Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/WOy4XXuLEMlJp9KBWwhDiF407tA.roa
File:                     WOy4XXuLEMlJp9KBWwhDiF407tA.roa (raw, json)
Hash identifier:          6fZWXR6YTfGld6EIK4/PHGRBk1q4g1SRUcUmJfhoCkw=
Subject key identifier:   58:EC:B8:5D:7B:8B:10:C9:49:A7:D2:81:5B:08:43:88:5E:34:EE:D0
Certificate issuer:       /CN=e58024b729d99f05133ec6d14390c73eb36db99e
Certificate serial:       01976A9150F9A2C4BC2EFCAA05D2C81B6BCF
Authority key identifier: E5:80:24:B7:29:D9:9F:05:13:3E:C6:D1:43:90:C7:3E:B3:6D:B9:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/WOy4XXuLEMlJp9KBWwhDiF407tA.roa
Signing time:             Fri 13 Jun 2025 18:33:17 +0000
ROA not before:           Fri 13 Jun 2025 18:33:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208483
IP address blocks:        82.129.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 13:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:6a:91:50:f9:a2:c4:bc:2e:fc:aa:05:d2:c8:1b:6b:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e58024b729d99f05133ec6d14390c73eb36db99e
        Validity
            Not Before: Jun 13 18:33:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=58ecb85d7b8b10c949a7d2815b0843885e34eed0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:c0:4e:8d:ce:a0:de:6a:c6:14:8d:a4:a7:73:
                    ed:a9:de:ca:3f:c2:e6:9c:d7:20:bd:9c:6a:b6:32:
                    85:95:c8:64:a4:00:06:1c:33:a4:e2:4c:20:2d:de:
                    b9:58:5e:6d:e9:90:45:1d:ea:43:63:81:df:47:e4:
                    08:a9:5c:81:43:43:ed:d7:90:9c:50:5d:17:85:7e:
                    6b:f3:f5:1c:63:1a:49:22:8c:87:34:a5:19:19:dc:
                    2c:97:94:fd:1b:ea:a5:57:f5:5f:fe:c3:df:1a:33:
                    a8:5f:d2:04:a0:f1:aa:2b:8e:f7:02:62:55:15:a4:
                    a0:79:51:0c:bd:3f:1e:93:49:c4:57:e1:03:7c:eb:
                    74:0c:c3:fe:2f:e8:b0:10:9e:af:f9:69:cc:e4:41:
                    6d:a0:c9:c2:78:bd:85:a1:4e:32:03:37:07:9d:17:
                    70:0f:ee:b6:ef:5d:4b:19:26:c5:60:8e:b3:38:12:
                    0e:db:72:43:22:fc:fa:2b:37:29:a2:79:38:54:49:
                    e5:ff:ba:c1:81:a7:b0:db:3f:71:5c:73:77:14:fd:
                    8f:64:09:cc:29:f1:6b:87:3b:73:d9:45:da:04:17:
                    10:a1:dd:b5:1b:c4:f5:49:38:a2:b2:dd:73:df:3f:
                    74:d9:93:3f:68:6f:5d:25:e4:92:0f:b2:3e:74:77:
                    7e:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:EC:B8:5D:7B:8B:10:C9:49:A7:D2:81:5B:08:43:88:5E:34:EE:D0
            X509v3 Authority Key Identifier:
                keyid:E5:80:24:B7:29:D9:9F:05:13:3E:C6:D1:43:90:C7:3E:B3:6D:B9:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/WOy4XXuLEMlJp9KBWwhDiF407tA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.129.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:88:08:15:5d:de:8c:b9:f2:a9:4b:31:e7:7a:39:e0:09:b1:
         7c:42:7d:4f:87:67:f8:d8:8b:46:56:e8:58:83:a9:9d:9d:ca:
         75:81:ca:ed:19:fa:95:6f:3b:14:0e:0a:07:0f:f7:c2:ff:55:
         d1:52:64:d3:d0:1f:3d:47:35:ea:3b:5f:09:ef:93:42:b1:4d:
         08:db:c6:b5:bd:5c:ae:81:ad:01:5a:9b:e2:da:99:bf:c5:78:
         bf:9f:c3:b0:8c:13:0b:11:5b:24:b1:4f:d7:64:7b:ad:ec:12:
         0c:4f:e2:4c:4d:6d:f5:bf:7b:e5:55:fb:c4:14:11:1a:24:58:
         21:29:59:48:c5:49:f8:42:ef:e9:f4:7c:68:fc:32:81:c7:0e:
         40:06:78:69:db:19:18:79:92:05:66:f4:d6:90:ce:60:28:56:
         40:75:7f:46:dc:95:d1:f9:32:a4:2c:ff:fe:74:ec:7a:db:1b:
         20:df:1b:2b:71:19:73:2c:2a:0e:1e:92:07:75:5d:94:61:14:
         95:9b:63:5c:13:fb:86:32:a4:58:fd:43:b7:f6:84:8d:9d:6d:
         75:9e:bc:1b:f9:52:46:f2:ee:05:92:d9:e8:94:ed:17:65:a7:
         0c:50:53:4d:4a:97:01:c4:06:9c:ad:48:53:1d:d3:9a:26:11:
         f5:1f:64:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdqkVD5osS8LvyqBdLIG2vPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ODAyNGI3MjlkOTlmMDUxMzNlYzZkMTQzOTBjNzNlYjM2
ZGI5OWUwHhcNMjUwNjEzMTgzMzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGVjYjg1ZDdiOGIxMGM5NDlhN2QyODE1YjA4NDM4ODVlMzRlZWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3sBOjc6g3mrGFI2kp3Ptqd7KP8Lm
nNcgvZxqtjKFlchkpAAGHDOk4kwgLd65WF5t6ZBFHepDY4HfR+QIqVyBQ0Pt15Cc
UF0XhX5r8/UcYxpJIoyHNKUZGdwsl5T9G+qlV/Vf/sPfGjOoX9IEoPGqK473AmJV
FaSgeVEMvT8ek0nEV+EDfOt0DMP+L+iwEJ6v+WnM5EFtoMnCeL2FoU4yAzcHnRdw
D+62711LGSbFYI6zOBIO23JDIvz6Kzcponk4VEnl/7rBgaew2z9xXHN3FP2PZAnM
KfFrhztz2UXaBBcQod21G8T1STiist1z3z902ZM/aG9dJeSSD7I+dHd+JQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFjsuF17ixDJSafSgVsIQ4heNO7QMB8GA1UdIwQY
MBaAFOWAJLcp2Z8FEz7G0UOQxz6zbbmeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVlBa3R5blpud1VUUHNiUlE1REhQck50dVo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9kNTYyOGEtZDliMS00ZGE5LWE3NDQt
OTU2ZjZiNWM2MTcwLzEvV095NFhYdUxFTWxKcDlLQld3aERpRjQwN3RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9kNTYyOGEtZDliMS00ZGE5LWE3NDQtOTU2ZjZiNWM2MTcw
LzEvNVlBa3R5blpud1VUUHNiUlE1REhQck50dVo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUoEEMA0G
CSqGSIb3DQEBCwUAA4IBAQCViAgVXd6MufKpSzHnejngCbF8Qn1Ph2f42ItGVuhY
g6mdncp1gcrtGfqVbzsUDgoHD/fC/1XRUmTT0B89RzXqO18J75NCsU0I28a1vVyu
ga0BWpvi2pm/xXi/n8OwjBMLEVsksU/XZHut7BIMT+JMTW31v3vlVfvEFBEaJFgh
KVlIxUn4Qu/p9Hxo/DKBxw5ABnhp2xkYeZIFZvTWkM5gKFZAdX9G3JXR+TKkLP/+
dOx62xsg3xsrcRlzLCoOHpIHdV2UYRSVm2NcE/uGMqRY/UO39oSNnW11nrwb+VJG
8u4FktnolO0XZacMUFNNSpcBxAacrUhTHdOaJhH1H2Ra
-----END CERTIFICATE-----