Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/b66c83-0d61-421f-b083-2b9fc41e0a80/1/wuvXabOVBK4GOsev9Qemmwn9bjY.roa
File:                     wuvXabOVBK4GOsev9Qemmwn9bjY.roa (raw, json)
Hash identifier:          HzzPUii+eixY+8V/70rd156MktjaoVxKQ8UgQ60e9O4=
Subject key identifier:   C2:EB:D7:69:B3:95:04:AE:06:3A:C7:AF:F5:07:A6:9B:09:FD:6E:36
Certificate issuer:       /CN=560190bdfb0a3f23b4411e7d748eddbbd09f8546
Certificate serial:       0197782CE5CE4D62C664E60CE00676AD8407
Authority key identifier: 56:01:90:BD:FB:0A:3F:23:B4:41:1E:7D:74:8E:DD:BB:D0:9F:85:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VgGQvfsKPyO0QR59dI7du9CfhUY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/b66c83-0d61-421f-b083-2b9fc41e0a80/1/wuvXabOVBK4GOsev9Qemmwn9bjY.roa
Signing time:             Mon 16 Jun 2025 09:58:17 +0000
ROA not before:           Mon 16 Jun 2025 09:58:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20694
IP address blocks:        212.108.184.0/21 maxlen: 24
                          2a02:358:1000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/b66c83-0d61-421f-b083-2b9fc41e0a80/1/VgGQvfsKPyO0QR59dI7du9CfhUY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/b66c83-0d61-421f-b083-2b9fc41e0a80/1/VgGQvfsKPyO0QR59dI7du9CfhUY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VgGQvfsKPyO0QR59dI7du9CfhUY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Jul 2025 22:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:78:2c:e5:ce:4d:62:c6:64:e6:0c:e0:06:76:ad:84:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=560190bdfb0a3f23b4411e7d748eddbbd09f8546
        Validity
            Not Before: Jun 16 09:58:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c2ebd769b39504ae063ac7aff507a69b09fd6e36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:54:cb:b4:d5:63:1e:94:0e:c8:51:bb:8b:43:
                    1f:4b:ae:5e:e0:ba:f9:6c:f7:83:c9:19:69:2e:fb:
                    3b:40:d1:d5:1c:10:f9:05:d5:80:d7:f3:94:56:7b:
                    36:72:da:91:27:db:30:ee:31:27:37:14:0a:5d:65:
                    fa:63:35:72:11:c6:ef:75:ac:94:f6:03:f0:36:d7:
                    07:5d:76:4a:d1:cc:27:ec:af:41:f5:9f:f4:8e:9d:
                    34:38:33:77:7d:4b:3b:4f:7f:a9:b1:74:d0:e3:17:
                    75:50:d5:8d:a0:4f:3b:d0:01:bd:d4:a3:f5:55:0e:
                    ae:95:0d:76:e7:74:dd:17:fa:40:b5:95:2f:8d:49:
                    6a:b3:e9:c3:8e:ae:44:b6:5a:69:9b:fc:df:c0:cd:
                    68:4c:9d:dc:e5:c0:56:73:69:f7:26:f6:0d:69:39:
                    49:92:c6:f2:f8:b1:9a:3b:48:64:db:d5:42:78:94:
                    f1:55:18:75:9c:ab:f1:9d:66:5a:4b:d7:4d:0f:26:
                    a6:b5:60:c7:b4:d5:fd:80:d3:e3:47:9f:a0:36:01:
                    b4:ee:56:27:83:d1:8a:17:97:44:d8:38:f0:e8:75:
                    2d:0a:b6:d0:b0:ce:7c:c8:d1:c2:d5:d6:a7:9e:9b:
                    1b:41:ac:40:e9:e6:47:c4:6a:86:8e:bf:27:39:88:
                    ac:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:EB:D7:69:B3:95:04:AE:06:3A:C7:AF:F5:07:A6:9B:09:FD:6E:36
            X509v3 Authority Key Identifier:
                keyid:56:01:90:BD:FB:0A:3F:23:B4:41:1E:7D:74:8E:DD:BB:D0:9F:85:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VgGQvfsKPyO0QR59dI7du9CfhUY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/b66c83-0d61-421f-b083-2b9fc41e0a80/1/wuvXabOVBK4GOsev9Qemmwn9bjY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/b66c83-0d61-421f-b083-2b9fc41e0a80/1/VgGQvfsKPyO0QR59dI7du9CfhUY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.108.184.0/21
                IPv6:
                  2a02:358:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         1f:56:60:9a:ba:3a:98:71:94:9d:aa:43:5f:54:e1:f5:00:9b:
         29:88:11:21:e4:31:b6:00:c3:bc:9f:b9:5d:8b:cb:d2:5c:cf:
         a4:c1:1f:09:1b:79:76:da:a5:a2:7e:31:ca:5b:b0:c3:20:80:
         4e:fe:af:28:37:34:d4:cf:a1:cb:28:83:cd:b7:48:d0:c5:15:
         c3:91:4b:90:68:e2:19:9e:83:2f:82:0e:da:5a:2a:d5:6b:ca:
         d0:51:82:55:62:79:a6:aa:bb:7f:d1:b5:0a:da:ea:90:76:77:
         48:a1:c1:b2:6e:d1:0a:b2:da:fd:cf:06:73:c8:f6:ce:aa:bb:
         63:1c:49:cb:23:f9:e4:c1:13:43:9c:20:49:b2:84:55:02:63:
         ad:bf:42:93:b7:31:58:e3:27:b8:95:65:8d:4c:0c:e6:af:f9:
         da:92:4c:57:79:30:54:d7:29:75:a5:7d:ea:67:c0:77:73:65:
         c9:e2:43:43:76:32:5d:47:d7:78:de:84:62:0d:91:68:ee:1f:
         2a:21:e1:35:0b:be:aa:82:b4:ca:09:60:60:a9:24:bb:08:39:
         25:10:8b:9a:44:9f:58:e6:ab:c5:11:84:9e:3c:52:1b:47:97:
         d5:b0:58:83:dd:96:36:f0:b9:c5:74:a0:91:63:7f:6c:04:0a:
         49:91:63:9e
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZd4LOXOTWLGZOYM4AZ2rYQHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2MDE5MGJkZmIwYTNmMjNiNDQxMWU3ZDc0OGVkZGJiZDA5
Zjg1NDYwHhcNMjUwNjE2MDk1ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmViZDc2OWIzOTUwNGFlMDYzYWM3YWZmNTA3YTY5YjA5ZmQ2ZTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA01TLtNVjHpQOyFG7i0MfS65e4Lr5
bPeDyRlpLvs7QNHVHBD5BdWA1/OUVns2ctqRJ9sw7jEnNxQKXWX6YzVyEcbvdayU
9gPwNtcHXXZK0cwn7K9B9Z/0jp00ODN3fUs7T3+psXTQ4xd1UNWNoE870AG91KP1
VQ6ulQ1253TdF/pAtZUvjUlqs+nDjq5Etlppm/zfwM1oTJ3c5cBWc2n3JvYNaTlJ
ksby+LGaO0hk29VCeJTxVRh1nKvxnWZaS9dNDyamtWDHtNX9gNPjR5+gNgG07lYn
g9GKF5dE2Djw6HUtCrbQsM58yNHC1dannpsbQaxA6eZHxGqGjr8nOYisNwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFMLr12mzlQSuBjrHr/UHppsJ/W42MB8GA1UdIwQY
MBaAFFYBkL37Cj8jtEEefXSO3bvQn4VGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmdHUXZmc0tQeU8wUVI1OWRJN2R1OUNmaFVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9iNjZjODMtMGQ2MS00MjFmLWIwODMt
MmI5ZmM0MWUwYTgwLzEvd3V2WGFiT1ZCSzRHT3NldjlRZW1td245YmpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9iNjZjODMtMGQ2MS00MjFmLWIwODMtMmI5ZmM0MWUwYTgw
LzEvVmdHUXZmc0tQeU8wUVI1OWRJN2R1OUNmaFVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQD1Gy4MA4E
AgACMAgDBgQqAgNYEDANBgkqhkiG9w0BAQsFAAOCAQEAH1Zgmro6mHGUnapDX1Th
9QCbKYgRIeQxtgDDvJ+5XYvL0lzPpMEfCRt5dtqlon4xyluwwyCATv6vKDc01M+h
yyiDzbdI0MUVw5FLkGjiGZ6DL4IO2loq1WvK0FGCVWJ5pqq7f9G1CtrqkHZ3SKHB
sm7RCrLa/c8Gc8j2zqq7YxxJyyP55METQ5wgSbKEVQJjrb9Ck7cxWOMnuJVljUwM
5q/52pJMV3kwVNcpdaV96mfAd3NlyeJDQ3YyXUfXeN6EYg2RaO4fKiHhNQu+qoK0
yglgYKkkuwg5JRCLmkSfWOarxRGEnjxSG0eX1bBYg92WNvC5xXSgkWN/bAQKSZFj
ng==
-----END CERTIFICATE-----