Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/700164-89d1-404f-af35-4ef47fc4bd7f/1/Wl_EjBbtukOR1fD5ALH5St0oHLU.roa
File:                     Wl_EjBbtukOR1fD5ALH5St0oHLU.roa (raw, json)
Hash identifier:          BOHQvH1SeOGEU4vC241fQ4avhn/HffBUh/ov8NCDhfo=
Subject key identifier:   5A:5F:C4:8C:16:ED:BA:43:91:D5:F0:F9:00:B1:F9:4A:DD:28:1C:B5
Certificate issuer:       /CN=af6eaeff123ca67446d0e49401e495057078e174
Certificate serial:       019864884609E87F9C3B976CCF7EF43271EF
Authority key identifier: AF:6E:AE:FF:12:3C:A6:74:46:D0:E4:94:01:E4:95:05:70:78:E1:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r26u_xI8pnRG0OSUAeSVBXB44XQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/700164-89d1-404f-af35-4ef47fc4bd7f/1/Wl_EjBbtukOR1fD5ALH5St0oHLU.roa
Signing time:             Fri 01 Aug 2025 07:28:28 +0000
ROA not before:           Fri 01 Aug 2025 07:28:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24940
IP address blocks:        185.172.124.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/700164-89d1-404f-af35-4ef47fc4bd7f/1/r26u_xI8pnRG0OSUAeSVBXB44XQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/700164-89d1-404f-af35-4ef47fc4bd7f/1/r26u_xI8pnRG0OSUAeSVBXB44XQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r26u_xI8pnRG0OSUAeSVBXB44XQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 19:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:64:88:46:09:e8:7f:9c:3b:97:6c:cf:7e:f4:32:71:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af6eaeff123ca67446d0e49401e495057078e174
        Validity
            Not Before: Aug  1 07:28:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5a5fc48c16edba4391d5f0f900b1f94add281cb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:c9:78:99:4c:71:a6:35:69:4f:f3:40:13:53:
                    b1:ba:7c:25:94:15:11:03:6e:c2:35:a2:e5:a2:d7:
                    2e:e2:e3:18:9b:c1:d2:fe:44:08:d1:44:2c:ae:8c:
                    7b:fe:12:57:2d:ab:95:31:2b:a7:c8:11:cf:8d:48:
                    38:db:4f:cd:4a:e9:29:c6:30:65:5b:75:2e:b3:2d:
                    83:88:25:d8:8e:91:6e:b9:e8:c6:c6:8a:de:0c:ce:
                    10:c6:55:d5:cc:b6:b9:4d:9f:9e:7a:30:5d:8b:6b:
                    39:f3:43:8c:6f:d3:7b:fe:29:cc:78:e6:aa:ed:ea:
                    38:e8:8e:db:39:82:48:f8:22:21:10:23:77:c2:a1:
                    46:fa:1a:51:5d:ef:39:db:df:18:78:00:50:62:42:
                    e8:60:82:47:26:f6:14:f6:8c:9a:91:82:a3:4a:d2:
                    c3:31:f3:86:fd:8e:84:6b:4d:ec:f0:8a:c4:ad:1e:
                    d4:d2:0a:92:e0:f6:5e:9c:d6:bd:56:b2:eb:22:25:
                    8d:8e:26:e5:79:87:a8:6b:40:44:b4:34:54:f8:7c:
                    0d:63:32:7e:4d:6a:09:49:44:e1:47:b5:2e:dd:11:
                    a2:49:6b:3a:85:3d:88:62:64:c0:5f:0d:ae:1b:72:
                    aa:86:0e:1b:a6:b3:92:d9:53:14:b9:90:8f:5d:91:
                    74:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:5F:C4:8C:16:ED:BA:43:91:D5:F0:F9:00:B1:F9:4A:DD:28:1C:B5
            X509v3 Authority Key Identifier:
                keyid:AF:6E:AE:FF:12:3C:A6:74:46:D0:E4:94:01:E4:95:05:70:78:E1:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r26u_xI8pnRG0OSUAeSVBXB44XQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/700164-89d1-404f-af35-4ef47fc4bd7f/1/Wl_EjBbtukOR1fD5ALH5St0oHLU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/700164-89d1-404f-af35-4ef47fc4bd7f/1/r26u_xI8pnRG0OSUAeSVBXB44XQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.172.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7e:40:e6:d0:68:1d:2e:47:66:ed:e7:b0:f7:35:18:93:bb:d7:
         35:92:d9:d5:c5:f0:9f:61:80:bb:01:c3:52:1f:d5:d6:37:29:
         d4:6e:fe:72:f7:30:3b:ad:36:f8:f1:be:b5:dc:03:70:8a:01:
         2f:50:8b:06:d6:df:d5:ad:d4:10:43:d7:66:52:b3:78:e4:b3:
         08:75:89:87:f6:8f:1a:fb:96:bc:61:d6:40:9d:d7:8c:db:43:
         09:d9:30:b7:fa:e5:aa:b0:0f:06:1b:cb:81:c5:4a:47:27:0e:
         3c:4e:30:de:30:0b:3f:51:6b:a6:e9:cd:70:7c:2a:b8:68:9d:
         c5:fe:05:1f:90:77:ff:9a:75:ac:69:06:05:d0:87:5a:e0:65:
         5d:fe:da:09:f5:89:27:30:7a:21:b4:ac:df:16:3d:2d:90:de:
         f1:0b:1f:94:2d:a5:24:22:26:1c:4b:01:e1:de:c0:79:ce:6a:
         66:38:a4:b1:54:4c:51:4b:75:7b:bb:9a:4a:7f:17:7d:3d:e6:
         d8:7c:78:ec:3e:3a:6f:d7:49:ce:d2:1a:8e:d1:7c:16:49:4a:
         ca:99:fe:7f:cc:46:5f:e2:24:50:a0:79:af:8a:79:8e:21:8a:
         e2:78:08:f6:71:e6:46:95:14:b8:93:2d:18:c7:66:59:61:50:
         5c:09:73:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhkiEYJ6H+cO5dsz370MnHvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNmVhZWZmMTIzY2E2NzQ0NmQwZTQ5NDAxZTQ5NTA1NzA3
OGUxNzQwHhcNMjUwODAxMDcyODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTVmYzQ4YzE2ZWRiYTQzOTFkNWYwZjkwMGIxZjk0YWRkMjgxY2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1sl4mUxxpjVpT/NAE1OxunwllBUR
A27CNaLlotcu4uMYm8HS/kQI0UQsrox7/hJXLauVMSunyBHPjUg420/NSukpxjBl
W3Uusy2DiCXYjpFuuejGxoreDM4QxlXVzLa5TZ+eejBdi2s580OMb9N7/inMeOaq
7eo46I7bOYJI+CIhECN3wqFG+hpRXe85298YeABQYkLoYIJHJvYU9oyakYKjStLD
MfOG/Y6Ea03s8IrErR7U0gqS4PZenNa9VrLrIiWNjibleYeoa0BEtDRU+HwNYzJ+
TWoJSUThR7Uu3RGiSWs6hT2IYmTAXw2uG3Kqhg4bprOS2VMUuZCPXZF0+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFpfxIwW7bpDkdXw+QCx+UrdKBy1MB8GA1UdIwQY
MBaAFK9urv8SPKZ0RtDklAHklQVweOF0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjI2dV94SThwblJHME9TVUFlU1ZCWEI0NFhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy83MDAxNjQtODlkMS00MDRmLWFmMzUt
NGVmNDdmYzRiZDdmLzEvV2xfRWpCYnR1a09SMWZENUFMSDVTdDBvSExVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy83MDAxNjQtODlkMS00MDRmLWFmMzUtNGVmNDdmYzRiZDdm
LzEvcjI2dV94SThwblJHME9TVUFlU1ZCWEI0NFhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuax8MA0G
CSqGSIb3DQEBCwUAA4IBAQB+QObQaB0uR2bt57D3NRiTu9c1ktnVxfCfYYC7AcNS
H9XWNynUbv5y9zA7rTb48b613ANwigEvUIsG1t/VrdQQQ9dmUrN45LMIdYmH9o8a
+5a8YdZAndeM20MJ2TC3+uWqsA8GG8uBxUpHJw48TjDeMAs/UWum6c1wfCq4aJ3F
/gUfkHf/mnWsaQYF0Ida4GVd/toJ9YknMHohtKzfFj0tkN7xCx+ULaUkIiYcSwHh
3sB5zmpmOKSxVExRS3V7u5pKfxd9PebYfHjsPjpv10nO0hqO0XwWSUrKmf5/zEZf
4iRQoHmvinmOIYrieAj2ceZGlRS4ky0Yx2ZZYVBcCXOn
-----END CERTIFICATE-----