Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/05a903-d9c0-4689-9ac8-c32de90e3fc3/1/W1HT74Ti-eehsN9aFk8FhX6Amk0.roa
File:                     W1HT74Ti-eehsN9aFk8FhX6Amk0.roa (raw, json)
Hash identifier:          3zzhU0Zo0DbhPnuXcPDdzKBUW4Glv+sVBLV3Zhd2+lU=
Subject key identifier:   5B:51:D3:EF:84:E2:F9:E7:A1:B0:DF:5A:16:4F:05:85:7E:80:9A:4D
Certificate issuer:       /CN=44c4455ebb09182d4fbeb3b4560e208986e1ae21
Certificate serial:       01942445516C237EED79ADF371AFA0CE10BC
Authority key identifier: 44:C4:45:5E:BB:09:18:2D:4F:BE:B3:B4:56:0E:20:89:86:E1:AE:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RMRFXrsJGC1PvrO0Vg4giYbhriE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/05a903-d9c0-4689-9ac8-c32de90e3fc3/1/W1HT74Ti-eehsN9aFk8FhX6Amk0.roa
Signing time:             Wed 01 Jan 2025 23:48:30 +0000
ROA not before:           Wed 01 Jan 2025 23:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44384
IP address blocks:        92.61.192.0/20 maxlen: 20
                          185.111.140.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/05a903-d9c0-4689-9ac8-c32de90e3fc3/1/RMRFXrsJGC1PvrO0Vg4giYbhriE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/05a903-d9c0-4689-9ac8-c32de90e3fc3/1/RMRFXrsJGC1PvrO0Vg4giYbhriE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RMRFXrsJGC1PvrO0Vg4giYbhriE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 02:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:51:6c:23:7e:ed:79:ad:f3:71:af:a0:ce:10:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44c4455ebb09182d4fbeb3b4560e208986e1ae21
        Validity
            Not Before: Jan  1 23:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5b51d3ef84e2f9e7a1b0df5a164f05857e809a4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:79:21:b3:8b:d1:46:de:85:3d:80:ef:0e:ca:
                    f6:c1:52:48:d1:6c:9d:e2:18:6c:a3:f9:ad:c4:44:
                    b3:9c:dd:ce:0c:51:8f:9c:9b:b9:18:58:7e:01:0e:
                    22:d4:55:a7:af:d6:e6:fc:aa:89:1a:57:0c:6d:90:
                    86:40:1a:7c:d6:16:74:18:77:7f:fe:59:0a:38:74:
                    a9:89:3c:2a:50:ba:77:20:22:90:2d:4c:92:40:64:
                    3e:ac:90:1d:e5:05:a4:88:f1:3f:94:16:79:73:15:
                    30:63:a4:be:01:71:2b:12:b8:80:00:86:e3:74:87:
                    f8:ec:31:df:cb:46:6a:ed:08:7d:55:de:c3:22:d7:
                    5a:95:7a:11:ce:8a:14:d0:37:e4:84:30:61:d0:8b:
                    c8:f6:61:c4:7f:4d:31:ff:c5:bb:aa:36:08:e7:36:
                    2c:2c:f7:41:5b:7a:ab:5b:41:1c:07:3b:d6:13:03:
                    69:79:55:c1:e1:e7:10:8d:6b:10:ef:ac:5d:b9:00:
                    12:c8:c4:5a:33:18:b7:27:0d:f9:6c:0f:64:66:23:
                    8e:d5:0e:db:d2:6c:84:8c:07:fe:39:40:63:96:e4:
                    28:82:7d:f1:4e:5c:0e:4a:6c:f0:c5:f4:8a:f4:21:
                    ed:eb:1c:08:4c:76:b9:e7:17:3b:7d:6c:65:51:5d:
                    bd:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:51:D3:EF:84:E2:F9:E7:A1:B0:DF:5A:16:4F:05:85:7E:80:9A:4D
            X509v3 Authority Key Identifier:
                keyid:44:C4:45:5E:BB:09:18:2D:4F:BE:B3:B4:56:0E:20:89:86:E1:AE:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RMRFXrsJGC1PvrO0Vg4giYbhriE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/05a903-d9c0-4689-9ac8-c32de90e3fc3/1/W1HT74Ti-eehsN9aFk8FhX6Amk0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/05a903-d9c0-4689-9ac8-c32de90e3fc3/1/RMRFXrsJGC1PvrO0Vg4giYbhriE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.61.192.0/20
                  185.111.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         16:dd:b5:76:f1:23:59:9e:f1:88:55:1b:93:e0:7c:fd:c3:60:
         33:bf:74:3b:79:36:70:7a:3e:07:9f:b3:0c:9d:5b:07:4b:7e:
         85:04:e0:53:55:ed:be:c9:e7:54:aa:05:f5:b9:23:36:50:ff:
         b1:ce:1b:2f:b5:a4:a2:51:4e:21:6f:c0:d6:4a:ab:ed:43:2c:
         0c:73:76:00:0e:a5:dc:35:e0:ad:29:da:b1:d7:a8:46:ae:8b:
         fb:74:b6:87:46:92:a7:f2:62:fb:9f:fe:b5:78:f0:24:ef:7c:
         93:5d:11:d8:26:32:cf:2b:6c:24:45:3e:b3:82:4d:2f:00:8d:
         56:96:c8:c4:d8:7d:70:0e:95:1c:5c:47:47:74:4d:80:0e:9a:
         d1:a0:a5:b5:d9:ca:72:a3:3a:da:5c:44:af:e5:3b:8c:58:81:
         d0:7c:61:c1:69:5f:db:39:3a:aa:90:11:56:5b:a8:a1:26:1e:
         c5:36:8e:60:4b:cd:3b:e1:be:52:75:8e:c6:3c:34:5a:91:a5:
         ae:7c:8e:79:39:59:68:41:ef:e8:de:d4:12:ab:ed:00:94:c8:
         3a:4a:2b:fd:f1:82:2c:e7:d3:f0:b5:5a:09:ba:5a:e4:31:7f:
         bc:47:b8:a4:f9:1b:c1:93:24:a9:81:a9:4d:d3:6c:b1:c3:f0:
         85:0c:7b:b5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQkRVFsI37tea3zca+gzhC8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0YzQ0NTVlYmIwOTE4MmQ0ZmJlYjNiNDU2MGUyMDg5ODZl
MWFlMjEwHhcNMjUwMTAxMjM0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjUxZDNlZjg0ZTJmOWU3YTFiMGRmNWExNjRmMDU4NTdlODA5YTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3khs4vRRt6FPYDvDsr2wVJI0Wyd
4hhso/mtxESznN3ODFGPnJu5GFh+AQ4i1FWnr9bm/KqJGlcMbZCGQBp81hZ0GHd/
/lkKOHSpiTwqULp3ICKQLUySQGQ+rJAd5QWkiPE/lBZ5cxUwY6S+AXErEriAAIbj
dIf47DHfy0Zq7Qh9Vd7DItdalXoRzooU0DfkhDBh0IvI9mHEf00x/8W7qjYI5zYs
LPdBW3qrW0EcBzvWEwNpeVXB4ecQjWsQ76xduQASyMRaMxi3Jw35bA9kZiOO1Q7b
0myEjAf+OUBjluQogn3xTlwOSmzwxfSK9CHt6xwITHa55xc7fWxlUV29AwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFtR0++E4vnnobDfWhZPBYV+gJpNMB8GA1UdIwQY
MBaAFETERV67CRgtT76ztFYOIImG4a4hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUk1SRlhyc0pHQzFQdnJPMFZnNGdpWWJocmlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi8wNWE5MDMtZDljMC00Njg5LTlhYzgt
YzMyZGU5MGUzZmMzLzEvVzFIVDc0VGktZWVoc045YUZrOEZoWDZBbWswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi8wNWE5MDMtZDljMC00Njg5LTlhYzgtYzMyZGU5MGUzZmMz
LzEvUk1SRlhyc0pHQzFQdnJPMFZnNGdpWWJocmlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEXD3AAwQC
uW+MMA0GCSqGSIb3DQEBCwUAA4IBAQAW3bV28SNZnvGIVRuT4Hz9w2Azv3Q7eTZw
ej4Hn7MMnVsHS36FBOBTVe2+yedUqgX1uSM2UP+xzhsvtaSiUU4hb8DWSqvtQywM
c3YADqXcNeCtKdqx16hGrov7dLaHRpKn8mL7n/61ePAk73yTXRHYJjLPK2wkRT6z
gk0vAI1WlsjE2H1wDpUcXEdHdE2ADprRoKW12cpyozraXESv5TuMWIHQfGHBaV/b
OTqqkBFWW6ihJh7FNo5gS8074b5SdY7GPDRakaWufI55OVloQe/o3tQSq+0AlMg6
Siv98YIs59PwtVoJulrkMX+8R7ik+RvBkySpgalN02yxw/CFDHu1
-----END CERTIFICATE-----