Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/19511d-537e-4241-a0d8-2d91cfd7aaf4/1/wXKkmEzVnT6wH-e4RUZ5ISziflM.roa
File:                     wXKkmEzVnT6wH-e4RUZ5ISziflM.roa (raw, json)
Hash identifier:          0ibg6oISPGaXyJMIkBYpRfjFyr2Dyc5Kyu9O/zaq9rU=
Subject key identifier:   C1:72:A4:98:4C:D5:9D:3E:B0:1F:E7:B8:45:46:79:21:2C:E2:7E:53
Certificate issuer:       /CN=2ac943517f5e3b747e7530320789a03444b43912
Certificate serial:       019424B3A6B9DA2B5CA07D2DD121905DD460
Authority key identifier: 2A:C9:43:51:7F:5E:3B:74:7E:75:30:32:07:89:A0:34:44:B4:39:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KslDUX9eO3R-dTAyB4mgNES0ORI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/19511d-537e-4241-a0d8-2d91cfd7aaf4/1/wXKkmEzVnT6wH-e4RUZ5ISziflM.roa
Signing time:             Thu 02 Jan 2025 01:49:00 +0000
ROA not before:           Thu 02 Jan 2025 01:49:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206176
IP address blocks:        45.135.56.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/19511d-537e-4241-a0d8-2d91cfd7aaf4/1/KslDUX9eO3R-dTAyB4mgNES0ORI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/19511d-537e-4241-a0d8-2d91cfd7aaf4/1/KslDUX9eO3R-dTAyB4mgNES0ORI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KslDUX9eO3R-dTAyB4mgNES0ORI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:a6:b9:da:2b:5c:a0:7d:2d:d1:21:90:5d:d4:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac943517f5e3b747e7530320789a03444b43912
        Validity
            Not Before: Jan  2 01:49:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c172a4984cd59d3eb01fe7b8454679212ce27e53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:97:da:cb:6a:d6:bb:00:fe:21:4c:fb:3c:84:
                    9f:0d:c6:95:cd:10:78:53:bd:35:39:13:e9:0f:bf:
                    75:e2:80:b1:82:17:90:b2:8d:72:9c:c4:91:19:2c:
                    97:bc:6f:cb:b0:9d:f6:e9:cc:78:ff:7f:fe:12:1a:
                    27:fb:48:e7:3c:49:d3:30:fd:2a:9f:66:bf:0a:6d:
                    c2:ef:af:7e:7a:85:fb:c5:57:6a:12:aa:5c:c9:a1:
                    a6:09:9c:6f:5b:23:07:c2:e2:a8:d9:c6:09:86:09:
                    a2:4b:af:41:ed:38:22:51:a4:f4:16:ab:8b:e0:2a:
                    68:59:f6:67:e8:59:f7:46:ce:72:1c:0f:56:55:e0:
                    7d:30:d2:4c:b5:79:10:63:de:57:2f:f4:52:af:3e:
                    60:f5:82:be:b0:b0:e7:b2:88:63:05:8d:2f:ae:6a:
                    e5:70:f3:90:4e:5c:49:57:20:99:62:04:37:2b:68:
                    1f:b8:bc:8c:36:e6:ad:99:54:b5:8e:74:2a:6c:e2:
                    eb:7c:fa:8e:b6:00:a2:3e:66:6c:83:08:6a:1c:9d:
                    ad:e9:5a:92:ca:ab:48:55:a0:48:53:4d:1f:a8:e4:
                    65:8a:84:83:bb:8b:86:97:7f:88:63:43:3e:8a:7e:
                    84:05:27:bd:12:34:eb:b4:50:df:ac:83:87:4d:20:
                    d3:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:72:A4:98:4C:D5:9D:3E:B0:1F:E7:B8:45:46:79:21:2C:E2:7E:53
            X509v3 Authority Key Identifier:
                keyid:2A:C9:43:51:7F:5E:3B:74:7E:75:30:32:07:89:A0:34:44:B4:39:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KslDUX9eO3R-dTAyB4mgNES0ORI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/19511d-537e-4241-a0d8-2d91cfd7aaf4/1/wXKkmEzVnT6wH-e4RUZ5ISziflM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/19511d-537e-4241-a0d8-2d91cfd7aaf4/1/KslDUX9eO3R-dTAyB4mgNES0ORI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         06:95:e9:7c:7a:3c:f3:df:f3:a4:c9:e1:91:52:a7:6a:be:b4:
         a3:74:88:53:7d:5c:a3:b5:22:75:b9:d9:40:e0:b1:67:cf:aa:
         19:67:ef:1c:ed:8b:83:80:19:b4:84:d0:28:32:82:55:3c:4e:
         98:d3:23:a7:b6:b4:10:b2:ac:13:08:22:81:40:87:57:31:8e:
         5a:21:95:b8:19:92:3f:66:eb:b1:e7:eb:25:0b:3a:a3:cd:02:
         4f:5c:12:b2:c1:b3:34:a8:51:52:d9:d7:5e:e2:ee:37:08:0e:
         f5:c2:c5:5b:e9:b9:06:2b:48:b7:7d:81:af:82:c8:ea:c2:df:
         ab:09:d1:71:b5:a1:88:6c:92:71:83:73:d2:01:2e:86:59:2c:
         28:82:cb:c7:51:30:89:84:af:c2:5d:37:bf:71:2a:49:0a:f1:
         57:c6:ed:e9:1b:35:01:d6:67:a9:bd:40:0a:10:0f:35:0a:c9:
         74:fd:4b:a4:3f:4f:87:6b:ce:b9:90:bc:8d:3a:4e:c7:98:41:
         2b:24:4b:d0:9b:e5:2f:72:b8:83:f0:a7:b6:4c:db:7a:cb:cc:
         05:4e:63:d2:dc:0b:15:90:40:90:38:93:25:3d:b6:c4:63:ff:
         ab:41:ca:e5:7f:88:09:65:02:24:b4:df:ad:ee:68:bf:c1:75:
         d2:a5:69:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks6a52itcoH0t0SGQXdRgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzk0MzUxN2Y1ZTNiNzQ3ZTc1MzAzMjA3ODlhMDM0NDRi
NDM5MTIwHhcNMjUwMTAyMDE0OTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTcyYTQ5ODRjZDU5ZDNlYjAxZmU3Yjg0NTQ2NzkyMTJjZTI3ZTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAppfay2rWuwD+IUz7PISfDcaVzRB4
U701ORPpD7914oCxgheQso1ynMSRGSyXvG/LsJ326cx4/3/+Ehon+0jnPEnTMP0q
n2a/Cm3C769+eoX7xVdqEqpcyaGmCZxvWyMHwuKo2cYJhgmiS69B7TgiUaT0FquL
4CpoWfZn6Fn3Rs5yHA9WVeB9MNJMtXkQY95XL/RSrz5g9YK+sLDnsohjBY0vrmrl
cPOQTlxJVyCZYgQ3K2gfuLyMNuatmVS1jnQqbOLrfPqOtgCiPmZsgwhqHJ2t6VqS
yqtIVaBIU00fqORlioSDu4uGl3+IY0M+in6EBSe9EjTrtFDfrIOHTSDTxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMFypJhM1Z0+sB/nuEVGeSEs4n5TMB8GA1UdIwQY
MBaAFCrJQ1F/Xjt0fnUwMgeJoDREtDkSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NsRFVYOWVPM1ItZFRBeUI0bWdORVMwT1JJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS8xOTUxMWQtNTM3ZS00MjQxLWEwZDgt
MmQ5MWNmZDdhYWY0LzEvd1hLa21FelZuVDZ3SC1lNFJVWjVJU3ppZmxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS8xOTUxMWQtNTM3ZS00MjQxLWEwZDgtMmQ5MWNmZDdhYWY0
LzEvS3NsRFVYOWVPM1ItZFRBeUI0bWdORVMwT1JJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYc4MA0G
CSqGSIb3DQEBCwUAA4IBAQAGlel8ejzz3/OkyeGRUqdqvrSjdIhTfVyjtSJ1udlA
4LFnz6oZZ+8c7YuDgBm0hNAoMoJVPE6Y0yOntrQQsqwTCCKBQIdXMY5aIZW4GZI/
Zuux5+slCzqjzQJPXBKywbM0qFFS2dde4u43CA71wsVb6bkGK0i3fYGvgsjqwt+r
CdFxtaGIbJJxg3PSAS6GWSwogsvHUTCJhK/CXTe/cSpJCvFXxu3pGzUB1mepvUAK
EA81Csl0/UukP0+Ha865kLyNOk7HmEErJEvQm+UvcriD8Ke2TNt6y8wFTmPS3AsV
kECQOJMlPbbEY/+rQcrlf4gJZQIktN+t7mi/wXXSpWm5
-----END CERTIFICATE-----