Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/14a46d-2d92-4e75-88da-1f9d8e236e25/1/wWxNrzf0bGINPQsafMeSGo5rzC4.roa
File:                     wWxNrzf0bGINPQsafMeSGo5rzC4.roa (raw, json)
Hash identifier:          q18JpXRnjqqiRh7u6sYb0jCTwYi6/zUTClZxBEPPQE4=
Subject key identifier:   C1:6C:4D:AF:37:F4:6C:62:0D:3D:0B:1A:7C:C7:92:1A:8E:6B:CC:2E
Certificate issuer:       /CN=3b308e9be3a85b0f4901f35e7cf1fb759b49fee7
Certificate serial:       01966219F49C8A760D6D2C874DAAF3DC32B8
Authority key identifier: 3B:30:8E:9B:E3:A8:5B:0F:49:01:F3:5E:7C:F1:FB:75:9B:49:FE:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OzCOm-OoWw9JAfNefPH7dZtJ_uc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/14a46d-2d92-4e75-88da-1f9d8e236e25/1/wWxNrzf0bGINPQsafMeSGo5rzC4.roa
Signing time:             Wed 23 Apr 2025 10:03:10 +0000
ROA not before:           Wed 23 Apr 2025 10:03:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6753
IP address blocks:        185.53.249.0/24 maxlen: 24
                          2a12:c8c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/14a46d-2d92-4e75-88da-1f9d8e236e25/1/OzCOm-OoWw9JAfNefPH7dZtJ_uc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/14a46d-2d92-4e75-88da-1f9d8e236e25/1/OzCOm-OoWw9JAfNefPH7dZtJ_uc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OzCOm-OoWw9JAfNefPH7dZtJ_uc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:62:19:f4:9c:8a:76:0d:6d:2c:87:4d:aa:f3:dc:32:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b308e9be3a85b0f4901f35e7cf1fb759b49fee7
        Validity
            Not Before: Apr 23 10:03:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c16c4daf37f46c620d3d0b1a7cc7921a8e6bcc2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:9c:26:1d:a9:e5:3d:7c:89:6a:50:2d:1d:5a:
                    7b:3c:dc:1c:fc:a3:e5:95:99:a5:dc:a2:18:5b:59:
                    a0:a0:b1:2d:26:6c:6e:6e:4d:b3:80:51:59:e9:59:
                    e0:ff:6c:fb:f3:12:f8:c2:5e:c0:46:68:44:47:9c:
                    45:9c:eb:cb:14:21:05:64:b8:03:48:61:d0:d9:ef:
                    50:43:d6:71:6d:54:51:0c:59:97:8a:53:f4:4d:2a:
                    2e:e8:10:f2:55:9a:e3:0a:76:7d:8e:40:04:d6:fe:
                    c1:54:7b:79:b0:0f:ea:b2:5d:c1:ed:38:44:f4:28:
                    14:f3:86:1c:1b:09:2b:67:65:71:ac:c4:4d:d9:18:
                    da:7c:19:f9:c1:0a:4a:7e:7a:51:81:11:58:01:3b:
                    9a:a4:22:a0:65:c0:29:5b:2b:80:64:63:40:ae:f6:
                    ed:09:68:24:5e:e7:8e:a4:27:6e:9e:82:a7:77:52:
                    c5:7c:a1:57:d1:2d:42:32:a8:47:77:1b:53:29:2d:
                    25:51:5a:de:f2:2a:fb:91:e0:83:45:4c:7d:8e:ab:
                    0d:d8:27:6e:63:dd:8f:5a:3a:9f:73:88:64:18:5b:
                    58:1e:2a:eb:9d:c0:8c:92:cf:a3:dd:03:55:e8:ba:
                    ea:54:2c:52:32:02:35:5a:fa:13:15:5e:5c:5d:f9:
                    53:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:6C:4D:AF:37:F4:6C:62:0D:3D:0B:1A:7C:C7:92:1A:8E:6B:CC:2E
            X509v3 Authority Key Identifier:
                keyid:3B:30:8E:9B:E3:A8:5B:0F:49:01:F3:5E:7C:F1:FB:75:9B:49:FE:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OzCOm-OoWw9JAfNefPH7dZtJ_uc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/14a46d-2d92-4e75-88da-1f9d8e236e25/1/wWxNrzf0bGINPQsafMeSGo5rzC4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/14a46d-2d92-4e75-88da-1f9d8e236e25/1/OzCOm-OoWw9JAfNefPH7dZtJ_uc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.53.249.0/24
                IPv6:
                  2a12:c8c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         78:9f:86:08:26:aa:d9:a7:32:bc:c2:bc:ff:f7:77:b2:ab:b5:
         8d:eb:6f:95:07:aa:b9:02:d6:35:89:ea:ad:64:fc:47:a1:a9:
         73:7c:f5:cf:43:6a:df:e3:96:ac:ca:a6:32:59:91:42:4b:67:
         8a:d5:8f:99:27:f0:8a:aa:63:a0:4c:10:b5:76:fc:88:ca:88:
         e6:e8:f8:9d:4c:0c:84:06:03:60:6b:e1:ca:e8:4c:9e:3c:9a:
         62:8e:43:e7:cb:aa:76:c6:ff:2e:69:4d:b0:76:db:ae:72:fe:
         45:26:08:56:ac:13:de:0a:a3:62:da:3c:15:ff:77:b0:6b:ca:
         98:1d:88:12:f8:f8:f2:85:d1:94:c5:bb:b8:9d:f2:d8:2a:15:
         1f:11:66:f7:00:32:06:1b:70:f7:e9:6b:fa:1d:7d:09:cd:5c:
         fe:cc:d0:58:48:8a:17:37:37:b4:e3:1a:2a:5f:0e:3f:78:c0:
         18:72:95:2b:79:2a:46:04:26:09:80:95:84:ca:c6:2c:05:2a:
         af:8c:dc:72:40:1d:dd:ff:9c:4e:86:f3:60:18:fd:d1:1c:b6:
         36:46:53:4e:fd:f8:bc:69:28:2e:99:7a:1e:5a:98:8e:a1:b0:
         af:fa:8f:b9:eb:0d:27:74:8d:c8:9d:8f:24:e5:18:1f:85:94:
         2c:a1:e8:4c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZZiGfScinYNbSyHTarz3DK4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMzA4ZTliZTNhODViMGY0OTAxZjM1ZTdjZjFmYjc1OWI0
OWZlZTcwHhcNMjUwNDIzMTAwMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTZjNGRhZjM3ZjQ2YzYyMGQzZDBiMWE3Y2M3OTIxYThlNmJjYzJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZwmHanlPXyJalAtHVp7PNwc/KPl
lZml3KIYW1mgoLEtJmxubk2zgFFZ6Vng/2z78xL4wl7ARmhER5xFnOvLFCEFZLgD
SGHQ2e9QQ9ZxbVRRDFmXilP0TSou6BDyVZrjCnZ9jkAE1v7BVHt5sA/qsl3B7ThE
9CgU84YcGwkrZ2VxrMRN2RjafBn5wQpKfnpRgRFYATuapCKgZcApWyuAZGNArvbt
CWgkXueOpCdunoKnd1LFfKFX0S1CMqhHdxtTKS0lUVre8ir7keCDRUx9jqsN2Cdu
Y92PWjqfc4hkGFtYHirrncCMks+j3QNV6LrqVCxSMgI1WvoTFV5cXflTFQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMFsTa839GxiDT0LGnzHkhqOa8wuMB8GA1UdIwQY
MBaAFDswjpvjqFsPSQHzXnzx+3WbSf7nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3pDT20tT29XdzlKQWZOZWZQSDdkWnRKX3VjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8xNGE0NmQtMmQ5Mi00ZTc1LTg4ZGEt
MWY5ZDhlMjM2ZTI1LzEvd1d4TnJ6ZjBiR0lOUFFzYWZNZVNHbzVyekM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8xNGE0NmQtMmQ5Mi00ZTc1LTg4ZGEtMWY5ZDhlMjM2ZTI1
LzEvT3pDT20tT29XdzlKQWZOZWZQSDdkWnRKX3VjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuTX5MA0E
AgACMAcDBQMqEsjAMA0GCSqGSIb3DQEBCwUAA4IBAQB4n4YIJqrZpzK8wrz/93ey
q7WN62+VB6q5AtY1ieqtZPxHoalzfPXPQ2rf45asyqYyWZFCS2eK1Y+ZJ/CKqmOg
TBC1dvyIyojm6PidTAyEBgNga+HK6EyePJpijkPny6p2xv8uaU2wdtuucv5FJghW
rBPeCqNi2jwV/3ewa8qYHYgS+PjyhdGUxbu4nfLYKhUfEWb3ADIGG3D36Wv6HX0J
zVz+zNBYSIoXNze04xoqXw4/eMAYcpUreSpGBCYJgJWEysYsBSqvjNxyQB3d/5xO
hvNgGP3RHLY2RlNO/fi8aSgumXoeWpiOobCv+o+56w0ndI3InY8k5RgfhZQsoehM
-----END CERTIFICATE-----