Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/0a489b-9d9e-4f6a-87c7-74de258a76f8/1/wisg1C0CAyX9XxLdO577ldeT69g.roa
File:                     wisg1C0CAyX9XxLdO577ldeT69g.roa (raw, json)
Hash identifier:          M3DmtV6K4CRmVxyCwx6PvbpzCTNJhQrB7qDUrLhfsqs=
Subject key identifier:   C2:2B:20:D4:2D:02:03:25:FD:5F:12:DD:3B:9E:FB:95:D7:93:EB:D8
Certificate issuer:       /CN=dd64166a91179308f253a9175616ccc6828c4463
Certificate serial:       01977C8AC306B81147D17AA72AD363FB7381
Authority key identifier: DD:64:16:6A:91:17:93:08:F2:53:A9:17:56:16:CC:C6:82:8C:44:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3WQWapEXkwjyU6kXVhbMxoKMRGM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/0a489b-9d9e-4f6a-87c7-74de258a76f8/1/wisg1C0CAyX9XxLdO577ldeT69g.roa
Signing time:             Tue 17 Jun 2025 06:19:17 +0000
ROA not before:           Tue 17 Jun 2025 06:19:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28910
IP address blocks:        84.54.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/0a489b-9d9e-4f6a-87c7-74de258a76f8/1/3WQWapEXkwjyU6kXVhbMxoKMRGM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/0a489b-9d9e-4f6a-87c7-74de258a76f8/1/3WQWapEXkwjyU6kXVhbMxoKMRGM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3WQWapEXkwjyU6kXVhbMxoKMRGM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Jun 2025 04:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7c:8a:c3:06:b8:11:47:d1:7a:a7:2a:d3:63:fb:73:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd64166a91179308f253a9175616ccc6828c4463
        Validity
            Not Before: Jun 17 06:19:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c22b20d42d020325fd5f12dd3b9efb95d793ebd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:b7:eb:cd:02:b7:d8:b0:e0:6c:e3:1a:43:85:
                    b6:70:58:c7:32:42:a6:1c:4f:30:19:1b:7e:18:a8:
                    68:46:99:d7:dd:ad:02:77:7d:24:96:28:f4:d7:3d:
                    f5:ef:18:5f:44:55:0b:bf:1e:13:30:b0:ac:2f:09:
                    71:bb:16:2e:a9:60:39:51:26:d6:8b:6d:77:52:36:
                    f7:fc:c4:59:5c:9c:15:76:8f:41:16:73:f1:3f:33:
                    6d:58:a1:25:62:3c:dc:d8:ce:46:0e:fb:85:f1:ae:
                    cd:53:cb:f0:3b:f6:44:37:50:2d:fc:01:d2:9f:86:
                    fb:63:d3:ab:7e:55:94:63:6e:1f:31:0a:3e:c3:cb:
                    ca:86:75:b2:71:44:c1:9c:54:cc:7c:47:18:08:c2:
                    bc:3f:be:c9:a5:8e:b5:0e:0d:8e:4e:84:65:9d:0c:
                    45:cd:eb:40:3e:fa:0c:64:35:99:6e:06:bd:06:31:
                    68:3d:6c:0b:15:fe:b8:a1:ec:bb:cc:11:00:fa:17:
                    91:24:1c:50:b2:d6:e5:f8:cf:95:b1:b7:33:71:f0:
                    ba:4c:1b:72:0e:a2:bd:46:64:e1:73:14:9f:a9:88:
                    7d:52:55:8a:78:5d:4e:21:07:3c:6b:df:9e:cb:eb:
                    9e:aa:d3:6c:2b:2c:af:0b:96:13:38:c2:f2:1f:56:
                    91:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:2B:20:D4:2D:02:03:25:FD:5F:12:DD:3B:9E:FB:95:D7:93:EB:D8
            X509v3 Authority Key Identifier:
                keyid:DD:64:16:6A:91:17:93:08:F2:53:A9:17:56:16:CC:C6:82:8C:44:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3WQWapEXkwjyU6kXVhbMxoKMRGM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/0a489b-9d9e-4f6a-87c7-74de258a76f8/1/wisg1C0CAyX9XxLdO577ldeT69g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/0a489b-9d9e-4f6a-87c7-74de258a76f8/1/3WQWapEXkwjyU6kXVhbMxoKMRGM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.54.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:e5:bc:cd:8c:8f:02:59:ad:b1:e6:90:cd:14:54:62:b2:4c:
         68:98:11:96:eb:ed:aa:ae:32:cb:be:83:c1:f0:95:c0:67:38:
         c4:78:74:06:9f:9b:fa:54:a8:73:b3:02:d3:eb:8b:a5:02:e9:
         d2:6a:e3:5f:4a:54:b1:64:c1:36:43:96:e6:17:71:2a:8a:0c:
         2c:8d:b0:df:cb:c4:6a:be:a4:21:14:86:d5:eb:0f:3a:b2:67:
         e3:cd:61:73:82:fc:9d:1f:8a:f7:46:d4:27:24:78:1e:92:5f:
         d9:6a:96:2e:ba:6b:f0:06:78:23:57:ed:f1:be:82:03:fa:73:
         ba:ce:88:c9:af:ae:21:de:3f:76:30:1a:e4:19:ce:48:8b:b6:
         07:a4:de:d2:9b:af:96:81:14:49:b3:66:ed:d1:6c:59:63:d5:
         51:02:17:aa:9a:95:ee:5a:f1:0e:e9:f5:4f:a3:80:dd:8e:78:
         f8:55:e5:fe:ce:c9:3f:59:0e:98:57:ca:67:4d:d7:50:7d:c7:
         ab:48:0a:75:0b:c6:5f:a3:a3:c7:90:27:89:17:a7:e9:07:57:
         23:fa:fe:31:ac:c6:d4:d9:2b:cf:79:2e:7c:fb:b4:1c:62:3e:
         2c:aa:e3:d4:74:92:2f:d0:9f:43:8d:0b:e6:33:ee:17:45:59:
         55:32:94:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZd8isMGuBFH0XqnKtNj+3OBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkNjQxNjZhOTExNzkzMDhmMjUzYTkxNzU2MTZjY2M2ODI4
YzQ0NjMwHhcNMjUwNjE3MDYxOTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjJiMjBkNDJkMDIwMzI1ZmQ1ZjEyZGQzYjllZmI5NWQ3OTNlYmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxbfrzQK32LDgbOMaQ4W2cFjHMkKm
HE8wGRt+GKhoRpnX3a0Cd30klij01z317xhfRFULvx4TMLCsLwlxuxYuqWA5USbW
i213Ujb3/MRZXJwVdo9BFnPxPzNtWKElYjzc2M5GDvuF8a7NU8vwO/ZEN1At/AHS
n4b7Y9OrflWUY24fMQo+w8vKhnWycUTBnFTMfEcYCMK8P77JpY61Dg2OToRlnQxF
zetAPvoMZDWZbga9BjFoPWwLFf64oey7zBEA+heRJBxQstbl+M+VsbczcfC6TBty
DqK9RmThcxSfqYh9UlWKeF1OIQc8a9+ey+ueqtNsKyyvC5YTOMLyH1aRYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMIrINQtAgMl/V8S3Tue+5XXk+vYMB8GA1UdIwQY
MBaAFN1kFmqRF5MI8lOpF1YWzMaCjERjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1dRV2FwRVhrd2p5VTZrWFZoYk14b0tNUkdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC8wYTQ4OWItOWQ5ZS00ZjZhLTg3Yzct
NzRkZTI1OGE3NmY4LzEvd2lzZzFDMENBeVg5WHhMZE81NzdsZGVUNjlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC8wYTQ4OWItOWQ5ZS00ZjZhLTg3YzctNzRkZTI1OGE3NmY4
LzEvM1dRV2FwRVhrd2p5VTZrWFZoYk14b0tNUkdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVDZ8MA0G
CSqGSIb3DQEBCwUAA4IBAQAe5bzNjI8CWa2x5pDNFFRiskxomBGW6+2qrjLLvoPB
8JXAZzjEeHQGn5v6VKhzswLT64ulAunSauNfSlSxZME2Q5bmF3EqigwsjbDfy8Rq
vqQhFIbV6w86smfjzWFzgvydH4r3RtQnJHgekl/ZapYuumvwBngjV+3xvoID+nO6
zojJr64h3j92MBrkGc5Ii7YHpN7Sm6+WgRRJs2bt0WxZY9VRAheqmpXuWvEO6fVP
o4Ddjnj4VeX+zsk/WQ6YV8pnTddQfcerSAp1C8Zfo6PHkCeJF6fpB1cj+v4xrMbU
2SvPeS58+7QcYj4squPUdJIv0J9DjQvmM+4XRVlVMpQW
-----END CERTIFICATE-----