Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/wp3jap1mni2XXyWB1TdLeNanlYY.roa
File:                     wp3jap1mni2XXyWB1TdLeNanlYY.roa (raw, json)
Hash identifier:          dpVy5m/fR2s5CCuPKjVf05/STGRBkjX8a4+Pj4dHCio=
Subject key identifier:   C2:9D:E3:6A:9D:66:9E:2D:97:5F:25:81:D5:37:4B:78:D6:A7:95:86
Certificate issuer:       /CN=79a843d3a67bf202d0ae23df95e14ea871d8f15d
Certificate serial:       0194274892661DB47622391E0369416CEB9F
Authority key identifier: 79:A8:43:D3:A6:7B:F2:02:D0:AE:23:DF:95:E1:4E:A8:71:D8:F1:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/wp3jap1mni2XXyWB1TdLeNanlYY.roa
Signing time:             Thu 02 Jan 2025 13:50:54 +0000
ROA not before:           Thu 02 Jan 2025 13:50:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212609
IP address blocks:        45.145.96.0/22 maxlen: 22
                          185.21.50.0/24 maxlen: 24
                          194.45.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 07:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:92:66:1d:b4:76:22:39:1e:03:69:41:6c:eb:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79a843d3a67bf202d0ae23df95e14ea871d8f15d
        Validity
            Not Before: Jan  2 13:50:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c29de36a9d669e2d975f2581d5374b78d6a79586
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:d0:d2:98:f1:e7:52:31:40:a4:28:39:76:de:
                    71:09:7b:d9:7a:1c:44:be:76:6a:c1:a1:6a:7b:c2:
                    d2:8c:8d:2f:b5:65:e5:67:25:f2:27:a8:c7:c9:55:
                    a9:1c:2e:cb:84:b6:e1:f5:6e:26:0b:3e:ea:43:f5:
                    7b:9a:ba:29:8d:e1:8f:5f:5f:92:4b:49:ff:e6:b4:
                    dd:52:f9:77:17:86:8d:23:b4:7c:a5:8b:ef:63:bf:
                    4d:fa:27:02:50:14:63:dd:2c:ce:17:3b:0b:af:7c:
                    b4:9b:c9:b0:b4:ec:ce:44:3e:11:a9:7f:a9:8f:bd:
                    de:c9:31:da:72:f9:4d:71:a3:3e:80:06:7f:dd:a7:
                    7a:87:42:84:ce:18:ce:f6:97:93:e5:a2:95:73:9c:
                    b4:7b:b7:cf:ae:59:aa:5c:9a:b2:3a:bd:2c:60:65:
                    86:5b:69:c4:50:33:bb:37:9a:48:d6:07:f9:0b:4f:
                    29:4f:15:8c:e6:17:75:80:03:d8:c2:31:52:5b:92:
                    33:52:79:d7:4f:13:8a:22:93:e2:68:85:0b:b3:e1:
                    7e:c2:b7:be:b7:4d:c0:4d:a8:80:6b:31:77:57:74:
                    f9:73:e6:ff:18:1a:ef:ec:d0:8d:90:81:e4:0f:ca:
                    04:93:da:9d:8e:3a:7e:47:c8:3b:ab:cf:ec:74:10:
                    b7:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:9D:E3:6A:9D:66:9E:2D:97:5F:25:81:D5:37:4B:78:D6:A7:95:86
            X509v3 Authority Key Identifier:
                keyid:79:A8:43:D3:A6:7B:F2:02:D0:AE:23:DF:95:E1:4E:A8:71:D8:F1:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eahD06Z78gLQriPfleFOqHHY8V0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/wp3jap1mni2XXyWB1TdLeNanlYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/f70c6a-814b-461a-8541-b4dd22758951/1/eahD06Z78gLQriPfleFOqHHY8V0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.96.0/22
                  185.21.50.0/24
                  194.45.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:22:d7:d7:ec:8c:dc:38:74:ad:d6:5e:90:af:56:8f:f4:a6:
         c3:86:e4:7b:46:c7:f2:78:3d:24:2c:5d:ec:78:6c:8c:cd:16:
         6e:a4:75:58:f5:f0:14:46:14:26:38:ce:73:4f:57:74:54:3e:
         c3:86:59:6e:0c:25:a9:4d:d1:d8:6a:9c:30:57:a5:3b:8b:89:
         f7:71:bf:62:aa:48:ea:cf:8f:10:13:2b:9a:ad:cd:66:32:6a:
         86:8b:a4:c2:9a:28:2e:a9:e0:64:86:95:64:cf:ed:6e:62:34:
         ce:b2:db:57:7c:21:3c:ea:65:80:cc:ee:b7:a4:1c:e3:65:37:
         f2:69:90:98:ac:f1:3c:15:09:6f:30:c5:49:7c:37:a3:21:16:
         ff:47:80:20:4f:3d:5b:17:cb:06:5e:2f:6d:0e:55:c6:19:95:
         9c:2f:63:d7:e6:e0:e8:a2:61:d7:8c:c6:10:1e:13:57:45:ee:
         7e:ae:1d:de:ed:a4:1a:87:dd:eb:b6:18:e4:cf:30:65:5e:a9:
         b1:51:bf:3d:bf:e9:51:63:3d:70:99:e1:49:94:f4:34:b1:5f:
         ba:78:16:ec:6e:be:59:cf:5d:a0:58:f3:68:c1:26:97:dc:59:
         e2:46:73:ff:53:6a:11:9c:df:ae:87:cb:4e:24:6d:d1:84:e6:
         5e:a0:41:8f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQnSJJmHbR2IjkeA2lBbOufMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5YTg0M2QzYTY3YmYyMDJkMGFlMjNkZjk1ZTE0ZWE4NzFk
OGYxNWQwHhcNMjUwMTAyMTM1MDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjlkZTM2YTlkNjY5ZTJkOTc1ZjI1ODFkNTM3NGI3OGQ2YTc5NTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2tDSmPHnUjFApCg5dt5xCXvZehxE
vnZqwaFqe8LSjI0vtWXlZyXyJ6jHyVWpHC7LhLbh9W4mCz7qQ/V7mropjeGPX1+S
S0n/5rTdUvl3F4aNI7R8pYvvY79N+icCUBRj3SzOFzsLr3y0m8mwtOzORD4RqX+p
j73eyTHacvlNcaM+gAZ/3ad6h0KEzhjO9peT5aKVc5y0e7fPrlmqXJqyOr0sYGWG
W2nEUDO7N5pI1gf5C08pTxWM5hd1gAPYwjFSW5IzUnnXTxOKIpPiaIULs+F+wre+
t03ATaiAazF3V3T5c+b/GBrv7NCNkIHkD8oEk9qdjjp+R8g7q8/sdBC3cQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMKd42qdZp4tl18lgdU3S3jWp5WGMB8GA1UdIwQY
MBaAFHmoQ9Ome/IC0K4j35XhTqhx2PFdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWFoRDA2Wjc4Z0xRcmlQZmxlRk9xSEhZOFYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9mNzBjNmEtODE0Yi00NjFhLTg1NDEt
YjRkZDIyNzU4OTUxLzEvd3AzamFwMW1uaTJYWHlXQjFUZExlTmFubFlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9mNzBjNmEtODE0Yi00NjFhLTg1NDEtYjRkZDIyNzU4OTUx
LzEvZWFoRDA2Wjc4Z0xRcmlQZmxlRk9xSEhZOFYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLZFgAwQA
uRUyAwQAwi1kMA0GCSqGSIb3DQEBCwUAA4IBAQBaItfX7IzcOHSt1l6Qr1aP9KbD
huR7RsfyeD0kLF3seGyMzRZupHVY9fAURhQmOM5zT1d0VD7DhlluDCWpTdHYapww
V6U7i4n3cb9iqkjqz48QEyuarc1mMmqGi6TCmiguqeBkhpVkz+1uYjTOsttXfCE8
6mWAzO63pBzjZTfyaZCYrPE8FQlvMMVJfDejIRb/R4AgTz1bF8sGXi9tDlXGGZWc
L2PX5uDoomHXjMYQHhNXRe5+rh3e7aQah93rthjkzzBlXqmxUb89v+lRYz1wmeFJ
lPQ0sV+6eBbsbr5Zz12gWPNowSaX3FniRnP/U2oRnN+uh8tOJG3RhOZeoEGP
-----END CERTIFICATE-----