Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/wWRDfWHup1u0k3UjICPfUYIPuSY.roa
File:                     wWRDfWHup1u0k3UjICPfUYIPuSY.roa (raw, json)
Hash identifier:          yzH1M2v1GGWQRBkb4bWaRfefbh3n4eH1xoy+GhWge5A=
Subject key identifier:   C1:64:43:7D:61:EE:A7:5B:B4:93:75:23:20:23:DF:51:82:0F:B9:26
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       019422FC16972D29C5670C6B89A269C95DEF
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/wWRDfWHup1u0k3UjICPfUYIPuSY.roa
Signing time:             Wed 01 Jan 2025 17:48:53 +0000
ROA not before:           Wed 01 Jan 2025 17:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400810
IP address blocks:        109.72.114.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:16:97:2d:29:c5:67:0c:6b:89:a2:69:c9:5d:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Jan  1 17:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c164437d61eea75bb49375232023df51820fb926
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:2e:44:9b:81:70:a6:83:e0:91:08:b4:13:b9:
                    17:97:bc:46:1e:d4:bb:b5:0f:79:9d:e4:58:c0:32:
                    0d:cf:73:67:1f:cc:3c:b5:c1:d6:16:5b:56:08:a0:
                    88:43:da:fe:45:8f:b7:76:c8:50:e2:fb:cc:6d:95:
                    9a:30:91:ae:36:cd:ee:58:d1:38:43:cd:b1:21:e0:
                    ae:9f:ea:3b:44:7c:81:a0:12:ad:84:58:76:fa:77:
                    a5:58:f0:71:77:43:01:5a:64:ee:d8:58:60:81:fb:
                    9e:29:de:ef:c4:23:cb:41:1f:f4:3d:d8:50:b9:4e:
                    54:56:cb:03:24:74:4a:36:ca:73:f7:db:a2:9a:f0:
                    35:29:5b:50:f5:77:0c:4c:91:c6:09:41:23:a8:6a:
                    a7:63:02:f9:39:fe:d2:a0:02:68:15:30:f0:10:f9:
                    bc:32:b3:76:ff:1f:01:ca:b0:33:86:20:86:e8:c7:
                    ad:f4:ae:95:71:a6:f4:92:b7:4c:76:e5:e7:f6:46:
                    dd:a1:d1:4d:cf:1d:14:02:4e:9d:80:8a:7b:ea:c8:
                    6b:af:0f:79:88:bb:8f:62:97:f3:01:03:18:b4:f6:
                    db:77:ee:ca:ef:01:f6:d0:b2:68:11:fc:28:bc:f0:
                    15:df:12:d8:00:7d:b0:4d:27:f3:63:1f:35:64:c1:
                    60:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:64:43:7D:61:EE:A7:5B:B4:93:75:23:20:23:DF:51:82:0F:B9:26
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/wWRDfWHup1u0k3UjICPfUYIPuSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.72.114.0/23

    Signature Algorithm: sha256WithRSAEncryption
         35:47:f0:29:f7:f8:30:b7:26:60:46:a0:db:ce:f1:ab:10:f8:
         4e:73:dd:08:21:14:86:30:eb:bb:13:e5:92:c3:3c:60:2c:17:
         93:8a:5c:06:8e:a1:f6:be:63:56:e7:29:27:73:fd:b3:5d:2d:
         fe:fb:76:3d:96:44:58:d8:03:a1:a4:b5:d0:f0:6d:59:69:44:
         60:3a:93:80:7e:24:48:b1:2b:c6:37:c7:92:ec:51:d7:3c:06:
         72:14:06:c8:00:cc:e8:32:c0:10:36:4f:94:fb:46:ed:c8:d1:
         71:0f:b7:0e:f3:57:ff:fd:19:ed:a9:81:17:e5:1b:f2:ef:fc:
         3c:6b:96:35:1d:3e:6f:97:f4:d0:14:aa:9e:ea:37:15:d9:fc:
         ae:64:e2:fa:6f:f1:46:80:66:45:e9:aa:45:83:26:34:cf:1b:
         b3:1f:1c:fe:ef:0e:f6:50:91:11:72:b9:c4:7f:67:cb:ac:26:
         69:bf:d3:9c:d5:63:86:e3:48:c5:e9:f7:fe:70:91:6b:90:0f:
         e0:73:3f:89:48:96:47:99:61:4c:5a:fe:f3:22:5d:46:04:4b:
         90:4f:d3:50:e7:43:19:e4:f1:86:66:2d:f5:f4:b7:6c:9f:df:
         a6:5b:1a:71:c2:fd:93:5d:e7:31:d9:5c:87:28:36:1d:18:8d:
         80:b8:0f:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/BaXLSnFZwxriaJpyV3vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjUwMTAxMTc0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTY0NDM3ZDYxZWVhNzViYjQ5Mzc1MjMyMDIzZGY1MTgyMGZiOTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAii5Em4FwpoPgkQi0E7kXl7xGHtS7
tQ95neRYwDINz3NnH8w8tcHWFltWCKCIQ9r+RY+3dshQ4vvMbZWaMJGuNs3uWNE4
Q82xIeCun+o7RHyBoBKthFh2+nelWPBxd0MBWmTu2FhggfueKd7vxCPLQR/0PdhQ
uU5UVssDJHRKNspz99uimvA1KVtQ9XcMTJHGCUEjqGqnYwL5Of7SoAJoFTDwEPm8
MrN2/x8ByrAzhiCG6Met9K6Vcab0krdMduXn9kbdodFNzx0UAk6dgIp76shrrw95
iLuPYpfzAQMYtPbbd+7K7wH20LJoEfwovPAV3xLYAH2wTSfzYx81ZMFgwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMFkQ31h7qdbtJN1IyAj31GCD7kmMB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvd1dSRGZXSHVwMXUwazNVaklDUGZVWUlQdVNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBbUhyMA0G
CSqGSIb3DQEBCwUAA4IBAQA1R/Ap9/gwtyZgRqDbzvGrEPhOc90IIRSGMOu7E+WS
wzxgLBeTilwGjqH2vmNW5yknc/2zXS3++3Y9lkRY2AOhpLXQ8G1ZaURgOpOAfiRI
sSvGN8eS7FHXPAZyFAbIAMzoMsAQNk+U+0btyNFxD7cO81f//RntqYEX5Rvy7/w8
a5Y1HT5vl/TQFKqe6jcV2fyuZOL6b/FGgGZF6apFgyY0zxuzHxz+7w72UJERcrnE
f2fLrCZpv9Oc1WOG40jF6ff+cJFrkA/gcz+JSJZHmWFMWv7zIl1GBEuQT9NQ50MZ
5PGGZi319Ldsn9+mWxpxwv2TXecx2VyHKDYdGI2AuA9J
-----END CERTIFICATE-----