Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/096c17-dd83-4058-82e1-cda36256296c/1/W5JHXs8zLwGJy4IeuX9pjg56ARk.roa
File:                     W5JHXs8zLwGJy4IeuX9pjg56ARk.roa (raw, json)
Hash identifier:          oTtfujgJJ/+mSfltfqB/Zo/A05YAt91LC0YvRqH4YGg=
Subject key identifier:   5B:92:47:5E:CF:33:2F:01:89:CB:82:1E:B9:7F:69:8E:0E:7A:01:19
Certificate issuer:       /CN=1983b02e10ca821bfe1be6e751d92cf73d6d4c0b
Certificate serial:       01987E0C8F0260B51E0D24D447C17652A4B5
Authority key identifier: 19:83:B0:2E:10:CA:82:1B:FE:1B:E6:E7:51:D9:2C:F7:3D:6D:4C:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GYOwLhDKghv-G-bnUdks9z1tTAs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/096c17-dd83-4058-82e1-cda36256296c/1/W5JHXs8zLwGJy4IeuX9pjg56ARk.roa
Signing time:             Wed 06 Aug 2025 06:23:28 +0000
ROA not before:           Wed 06 Aug 2025 06:23:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208472
IP address blocks:        194.11.247.0/24 maxlen: 24
                          2a12:7dc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/096c17-dd83-4058-82e1-cda36256296c/1/GYOwLhDKghv-G-bnUdks9z1tTAs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/096c17-dd83-4058-82e1-cda36256296c/1/GYOwLhDKghv-G-bnUdks9z1tTAs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GYOwLhDKghv-G-bnUdks9z1tTAs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 05:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7e:0c:8f:02:60:b5:1e:0d:24:d4:47:c1:76:52:a4:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1983b02e10ca821bfe1be6e751d92cf73d6d4c0b
        Validity
            Not Before: Aug  6 06:23:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5b92475ecf332f0189cb821eb97f698e0e7a0119
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:3c:dd:2d:dd:e8:20:05:7b:9c:97:8d:e2:7d:
                    78:38:59:ea:65:64:a0:58:8e:c7:c6:29:6c:cd:3f:
                    ce:19:20:51:1c:39:2e:ff:dc:2c:93:35:e8:23:f6:
                    a3:8c:b4:d0:7d:3b:51:4f:12:2f:27:0a:c9:4f:f4:
                    02:36:e7:09:9d:e0:8c:1a:1b:d5:bd:8b:a2:43:6b:
                    37:7b:06:cd:06:86:a3:f3:5d:5b:c3:52:df:98:ca:
                    4d:38:d9:41:3d:b8:d9:5f:96:1b:91:01:a3:cd:47:
                    70:91:9b:c4:bc:c5:12:a6:2b:32:98:81:dd:6f:de:
                    f9:92:7a:fb:49:86:75:25:8e:55:57:af:70:93:e5:
                    0b:93:26:2c:27:dd:31:0b:4b:29:93:98:63:42:06:
                    1b:04:c5:4f:2f:4a:41:36:86:a0:9f:7b:54:a2:0a:
                    fd:30:14:e6:a8:5e:27:00:dd:5d:56:94:b7:d5:c4:
                    7c:dd:7d:6d:63:89:31:ee:d4:25:3e:e6:ee:7c:0a:
                    84:95:e0:c1:4f:6b:a3:27:b4:ef:85:2f:e6:46:e8:
                    d8:bd:96:50:89:bb:85:e6:76:08:e3:ed:00:29:77:
                    31:d7:94:8d:f9:bf:a9:d0:0d:ba:0d:28:44:4c:fc:
                    df:05:fb:78:b4:21:29:22:2f:0a:0b:21:ff:1a:aa:
                    82:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:92:47:5E:CF:33:2F:01:89:CB:82:1E:B9:7F:69:8E:0E:7A:01:19
            X509v3 Authority Key Identifier:
                keyid:19:83:B0:2E:10:CA:82:1B:FE:1B:E6:E7:51:D9:2C:F7:3D:6D:4C:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GYOwLhDKghv-G-bnUdks9z1tTAs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/096c17-dd83-4058-82e1-cda36256296c/1/W5JHXs8zLwGJy4IeuX9pjg56ARk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/096c17-dd83-4058-82e1-cda36256296c/1/GYOwLhDKghv-G-bnUdks9z1tTAs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.11.247.0/24
                IPv6:
                  2a12:7dc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7f:99:c3:5b:07:e4:ba:57:bc:34:b4:7b:82:f5:1a:c2:45:44:
         06:a8:1a:2b:29:60:ac:91:d4:a8:e5:cf:6f:d1:89:96:fb:ad:
         f2:d6:87:ff:07:8f:0a:e7:83:0e:06:54:00:2a:69:83:28:db:
         9a:04:c3:5a:01:d7:6f:de:0c:5b:9a:12:cd:6c:53:35:09:ac:
         38:46:5f:81:f0:a3:fd:28:30:c5:e8:a9:b5:54:d9:a1:99:bf:
         54:9c:d9:c5:80:43:d5:6d:7c:25:db:68:84:4f:9e:65:93:78:
         a9:42:b2:5b:cb:8e:5e:10:ce:3d:5e:80:63:01:da:5b:8b:19:
         df:48:77:e8:07:a1:6d:ad:bd:9c:2a:1a:2d:3d:63:ec:5d:e9:
         cf:d0:8c:98:17:70:71:d2:e5:22:65:14:4b:0e:25:29:d7:1b:
         65:9b:7d:c5:44:d8:e5:f2:51:79:d3:d9:2d:c6:bc:36:b2:f4:
         2a:17:7f:aa:51:01:87:98:31:28:d6:43:43:c7:bd:37:be:24:
         37:af:b8:70:e8:ec:a4:61:83:a3:03:d3:b6:df:32:e0:3e:79:
         0d:7f:82:28:55:62:25:49:bd:6c:a8:62:f2:2e:27:67:d4:27:
         71:87:66:36:50:49:b0:dd:a9:2e:b1:f6:d5:c9:f6:38:e2:11:
         a3:d7:20:e5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZh+DI8CYLUeDSTUR8F2UqS1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5ODNiMDJlMTBjYTgyMWJmZTFiZTZlNzUxZDkyY2Y3M2Q2
ZDRjMGIwHhcNMjUwODA2MDYyMzI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjkyNDc1ZWNmMzMyZjAxODljYjgyMWViOTdmNjk4ZTBlN2EwMTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjzdLd3oIAV7nJeN4n14OFnqZWSg
WI7HxilszT/OGSBRHDku/9wskzXoI/ajjLTQfTtRTxIvJwrJT/QCNucJneCMGhvV
vYuiQ2s3ewbNBoaj811bw1LfmMpNONlBPbjZX5YbkQGjzUdwkZvEvMUSpisymIHd
b975knr7SYZ1JY5VV69wk+ULkyYsJ90xC0spk5hjQgYbBMVPL0pBNoagn3tUogr9
MBTmqF4nAN1dVpS31cR83X1tY4kx7tQlPubufAqEleDBT2ujJ7TvhS/mRujYvZZQ
ibuF5nYI4+0AKXcx15SN+b+p0A26DShETPzfBft4tCEpIi8KCyH/GqqCvwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFuSR17PMy8BicuCHrl/aY4OegEZMB8GA1UdIwQY
MBaAFBmDsC4QyoIb/hvm51HZLPc9bUwLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1lPd0xoREtnaHYtRy1iblVka3M5ejF0VEFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8wOTZjMTctZGQ4My00MDU4LTgyZTEt
Y2RhMzYyNTYyOTZjLzEvVzVKSFhzOHpMd0dKeTRJZXVYOXBqZzU2QVJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8wOTZjMTctZGQ4My00MDU4LTgyZTEtY2RhMzYyNTYyOTZj
LzEvR1lPd0xoREtnaHYtRy1iblVka3M5ejF0VEFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwgv3MA0E
AgACMAcDBQMqEn3AMA0GCSqGSIb3DQEBCwUAA4IBAQB/mcNbB+S6V7w0tHuC9RrC
RUQGqBorKWCskdSo5c9v0YmW+63y1of/B48K54MOBlQAKmmDKNuaBMNaAddv3gxb
mhLNbFM1Caw4Rl+B8KP9KDDF6Km1VNmhmb9UnNnFgEPVbXwl22iET55lk3ipQrJb
y45eEM49XoBjAdpbixnfSHfoB6Ftrb2cKhotPWPsXenP0IyYF3Bx0uUiZRRLDiUp
1xtlm33FRNjl8lF509ktxrw2svQqF3+qUQGHmDEo1kNDx703viQ3r7hw6OykYYOj
A9O23zLgPnkNf4IoVWIlSb1sqGLyLidn1Cdxh2Y2UEmw3akusfbVyfY44hGj1yDl
-----END CERTIFICATE-----