Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/w3XEj_DV9fIFRhmFROarQCdn6Ms.roa
File:                     w3XEj_DV9fIFRhmFROarQCdn6Ms.roa (raw, json)
Hash identifier:          pKXXHhO9um6IJQVBaI4Bp8t0iIi+/wHe5zvkyl8qHy8=
Subject key identifier:   C3:75:C4:8F:F0:D5:F5:F2:05:46:19:85:44:E6:AB:40:27:67:E8:CB
Certificate issuer:       /CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
Certificate serial:       01965763F3DEC6B81357B8AEB78255FA013D
Authority key identifier: 8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/w3XEj_DV9fIFRhmFROarQCdn6Ms.roa
Signing time:             Mon 21 Apr 2025 08:08:10 +0000
ROA not before:           Mon 21 Apr 2025 08:08:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59432
IP address blocks:        188.191.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 14:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:57:63:f3:de:c6:b8:13:57:b8:ae:b7:82:55:fa:01:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
        Validity
            Not Before: Apr 21 08:08:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c375c48ff0d5f5f20546198544e6ab402767e8cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:85:84:d3:b8:e5:f4:78:b1:de:f3:24:99:61:
                    bf:e3:fe:f0:64:d8:24:84:6a:32:1f:e8:ef:2e:4a:
                    50:c8:a0:99:5a:88:0e:a8:47:d5:36:de:51:59:09:
                    f6:a1:aa:2b:3f:b9:aa:12:d5:69:3d:ba:83:76:90:
                    89:c0:c2:cc:5d:12:c4:e3:cf:ce:e1:a2:79:30:d6:
                    d6:8a:e4:bb:93:1e:6b:1c:bf:3d:0a:a7:5f:7b:a7:
                    ff:f3:be:ee:84:f2:71:3d:da:68:35:0d:ad:e6:e2:
                    5c:6b:ab:6e:da:01:d4:1e:76:92:d6:72:c7:99:f7:
                    35:62:43:93:3e:11:7d:8b:fd:34:84:4c:94:05:c5:
                    3d:71:4f:e8:ac:21:42:f4:6d:d8:64:8e:88:cd:3a:
                    f3:d6:83:b2:83:f9:0a:6e:e6:93:a0:86:4e:3f:ec:
                    3f:95:b6:3e:46:66:f2:8a:1f:59:dd:bc:77:28:4a:
                    70:87:ca:a1:44:0f:51:a8:89:b9:eb:98:40:36:b5:
                    27:f9:bd:9a:9e:77:c5:c1:ef:9c:65:8d:60:71:6c:
                    e7:98:46:a9:54:2e:ee:71:22:47:e9:ef:73:6d:67:
                    6c:0d:0b:7e:9e:c5:86:7c:21:d3:86:f8:5a:bc:0c:
                    65:b5:a6:a5:04:d6:58:1b:52:b5:5e:65:5e:d5:9a:
                    9b:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:75:C4:8F:F0:D5:F5:F2:05:46:19:85:44:E6:AB:40:27:67:E8:CB
            X509v3 Authority Key Identifier:
                keyid:8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/w3XEj_DV9fIFRhmFROarQCdn6Ms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.191.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:15:78:ef:c8:6c:45:f0:eb:2f:13:d6:02:08:62:2b:90:23:
         98:95:0b:7e:c4:e4:ba:ed:59:a3:4f:2e:a3:13:10:56:74:32:
         c1:cb:33:75:f5:8a:4b:07:e8:51:b3:a5:c6:ad:ad:39:e9:5c:
         c0:1f:f8:aa:6e:f0:56:08:e5:ba:cc:c3:6d:17:bc:db:c7:dc:
         97:54:92:0e:bb:72:41:db:00:b2:dd:32:e4:ab:15:df:e9:04:
         b3:a1:0a:26:ca:65:50:09:2f:56:00:5d:cd:69:e9:f8:83:2f:
         10:91:14:33:89:69:1f:7a:fd:3e:56:ad:96:53:85:90:ef:ca:
         57:55:7f:fb:41:7f:2b:ef:8b:89:24:16:d0:45:b6:a3:1a:89:
         37:b0:7d:c9:0a:11:94:42:33:a5:62:f0:6c:12:ae:a5:cc:de:
         fb:22:9b:7b:86:50:50:fa:5b:86:8e:70:35:23:cf:f3:cc:d0:
         4f:b5:89:f5:c1:7b:f6:51:fe:47:fc:d8:4f:76:cd:24:fd:af:
         e0:ac:97:99:86:a9:7c:37:b5:0c:f2:f2:3f:75:25:a0:ae:15:
         ec:f6:db:58:3e:01:e3:e9:e6:92:97:39:5b:6a:1e:8c:c2:df:
         1b:6c:0a:63:9e:83:8e:21:df:ff:ef:ae:ea:f1:f3:ae:9c:fe:
         85:dd:3a:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZXY/PexrgTV7iut4JV+gE9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMWFjODNlZTNhM2Y5NjhkNjZhZDJmZGY0NjE2ZTdiYjFl
NGQxZDcwHhcNMjUwNDIxMDgwODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzc1YzQ4ZmYwZDVmNWYyMDU0NjE5ODU0NGU2YWI0MDI3NjdlOGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo4WE07jl9Hix3vMkmWG/4/7wZNgk
hGoyH+jvLkpQyKCZWogOqEfVNt5RWQn2oaorP7mqEtVpPbqDdpCJwMLMXRLE48/O
4aJ5MNbWiuS7kx5rHL89Cqdfe6f/877uhPJxPdpoNQ2t5uJca6tu2gHUHnaS1nLH
mfc1YkOTPhF9i/00hEyUBcU9cU/orCFC9G3YZI6IzTrz1oOyg/kKbuaToIZOP+w/
lbY+Rmbyih9Z3bx3KEpwh8qhRA9RqIm565hANrUn+b2annfFwe+cZY1gcWznmEap
VC7ucSJH6e9zbWdsDQt+nsWGfCHThvhavAxltaalBNZYG1K1XmVe1ZqbNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMN1xI/w1fXyBUYZhUTmq0AnZ+jLMB8GA1UdIwQY
MBaAFI0ayD7jo/lo1mrS/fRhbnux5NHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWIt
ZGRmNTY3ZWRlZDAzLzEvdzNYRWpfRFY5ZklGUmhtRlJPYXJRQ2RuNk1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWItZGRmNTY3ZWRlZDAz
LzEvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvL9vMA0G
CSqGSIb3DQEBCwUAA4IBAQAlFXjvyGxF8OsvE9YCCGIrkCOYlQt+xOS67VmjTy6j
ExBWdDLByzN19YpLB+hRs6XGra056VzAH/iqbvBWCOW6zMNtF7zbx9yXVJIOu3JB
2wCy3TLkqxXf6QSzoQomymVQCS9WAF3Naen4gy8QkRQziWkfev0+Vq2WU4WQ78pX
VX/7QX8r74uJJBbQRbajGok3sH3JChGUQjOlYvBsEq6lzN77Ipt7hlBQ+luGjnA1
I8/zzNBPtYn1wXv2Uf5H/NhPds0k/a/grJeZhql8N7UM8vI/dSWgrhXs9ttYPgHj
6eaSlzlbah6Mwt8bbApjnoOOId//767q8fOunP6F3Tp/
-----END CERTIFICATE-----