Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/37b9a8-5186-43f3-9064-f5336327b881/1/wNDSq8yZE9PBcRFzNVbL2mjY9tI.roa
File:                     wNDSq8yZE9PBcRFzNVbL2mjY9tI.roa (raw, json)
Hash identifier:          +CAo2P8QJyLpdrdtqSl+fQIj2IGhG8nr3/YTjB35bgw=
Subject key identifier:   C0:D0:D2:AB:CC:99:13:D3:C1:71:11:73:35:56:CB:DA:68:D8:F6:D2
Certificate issuer:       /CN=5861579b875e3e093d47325b9735edbfe7809fba
Certificate serial:       019759992435DB773FFF8E623BA74C1B2C22
Authority key identifier: 58:61:57:9B:87:5E:3E:09:3D:47:32:5B:97:35:ED:BF:E7:80:9F:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WGFXm4dePgk9RzJblzXtv-eAn7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/37b9a8-5186-43f3-9064-f5336327b881/1/wNDSq8yZE9PBcRFzNVbL2mjY9tI.roa
Signing time:             Tue 10 Jun 2025 11:28:17 +0000
ROA not before:           Tue 10 Jun 2025 11:28:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        193.17.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/37b9a8-5186-43f3-9064-f5336327b881/1/WGFXm4dePgk9RzJblzXtv-eAn7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/37b9a8-5186-43f3-9064-f5336327b881/1/WGFXm4dePgk9RzJblzXtv-eAn7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WGFXm4dePgk9RzJblzXtv-eAn7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Jun 2025 23:47:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:59:99:24:35:db:77:3f:ff:8e:62:3b:a7:4c:1b:2c:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5861579b875e3e093d47325b9735edbfe7809fba
        Validity
            Not Before: Jun 10 11:28:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c0d0d2abcc9913d3c17111733556cbda68d8f6d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:61:9e:0f:d6:87:8b:7f:36:56:b7:b9:ba:63:
                    09:18:a4:46:2c:0a:22:6d:a3:73:a2:63:3b:53:a1:
                    d6:8b:21:93:48:f4:c7:48:db:f0:da:85:6b:58:a0:
                    9c:f7:e4:9a:00:33:61:90:82:0e:4e:67:18:7b:8a:
                    f0:63:76:44:36:7c:7b:f4:3f:f5:b8:23:be:07:f3:
                    f1:71:72:a4:ef:4f:e9:73:62:e1:6b:92:31:1b:86:
                    01:04:62:06:53:f1:de:01:67:07:b3:6d:7c:0d:d7:
                    1e:9a:5d:d4:89:0d:4d:14:59:dd:76:3b:5e:47:23:
                    e7:7c:71:4f:94:3a:20:82:81:03:87:fa:78:5a:00:
                    82:a8:60:02:76:4d:a3:dc:b3:d7:da:f2:cf:b7:3c:
                    00:b7:d1:a8:2e:a1:0f:79:e2:7c:57:80:60:d9:ef:
                    e9:51:81:41:cd:dc:a5:cd:f9:96:62:34:c8:b8:f9:
                    09:e1:82:3e:b5:71:ac:ef:a6:13:19:29:73:c8:a7:
                    fd:ed:88:58:e9:a7:8f:dd:c5:39:ee:ae:6a:6c:85:
                    dc:40:44:e0:49:eb:da:b1:7e:eb:a9:1d:ab:50:38:
                    bf:0e:43:a1:2d:96:fd:c8:2a:40:8b:91:6c:7b:b0:
                    1a:e9:ed:be:61:a5:7c:21:5d:a9:2b:43:07:68:5a:
                    ce:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:D0:D2:AB:CC:99:13:D3:C1:71:11:73:35:56:CB:DA:68:D8:F6:D2
            X509v3 Authority Key Identifier:
                keyid:58:61:57:9B:87:5E:3E:09:3D:47:32:5B:97:35:ED:BF:E7:80:9F:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WGFXm4dePgk9RzJblzXtv-eAn7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/37b9a8-5186-43f3-9064-f5336327b881/1/wNDSq8yZE9PBcRFzNVbL2mjY9tI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/37b9a8-5186-43f3-9064-f5336327b881/1/WGFXm4dePgk9RzJblzXtv-eAn7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.17.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:36:b3:c5:bf:c7:5d:32:34:69:cc:f7:4a:03:6d:80:e5:79:
         3f:95:05:c3:a1:a0:03:f8:48:ab:4e:bd:10:0e:5d:58:f6:c8:
         0f:55:d8:bd:f2:08:47:ea:f5:cc:d3:41:2e:e1:7c:80:a5:da:
         06:7d:4f:b8:f2:03:5d:69:16:3b:18:00:c0:e6:56:4e:d8:1b:
         f9:4c:68:04:d6:cf:1a:bb:32:7a:7f:07:f9:4e:01:c4:fc:a2:
         38:af:2d:ab:d7:f8:39:19:b2:fa:94:f6:66:ed:08:a3:c9:d8:
         f4:82:01:02:01:b6:e5:89:df:93:fe:5d:8e:95:f2:f5:bc:39:
         be:6b:ce:9c:c1:2d:63:68:76:1c:a8:f2:55:be:19:06:fa:7a:
         76:5d:52:42:37:84:a6:0d:50:04:fa:83:30:d6:d9:f2:4a:09:
         cc:99:d6:57:70:c7:3f:d2:8e:a9:5c:74:21:b3:db:02:b7:c1:
         53:f7:34:46:90:d0:dc:5c:08:62:56:cf:75:ae:be:8d:2f:cb:
         13:11:d2:bc:1a:bd:c2:4d:2c:57:ac:26:bb:c5:12:f4:fa:01:
         a1:e1:39:9b:e5:79:17:b0:2c:d8:4e:1b:f3:d1:04:49:8c:54:
         f8:e3:a4:a6:05:23:36:84:bf:65:9f:0c:7c:32:60:a5:86:59:
         1a:4b:00:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdZmSQ123c//45iO6dMGywiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4NjE1NzliODc1ZTNlMDkzZDQ3MzI1Yjk3MzVlZGJmZTc4
MDlmYmEwHhcNMjUwNjEwMTEyODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGQwZDJhYmNjOTkxM2QzYzE3MTExNzMzNTU2Y2JkYTY4ZDhmNmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWGeD9aHi382Vre5umMJGKRGLAoi
baNzomM7U6HWiyGTSPTHSNvw2oVrWKCc9+SaADNhkIIOTmcYe4rwY3ZENnx79D/1
uCO+B/PxcXKk70/pc2Lha5IxG4YBBGIGU/HeAWcHs218Ddceml3UiQ1NFFnddjte
RyPnfHFPlDoggoEDh/p4WgCCqGACdk2j3LPX2vLPtzwAt9GoLqEPeeJ8V4Bg2e/p
UYFBzdylzfmWYjTIuPkJ4YI+tXGs76YTGSlzyKf97YhY6aeP3cU57q5qbIXcQETg
SevasX7rqR2rUDi/DkOhLZb9yCpAi5Fse7Aa6e2+YaV8IV2pK0MHaFrO/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMDQ0qvMmRPTwXERczVWy9po2PbSMB8GA1UdIwQY
MBaAFFhhV5uHXj4JPUcyW5c17b/ngJ+6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0dGWG00ZGVQZ2s5UnpKYmx6WHR2LWVBbjdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny8zN2I5YTgtNTE4Ni00M2YzLTkwNjQt
ZjUzMzYzMjdiODgxLzEvd05EU3E4eVpFOVBCY1JGek5WYkwybWpZOXRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny8zN2I5YTgtNTE4Ni00M2YzLTkwNjQtZjUzMzYzMjdiODgx
LzEvV0dGWG00ZGVQZ2s5UnpKYmx6WHR2LWVBbjdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRHfMA0G
CSqGSIb3DQEBCwUAA4IBAQBjNrPFv8ddMjRpzPdKA22A5Xk/lQXDoaAD+EirTr0Q
Dl1Y9sgPVdi98ghH6vXM00Eu4XyApdoGfU+48gNdaRY7GADA5lZO2Bv5TGgE1s8a
uzJ6fwf5TgHE/KI4ry2r1/g5GbL6lPZm7Qijydj0ggECAbblid+T/l2OlfL1vDm+
a86cwS1jaHYcqPJVvhkG+np2XVJCN4SmDVAE+oMw1tnySgnMmdZXcMc/0o6pXHQh
s9sCt8FT9zRGkNDcXAhiVs91rr6NL8sTEdK8Gr3CTSxXrCa7xRL0+gGh4Tmb5XkX
sCzYThvz0QRJjFT446SmBSM2hL9lnwx8MmClhlkaSwCD
-----END CERTIFICATE-----