Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/2215f7-887a-4bd5-bf97-ffb709f7668c/1/W2TNL5im0fX66hopLKpEaeHN1Vw.roa
File:                     W2TNL5im0fX66hopLKpEaeHN1Vw.roa (raw, json)
Hash identifier:          jFMMnSyz7YrR/mDL9VXSfjnRvEdkg9GR9m7oXoI7Q1I=
Subject key identifier:   5B:64:CD:2F:98:A6:D1:F5:FA:EA:1A:29:2C:AA:44:69:E1:CD:D5:5C
Certificate issuer:       /CN=4c87389ef41f18c1fcc82754349ea7096980b1e3
Certificate serial:       01972EC9ED6B16011F96E42A592E9DA2E7CE
Authority key identifier: 4C:87:38:9E:F4:1F:18:C1:FC:C8:27:54:34:9E:A7:09:69:80:B1:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TIc4nvQfGMH8yCdUNJ6nCWmAseM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/2215f7-887a-4bd5-bf97-ffb709f7668c/1/W2TNL5im0fX66hopLKpEaeHN1Vw.roa
Signing time:             Mon 02 Jun 2025 03:57:54 +0000
ROA not before:           Mon 02 Jun 2025 03:57:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209133
IP address blocks:        94.247.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/2215f7-887a-4bd5-bf97-ffb709f7668c/1/TIc4nvQfGMH8yCdUNJ6nCWmAseM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/2215f7-887a-4bd5-bf97-ffb709f7668c/1/TIc4nvQfGMH8yCdUNJ6nCWmAseM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TIc4nvQfGMH8yCdUNJ6nCWmAseM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:2e:c9:ed:6b:16:01:1f:96:e4:2a:59:2e:9d:a2:e7:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c87389ef41f18c1fcc82754349ea7096980b1e3
        Validity
            Not Before: Jun  2 03:57:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5b64cd2f98a6d1f5faea1a292caa4469e1cdd55c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:9f:00:4b:97:d0:42:43:07:4e:f5:88:4c:41:
                    12:78:55:43:bc:dd:6b:70:be:43:90:f3:ba:49:85:
                    9c:6e:70:25:10:05:9b:a5:8c:67:fe:f2:b1:fb:8c:
                    7d:b5:a7:39:fe:06:6a:75:4e:6b:fe:55:27:a7:84:
                    68:81:a2:f5:82:e5:68:9f:b4:2d:62:ff:7c:16:23:
                    65:bb:28:36:89:65:52:96:f0:f8:94:af:eb:bd:5b:
                    c9:71:4f:d1:b9:21:66:64:3f:55:df:97:de:36:e4:
                    65:90:13:76:e5:65:3d:9c:99:1b:4a:52:23:79:b8:
                    2b:db:c0:a9:84:b5:83:fa:88:1a:3f:92:c1:e6:98:
                    54:20:9a:21:24:be:7a:8f:24:77:31:c0:9f:59:91:
                    20:0b:05:2c:48:f3:36:dd:e8:2b:f5:c7:1c:18:85:
                    a2:2f:db:b5:e3:18:93:12:2f:99:2c:ee:c0:84:1c:
                    79:c4:cb:fe:8f:da:b3:4d:51:35:29:47:d2:26:ed:
                    f0:69:2f:46:56:58:4a:0e:7a:82:58:28:25:db:28:
                    b9:10:2d:27:8a:5f:46:b2:80:f3:54:3c:c6:f5:6b:
                    a0:2f:94:b4:b8:5e:1f:5f:bb:5e:63:64:3f:9d:ec:
                    e0:43:43:09:af:96:38:75:c1:ec:71:56:2f:70:90:
                    b9:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:64:CD:2F:98:A6:D1:F5:FA:EA:1A:29:2C:AA:44:69:E1:CD:D5:5C
            X509v3 Authority Key Identifier:
                keyid:4C:87:38:9E:F4:1F:18:C1:FC:C8:27:54:34:9E:A7:09:69:80:B1:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TIc4nvQfGMH8yCdUNJ6nCWmAseM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/2215f7-887a-4bd5-bf97-ffb709f7668c/1/W2TNL5im0fX66hopLKpEaeHN1Vw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/2215f7-887a-4bd5-bf97-ffb709f7668c/1/TIc4nvQfGMH8yCdUNJ6nCWmAseM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.247.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:f8:36:e5:86:8b:4f:af:f6:a3:35:16:5c:1e:4b:54:a5:5e:
         d2:db:c4:14:f5:5a:5b:18:88:0c:2c:74:24:69:c0:e7:72:2e:
         ee:d5:d0:79:05:2c:8d:1d:c6:36:43:ab:15:1e:37:4c:b5:84:
         ab:f0:24:00:0e:8c:7b:a3:57:83:a7:07:c7:3a:35:2d:80:af:
         26:3f:e3:93:53:ee:a5:46:fa:35:c0:85:a2:aa:42:9d:38:81:
         b8:23:bf:de:34:85:a5:26:42:38:84:97:82:4e:fc:15:59:ab:
         e1:90:d0:44:b9:e8:ab:7d:a8:37:6c:12:76:67:c2:03:17:31:
         bf:67:ef:b9:8f:28:ce:7b:25:19:d7:b3:6c:62:1d:a0:81:7e:
         46:11:58:a1:96:07:f1:66:8d:64:f1:80:99:f2:58:a5:f0:bb:
         21:bc:db:cb:46:18:41:87:ad:1d:99:ae:78:eb:8d:84:50:13:
         a1:53:1b:02:7a:a1:87:2e:d0:52:2b:d3:c3:40:56:82:8b:b2:
         4c:77:9a:74:bc:c1:0d:fc:45:29:90:23:3b:ce:7c:9d:68:34:
         53:1d:29:55:af:2e:6d:c7:f2:1b:52:cf:5f:aa:3c:01:36:d1:
         66:d3:95:75:f9:ef:1e:a6:49:94:65:25:05:09:45:a9:c9:41:
         94:67:e6:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcuye1rFgEfluQqWS6doufOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjODczODllZjQxZjE4YzFmY2M4Mjc1NDM0OWVhNzA5Njk4
MGIxZTMwHhcNMjUwNjAyMDM1NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjY0Y2QyZjk4YTZkMWY1ZmFlYTFhMjkyY2FhNDQ2OWUxY2RkNTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+Z8AS5fQQkMHTvWITEESeFVDvN1r
cL5DkPO6SYWcbnAlEAWbpYxn/vKx+4x9tac5/gZqdU5r/lUnp4RogaL1guVon7Qt
Yv98FiNluyg2iWVSlvD4lK/rvVvJcU/RuSFmZD9V35feNuRlkBN25WU9nJkbSlIj
ebgr28CphLWD+ogaP5LB5phUIJohJL56jyR3McCfWZEgCwUsSPM23egr9cccGIWi
L9u14xiTEi+ZLO7AhBx5xMv+j9qzTVE1KUfSJu3waS9GVlhKDnqCWCgl2yi5EC0n
il9GsoDzVDzG9WugL5S0uF4fX7teY2Q/nezgQ0MJr5Y4dcHscVYvcJC5+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFtkzS+YptH1+uoaKSyqRGnhzdVcMB8GA1UdIwQY
MBaAFEyHOJ70HxjB/MgnVDSepwlpgLHjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEljNG52UWZHTUg4eUNkVU5KNm5DV21Bc2VNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC8yMjE1ZjctODg3YS00YmQ1LWJmOTct
ZmZiNzA5Zjc2NjhjLzEvVzJUTkw1aW0wZlg2NmhvcExLcEVhZUhOMVZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC8yMjE1ZjctODg3YS00YmQ1LWJmOTctZmZiNzA5Zjc2Njhj
LzEvVEljNG52UWZHTUg4eUNkVU5KNm5DV21Bc2VNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXvdsMA0G
CSqGSIb3DQEBCwUAA4IBAQBa+DblhotPr/ajNRZcHktUpV7S28QU9VpbGIgMLHQk
acDnci7u1dB5BSyNHcY2Q6sVHjdMtYSr8CQADox7o1eDpwfHOjUtgK8mP+OTU+6l
Rvo1wIWiqkKdOIG4I7/eNIWlJkI4hJeCTvwVWavhkNBEueirfag3bBJ2Z8IDFzG/
Z++5jyjOeyUZ17NsYh2ggX5GEVihlgfxZo1k8YCZ8lil8LshvNvLRhhBh60dma54
642EUBOhUxsCeqGHLtBSK9PDQFaCi7JMd5p0vMEN/EUpkCM7znydaDRTHSlVry5t
x/IbUs9fqjwBNtFm05V1+e8epkmUZSUFCUWpyUGUZ+aD
-----END CERTIFICATE-----