Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/ebf304-5ddb-4569-aa1e-d45c12472935/1/WwWZ_i4rGRDbq67jPO4r6ZSGoFI.roa
File:                     WwWZ_i4rGRDbq67jPO4r6ZSGoFI.roa (raw, json)
Hash identifier:          nLu8gOVrrY7uwr4TxE8bOFSJg3uFSsR06swIilrL5NA=
Subject key identifier:   5B:05:99:FE:2E:2B:19:10:DB:AB:AE:E3:3C:EE:2B:E9:94:86:A0:52
Certificate issuer:       /CN=63470323f231229ca691f3e09519c1ac82f2ea01
Certificate serial:       0196879EC0C2FB88D1CFDDFB880F6BAD37DD
Authority key identifier: 63:47:03:23:F2:31:22:9C:A6:91:F3:E0:95:19:C1:AC:82:F2:EA:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y0cDI_IxIpymkfPglRnBrILy6gE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/ebf304-5ddb-4569-aa1e-d45c12472935/1/WwWZ_i4rGRDbq67jPO4r6ZSGoFI.roa
Signing time:             Wed 30 Apr 2025 16:54:10 +0000
ROA not before:           Wed 30 Apr 2025 16:54:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        134.100.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/ebf304-5ddb-4569-aa1e-d45c12472935/1/Y0cDI_IxIpymkfPglRnBrILy6gE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/ebf304-5ddb-4569-aa1e-d45c12472935/1/Y0cDI_IxIpymkfPglRnBrILy6gE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y0cDI_IxIpymkfPglRnBrILy6gE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 May 2025 19:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:87:9e:c0:c2:fb:88:d1:cf:dd:fb:88:0f:6b:ad:37:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63470323f231229ca691f3e09519c1ac82f2ea01
        Validity
            Not Before: Apr 30 16:54:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5b0599fe2e2b1910dbabaee33cee2be99486a052
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:e0:2b:7d:e8:a1:9f:4f:0b:73:ab:5b:bd:75:
                    72:8d:ee:4d:d7:1e:ab:74:62:14:4e:13:b0:09:18:
                    9a:95:ec:10:cf:24:6e:42:71:cb:57:58:d1:00:39:
                    eb:b4:c6:b7:7c:da:d8:69:68:86:28:b3:61:02:74:
                    2a:3a:46:98:f2:4e:ff:45:66:10:b3:e1:9a:a5:c8:
                    8b:e7:0e:55:9d:ed:61:30:f9:d1:a4:71:66:15:96:
                    e5:54:e7:9a:15:85:1a:72:2e:a8:99:fe:d1:58:cf:
                    bb:25:b6:84:62:5d:e2:58:33:ea:c6:b3:73:df:6e:
                    5d:e0:85:4f:e1:f6:ed:82:5e:d6:5f:a7:3e:f5:01:
                    09:00:cc:17:2b:47:d6:68:f5:2a:39:b8:95:32:9a:
                    15:d4:4a:c6:2c:f7:c6:19:07:00:72:0c:b9:17:37:
                    21:6a:7f:03:3a:07:dd:d6:92:6b:1e:9e:0c:0d:54:
                    6d:fa:23:47:3f:67:e7:f4:7a:53:11:c7:2a:55:ac:
                    2d:3c:1a:d8:64:24:ef:1b:81:1a:c7:e1:22:75:6f:
                    b0:9d:a6:cf:2e:9d:d0:3f:d7:dc:e4:21:04:af:62:
                    d9:0a:cf:26:70:0b:ee:82:69:20:ff:23:ea:e1:48:
                    a1:00:7a:5c:5c:d6:3c:80:0f:c1:d7:07:f6:ae:c7:
                    d9:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:05:99:FE:2E:2B:19:10:DB:AB:AE:E3:3C:EE:2B:E9:94:86:A0:52
            X509v3 Authority Key Identifier:
                keyid:63:47:03:23:F2:31:22:9C:A6:91:F3:E0:95:19:C1:AC:82:F2:EA:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y0cDI_IxIpymkfPglRnBrILy6gE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/ebf304-5ddb-4569-aa1e-d45c12472935/1/WwWZ_i4rGRDbq67jPO4r6ZSGoFI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/ebf304-5ddb-4569-aa1e-d45c12472935/1/Y0cDI_IxIpymkfPglRnBrILy6gE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.100.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         85:23:01:b0:0f:cf:00:19:79:6f:e3:97:dd:8e:5b:be:92:e5:
         ed:d5:0b:0c:ae:70:20:59:68:7a:fa:d0:4c:ba:6d:12:66:07:
         3f:3c:b0:9d:7b:41:f9:91:b8:f3:3b:30:f7:d9:54:4e:46:b1:
         37:35:f3:d8:1d:97:98:6e:1e:66:24:06:84:b7:e7:1b:e6:b9:
         2c:c7:9a:b1:8d:64:21:c3:d0:fa:2f:60:76:8a:06:b2:67:10:
         4a:c5:d2:ee:db:73:a6:a7:15:51:41:1c:5c:66:d4:e4:62:0e:
         79:2d:80:f7:83:64:e4:8e:e9:58:b0:21:1c:c5:19:4d:89:d2:
         f9:8d:b6:66:98:d6:bc:c1:f3:01:76:36:f2:25:42:c5:ab:58:
         6a:83:7a:12:a7:9a:b7:cf:47:c9:1c:a4:7c:35:c6:e9:61:ad:
         41:e4:eb:4d:3a:34:1a:9c:1f:44:32:c5:0d:5e:fc:e1:87:b1:
         77:bd:18:a4:62:03:d6:a0:30:37:95:f4:a7:7e:7d:21:55:8d:
         c3:ef:d9:25:cd:5b:10:17:c9:9a:2b:53:99:63:f7:60:eb:c9:
         47:43:3f:d5:10:eb:26:3e:e5:ae:52:ff:74:1a:9e:71:49:14:
         e7:aa:d4:43:e1:af:c6:ce:df:3e:5f:a8:5e:07:5e:1f:a1:10:
         f8:7c:ce:17
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZaHnsDC+4jRz937iA9rrTfdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNDcwMzIzZjIzMTIyOWNhNjkxZjNlMDk1MTljMWFjODJm
MmVhMDEwHhcNMjUwNDMwMTY1NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjA1OTlmZTJlMmIxOTEwZGJhYmFlZTMzY2VlMmJlOTk0ODZhMDUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtuArfeihn08Lc6tbvXVyje5N1x6r
dGIUThOwCRialewQzyRuQnHLV1jRADnrtMa3fNrYaWiGKLNhAnQqOkaY8k7/RWYQ
s+GapciL5w5Vne1hMPnRpHFmFZblVOeaFYUaci6omf7RWM+7JbaEYl3iWDPqxrNz
325d4IVP4fbtgl7WX6c+9QEJAMwXK0fWaPUqObiVMpoV1ErGLPfGGQcAcgy5Fzch
an8DOgfd1pJrHp4MDVRt+iNHP2fn9HpTEccqVawtPBrYZCTvG4Eax+EidW+wnabP
Lp3QP9fc5CEEr2LZCs8mcAvugmkg/yPq4UihAHpcXNY8gA/B1wf2rsfZFQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFFsFmf4uKxkQ26uu4zzuK+mUhqBSMB8GA1UdIwQY
MBaAFGNHAyPyMSKcppHz4JUZwayC8uoBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTBjRElfSXhJcHlta2ZQZ2xSbkJySUx5NmdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy9lYmYzMDQtNWRkYi00NTY5LWFhMWUt
ZDQ1YzEyNDcyOTM1LzEvV3dXWl9pNHJHUkRicTY3alBPNHI2WlNHb0ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy9lYmYzMDQtNWRkYi00NTY5LWFhMWUtZDQ1YzEyNDcyOTM1
LzEvWTBjRElfSXhJcHlta2ZQZ2xSbkJySUx5NmdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAhmQwDQYJ
KoZIhvcNAQELBQADggEBAIUjAbAPzwAZeW/jl92OW76S5e3VCwyucCBZaHr60Ey6
bRJmBz88sJ17QfmRuPM7MPfZVE5GsTc189gdl5huHmYkBoS35xvmuSzHmrGNZCHD
0PovYHaKBrJnEErF0u7bc6anFVFBHFxm1ORiDnktgPeDZOSO6ViwIRzFGU2J0vmN
tmaY1rzB8wF2NvIlQsWrWGqDehKnmrfPR8kcpHw1xulhrUHk6006NBqcH0QyxQ1e
/OGHsXe9GKRiA9agMDeV9Kd+fSFVjcPv2SXNWxAXyZorU5lj92DryUdDP9UQ6yY+
5a5S/3QannFJFOeq1EPhr8bO3z5fqF4HXh+hEPh8zhc=
-----END CERTIFICATE-----