Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/whkGOZP4Q7wa7J5dbmXu5vPM1v0.roa
File:                     whkGOZP4Q7wa7J5dbmXu5vPM1v0.roa (raw, json)
Hash identifier:          4Aaj5rdkc2lbz/0Cfp212ny3pIPA+JJbd5a/bPZM33w=
Subject key identifier:   C2:19:06:39:93:F8:43:BC:1A:EC:9E:5D:6E:65:EE:E6:F3:CC:D6:FD
Certificate issuer:       /CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
Certificate serial:       019422FB0DB58E92FA063A9F96761FE4D3E1
Authority key identifier: 95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/whkGOZP4Q7wa7J5dbmXu5vPM1v0.roa
Signing time:             Wed 01 Jan 2025 17:47:45 +0000
ROA not before:           Wed 01 Jan 2025 17:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        45.112.195.0/24 maxlen: 24
                          103.102.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 11:33:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:0d:b5:8e:92:fa:06:3a:9f:96:76:1f:e4:d3:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
        Validity
            Not Before: Jan  1 17:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c219063993f843bc1aec9e5d6e65eee6f3ccd6fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:33:f7:6e:b0:a8:f2:e4:49:8d:ec:13:51:07:
                    5e:85:71:c1:f2:52:1b:b7:8e:f1:fb:7e:ac:90:d7:
                    ec:fd:1e:b3:68:54:dc:31:68:08:b6:f4:6b:b7:9e:
                    e7:11:39:59:9c:10:f1:40:ce:0a:39:30:bc:7c:69:
                    89:d6:e0:47:17:26:b8:f5:48:8c:06:82:f6:1a:db:
                    83:a8:a0:8a:f3:a2:9a:4e:da:b3:16:d4:91:9f:9c:
                    e7:e6:b4:4d:ae:cb:3b:e5:5f:0d:4c:1d:6f:91:8b:
                    2a:68:ac:64:ca:19:79:e7:32:8d:4a:04:b0:8e:cb:
                    66:d8:7f:91:d6:12:80:93:fe:96:e8:ed:3a:b1:d7:
                    db:64:78:cf:18:30:49:e3:f4:5d:0f:2d:4a:17:16:
                    ea:05:8b:4e:3c:7d:07:86:0c:04:dc:e3:5b:56:4f:
                    1c:61:68:dd:72:34:cb:06:6e:61:43:16:11:06:97:
                    bb:82:76:de:2f:b4:a5:57:a7:08:b5:6a:5e:e3:f4:
                    6f:83:cd:f3:93:e7:f1:d2:45:a3:cd:e0:23:16:45:
                    2d:4c:04:64:85:5c:cf:f0:44:3e:2d:9d:26:9e:c9:
                    ab:7c:c7:44:36:25:52:b6:9d:cf:b0:59:2c:70:be:
                    23:af:f8:ab:70:a8:3b:60:b0:88:ba:80:f7:99:31:
                    a0:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:19:06:39:93:F8:43:BC:1A:EC:9E:5D:6E:65:EE:E6:F3:CC:D6:FD
            X509v3 Authority Key Identifier:
                keyid:95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/whkGOZP4Q7wa7J5dbmXu5vPM1v0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.112.195.0/24
                  103.102.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:39:7f:3b:67:56:fe:22:e5:68:69:3e:fc:23:23:88:de:e0:
         8f:07:d6:44:55:5f:4e:ec:ef:54:b5:21:cf:32:6b:90:67:cd:
         90:5f:14:6e:8a:f1:b6:da:76:bd:b4:87:a0:d3:8d:0c:9e:00:
         0a:26:8d:3b:f3:c2:2f:d4:da:c5:0a:22:bf:8e:b3:72:55:62:
         90:5e:29:f3:73:52:8b:5c:e6:f8:18:f0:4e:37:60:f1:b0:0e:
         20:c0:7a:4d:1b:2c:2c:25:5f:87:d7:38:8c:93:ce:83:42:86:
         04:27:c1:58:cd:42:a2:34:e4:c2:17:09:8f:12:24:20:43:66:
         6d:45:97:87:f0:76:3c:4f:33:4a:90:8c:5f:d9:a1:34:b2:47:
         cb:7a:a2:5d:9f:e4:81:0d:24:27:4f:ac:bd:83:c1:4a:f5:e4:
         7d:81:7a:c1:8b:0b:11:2e:3c:fb:f0:64:85:fd:ef:28:a1:18:
         4c:c7:3c:a6:76:5a:54:07:5f:71:52:3c:d6:eb:bb:fb:2d:4e:
         93:a4:d2:11:85:c7:58:ce:76:34:fb:9b:05:96:e3:c9:46:73:
         7d:61:6d:36:96:96:c3:ac:7d:77:e0:66:10:7b:e2:18:d1:a2:
         d0:69:d8:4c:89:d7:ec:e3:84:26:d8:d6:f0:27:f4:72:1c:61:
         be:b7:cf:31
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQi+w21jpL6BjqflnYf5NPhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MjJhYjY3OTIyY2UwMjc1ZThjNjFhYmZhODJkMmE3NTRh
ZjZkYzQwHhcNMjUwMTAxMTc0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjE5MDYzOTkzZjg0M2JjMWFlYzllNWQ2ZTY1ZWVlNmYzY2NkNmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjTP3brCo8uRJjewTUQdehXHB8lIb
t47x+36skNfs/R6zaFTcMWgItvRrt57nETlZnBDxQM4KOTC8fGmJ1uBHFya49UiM
BoL2GtuDqKCK86KaTtqzFtSRn5zn5rRNrss75V8NTB1vkYsqaKxkyhl55zKNSgSw
jstm2H+R1hKAk/6W6O06sdfbZHjPGDBJ4/RdDy1KFxbqBYtOPH0HhgwE3ONbVk8c
YWjdcjTLBm5hQxYRBpe7gnbeL7SlV6cItWpe4/Rvg83zk+fx0kWjzeAjFkUtTARk
hVzP8EQ+LZ0mnsmrfMdENiVStp3PsFkscL4jr/ircKg7YLCIuoD3mTGggQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMIZBjmT+EO8GuyeXW5l7ubzzNb9MB8GA1UdIwQY
MBaAFJUiq2eSLOAnXoxhq/qC0qdUr23EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEt
ZTUyNmE5NDA5ZmI4LzEvd2hrR09aUDRRN3dhN0o1ZGJtWHU1dlBNMXYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEtZTUyNmE5NDA5ZmI4
LzEvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALXDDAwQA
Z2bnMA0GCSqGSIb3DQEBCwUAA4IBAQBPOX87Z1b+IuVoaT78IyOI3uCPB9ZEVV9O
7O9UtSHPMmuQZ82QXxRuivG22na9tIeg040MngAKJo0788Iv1NrFCiK/jrNyVWKQ
Xinzc1KLXOb4GPBON2DxsA4gwHpNGywsJV+H1ziMk86DQoYEJ8FYzUKiNOTCFwmP
EiQgQ2ZtRZeH8HY8TzNKkIxf2aE0skfLeqJdn+SBDSQnT6y9g8FK9eR9gXrBiwsR
Ljz78GSF/e8ooRhMxzymdlpUB19xUjzW67v7LU6TpNIRhcdYznY0+5sFluPJRnN9
YW02lpbDrH134GYQe+IY0aLQadhMidfs44Qm2NbwJ/RyHGG+t88x
-----END CERTIFICATE-----