Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/5b4185-b080-498e-8cc7-6a6af5b74d38/1/WOXWvBeCokpSOHl_JrntVW9NKAM.roa
File:                     WOXWvBeCokpSOHl_JrntVW9NKAM.roa (raw, json)
Hash identifier:          eB6i8745ycqxVgNK38j0RIcjXGqo0GZI7gH9QRyDDJE=
Subject key identifier:   58:E5:D6:BC:17:82:A2:4A:52:38:79:7F:26:B9:ED:55:6F:4D:28:03
Certificate issuer:       /CN=d2323101b29596ff442d3749373b8e9983354670
Certificate serial:       01973A5C02659E0C58EE14534C75F4614572
Authority key identifier: D2:32:31:01:B2:95:96:FF:44:2D:37:49:37:3B:8E:99:83:35:46:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0jIxAbKVlv9ELTdJNzuOmYM1RnA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/5b4185-b080-498e-8cc7-6a6af5b74d38/1/WOXWvBeCokpSOHl_JrntVW9NKAM.roa
Signing time:             Wed 04 Jun 2025 09:53:17 +0000
ROA not before:           Wed 04 Jun 2025 09:53:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39728
IP address blocks:        45.152.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/5b4185-b080-498e-8cc7-6a6af5b74d38/1/0jIxAbKVlv9ELTdJNzuOmYM1RnA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/5b4185-b080-498e-8cc7-6a6af5b74d38/1/0jIxAbKVlv9ELTdJNzuOmYM1RnA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0jIxAbKVlv9ELTdJNzuOmYM1RnA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3a:5c:02:65:9e:0c:58:ee:14:53:4c:75:f4:61:45:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2323101b29596ff442d3749373b8e9983354670
        Validity
            Not Before: Jun  4 09:53:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=58e5d6bc1782a24a5238797f26b9ed556f4d2803
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:bf:cb:b9:be:8d:b6:c0:a9:13:2a:f4:90:f7:
                    d0:33:9c:b5:67:f5:91:c8:86:b7:1f:d6:a7:cb:8d:
                    d3:e6:d8:98:4f:8e:e7:77:a0:b1:e7:f2:91:2e:91:
                    c3:2e:3f:5c:18:05:f2:f4:d8:65:f8:d9:c8:19:fd:
                    4d:c6:d6:27:62:94:a0:c8:c6:e5:07:97:2c:f9:5e:
                    92:6c:c6:d6:14:ec:bb:4f:2d:5e:79:94:c4:f6:25:
                    f3:e5:5c:38:81:85:f8:6b:db:fa:8a:21:9c:0c:98:
                    ae:8d:bf:9d:b0:84:1a:6d:7e:ab:36:ee:71:81:54:
                    27:de:5f:f8:49:3c:ef:cf:6c:99:db:71:0e:dc:de:
                    e0:bd:af:67:bc:23:ed:24:25:a7:e1:f7:ff:f9:2a:
                    9a:75:ae:e8:f9:ec:c6:e5:ec:ea:4e:6d:c1:0a:12:
                    b9:97:30:4c:b8:d0:50:72:7f:89:d0:02:7f:5f:6a:
                    01:8a:bf:dc:9e:bb:16:24:01:bf:c1:42:e5:91:be:
                    21:8a:df:94:c0:1a:d5:ce:08:f9:94:6f:d7:c7:55:
                    dc:94:ca:9d:17:0d:f4:85:09:6b:e6:a9:c9:20:8a:
                    f0:a3:ff:a3:07:a4:c7:5c:7b:03:23:98:ac:7b:0e:
                    98:fe:5f:81:2a:25:7d:0c:81:70:ca:01:2c:ff:3c:
                    b9:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:E5:D6:BC:17:82:A2:4A:52:38:79:7F:26:B9:ED:55:6F:4D:28:03
            X509v3 Authority Key Identifier:
                keyid:D2:32:31:01:B2:95:96:FF:44:2D:37:49:37:3B:8E:99:83:35:46:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0jIxAbKVlv9ELTdJNzuOmYM1RnA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/5b4185-b080-498e-8cc7-6a6af5b74d38/1/WOXWvBeCokpSOHl_JrntVW9NKAM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/5b4185-b080-498e-8cc7-6a6af5b74d38/1/0jIxAbKVlv9ELTdJNzuOmYM1RnA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:48:b1:5c:f0:6d:44:99:93:8f:ae:dd:50:df:c2:a1:fc:e0:
         12:02:6c:e3:1c:f5:28:29:06:ec:13:0e:e4:c0:ca:f4:79:da:
         0f:ec:20:e3:c2:fd:ad:af:16:ec:fc:48:22:7f:dc:6c:67:3b:
         fc:88:40:c0:1e:ee:bb:14:06:b5:fd:8f:65:33:e7:c6:94:58:
         62:50:f4:f1:5e:37:05:07:ea:07:9e:31:fa:59:ea:62:49:f6:
         d6:51:1a:0a:fd:f6:7d:c2:9e:70:4b:73:4a:b2:38:cf:00:4c:
         22:f6:31:b2:e3:8f:12:21:87:42:1a:d5:03:a1:18:dc:5c:71:
         30:1f:25:02:df:aa:d7:cb:bb:e0:54:c5:62:b5:92:31:b2:96:
         64:c4:ae:79:82:2f:12:81:cb:c9:04:38:f4:2f:01:ab:08:50:
         fd:23:7c:18:f1:ec:43:a9:8f:3b:1a:26:16:d0:98:f7:2d:4f:
         d9:4d:34:dd:6d:b9:ff:53:b5:42:df:af:af:94:24:44:8d:8f:
         c3:01:a5:c3:0b:84:1b:4c:75:3e:9b:92:2e:7f:20:9b:8a:b8:
         cf:a4:8c:fc:52:11:25:e4:93:7c:6d:83:5f:3f:83:84:91:f0:
         c2:d3:6d:1b:7b:1f:22:d3:4c:97:33:93:db:c9:c0:2c:d0:c5:
         92:9a:87:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc6XAJlngxY7hRTTHX0YUVyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMzIzMTAxYjI5NTk2ZmY0NDJkMzc0OTM3M2I4ZTk5ODMz
NTQ2NzAwHhcNMjUwNjA0MDk1MzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGU1ZDZiYzE3ODJhMjRhNTIzODc5N2YyNmI5ZWQ1NTZmNGQyODAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7/Lub6NtsCpEyr0kPfQM5y1Z/WR
yIa3H9any43T5tiYT47nd6Cx5/KRLpHDLj9cGAXy9Nhl+NnIGf1NxtYnYpSgyMbl
B5cs+V6SbMbWFOy7Ty1eeZTE9iXz5Vw4gYX4a9v6iiGcDJiujb+dsIQabX6rNu5x
gVQn3l/4STzvz2yZ23EO3N7gva9nvCPtJCWn4ff/+Sqada7o+ezG5ezqTm3BChK5
lzBMuNBQcn+J0AJ/X2oBir/cnrsWJAG/wULlkb4hit+UwBrVzgj5lG/Xx1XclMqd
Fw30hQlr5qnJIIrwo/+jB6THXHsDI5isew6Y/l+BKiV9DIFwygEs/zy5JQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFjl1rwXgqJKUjh5fya57VVvTSgDMB8GA1UdIwQY
MBaAFNIyMQGylZb/RC03STc7jpmDNUZwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGpJeEFiS1ZsdjlFTFRkSk56dU9tWU0xUm5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS81YjQxODUtYjA4MC00OThlLThjYzct
NmE2YWY1Yjc0ZDM4LzEvV09YV3ZCZUNva3BTT0hsX0pybnRWVzlOS0FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS81YjQxODUtYjA4MC00OThlLThjYzctNmE2YWY1Yjc0ZDM4
LzEvMGpJeEFiS1ZsdjlFTFRkSk56dU9tWU0xUm5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZgbMA0G
CSqGSIb3DQEBCwUAA4IBAQBASLFc8G1EmZOPrt1Q38Kh/OASAmzjHPUoKQbsEw7k
wMr0edoP7CDjwv2trxbs/Egif9xsZzv8iEDAHu67FAa1/Y9lM+fGlFhiUPTxXjcF
B+oHnjH6WepiSfbWURoK/fZ9wp5wS3NKsjjPAEwi9jGy448SIYdCGtUDoRjcXHEw
HyUC36rXy7vgVMVitZIxspZkxK55gi8SgcvJBDj0LwGrCFD9I3wY8exDqY87GiYW
0Jj3LU/ZTTTdbbn/U7VC36+vlCREjY/DAaXDC4QbTHU+m5IufyCbirjPpIz8UhEl
5JN8bYNfP4OEkfDC020bex8i00yXM5PbycAs0MWSmocm
-----END CERTIFICATE-----