Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/wKyq3Rz166iMoPGQ8_5tlF0N7zo.roa
File:                     wKyq3Rz166iMoPGQ8_5tlF0N7zo.roa (raw, json)
Hash identifier:          /4SF5T6NTviIhloMoFErI6GRV9rANMm0PWjomsyED2U=
Subject key identifier:   C0:AC:AA:DD:1C:F5:EB:A8:8C:A0:F1:90:F3:FE:6D:94:5D:0D:EF:3A
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       01965C5A0906210A6205553511AD05B3756F
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/wKyq3Rz166iMoPGQ8_5tlF0N7zo.roa
Signing time:             Tue 22 Apr 2025 07:15:26 +0000
ROA not before:           Tue 22 Apr 2025 07:15:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214515
IP address blocks:        37.32.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 02 May 2025 04:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:5c:5a:09:06:21:0a:62:05:55:35:11:ad:05:b3:75:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Apr 22 07:15:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c0acaadd1cf5eba88ca0f190f3fe6d945d0def3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:eb:8a:6c:13:0c:dd:f9:7d:17:61:96:1f:1f:
                    86:1d:79:8a:0d:8a:bc:81:b7:c7:3d:a0:68:ef:6f:
                    ca:b3:81:63:eb:5c:96:f0:72:9d:c4:7b:1a:bc:ab:
                    db:be:6c:10:0e:96:a1:ca:6a:32:79:59:65:fe:c1:
                    0b:10:2b:f1:fe:50:a2:a3:5e:3c:91:6d:04:2c:95:
                    ae:a8:60:c3:00:ae:d5:58:ee:5f:26:e4:36:b1:05:
                    47:94:97:91:1b:03:cb:63:7e:21:c4:98:5a:f3:a7:
                    2f:8c:3e:c6:79:5c:b4:1a:ca:19:f9:0f:8d:f4:26:
                    04:b6:50:a6:65:fd:2e:9a:14:d8:c2:a7:f3:f8:90:
                    7a:49:d3:ec:0a:60:00:ff:33:48:30:26:14:41:21:
                    f8:d8:5d:ea:de:58:b5:41:cb:2a:de:7a:b8:f6:3a:
                    2e:4c:e3:47:a5:6f:0b:8c:15:f1:52:ef:1c:dc:d6:
                    b3:47:91:fc:f5:98:f8:eb:b8:44:52:f9:9d:f1:4a:
                    2e:0b:40:26:86:40:ae:91:45:d6:d5:e6:bf:d7:aa:
                    6e:28:1d:5f:5a:8b:c4:96:ce:a8:bd:13:7b:68:a1:
                    9b:cf:cb:b0:5d:3f:29:37:bd:c9:f0:f9:c2:21:d7:
                    fd:db:19:e8:cb:f4:f3:fb:ae:da:1b:8a:de:a9:80:
                    86:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:AC:AA:DD:1C:F5:EB:A8:8C:A0:F1:90:F3:FE:6D:94:5D:0D:EF:3A
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/wKyq3Rz166iMoPGQ8_5tlF0N7zo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.32.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:b0:3c:35:43:dd:a2:a3:6c:17:5e:6a:bf:39:fb:48:e2:33:
         6a:f6:61:cd:d3:cd:09:1e:83:15:76:82:ca:61:5e:08:fa:67:
         99:07:41:51:2f:da:57:22:93:08:a2:a4:64:32:93:06:f5:13:
         70:ae:d0:e9:18:fb:d4:23:88:ef:61:d3:fd:7d:25:55:c6:2a:
         ee:e0:7a:93:98:9c:9c:92:22:81:15:50:c8:bd:2f:ff:fe:17:
         4c:ef:1e:41:85:57:71:d7:31:34:4f:1b:f9:08:7d:76:87:16:
         a8:f0:6e:b0:3e:31:10:8e:00:83:23:17:60:9c:b5:59:71:65:
         b2:c8:fc:39:da:07:78:10:97:0a:02:70:f0:de:77:db:98:81:
         02:f6:d9:bf:f7:24:a9:59:3f:a2:c3:7a:fa:e5:fc:ac:cc:49:
         e2:9d:57:54:38:36:96:63:77:2d:ae:07:f1:c2:68:a3:9c:3b:
         bf:24:7b:90:2b:0a:bf:41:95:e4:33:66:d8:9a:0c:c6:12:7f:
         f8:aa:ae:4d:77:95:73:23:65:07:ba:74:86:2b:21:2f:8b:da:
         23:36:6b:45:a7:9e:3c:84:82:96:02:2e:b5:de:bd:09:92:58:
         0f:09:44:9b:37:a7:45:63:1d:36:93:51:0a:69:09:9a:8e:f1:
         83:e5:18:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZcWgkGIQpiBVU1Ea0Fs3VvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjUwNDIyMDcxNTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGFjYWFkZDFjZjVlYmE4OGNhMGYxOTBmM2ZlNmQ5NDVkMGRlZjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnuuKbBMM3fl9F2GWHx+GHXmKDYq8
gbfHPaBo72/Ks4Fj61yW8HKdxHsavKvbvmwQDpahymoyeVll/sELECvx/lCio148
kW0ELJWuqGDDAK7VWO5fJuQ2sQVHlJeRGwPLY34hxJha86cvjD7GeVy0GsoZ+Q+N
9CYEtlCmZf0umhTYwqfz+JB6SdPsCmAA/zNIMCYUQSH42F3q3li1Qcsq3nq49jou
TONHpW8LjBXxUu8c3NazR5H89Zj467hEUvmd8UouC0AmhkCukUXW1ea/16puKB1f
WovEls6ovRN7aKGbz8uwXT8pN73J8PnCIdf92xnoy/Tz+67aG4reqYCGwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMCsqt0c9euojKDxkPP+bZRdDe86MB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvd0t5cTNSejE2NmlNb1BHUThfNXRsRjBON3pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJSApMA0G
CSqGSIb3DQEBCwUAA4IBAQBzsDw1Q92io2wXXmq/OftI4jNq9mHN080JHoMVdoLK
YV4I+meZB0FRL9pXIpMIoqRkMpMG9RNwrtDpGPvUI4jvYdP9fSVVxiru4HqTmJyc
kiKBFVDIvS///hdM7x5BhVdx1zE0Txv5CH12hxao8G6wPjEQjgCDIxdgnLVZcWWy
yPw52gd4EJcKAnDw3nfbmIEC9tm/9ySpWT+iw3r65fyszEninVdUODaWY3ctrgfx
wmijnDu/JHuQKwq/QZXkM2bYmgzGEn/4qq5Nd5VzI2UHunSGKyEvi9ojNmtFp548
hIKWAi613r0JklgPCUSbN6dFYx02k1EKaQmajvGD5Rin
-----END CERTIFICATE-----