Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/18c6ba-7b71-4466-bb33-005877da8026/1/WThbGtz2IYxf1vTJRB2TjqMIzOc.roa
File:                     WThbGtz2IYxf1vTJRB2TjqMIzOc.roa (raw, json)
Hash identifier:          TWCX9/z5Z1T4Mu8aWwo0GmQbY2mW+ddMS23z8G75JSQ=
Subject key identifier:   59:38:5B:1A:DC:F6:21:8C:5F:D6:F4:C9:44:1D:93:8E:A3:08:CC:E7
Certificate issuer:       /CN=72bd83f5275bd09e8d33b429881eb2f96b6d9de1
Certificate serial:       019A4FF19330CF0B428A85D2F12CD569E86A
Authority key identifier: 72:BD:83:F5:27:5B:D0:9E:8D:33:B4:29:88:1E:B2:F9:6B:6D:9D:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cr2D9Sdb0J6NM7QpiB6y-WttneE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/18c6ba-7b71-4466-bb33-005877da8026/1/WThbGtz2IYxf1vTJRB2TjqMIzOc.roa
Signing time:             Tue 04 Nov 2025 17:37:03 +0000
ROA not before:           Tue 04 Nov 2025 17:37:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1257
IP address blocks:        185.45.120.0/23 maxlen: 23
                          185.45.123.0/24 maxlen: 24
                          2a01:7ee0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/18c6ba-7b71-4466-bb33-005877da8026/1/cr2D9Sdb0J6NM7QpiB6y-WttneE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/18c6ba-7b71-4466-bb33-005877da8026/1/cr2D9Sdb0J6NM7QpiB6y-WttneE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cr2D9Sdb0J6NM7QpiB6y-WttneE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 17:37:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4f:f1:93:30:cf:0b:42:8a:85:d2:f1:2c:d5:69:e8:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72bd83f5275bd09e8d33b429881eb2f96b6d9de1
        Validity
            Not Before: Nov  4 17:37:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=59385b1adcf6218c5fd6f4c9441d938ea308cce7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:52:cc:ba:ec:11:1b:31:dc:63:56:02:b0:8f:
                    6a:93:63:0d:e7:3a:a5:2b:73:42:e7:d8:f9:70:d4:
                    b1:48:02:5a:6d:8e:54:ac:2b:fa:51:01:91:da:90:
                    22:23:99:cb:9c:29:74:be:a2:53:09:dc:da:63:fe:
                    87:77:18:ad:a0:c6:58:7e:3a:ca:a7:46:e6:b1:14:
                    94:d1:9a:df:92:bb:72:a1:3e:e7:fb:f3:9c:3a:53:
                    e0:c0:c8:84:7e:c2:15:d1:2d:7c:07:df:6c:ad:92:
                    a5:b4:f3:b8:b9:87:fc:7e:78:42:02:f2:1f:96:55:
                    f2:b0:93:aa:70:0e:15:7c:98:d7:7b:ed:b1:65:64:
                    2d:61:f0:a5:d3:79:09:04:a9:3e:a6:b2:04:c7:a2:
                    4d:a8:7b:5b:3e:f0:7b:7a:c4:24:b7:1c:7d:5d:f5:
                    57:b0:94:76:16:ef:9b:6b:10:f8:94:1c:51:c4:31:
                    aa:d4:be:c9:13:7f:32:d0:4d:34:0d:64:a7:0d:85:
                    73:9d:b4:ac:64:c1:cd:90:d1:be:01:d4:86:45:09:
                    c1:9d:09:b7:95:03:3f:ae:23:dd:53:72:20:e2:9e:
                    8e:f5:39:f1:bb:1d:4a:1f:79:ed:a7:62:8d:be:c4:
                    c3:37:21:4c:f8:63:fc:39:ef:35:ab:dc:2d:06:57:
                    59:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:38:5B:1A:DC:F6:21:8C:5F:D6:F4:C9:44:1D:93:8E:A3:08:CC:E7
            X509v3 Authority Key Identifier:
                keyid:72:BD:83:F5:27:5B:D0:9E:8D:33:B4:29:88:1E:B2:F9:6B:6D:9D:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cr2D9Sdb0J6NM7QpiB6y-WttneE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/18c6ba-7b71-4466-bb33-005877da8026/1/WThbGtz2IYxf1vTJRB2TjqMIzOc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/18c6ba-7b71-4466-bb33-005877da8026/1/cr2D9Sdb0J6NM7QpiB6y-WttneE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.45.120.0/23
                  185.45.123.0/24
                IPv6:
                  2a01:7ee0::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:bf:0a:35:09:54:44:36:eb:37:c3:6f:82:99:65:04:f5:37:
         31:9d:e7:d7:8d:ce:9d:e0:f5:7d:4e:96:cb:5e:16:05:22:2c:
         ad:22:bd:ff:ea:ba:16:d3:61:9b:43:07:a0:91:d7:37:fb:c2:
         e9:cd:27:8b:55:ee:b7:6f:80:d7:ff:62:13:dc:94:ac:6f:ab:
         0b:72:ee:31:03:49:e1:70:50:c1:85:99:47:2d:fc:24:b2:59:
         18:6c:54:5e:4b:0d:7b:57:5b:e7:3d:8e:60:ea:f5:ba:51:7b:
         d9:82:63:2e:de:7a:39:94:7a:d4:1c:eb:eb:02:78:e1:51:fa:
         96:73:6e:a6:01:fc:30:ae:d7:75:4b:73:5b:6b:bc:71:d6:31:
         4e:c9:06:35:47:a1:be:1a:e8:57:06:ed:fb:e7:e2:66:54:6a:
         69:65:6d:02:f6:b2:96:2c:39:f5:7a:43:90:ed:02:23:f7:1d:
         94:16:ee:a0:33:54:d7:7d:bb:19:67:44:79:3d:d8:47:cc:a7:
         59:c6:2c:a5:b9:37:4d:f3:bb:f6:5a:a6:53:1e:da:b8:1b:3d:
         f0:f8:cc:3b:fe:68:ab:5a:7d:24:53:2c:c4:72:22:c8:1a:b2:
         d0:e4:22:27:3f:24:50:e0:70:30:3a:0b:06:71:76:ca:00:d6:
         66:8b:8d:c9
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZpP8ZMwzwtCioXS8SzVaehqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYmQ4M2Y1Mjc1YmQwOWU4ZDMzYjQyOTg4MWViMmY5NmI2
ZDlkZTEwHhcNMjUxMTA0MTczNzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTM4NWIxYWRjZjYyMThjNWZkNmY0Yzk0NDFkOTM4ZWEzMDhjY2U3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvFLMuuwRGzHcY1YCsI9qk2MN5zql
K3NC59j5cNSxSAJabY5UrCv6UQGR2pAiI5nLnCl0vqJTCdzaY/6HdxitoMZYfjrK
p0bmsRSU0ZrfkrtyoT7n+/OcOlPgwMiEfsIV0S18B99srZKltPO4uYf8fnhCAvIf
llXysJOqcA4VfJjXe+2xZWQtYfCl03kJBKk+prIEx6JNqHtbPvB7esQktxx9XfVX
sJR2Fu+baxD4lBxRxDGq1L7JE38y0E00DWSnDYVznbSsZMHNkNG+AdSGRQnBnQm3
lQM/riPdU3Ig4p6O9Tnxux1KH3ntp2KNvsTDNyFM+GP8Oe81q9wtBldZ2QIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFFk4Wxrc9iGMX9b0yUQdk46jCMznMB8GA1UdIwQY
MBaAFHK9g/UnW9CejTO0KYgesvlrbZ3hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3IyRDlTZGIwSjZOTTdRcGlCNnktV3R0bmVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy8xOGM2YmEtN2I3MS00NDY2LWJiMzMt
MDA1ODc3ZGE4MDI2LzEvV1RoYkd0ejJJWXhmMXZUSlJCMlRqcU1Jek9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy8xOGM2YmEtN2I3MS00NDY2LWJiMzMtMDA1ODc3ZGE4MDI2
LzEvY3IyRDlTZGIwSjZOTTdRcGlCNnktV3R0bmVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQBuS14AwQA
uS17MA8EAgACMAkDBwAqAX7gAAAwDQYJKoZIhvcNAQELBQADggEBADK/CjUJVEQ2
6zfDb4KZZQT1NzGd59eNzp3g9X1OlsteFgUiLK0ivf/quhbTYZtDB6CR1zf7wunN
J4tV7rdvgNf/YhPclKxvqwty7jEDSeFwUMGFmUct/CSyWRhsVF5LDXtXW+c9jmDq
9bpRe9mCYy7eejmUetQc6+sCeOFR+pZzbqYB/DCu13VLc1trvHHWMU7JBjVHob4a
6FcG7fvn4mZUamllbQL2spYsOfV6Q5DtAiP3HZQW7qAzVNd9uxlnRHk92EfMp1nG
LKW5N03zu/ZaplMe2rgbPfD4zDv+aKtafSRTLMRyIsgastDkIic/JFDgcDA6CwZx
dsoA1maLjck=
-----END CERTIFICATE-----