Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/WmbIqV9o9XpbJJNNZ_VWFO9TBL4.roa
File:                     WmbIqV9o9XpbJJNNZ_VWFO9TBL4.roa (raw, json)
Hash identifier:          ZTZU9lhKKWOfjYilkOVQ8+twZ2guMhLDCbZIrbOV2vo=
Subject key identifier:   5A:66:C8:A9:5F:68:F5:7A:5B:24:93:4D:67:F5:56:14:EF:53:04:BE
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       01984836C43DB5BDE7669307682611E7975C
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/WmbIqV9o9XpbJJNNZ_VWFO9TBL4.roa
Signing time:             Sat 26 Jul 2025 19:30:05 +0000
ROA not before:           Sat 26 Jul 2025 19:30:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25198
IP address blocks:        87.229.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 11:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:48:36:c4:3d:b5:bd:e7:66:93:07:68:26:11:e7:97:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Jul 26 19:30:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5a66c8a95f68f57a5b24934d67f55614ef5304be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:25:ce:33:a1:fc:e8:d7:65:ea:a1:54:a9:a6:
                    04:f3:8a:68:e6:17:c1:fb:00:b0:98:91:43:e7:ce:
                    27:fa:f0:a5:3c:53:dd:45:5e:3d:f9:ee:1f:b9:50:
                    07:81:4c:93:03:cf:7e:56:23:b0:f9:70:be:fd:56:
                    83:16:dd:64:1f:cd:5a:01:a8:d7:5f:f3:ef:ae:34:
                    4f:f9:a7:ef:cc:0e:65:46:45:0a:34:ec:12:f3:aa:
                    c5:84:f1:65:3d:9c:5c:89:12:82:94:ed:04:0f:1b:
                    cd:9f:b9:af:65:00:12:85:ca:d1:78:7a:cd:23:87:
                    15:8e:25:df:66:2d:6f:0f:b9:e9:74:e6:06:71:bb:
                    e2:c6:66:47:4b:9e:c5:e5:78:77:a7:b2:c6:b8:52:
                    39:e2:0a:9c:4b:bf:1e:ae:07:52:38:40:f2:fe:ed:
                    87:d3:ec:bb:10:c9:c3:25:6d:bf:5a:4f:3c:25:1b:
                    56:3f:94:e0:57:96:16:15:77:4b:9e:f5:bb:a9:2c:
                    7e:6b:6b:af:7d:c9:eb:ca:f8:fb:f7:ff:ed:17:36:
                    fb:79:70:d7:33:32:23:c4:8b:5f:9a:22:dd:71:4e:
                    d5:0c:a3:40:b1:52:de:ff:65:df:60:d7:0c:27:01:
                    0a:af:bf:11:f1:21:87:53:4b:98:c3:10:50:89:d8:
                    52:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:66:C8:A9:5F:68:F5:7A:5B:24:93:4D:67:F5:56:14:EF:53:04:BE
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/WmbIqV9o9XpbJJNNZ_VWFO9TBL4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.229.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:3f:cf:20:44:e2:10:83:72:72:3d:ff:a4:2b:85:70:c3:30:
         4d:6c:f6:2d:76:eb:8d:85:1b:9a:3d:af:e8:e6:1e:6b:cc:0c:
         7e:c6:be:76:eb:56:a1:0d:d3:e9:8f:67:e2:72:c7:d7:97:4c:
         b0:96:9c:9a:e5:be:77:dd:52:51:be:55:fc:39:99:ac:c1:51:
         2d:1c:94:cc:a3:90:b9:92:67:e2:29:ef:00:7d:5b:bd:13:8d:
         ad:86:a3:83:46:f8:16:13:68:3b:0b:73:0d:fa:35:7b:b2:2e:
         7a:a6:d1:b1:ba:a7:8d:7c:ea:e8:25:e5:37:dd:dd:a6:d2:4e:
         47:3b:ef:cf:d3:81:b8:49:39:83:13:c4:56:12:4d:7a:e5:c3:
         45:5e:37:11:ba:16:f5:0a:0e:9d:6f:e5:fa:5b:55:9b:53:ec:
         a1:4d:ae:c8:9c:18:fd:51:f9:13:62:16:34:0d:6c:3d:bd:e7:
         65:05:37:fe:5b:b6:36:6b:2d:4c:de:9d:fa:51:c6:6b:85:64:
         ea:e5:dc:0d:53:5b:fd:44:3c:96:6f:a0:b8:1b:77:e3:ce:10:
         30:fb:c5:cb:34:c6:5d:ee:d7:62:24:b8:51:34:a9:fd:10:58:
         b1:3c:7a:ca:eb:c4:86:24:79:05:dd:04:63:38:3a:88:5d:ca:
         e3:d0:3a:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhINsQ9tb3nZpMHaCYR55dcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjUwNzI2MTkzMDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTY2YzhhOTVmNjhmNTdhNWIyNDkzNGQ2N2Y1NTYxNGVmNTMwNGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6yXOM6H86Ndl6qFUqaYE84po5hfB
+wCwmJFD584n+vClPFPdRV49+e4fuVAHgUyTA89+ViOw+XC+/VaDFt1kH81aAajX
X/PvrjRP+afvzA5lRkUKNOwS86rFhPFlPZxciRKClO0EDxvNn7mvZQAShcrReHrN
I4cVjiXfZi1vD7npdOYGcbvixmZHS57F5Xh3p7LGuFI54gqcS78ergdSOEDy/u2H
0+y7EMnDJW2/Wk88JRtWP5TgV5YWFXdLnvW7qSx+a2uvfcnryvj79//tFzb7eXDX
MzIjxItfmiLdcU7VDKNAsVLe/2XfYNcMJwEKr78R8SGHU0uYwxBQidhS/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFpmyKlfaPV6WySTTWf1VhTvUwS+MB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvV21iSXFWOW85WHBiSkpOTlpfVldGTzlUQkw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+UXMA0G
CSqGSIb3DQEBCwUAA4IBAQBYP88gROIQg3JyPf+kK4VwwzBNbPYtduuNhRuaPa/o
5h5rzAx+xr5261ahDdPpj2ficsfXl0ywlpya5b533VJRvlX8OZmswVEtHJTMo5C5
kmfiKe8AfVu9E42thqODRvgWE2g7C3MN+jV7si56ptGxuqeNfOroJeU33d2m0k5H
O+/P04G4STmDE8RWEk165cNFXjcRuhb1Cg6db+X6W1WbU+yhTa7InBj9UfkTYhY0
DWw9vedlBTf+W7Y2ay1M3p36UcZrhWTq5dwNU1v9RDyWb6C4G3fjzhAw+8XLNMZd
7tdiJLhRNKn9EFixPHrK68SGJHkF3QRjODqIXcrj0Drf
-----END CERTIFICATE-----
Generated at Fri Aug 8 13:01:04 2025 by rpki-client