Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/650c64-275d-44e1-84dc-f5b81ccf09cd/1/w-bn-aCE5W30xtl3JcELkxoTsW8.roa
File:                     w-bn-aCE5W30xtl3JcELkxoTsW8.roa (raw, json)
Hash identifier:          BpJzwRV75hoQ0T1DnwfQt7T4AohZsZH+92QsoGclyp8=
Subject key identifier:   C3:E6:E7:F9:A0:84:E5:6D:F4:C6:D9:77:25:C1:0B:93:1A:13:B1:6F
Certificate issuer:       /CN=5e262be5d12dfdbe2479e3a20713f457e93f069b
Certificate serial:       019836FCAABD5705B2D9A81919DAA814C085
Authority key identifier: 5E:26:2B:E5:D1:2D:FD:BE:24:79:E3:A2:07:13:F4:57:E9:3F:06:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XiYr5dEt_b4keeOiBxP0V-k_Bps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/650c64-275d-44e1-84dc-f5b81ccf09cd/1/w-bn-aCE5W30xtl3JcELkxoTsW8.roa
Signing time:             Wed 23 Jul 2025 11:13:05 +0000
ROA not before:           Wed 23 Jul 2025 11:13:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210760
IP address blocks:        178.216.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/650c64-275d-44e1-84dc-f5b81ccf09cd/1/XiYr5dEt_b4keeOiBxP0V-k_Bps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/650c64-275d-44e1-84dc-f5b81ccf09cd/1/XiYr5dEt_b4keeOiBxP0V-k_Bps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XiYr5dEt_b4keeOiBxP0V-k_Bps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:36:fc:aa:bd:57:05:b2:d9:a8:19:19:da:a8:14:c0:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e262be5d12dfdbe2479e3a20713f457e93f069b
        Validity
            Not Before: Jul 23 11:13:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c3e6e7f9a084e56df4c6d97725c10b931a13b16f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:b3:b4:58:77:fc:51:fa:c3:44:04:c2:7a:76:
                    19:15:64:e8:8a:f4:be:f5:68:d9:e2:07:d8:3b:d3:
                    f0:a5:fa:af:26:c8:94:6d:00:09:49:ca:80:66:62:
                    af:13:46:ab:57:2d:77:9a:df:0b:55:ae:51:b0:1e:
                    80:33:80:ef:bd:5a:d9:69:7e:7d:84:04:87:49:1d:
                    0a:e7:88:45:46:9a:8e:2e:df:f6:01:f6:a2:96:fa:
                    84:86:8b:ce:32:b6:eb:6c:ee:ee:87:b3:bb:ed:97:
                    44:a1:d9:f6:a7:24:d2:ec:b2:56:16:41:aa:b6:54:
                    77:72:da:7a:ab:0e:85:e3:23:4d:78:36:cd:5c:dd:
                    8d:15:23:b7:62:b0:3c:a9:3d:42:ea:a4:31:e1:cb:
                    c3:e2:10:60:24:16:fe:51:e3:4d:6d:bf:14:72:c2:
                    d1:02:41:6f:fa:36:ef:98:1c:14:3b:2b:5f:56:f2:
                    f0:1c:05:e4:af:63:39:d5:9c:70:23:02:a0:56:de:
                    ce:3b:8d:5f:da:c7:d0:f6:2c:7c:ff:3a:f7:e3:1b:
                    a0:3c:81:51:fd:98:37:05:76:fd:b9:c3:15:73:af:
                    00:40:6d:54:7b:d9:69:60:9d:77:20:a1:a1:51:5b:
                    3f:0e:56:97:35:2e:1b:6b:7c:dd:f1:00:65:d5:d9:
                    80:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:E6:E7:F9:A0:84:E5:6D:F4:C6:D9:77:25:C1:0B:93:1A:13:B1:6F
            X509v3 Authority Key Identifier:
                keyid:5E:26:2B:E5:D1:2D:FD:BE:24:79:E3:A2:07:13:F4:57:E9:3F:06:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XiYr5dEt_b4keeOiBxP0V-k_Bps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/650c64-275d-44e1-84dc-f5b81ccf09cd/1/w-bn-aCE5W30xtl3JcELkxoTsW8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/650c64-275d-44e1-84dc-f5b81ccf09cd/1/XiYr5dEt_b4keeOiBxP0V-k_Bps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.216.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:c2:a8:68:6c:14:ff:f5:51:5b:8e:2d:cd:0a:15:d3:f4:1d:
         23:62:27:16:73:67:38:b1:bd:1d:61:44:fa:60:ed:f0:ce:1e:
         98:34:5f:b8:79:19:dc:6a:0a:2b:3e:70:1e:4c:01:f9:b5:c1:
         f4:bd:51:f8:5f:b3:48:a5:c5:94:e9:1b:ac:6d:a8:31:22:56:
         00:2d:c6:e4:16:09:26:7f:47:a3:4d:b2:85:a2:89:ba:7d:24:
         7c:7f:b8:55:98:f8:e4:7b:9b:3a:a2:a5:b3:42:93:0b:c4:6b:
         de:56:d0:d6:50:56:f8:e7:cf:69:da:ba:85:22:7e:77:25:1f:
         c0:93:ad:bb:7d:3a:35:0a:8f:59:8e:ac:2c:04:36:de:c7:4d:
         a5:6c:05:df:12:a2:b6:51:3d:a5:31:36:73:18:55:ee:90:76:
         46:1c:f2:21:9a:d3:8e:ca:e8:35:d9:7c:86:7e:18:a1:35:43:
         f7:15:1e:14:56:36:a8:5b:56:66:70:43:26:8f:94:c9:9d:47:
         fb:b8:18:15:5e:44:f8:bd:e7:ea:8c:f7:41:cf:fa:fb:c5:bd:
         cd:19:54:2b:c1:0f:3c:56:6b:87:10:ed:14:cc:2f:19:30:74:
         9b:c9:9c:82:b9:e6:a4:62:49:09:10:fc:d3:16:6a:ff:32:01:
         72:19:04:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZg2/Kq9VwWy2agZGdqoFMCFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMjYyYmU1ZDEyZGZkYmUyNDc5ZTNhMjA3MTNmNDU3ZTkz
ZjA2OWIwHhcNMjUwNzIzMTExMzA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2U2ZTdmOWEwODRlNTZkZjRjNmQ5NzcyNWMxMGI5MzFhMTNiMTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu7O0WHf8UfrDRATCenYZFWToivS+
9WjZ4gfYO9PwpfqvJsiUbQAJScqAZmKvE0arVy13mt8LVa5RsB6AM4DvvVrZaX59
hASHSR0K54hFRpqOLt/2AfailvqEhovOMrbrbO7uh7O77ZdEodn2pyTS7LJWFkGq
tlR3ctp6qw6F4yNNeDbNXN2NFSO3YrA8qT1C6qQx4cvD4hBgJBb+UeNNbb8UcsLR
AkFv+jbvmBwUOytfVvLwHAXkr2M51ZxwIwKgVt7OO41f2sfQ9ix8/zr34xugPIFR
/Zg3BXb9ucMVc68AQG1Ue9lpYJ13IKGhUVs/DlaXNS4ba3zd8QBl1dmAeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMPm5/mghOVt9MbZdyXBC5MaE7FvMB8GA1UdIwQY
MBaAFF4mK+XRLf2+JHnjogcT9FfpPwabMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGlZcjVkRXRfYjRrZWVPaUJ4UDBWLWtfQnBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC82NTBjNjQtMjc1ZC00NGUxLTg0ZGMt
ZjViODFjY2YwOWNkLzEvdy1ibi1hQ0U1VzMweHRsM0pjRUxreG9Uc1c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC82NTBjNjQtMjc1ZC00NGUxLTg0ZGMtZjViODFjY2YwOWNk
LzEvWGlZcjVkRXRfYjRrZWVPaUJ4UDBWLWtfQnBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAstgPMA0G
CSqGSIb3DQEBCwUAA4IBAQCbwqhobBT/9VFbji3NChXT9B0jYicWc2c4sb0dYUT6
YO3wzh6YNF+4eRncagorPnAeTAH5tcH0vVH4X7NIpcWU6RusbagxIlYALcbkFgkm
f0ejTbKFoom6fSR8f7hVmPjke5s6oqWzQpMLxGveVtDWUFb4589p2rqFIn53JR/A
k627fTo1Co9ZjqwsBDbex02lbAXfEqK2UT2lMTZzGFXukHZGHPIhmtOOyug12XyG
fhihNUP3FR4UVjaoW1ZmcEMmj5TJnUf7uBgVXkT4vefqjPdBz/r7xb3NGVQrwQ88
VmuHEO0UzC8ZMHSbyZyCueakYkkJEPzTFmr/MgFyGQS2
-----END CERTIFICATE-----