Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/3df62d-5d57-4d7e-9444-5351f1bde72f/1/WmCvFXCeg0oTa1TckRvrs8RNar8.roa
File:                     WmCvFXCeg0oTa1TckRvrs8RNar8.roa (raw, json)
Hash identifier:          Mzv2Vj1XxZUvLysQKOIpSBENViQwEO98u/fFHAl/Wq0=
Subject key identifier:   5A:60:AF:15:70:9E:83:4A:13:6B:54:DC:91:1B:EB:B3:C4:4D:6A:BF
Certificate issuer:       /CN=64a7156b8aa89f76e4d38af2c109fbc14917b086
Certificate serial:       019427B53B1824598294C1A7190DB4CE36C4
Authority key identifier: 64:A7:15:6B:8A:A8:9F:76:E4:D3:8A:F2:C1:09:FB:C1:49:17:B0:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZKcVa4qon3bk04rywQn7wUkXsIY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/3df62d-5d57-4d7e-9444-5351f1bde72f/1/WmCvFXCeg0oTa1TckRvrs8RNar8.roa
Signing time:             Thu 02 Jan 2025 15:49:35 +0000
ROA not before:           Thu 02 Jan 2025 15:49:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34062
IP address blocks:        185.99.16.0/24 maxlen: 24
                          185.99.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/3df62d-5d57-4d7e-9444-5351f1bde72f/1/ZKcVa4qon3bk04rywQn7wUkXsIY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/3df62d-5d57-4d7e-9444-5351f1bde72f/1/ZKcVa4qon3bk04rywQn7wUkXsIY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZKcVa4qon3bk04rywQn7wUkXsIY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:3b:18:24:59:82:94:c1:a7:19:0d:b4:ce:36:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64a7156b8aa89f76e4d38af2c109fbc14917b086
        Validity
            Not Before: Jan  2 15:49:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5a60af15709e834a136b54dc911bebb3c44d6abf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:e5:b0:ab:1b:e6:86:bf:a2:00:c7:db:3a:9e:
                    9a:64:2f:fd:1f:fb:a1:91:e5:c4:ff:9a:91:7a:fe:
                    f6:79:26:b1:9c:c9:29:15:b3:86:6e:af:2b:ab:47:
                    21:0c:36:6d:51:55:45:f9:dd:d0:9f:e4:f4:e7:a3:
                    63:82:46:47:23:3a:d2:bc:94:7e:13:e6:5c:00:29:
                    e0:4a:cd:14:40:95:ad:88:3d:01:a8:49:ef:e9:cd:
                    d2:c8:16:a4:ee:f7:e3:55:95:f7:24:4a:a8:fe:6f:
                    25:13:14:b4:6d:66:d4:44:89:b3:ff:f3:b5:5a:7f:
                    42:46:29:98:be:bf:72:26:cd:cd:69:f3:35:59:3d:
                    44:2b:73:63:7d:d3:48:68:6e:b7:ce:4f:93:20:cc:
                    99:22:c8:08:ee:96:1d:a0:5a:bb:48:83:f6:90:99:
                    a0:30:c5:7c:d2:0a:39:2e:8b:26:a4:b5:92:8a:f7:
                    00:66:09:67:de:4b:9c:03:7f:f9:bc:5c:20:08:59:
                    54:c6:9c:02:1a:ce:7e:a1:04:d4:2b:f0:ab:6d:78:
                    a8:78:f8:71:42:7a:1f:fa:90:ae:47:c3:4e:0b:06:
                    f0:01:2a:01:2e:ef:96:08:0a:35:17:35:b8:1f:4d:
                    37:fd:bc:b1:cb:5d:31:9e:d3:d0:42:0d:0a:42:e3:
                    78:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:60:AF:15:70:9E:83:4A:13:6B:54:DC:91:1B:EB:B3:C4:4D:6A:BF
            X509v3 Authority Key Identifier:
                keyid:64:A7:15:6B:8A:A8:9F:76:E4:D3:8A:F2:C1:09:FB:C1:49:17:B0:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZKcVa4qon3bk04rywQn7wUkXsIY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/3df62d-5d57-4d7e-9444-5351f1bde72f/1/WmCvFXCeg0oTa1TckRvrs8RNar8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/3df62d-5d57-4d7e-9444-5351f1bde72f/1/ZKcVa4qon3bk04rywQn7wUkXsIY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.99.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0a:f2:c6:a3:6b:a9:b7:12:e6:6d:9c:ff:e6:fc:28:67:ae:60:
         8c:d7:5e:ff:d6:21:b8:63:4a:be:5e:46:99:13:d0:c9:a5:ec:
         71:2f:ee:fb:0b:8b:1b:c0:92:2c:49:21:61:8d:15:7c:1e:5f:
         53:7e:55:d9:bd:6b:9d:9a:ec:70:11:bc:d0:24:d8:44:f1:18:
         cc:9b:01:33:37:6d:82:39:d0:4c:51:30:7c:23:94:b4:09:52:
         53:63:20:7e:43:47:84:51:00:68:cc:13:a4:62:12:dc:70:f9:
         7f:6d:ed:d3:8f:05:11:2e:69:d8:33:b1:6b:d2:af:83:9b:bf:
         56:f3:c3:bf:52:e8:85:fe:d1:54:f7:82:f8:89:6b:64:ce:2f:
         b8:16:a8:2f:e6:6f:21:05:47:08:e6:e2:ba:cb:63:7a:88:f2:
         1c:db:b1:0f:b8:a9:86:f7:a9:fd:46:a0:a8:73:ed:f7:d8:33:
         e0:2f:37:42:5a:df:94:0a:e6:b5:e0:5a:14:3e:ed:9f:1c:9a:
         dc:ab:88:8d:a8:d5:ed:a0:8a:1b:b5:20:ba:c5:73:75:eb:e6:
         1e:cb:08:20:b9:53:c2:c8:cb:69:2a:31:e5:75:ec:fd:af:1b:
         e9:f3:ae:fd:90:b7:c2:94:56:82:6b:db:5e:ac:62:52:19:bb:
         21:6b:be:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntTsYJFmClMGnGQ20zjbEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0YTcxNTZiOGFhODlmNzZlNGQzOGFmMmMxMDlmYmMxNDkx
N2IwODYwHhcNMjUwMTAyMTU0OTM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTYwYWYxNTcwOWU4MzRhMTM2YjU0ZGM5MTFiZWJiM2M0NGQ2YWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3eWwqxvmhr+iAMfbOp6aZC/9H/uh
keXE/5qRev72eSaxnMkpFbOGbq8rq0chDDZtUVVF+d3Qn+T056NjgkZHIzrSvJR+
E+ZcACngSs0UQJWtiD0BqEnv6c3SyBak7vfjVZX3JEqo/m8lExS0bWbURImz//O1
Wn9CRimYvr9yJs3NafM1WT1EK3NjfdNIaG63zk+TIMyZIsgI7pYdoFq7SIP2kJmg
MMV80go5LosmpLWSivcAZgln3kucA3/5vFwgCFlUxpwCGs5+oQTUK/CrbXioePhx
Qnof+pCuR8NOCwbwASoBLu+WCAo1FzW4H003/byxy10xntPQQg0KQuN4UQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFpgrxVwnoNKE2tU3JEb67PETWq/MB8GA1UdIwQY
MBaAFGSnFWuKqJ925NOK8sEJ+8FJF7CGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWktjVmE0cW9uM2JrMDRyeXdRbjd3VWtYc0lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8zZGY2MmQtNWQ1Ny00ZDdlLTk0NDQt
NTM1MWYxYmRlNzJmLzEvV21DdkZYQ2VnMG9UYTFUY2tSdnJzOFJOYXI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8zZGY2MmQtNWQ1Ny00ZDdlLTk0NDQtNTM1MWYxYmRlNzJm
LzEvWktjVmE0cW9uM2JrMDRyeXdRbjd3VWtYc0lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuWMQMA0G
CSqGSIb3DQEBCwUAA4IBAQAK8saja6m3EuZtnP/m/ChnrmCM117/1iG4Y0q+XkaZ
E9DJpexxL+77C4sbwJIsSSFhjRV8Hl9TflXZvWudmuxwEbzQJNhE8RjMmwEzN22C
OdBMUTB8I5S0CVJTYyB+Q0eEUQBozBOkYhLccPl/be3TjwURLmnYM7Fr0q+Dm79W
88O/UuiF/tFU94L4iWtkzi+4Fqgv5m8hBUcI5uK6y2N6iPIc27EPuKmG96n9RqCo
c+332DPgLzdCWt+UCua14FoUPu2fHJrcq4iNqNXtoIobtSC6xXN16+YeywgguVPC
yMtpKjHldez9rxvp8679kLfClFaCa9terGJSGbsha76n
-----END CERTIFICATE-----