Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/bc1c74-1e0a-4055-80b8-efa7f89bd0b9/1/WsJxTcqQMdNcfxDwYxL96RxQkLE.roa
File:                     WsJxTcqQMdNcfxDwYxL96RxQkLE.roa (raw, json)
Hash identifier:          AzUS2a/hUE19ESDc/skGDA/ldB6bGDxX9L5RO7/taEk=
Subject key identifier:   5A:C2:71:4D:CA:90:31:D3:5C:7F:10:F0:63:12:FD:E9:1C:50:90:B1
Certificate issuer:       /CN=a27200544f93a675fc8c7841856980e38a3529cb
Certificate serial:       01942143FEC1C144ABD46451325703D0B0B7
Authority key identifier: A2:72:00:54:4F:93:A6:75:FC:8C:78:41:85:69:80:E3:8A:35:29:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/onIAVE-TpnX8jHhBhWmA44o1Kcs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/bc1c74-1e0a-4055-80b8-efa7f89bd0b9/1/WsJxTcqQMdNcfxDwYxL96RxQkLE.roa
Signing time:             Wed 01 Jan 2025 09:48:11 +0000
ROA not before:           Wed 01 Jan 2025 09:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16243
IP address blocks:        193.176.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/bc1c74-1e0a-4055-80b8-efa7f89bd0b9/1/onIAVE-TpnX8jHhBhWmA44o1Kcs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/bc1c74-1e0a-4055-80b8-efa7f89bd0b9/1/onIAVE-TpnX8jHhBhWmA44o1Kcs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/onIAVE-TpnX8jHhBhWmA44o1Kcs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 21:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:fe:c1:c1:44:ab:d4:64:51:32:57:03:d0:b0:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a27200544f93a675fc8c7841856980e38a3529cb
        Validity
            Not Before: Jan  1 09:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5ac2714dca9031d35c7f10f06312fde91c5090b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:17:ab:f0:e5:e9:35:59:dd:2e:3e:e0:d9:02:
                    42:23:55:69:e2:4c:12:4e:20:cb:cb:98:97:21:10:
                    59:be:e3:7a:45:ad:80:f3:f4:d9:77:ec:7d:e2:d5:
                    da:86:9f:61:5c:bc:fc:b7:6a:07:73:54:fd:58:d9:
                    cb:2c:51:95:72:f3:85:88:2e:d5:a3:0e:96:91:69:
                    99:71:15:6e:7d:d7:6f:2c:05:27:8b:a7:a2:e0:70:
                    71:dc:b4:21:5f:89:ae:b8:91:c5:c4:a8:0f:e3:7e:
                    a0:3e:52:5d:35:b5:67:da:5b:41:90:60:4b:5c:68:
                    06:1e:ac:0a:c1:78:a4:fa:31:11:47:d2:71:f1:e6:
                    4f:89:98:3a:ee:f6:a5:82:4e:f2:4f:e7:b3:ae:bf:
                    fd:b6:31:86:86:41:ea:2f:e0:4b:85:b4:da:71:a2:
                    98:d5:95:81:98:71:0b:e1:bd:3e:bd:13:79:17:09:
                    30:bf:e3:b2:d8:ec:8b:6d:bc:2b:8d:aa:e9:b5:06:
                    0f:d7:7e:0b:69:c9:10:c1:96:7b:52:d5:fa:d6:87:
                    fa:7c:4f:f4:32:d2:8d:af:75:24:0d:d9:f9:1c:e2:
                    b5:96:1e:17:21:af:2e:50:0f:96:10:0d:4f:ba:3d:
                    21:e7:85:23:d6:16:5f:c8:03:cd:c1:1b:ad:5d:03:
                    98:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:C2:71:4D:CA:90:31:D3:5C:7F:10:F0:63:12:FD:E9:1C:50:90:B1
            X509v3 Authority Key Identifier:
                keyid:A2:72:00:54:4F:93:A6:75:FC:8C:78:41:85:69:80:E3:8A:35:29:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/onIAVE-TpnX8jHhBhWmA44o1Kcs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/bc1c74-1e0a-4055-80b8-efa7f89bd0b9/1/WsJxTcqQMdNcfxDwYxL96RxQkLE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/bc1c74-1e0a-4055-80b8-efa7f89bd0b9/1/onIAVE-TpnX8jHhBhWmA44o1Kcs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.176.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:37:82:89:40:d1:c3:53:70:39:3f:d8:70:d4:9f:f5:d4:46:
         1f:64:e1:b4:29:d1:2b:1d:ff:e3:e8:cd:6a:fb:53:87:33:f5:
         6c:c9:ef:bd:e7:64:5c:cb:be:d6:ee:77:3d:78:f0:9e:42:a3:
         89:2a:bc:14:c2:de:ce:ed:3b:0e:15:76:33:6f:c4:0a:7e:0a:
         7c:e1:e4:71:3e:55:84:89:98:64:70:63:96:2e:71:8c:83:60:
         10:42:e4:e5:1e:4a:02:c2:5d:20:c4:7f:31:9d:03:da:8e:c7:
         f5:71:f3:02:ef:5c:19:c7:35:25:78:6a:56:8b:6c:1b:7d:35:
         6d:bd:67:c5:70:26:66:14:15:f3:7f:80:4f:a3:90:ce:6c:a3:
         6b:9a:8f:99:a2:26:67:a3:8b:a3:0e:6c:17:ee:df:43:6e:83:
         69:92:9f:a8:3e:5e:c6:bf:01:a9:ad:6c:ce:4a:38:97:53:a8:
         9a:31:02:0f:a2:a9:e2:4c:4d:14:47:3c:cf:e2:74:92:7a:53:
         1a:1d:b4:3f:47:89:ec:d3:ed:d8:60:00:fd:7b:d6:62:d6:49:
         2d:d0:60:73:55:d0:28:64:a8:d8:78:a7:dc:95:85:3a:3c:c4:
         4a:ff:d5:39:62:70:df:84:ad:03:e9:4d:0e:d2:a3:71:58:ce:
         be:2f:cb:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ/7BwUSr1GRRMlcD0LC3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNzIwMDU0NGY5M2E2NzVmYzhjNzg0MTg1Njk4MGUzOGEz
NTI5Y2IwHhcNMjUwMTAxMDk0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWMyNzE0ZGNhOTAzMWQzNWM3ZjEwZjA2MzEyZmRlOTFjNTA5MGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhBer8OXpNVndLj7g2QJCI1Vp4kwS
TiDLy5iXIRBZvuN6Ra2A8/TZd+x94tXahp9hXLz8t2oHc1T9WNnLLFGVcvOFiC7V
ow6WkWmZcRVufddvLAUni6ei4HBx3LQhX4muuJHFxKgP436gPlJdNbVn2ltBkGBL
XGgGHqwKwXik+jERR9Jx8eZPiZg67valgk7yT+ezrr/9tjGGhkHqL+BLhbTacaKY
1ZWBmHEL4b0+vRN5Fwkwv+Oy2OyLbbwrjarptQYP134LackQwZZ7UtX61of6fE/0
MtKNr3UkDdn5HOK1lh4XIa8uUA+WEA1Puj0h54Uj1hZfyAPNwRutXQOYXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFrCcU3KkDHTXH8Q8GMS/ekcUJCxMB8GA1UdIwQY
MBaAFKJyAFRPk6Z1/Ix4QYVpgOOKNSnLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb25JQVZFLVRwblg4akhoQmhXbUE0NG8xS2NzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9iYzFjNzQtMWUwYS00MDU1LTgwYjgt
ZWZhN2Y4OWJkMGI5LzEvV3NKeFRjcVFNZE5jZnhEd1l4TDk2UnhRa0xFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9iYzFjNzQtMWUwYS00MDU1LTgwYjgtZWZhN2Y4OWJkMGI5
LzEvb25JQVZFLVRwblg4akhoQmhXbUE0NG8xS2NzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbAFMA0G
CSqGSIb3DQEBCwUAA4IBAQB1N4KJQNHDU3A5P9hw1J/11EYfZOG0KdErHf/j6M1q
+1OHM/Vsye+952Rcy77W7nc9ePCeQqOJKrwUwt7O7TsOFXYzb8QKfgp84eRxPlWE
iZhkcGOWLnGMg2AQQuTlHkoCwl0gxH8xnQPajsf1cfMC71wZxzUleGpWi2wbfTVt
vWfFcCZmFBXzf4BPo5DObKNrmo+ZoiZno4ujDmwX7t9DboNpkp+oPl7GvwGprWzO
SjiXU6iaMQIPoqniTE0URzzP4nSSelMaHbQ/R4ns0+3YYAD9e9Zi1kkt0GBzVdAo
ZKjYeKfclYU6PMRK/9U5YnDfhK0D6U0O0qNxWM6+L8ti
-----END CERTIFICATE-----