Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/W4wf-OAMEK-73Ed6RT7ypN5sr-k.roa
File:                     W4wf-OAMEK-73Ed6RT7ypN5sr-k.roa (raw, json)
Hash identifier:          IJZ4wsFpXNgYN94omFfW/OOG2yIoCFkgqtOfLsCQRvA=
Subject key identifier:   5B:8C:1F:F8:E0:0C:10:AF:BB:DC:47:7A:45:3E:F2:A4:DE:6C:AF:E9
Certificate issuer:       /CN=12fd558a64e97586a43dc7ee50a8d6b292365b60
Certificate serial:       0194266AD9D03B830386ABCF816A72180296
Authority key identifier: 12:FD:55:8A:64:E9:75:86:A4:3D:C7:EE:50:A8:D6:B2:92:36:5B:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/W4wf-OAMEK-73Ed6RT7ypN5sr-k.roa
Signing time:             Thu 02 Jan 2025 09:48:44 +0000
ROA not before:           Thu 02 Jan 2025 09:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211440
IP address blocks:        5.183.196.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:d9:d0:3b:83:03:86:ab:cf:81:6a:72:18:02:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12fd558a64e97586a43dc7ee50a8d6b292365b60
        Validity
            Not Before: Jan  2 09:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5b8c1ff8e00c10afbbdc477a453ef2a4de6cafe9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:ed:36:8d:04:f8:0d:db:29:cc:64:a8:90:b2:
                    c3:fb:9e:dd:bc:84:c8:55:3d:cb:0f:4c:04:1c:0a:
                    cf:7b:dc:eb:86:7b:68:67:4e:d2:2e:d7:cb:bb:31:
                    16:e8:47:86:a9:f9:58:cc:ec:5f:0e:21:7a:a3:51:
                    25:18:00:7b:cf:52:6f:41:c9:22:b9:dd:6c:c9:31:
                    1e:df:d2:87:d0:4e:f8:68:e7:47:5b:53:29:9d:bb:
                    1f:e8:9e:43:5b:5d:07:0d:73:12:d1:e0:cf:07:94:
                    bf:90:0e:09:63:f1:54:5a:ce:86:84:f7:fd:db:4b:
                    47:8d:ba:a7:8a:4e:17:f7:02:e9:53:9d:06:56:d6:
                    86:e9:a8:c0:5a:f9:23:84:02:0a:8a:51:0a:2c:db:
                    4f:2b:6d:2d:80:4b:61:00:dd:6f:79:25:44:f1:6b:
                    7e:82:6c:33:ce:e3:9c:07:f5:c9:ad:cb:76:bd:27:
                    4c:40:9a:8c:63:21:40:e2:46:c5:f3:66:65:9c:4c:
                    68:96:93:1b:fb:9c:1e:76:25:9b:b5:d3:8d:f9:6d:
                    be:67:f4:eb:b2:97:b3:aa:43:1f:d9:6f:87:ce:29:
                    9a:d9:2c:4f:36:2e:99:52:d6:76:0f:cb:9b:2a:51:
                    6f:75:48:71:e6:55:03:b3:25:b3:05:cf:3b:4b:c5:
                    f6:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:8C:1F:F8:E0:0C:10:AF:BB:DC:47:7A:45:3E:F2:A4:DE:6C:AF:E9
            X509v3 Authority Key Identifier:
                keyid:12:FD:55:8A:64:E9:75:86:A4:3D:C7:EE:50:A8:D6:B2:92:36:5B:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/W4wf-OAMEK-73Ed6RT7ypN5sr-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9b:bd:79:31:93:d2:b6:16:01:5b:a1:11:16:06:2e:ff:ed:f1:
         76:9e:57:5b:ee:1b:36:57:d0:5a:03:97:76:45:22:bc:35:7d:
         8e:47:37:f8:56:56:f6:14:a5:83:6a:e2:da:24:ee:c1:74:5b:
         d0:96:b1:0b:9b:82:bc:1d:b7:fb:c6:43:21:6b:b2:7f:07:49:
         5e:ef:c7:ef:86:ac:51:19:e0:84:16:6e:de:80:79:fa:ee:ef:
         ed:e5:dd:74:d0:90:78:ac:44:a7:ec:6f:e0:99:1b:41:73:05:
         1e:5c:50:89:e7:e9:80:e0:16:61:a4:75:e4:3d:68:fb:b2:f3:
         69:f3:ad:5b:3f:41:6c:9b:61:06:c9:19:b6:40:bd:c8:97:bb:
         51:47:91:a2:92:0e:0c:22:34:16:4e:90:63:62:20:fe:e7:c0:
         b7:6d:b6:4a:d9:84:4e:c1:fe:30:9c:90:f7:b6:5c:31:b4:c7:
         54:5e:da:00:21:9f:2a:56:c9:05:85:5f:2d:6c:7c:0a:78:49:
         30:c3:ba:4d:1e:7c:4c:24:f8:a4:72:88:7a:ff:8a:9c:ce:de:
         7e:d4:47:65:c1:4a:92:81:25:20:48:58:e9:ca:80:9b:1c:24:
         93:18:d5:fb:63:a1:ca:0d:5a:41:de:52:31:41:7f:af:17:b7:
         72:89:93:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmatnQO4MDhqvPgWpyGAKWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyZmQ1NThhNjRlOTc1ODZhNDNkYzdlZTUwYThkNmIyOTIz
NjViNjAwHhcNMjUwMTAyMDk0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjhjMWZmOGUwMGMxMGFmYmJkYzQ3N2E0NTNlZjJhNGRlNmNhZmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+02jQT4DdspzGSokLLD+57dvITI
VT3LD0wEHArPe9zrhntoZ07SLtfLuzEW6EeGqflYzOxfDiF6o1ElGAB7z1JvQcki
ud1syTEe39KH0E74aOdHW1Mpnbsf6J5DW10HDXMS0eDPB5S/kA4JY/FUWs6GhPf9
20tHjbqnik4X9wLpU50GVtaG6ajAWvkjhAIKilEKLNtPK20tgEthAN1veSVE8Wt+
gmwzzuOcB/XJrct2vSdMQJqMYyFA4kbF82ZlnExolpMb+5wediWbtdON+W2+Z/Tr
spezqkMf2W+Hzima2SxPNi6ZUtZ2D8ubKlFvdUhx5lUDsyWzBc87S8X2dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFuMH/jgDBCvu9xHekU+8qTebK/pMB8GA1UdIwQY
MBaAFBL9VYpk6XWGpD3H7lCo1rKSNltgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXYxVmltVHBkWWFrUGNmdVVLaldzcEkyVzJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9hZjk2ZGYtYTRkNS00OGY5LWFjMGMt
MjRkOGU3NDdjMzhmLzEvVzR3Zi1PQU1FSy03M0VkNlJUN3lwTjVzci1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9hZjk2ZGYtYTRkNS00OGY5LWFjMGMtMjRkOGU3NDdjMzhm
LzEvRXYxVmltVHBkWWFrUGNmdVVLaldzcEkyVzJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBbfEMA0G
CSqGSIb3DQEBCwUAA4IBAQCbvXkxk9K2FgFboREWBi7/7fF2nldb7hs2V9BaA5d2
RSK8NX2ORzf4Vlb2FKWDauLaJO7BdFvQlrELm4K8Hbf7xkMha7J/B0le78fvhqxR
GeCEFm7egHn67u/t5d100JB4rESn7G/gmRtBcwUeXFCJ5+mA4BZhpHXkPWj7svNp
861bP0Fsm2EGyRm2QL3Il7tRR5Gikg4MIjQWTpBjYiD+58C3bbZK2YROwf4wnJD3
tlwxtMdUXtoAIZ8qVskFhV8tbHwKeEkww7pNHnxMJPikcoh6/4qczt5+1EdlwUqS
gSUgSFjpyoCbHCSTGNX7Y6HKDVpB3lIxQX+vF7dyiZP/
-----END CERTIFICATE-----