Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/293328-9245-403b-8a4a-169c836bd6b0/1/W9jLQPfJ-gf7W45fE6xy024pvso.roa
File:                     W9jLQPfJ-gf7W45fE6xy024pvso.roa (raw, json)
Hash identifier:          myRMJIwFBs9jjITp4SZwdlJzPIPHFfsrLal6I49sinM=
Subject key identifier:   5B:D8:CB:40:F7:C9:FA:07:FB:5B:8E:5F:13:AC:72:D3:6E:29:BE:CA
Certificate issuer:       /CN=18886007da1730b0770d8604db73d12fd264f3f9
Certificate serial:       019422FB275DFD4EFB7D11FB28974540E895
Authority key identifier: 18:88:60:07:DA:17:30:B0:77:0D:86:04:DB:73:D1:2F:D2:64:F3:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GIhgB9oXMLB3DYYE23PRL9Jk8_k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/293328-9245-403b-8a4a-169c836bd6b0/1/W9jLQPfJ-gf7W45fE6xy024pvso.roa
Signing time:             Wed 01 Jan 2025 17:47:52 +0000
ROA not before:           Wed 01 Jan 2025 17:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57494
IP address blocks:        213.171.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/293328-9245-403b-8a4a-169c836bd6b0/1/GIhgB9oXMLB3DYYE23PRL9Jk8_k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/293328-9245-403b-8a4a-169c836bd6b0/1/GIhgB9oXMLB3DYYE23PRL9Jk8_k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GIhgB9oXMLB3DYYE23PRL9Jk8_k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 11:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:27:5d:fd:4e:fb:7d:11:fb:28:97:45:40:e8:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18886007da1730b0770d8604db73d12fd264f3f9
        Validity
            Not Before: Jan  1 17:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5bd8cb40f7c9fa07fb5b8e5f13ac72d36e29beca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:9f:b8:cd:23:c1:24:cd:d8:a1:02:02:fd:fc:
                    c8:41:45:5a:da:2f:fc:bf:d4:41:cd:81:f0:94:14:
                    58:55:33:d8:e2:4e:af:8d:4c:31:dd:33:f6:7c:a6:
                    37:72:4e:fc:16:1e:91:8c:91:42:21:55:8b:ac:97:
                    55:39:0a:97:63:c9:30:31:7a:5a:28:d7:b8:12:33:
                    1c:60:72:3b:75:0c:f8:68:80:ef:70:9a:5a:fb:57:
                    41:a2:4e:84:4f:1e:d3:94:c1:12:66:f5:c4:50:32:
                    7b:5f:55:99:db:79:c3:a7:ae:06:21:ab:7a:03:33:
                    de:f4:88:6f:74:75:e0:36:7c:0b:62:d0:f5:0c:99:
                    73:01:7f:57:71:f9:80:6a:8a:51:44:73:09:a9:7d:
                    c1:bd:d7:a3:45:20:e0:53:94:3e:46:d8:bb:e2:f5:
                    f1:76:56:c2:6b:38:33:13:88:27:8b:ac:12:27:95:
                    ee:8b:b9:25:65:a5:11:ad:7f:33:01:b3:f0:cb:26:
                    0b:5a:f5:60:87:e4:c1:ab:a1:de:58:b8:8e:ac:64:
                    2c:3d:d7:a4:26:6e:00:dc:94:71:7c:d1:a0:87:3f:
                    97:3a:4d:01:ac:0a:05:bd:f8:3b:5a:6e:30:22:0e:
                    e1:b1:37:4e:fd:e4:b7:bd:13:17:7f:8c:aa:c0:01:
                    4a:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:D8:CB:40:F7:C9:FA:07:FB:5B:8E:5F:13:AC:72:D3:6E:29:BE:CA
            X509v3 Authority Key Identifier:
                keyid:18:88:60:07:DA:17:30:B0:77:0D:86:04:DB:73:D1:2F:D2:64:F3:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GIhgB9oXMLB3DYYE23PRL9Jk8_k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/293328-9245-403b-8a4a-169c836bd6b0/1/W9jLQPfJ-gf7W45fE6xy024pvso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/293328-9245-403b-8a4a-169c836bd6b0/1/GIhgB9oXMLB3DYYE23PRL9Jk8_k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.171.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:56:54:bf:32:8d:80:fd:4c:04:03:cc:f7:ba:32:5a:25:0b:
         9f:c2:d7:87:00:d0:26:8a:fd:a5:af:f8:9f:27:73:a3:ab:21:
         84:b9:b2:82:f4:8f:a8:95:89:54:3f:52:53:60:ab:f1:a2:1c:
         d4:eb:96:f5:4f:03:35:66:72:27:93:65:42:6e:75:90:a5:43:
         74:7c:13:26:b7:8d:cb:58:6e:8d:9b:b5:f4:a4:c9:28:81:61:
         29:c6:11:2f:ce:1f:7d:0e:62:70:e0:a8:c1:79:90:ee:cb:cf:
         e7:d0:05:63:06:ee:94:cf:db:97:aa:02:1a:26:98:b5:e6:0d:
         de:4b:d2:1e:3b:eb:40:d7:bf:74:fb:54:0c:c6:c7:cc:3a:c3:
         63:58:9e:f7:8e:9d:df:90:64:24:05:27:8a:fd:52:f5:34:2e:
         7b:f5:ca:18:37:da:96:31:55:65:15:2e:a3:d8:67:38:27:8b:
         a7:85:5f:3c:7e:05:4f:16:6a:a4:3f:e0:89:e2:e1:88:06:ce:
         d7:32:82:22:84:bf:5a:40:fe:f2:da:89:f1:17:12:92:15:bb:
         d2:27:ef:77:9b:66:ba:55:3f:91:67:88:d5:00:9a:4e:9d:93:
         3f:01:8d:23:5a:ef:7c:da:0a:01:bb:0d:c2:60:99:21:8b:96:
         85:22:bd:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+ydd/U77fRH7KJdFQOiVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4ODg2MDA3ZGExNzMwYjA3NzBkODYwNGRiNzNkMTJmZDI2
NGYzZjkwHhcNMjUwMTAxMTc0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmQ4Y2I0MGY3YzlmYTA3ZmI1YjhlNWYxM2FjNzJkMzZlMjliZWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8p+4zSPBJM3YoQIC/fzIQUVa2i/8
v9RBzYHwlBRYVTPY4k6vjUwx3TP2fKY3ck78Fh6RjJFCIVWLrJdVOQqXY8kwMXpa
KNe4EjMcYHI7dQz4aIDvcJpa+1dBok6ETx7TlMESZvXEUDJ7X1WZ23nDp64GIat6
AzPe9IhvdHXgNnwLYtD1DJlzAX9XcfmAaopRRHMJqX3BvdejRSDgU5Q+Rti74vXx
dlbCazgzE4gni6wSJ5Xui7klZaURrX8zAbPwyyYLWvVgh+TBq6HeWLiOrGQsPdek
Jm4A3JRxfNGghz+XOk0BrAoFvfg7Wm4wIg7hsTdO/eS3vRMXf4yqwAFKpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFvYy0D3yfoH+1uOXxOsctNuKb7KMB8GA1UdIwQY
MBaAFBiIYAfaFzCwdw2GBNtz0S/SZPP5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0loZ0I5b1hNTEIzRFlZRTIzUFJMOUprOF9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8yOTMzMjgtOTI0NS00MDNiLThhNGEt
MTY5YzgzNmJkNmIwLzEvVzlqTFFQZkotZ2Y3VzQ1ZkU2eHkwMjRwdnNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8yOTMzMjgtOTI0NS00MDNiLThhNGEtMTY5YzgzNmJkNmIw
LzEvR0loZ0I5b1hNTEIzRFlZRTIzUFJMOUprOF9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1asPMA0G
CSqGSIb3DQEBCwUAA4IBAQCIVlS/Mo2A/UwEA8z3ujJaJQufwteHANAmiv2lr/if
J3OjqyGEubKC9I+olYlUP1JTYKvxohzU65b1TwM1ZnInk2VCbnWQpUN0fBMmt43L
WG6Nm7X0pMkogWEpxhEvzh99DmJw4KjBeZDuy8/n0AVjBu6Uz9uXqgIaJpi15g3e
S9IeO+tA1790+1QMxsfMOsNjWJ73jp3fkGQkBSeK/VL1NC579coYN9qWMVVlFS6j
2Gc4J4unhV88fgVPFmqkP+CJ4uGIBs7XMoIihL9aQP7y2onxFxKSFbvSJ+93m2a6
VT+RZ4jVAJpOnZM/AY0jWu982goBuw3CYJkhi5aFIr3x
-----END CERTIFICATE-----