Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/c6179a-160d-40e2-ae86-7d134980c5be/1/WGAupgpGysspgv0JzDZP3WZ6oF8.roa
File:                     WGAupgpGysspgv0JzDZP3WZ6oF8.roa (raw, json)
Hash identifier:          cC88uE7lV2tWNXy8OMgW5KtlsMIE/697LRnmBN1YCMw=
Subject key identifier:   58:60:2E:A6:0A:46:CA:CB:29:82:FD:09:CC:36:4F:DD:66:7A:A0:5F
Certificate issuer:       /CN=02a962c1fe8e2e12a35576fd62987a0cbba463d4
Certificate serial:       0197C84F7FF5973F6FC764763CAEDF3C3301
Authority key identifier: 02:A9:62:C1:FE:8E:2E:12:A3:55:76:FD:62:98:7A:0C:BB:A4:63:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Aqliwf6OLhKjVXb9Yph6DLukY9Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/c6179a-160d-40e2-ae86-7d134980c5be/1/WGAupgpGysspgv0JzDZP3WZ6oF8.roa
Signing time:             Tue 01 Jul 2025 23:25:42 +0000
ROA not before:           Tue 01 Jul 2025 23:25:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63025
IP address blocks:        150.40.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/c6179a-160d-40e2-ae86-7d134980c5be/1/Aqliwf6OLhKjVXb9Yph6DLukY9Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/c6179a-160d-40e2-ae86-7d134980c5be/1/Aqliwf6OLhKjVXb9Yph6DLukY9Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Aqliwf6OLhKjVXb9Yph6DLukY9Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 07:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c8:4f:7f:f5:97:3f:6f:c7:64:76:3c:ae:df:3c:33:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02a962c1fe8e2e12a35576fd62987a0cbba463d4
        Validity
            Not Before: Jul  1 23:25:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=58602ea60a46cacb2982fd09cc364fdd667aa05f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:f6:c6:72:7b:d0:31:b2:1f:12:3d:68:ef:31:
                    16:75:08:55:d1:84:77:73:25:b8:7c:4e:31:79:de:
                    33:50:ad:df:5d:b5:57:6e:f0:6d:8b:7d:43:7f:0d:
                    67:c1:2a:7a:48:25:b8:82:f6:f0:31:1d:77:e9:75:
                    03:2b:40:d0:69:06:cd:bf:ac:e3:f8:22:16:e6:7f:
                    d1:ea:ff:3f:0c:81:76:64:14:a0:41:62:30:d7:e5:
                    cd:db:de:57:8a:fe:ad:16:d1:81:16:7f:d3:cf:00:
                    cf:5b:de:15:41:2b:4b:96:20:21:db:c6:79:fe:09:
                    ed:82:0f:02:bc:74:7b:b4:80:19:98:80:eb:4b:57:
                    18:c3:03:0f:db:b1:35:7c:9a:de:23:d1:bf:b9:36:
                    62:dd:cd:c2:b6:2c:da:7c:d3:90:05:21:07:fd:cd:
                    73:0c:fb:ac:eb:51:85:f2:01:44:e3:f8:18:2c:a5:
                    3d:c5:79:9e:f6:1a:3a:1e:5e:c3:8f:7f:30:d9:34:
                    82:18:ec:ef:30:fa:dc:2b:ae:9d:c4:58:17:b0:78:
                    a8:fc:8b:43:39:65:8a:76:67:77:32:d9:4f:00:cc:
                    dd:3b:36:a8:6b:a7:54:34:a9:14:99:38:5d:6b:ee:
                    01:26:f3:ff:26:b5:99:65:d4:6c:d8:c6:eb:79:d2:
                    4a:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:60:2E:A6:0A:46:CA:CB:29:82:FD:09:CC:36:4F:DD:66:7A:A0:5F
            X509v3 Authority Key Identifier:
                keyid:02:A9:62:C1:FE:8E:2E:12:A3:55:76:FD:62:98:7A:0C:BB:A4:63:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Aqliwf6OLhKjVXb9Yph6DLukY9Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/c6179a-160d-40e2-ae86-7d134980c5be/1/WGAupgpGysspgv0JzDZP3WZ6oF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/c6179a-160d-40e2-ae86-7d134980c5be/1/Aqliwf6OLhKjVXb9Yph6DLukY9Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.40.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:32:42:8f:78:b5:60:7c:db:00:03:5f:b2:57:1a:43:11:ce:
         d6:d7:d0:e9:8d:d8:95:74:a5:c1:f2:b4:04:f9:8a:a3:d4:72:
         0c:87:71:22:6e:77:9a:46:ac:35:fd:7d:d3:e7:12:81:27:5e:
         89:02:fd:ae:46:16:e7:4b:ae:7d:00:5b:47:c9:57:17:28:59:
         d2:8d:fa:c1:68:c0:55:56:b4:2d:a2:e0:7f:47:d5:5e:25:07:
         e0:e6:c0:fc:10:bf:17:70:41:31:c9:ac:17:f3:91:71:c7:f2:
         de:c7:c0:09:b8:43:02:45:7f:1b:c0:8e:03:a9:14:23:24:a4:
         56:21:bb:22:ad:c4:75:a6:6e:3d:b5:d3:d8:4a:36:19:e4:48:
         e9:10:f0:63:30:1b:07:5a:4b:98:d6:75:f2:fd:77:7f:4c:f2:
         c5:63:b7:53:8d:b8:e0:46:d7:56:7f:97:fa:9c:e1:c5:2c:33:
         fd:ab:08:e6:af:d6:42:84:14:76:88:e2:25:1a:0d:19:9a:5f:
         4b:6f:55:4d:1e:8a:44:13:c8:42:a7:df:6a:d3:36:1e:dc:88:
         95:d0:dc:14:52:3c:c2:74:53:59:30:23:e7:18:c9:44:73:d5:
         45:52:9a:9f:92:13:64:6b:22:11:c9:5a:47:84:b7:d7:2f:18:
         2c:cc:62:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfIT3/1lz9vx2R2PK7fPDMBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyYTk2MmMxZmU4ZTJlMTJhMzU1NzZmZDYyOTg3YTBjYmJh
NDYzZDQwHhcNMjUwNzAxMjMyNTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODYwMmVhNjBhNDZjYWNiMjk4MmZkMDljYzM2NGZkZDY2N2FhMDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkPbGcnvQMbIfEj1o7zEWdQhV0YR3
cyW4fE4xed4zUK3fXbVXbvBti31Dfw1nwSp6SCW4gvbwMR136XUDK0DQaQbNv6zj
+CIW5n/R6v8/DIF2ZBSgQWIw1+XN295Xiv6tFtGBFn/TzwDPW94VQStLliAh28Z5
/gntgg8CvHR7tIAZmIDrS1cYwwMP27E1fJreI9G/uTZi3c3CtizafNOQBSEH/c1z
DPus61GF8gFE4/gYLKU9xXme9ho6Hl7Dj38w2TSCGOzvMPrcK66dxFgXsHio/ItD
OWWKdmd3MtlPAMzdOzaoa6dUNKkUmThda+4BJvP/JrWZZdRs2MbredJKpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFhgLqYKRsrLKYL9Ccw2T91meqBfMB8GA1UdIwQY
MBaAFAKpYsH+ji4So1V2/WKYegy7pGPUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXFsaXdmNk9MaEtqVlhiOVlwaDZETHVrWTlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9jNjE3OWEtMTYwZC00MGUyLWFlODYt
N2QxMzQ5ODBjNWJlLzEvV0dBdXBncEd5c3NwZ3YwSnpEWlAzV1o2b0Y4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9jNjE3OWEtMTYwZC00MGUyLWFlODYtN2QxMzQ5ODBjNWJl
LzEvQXFsaXdmNk9MaEtqVlhiOVlwaDZETHVrWTlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAlihvMA0G
CSqGSIb3DQEBCwUAA4IBAQBiMkKPeLVgfNsAA1+yVxpDEc7W19DpjdiVdKXB8rQE
+Yqj1HIMh3EibneaRqw1/X3T5xKBJ16JAv2uRhbnS659AFtHyVcXKFnSjfrBaMBV
VrQtouB/R9VeJQfg5sD8EL8XcEExyawX85Fxx/Lex8AJuEMCRX8bwI4DqRQjJKRW
IbsircR1pm49tdPYSjYZ5EjpEPBjMBsHWkuY1nXy/Xd/TPLFY7dTjbjgRtdWf5f6
nOHFLDP9qwjmr9ZChBR2iOIlGg0Zml9Lb1VNHopEE8hCp99q0zYe3IiV0NwUUjzC
dFNZMCPnGMlEc9VFUpqfkhNkayIRyVpHhLfXLxgszGL+
-----END CERTIFICATE-----