEg3TnZiQk1Sd0lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC82ZjQ2ZDktM2FmMC00MmFhLWIzMzQtNmVlYzc3ZDliOTg1
LzEvRkRJNVpSMjJxckc4dG5NbDk0VzE3aDlBSmNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZt8MA0G
CSqGSIb3DQEBCwUAA4IBAQAVtKyI4z4xnW7UjxsTjgG6t1DN1uijpN9m9eQlVW8/
cfa3tX2924CvwLTw+Y9WC1T3qPj/F77OVl/m6Ri8705elzzMIiWoR6a3GLgalF6H
OUPOacHLXF20vaMe+56Cmc9oyyo3dp4/H3rL0ALGsRTBlI9cojG23lKGVx4F/wId
En/Wappw+Tnm2bnpCzVGxxdEhgjoBdCKCFMg/hdRT9QDPUFVsBpKcKc+aQd0Bzdw
xUXFaZXQcMQFSqeA8KVf7z1YsX/KeH9efBJfjDZ1BoinEB7Q8RA9CciQcrsHYx7K
HpXiuwYX25QkxlpxuGECtArQ5tb+UPhEPKu4DXIdK2P9
-----END CERTIFICATE-----