Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/08729f-79a6-48d0-b2e1-bb26143c5edc/1/W-OtDTrcD4enIHqlL53Q8gJVqVg.roa
File:                     W-OtDTrcD4enIHqlL53Q8gJVqVg.roa (raw, json)
Hash identifier:          MIoWyZfzBnM9tbFHcQ1uCgLljDFhySK8a9b/Bqx5jVg=
Subject key identifier:   5B:E3:AD:0D:3A:DC:0F:87:A7:20:7A:A5:2F:9D:D0:F2:02:55:A9:58
Certificate issuer:       /CN=1cb464ba038bc0bbbee400f3e908df51482c51bb
Certificate serial:       019421B1EECA004633AFA71B7DDB3626EBEC
Authority key identifier: 1C:B4:64:BA:03:8B:C0:BB:BE:E4:00:F3:E9:08:DF:51:48:2C:51:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HLRkugOLwLu-5ADz6QjfUUgsUbs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/08729f-79a6-48d0-b2e1-bb26143c5edc/1/W-OtDTrcD4enIHqlL53Q8gJVqVg.roa
Signing time:             Wed 01 Jan 2025 11:48:16 +0000
ROA not before:           Wed 01 Jan 2025 11:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50474
IP address blocks:        78.40.8.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/08729f-79a6-48d0-b2e1-bb26143c5edc/1/HLRkugOLwLu-5ADz6QjfUUgsUbs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/08729f-79a6-48d0-b2e1-bb26143c5edc/1/HLRkugOLwLu-5ADz6QjfUUgsUbs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HLRkugOLwLu-5ADz6QjfUUgsUbs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:ee:ca:00:46:33:af:a7:1b:7d:db:36:26:eb:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1cb464ba038bc0bbbee400f3e908df51482c51bb
        Validity
            Not Before: Jan  1 11:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5be3ad0d3adc0f87a7207aa52f9dd0f20255a958
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:a8:b4:e5:c5:ab:cb:c8:b8:2e:57:c5:ec:86:
                    dc:7e:e6:f3:0c:c1:88:05:61:0e:d2:41:2e:a6:fe:
                    58:10:56:57:90:af:e2:c3:4c:f8:f2:2e:db:5d:a7:
                    50:58:8c:ab:d1:92:9c:d9:f8:29:27:f0:7d:dc:f2:
                    7f:27:7b:16:bb:76:b9:60:fd:de:b2:e5:62:ea:da:
                    de:06:e5:35:d4:cf:28:10:e5:d8:ba:0e:78:be:b5:
                    65:40:29:00:e2:08:78:55:3e:75:7a:8c:8f:d0:f6:
                    61:45:75:95:86:be:6f:38:fa:c2:2b:03:b7:b7:82:
                    d5:89:e3:a0:68:be:0c:6d:95:50:87:1f:01:5f:87:
                    89:88:c1:9a:7e:25:a8:d3:66:39:fe:da:4f:c1:af:
                    af:e3:e2:66:63:ff:7b:93:82:23:33:8d:86:f1:8c:
                    06:36:4d:67:f2:70:26:e0:94:dc:a3:bb:3d:1c:2b:
                    64:83:42:ca:80:00:1e:59:e0:2b:76:a8:f4:0a:06:
                    34:96:cb:61:87:e2:b4:8a:86:80:03:f5:70:f2:d3:
                    92:1d:9e:a2:d7:f2:be:8a:cd:84:5d:37:b3:f9:34:
                    16:a8:97:25:47:c6:c2:fe:bf:de:7b:a6:1f:45:05:
                    e2:b9:bb:5d:18:6c:58:a8:4c:03:41:4e:b6:39:a0:
                    bf:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:E3:AD:0D:3A:DC:0F:87:A7:20:7A:A5:2F:9D:D0:F2:02:55:A9:58
            X509v3 Authority Key Identifier:
                keyid:1C:B4:64:BA:03:8B:C0:BB:BE:E4:00:F3:E9:08:DF:51:48:2C:51:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HLRkugOLwLu-5ADz6QjfUUgsUbs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/08729f-79a6-48d0-b2e1-bb26143c5edc/1/W-OtDTrcD4enIHqlL53Q8gJVqVg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/08729f-79a6-48d0-b2e1-bb26143c5edc/1/HLRkugOLwLu-5ADz6QjfUUgsUbs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.40.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         20:66:0a:87:23:33:93:b0:d7:fe:2d:be:c2:9c:29:bf:82:67:
         32:43:cb:5e:cb:92:91:d8:4b:37:f5:25:7d:4b:c6:84:87:4c:
         89:bd:bc:8f:a9:ab:4f:57:a4:3e:68:30:f4:0a:d3:aa:ea:73:
         24:a1:56:86:3c:5b:1c:51:4a:a5:b6:cf:8d:9e:62:98:f6:b1:
         04:b9:d0:fd:f4:bd:b5:ec:c4:b5:4e:6e:e5:34:c6:48:2f:bf:
         b0:c0:2d:17:11:63:03:fb:fd:a9:24:6a:cf:87:26:4f:fb:5f:
         bd:88:64:3e:c2:5d:cd:2a:bc:65:aa:a4:51:cb:8e:cf:c3:5e:
         55:0a:e2:f7:b7:0e:6f:c7:17:a2:1f:c0:1f:7f:17:98:b2:ed:
         2f:2a:d6:57:1a:c6:50:b2:1b:c6:e3:fb:11:4d:7c:ac:87:4e:
         76:1c:5e:66:de:20:b6:e7:39:46:e0:b3:64:ce:fb:bb:04:63:
         75:08:07:ba:59:c1:7f:c6:d1:c6:72:6f:ef:a2:cf:03:fd:cc:
         f0:41:ad:d9:9c:c2:3b:59:cc:0e:7c:64:9a:6e:79:eb:57:13:
         ef:e8:8d:03:21:16:32:91:77:05:66:93:97:16:cc:4f:fc:c2:
         5b:65:e1:de:94:cf:34:28:31:0a:cd:e1:d7:3d:20:56:a4:44:
         ed:48:a6:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhse7KAEYzr6cbfds2JuvsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjYjQ2NGJhMDM4YmMwYmJiZWU0MDBmM2U5MDhkZjUxNDgy
YzUxYmIwHhcNMjUwMTAxMTE0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmUzYWQwZDNhZGMwZjg3YTcyMDdhYTUyZjlkZDBmMjAyNTVhOTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Ki05cWry8i4LlfF7IbcfubzDMGI
BWEO0kEupv5YEFZXkK/iw0z48i7bXadQWIyr0ZKc2fgpJ/B93PJ/J3sWu3a5YP3e
suVi6treBuU11M8oEOXYug54vrVlQCkA4gh4VT51eoyP0PZhRXWVhr5vOPrCKwO3
t4LVieOgaL4MbZVQhx8BX4eJiMGafiWo02Y5/tpPwa+v4+JmY/97k4IjM42G8YwG
Nk1n8nAm4JTco7s9HCtkg0LKgAAeWeArdqj0CgY0lsthh+K0ioaAA/Vw8tOSHZ6i
1/K+is2EXTez+TQWqJclR8bC/r/ee6YfRQXiubtdGGxYqEwDQU62OaC/8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFvjrQ063A+HpyB6pS+d0PICValYMB8GA1UdIwQY
MBaAFBy0ZLoDi8C7vuQA8+kI31FILFG7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSExSa3VnT0x3THUtNUFEejZRamZVVWdzVWJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS8wODcyOWYtNzlhNi00OGQwLWIyZTEt
YmIyNjE0M2M1ZWRjLzEvVy1PdERUcmNENGVuSUhxbEw1M1E4Z0pWcVZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS8wODcyOWYtNzlhNi00OGQwLWIyZTEtYmIyNjE0M2M1ZWRj
LzEvSExSa3VnT0x3THUtNUFEejZRamZVVWdzVWJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTigIMA0G
CSqGSIb3DQEBCwUAA4IBAQAgZgqHIzOTsNf+Lb7CnCm/gmcyQ8tey5KR2Es39SV9
S8aEh0yJvbyPqatPV6Q+aDD0CtOq6nMkoVaGPFscUUqlts+NnmKY9rEEudD99L21
7MS1Tm7lNMZIL7+wwC0XEWMD+/2pJGrPhyZP+1+9iGQ+wl3NKrxlqqRRy47Pw15V
CuL3tw5vxxeiH8AffxeYsu0vKtZXGsZQshvG4/sRTXysh052HF5m3iC25zlG4LNk
zvu7BGN1CAe6WcF/xtHGcm/vos8D/czwQa3ZnMI7WcwOfGSabnnrVxPv6I0DIRYy
kXcFZpOXFsxP/MJbZeHelM80KDEKzeHXPSBWpETtSKaH
-----END CERTIFICATE-----