Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/w-kia0Dcl-D0S1cF7F9c-RlG748.roa
File:                     w-kia0Dcl-D0S1cF7F9c-RlG748.roa (raw, json)
Hash identifier:          TI6//HLATO/7mdIMcI1NIKH9FQsgJWUg8coUzNZcuE0=
Subject key identifier:   C3:E9:22:6B:40:DC:97:E0:F4:4B:57:05:EC:5F:5C:F9:19:46:EF:8F
Certificate issuer:       /CN=297ef9befd1a7e24c0cc9729987fc065d6b7132f
Certificate serial:       0197EF6ED9F076A5EDA06335C223BCF97240
Authority key identifier: 29:7E:F9:BE:FD:1A:7E:24:C0:CC:97:29:98:7F:C0:65:D6:B7:13:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/w-kia0Dcl-D0S1cF7F9c-RlG748.roa
Signing time:             Wed 09 Jul 2025 13:45:08 +0000
ROA not before:           Wed 09 Jul 2025 13:45:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210734
IP address blocks:        5.10.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ef:6e:d9:f0:76:a5:ed:a0:63:35:c2:23:bc:f9:72:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=297ef9befd1a7e24c0cc9729987fc065d6b7132f
        Validity
            Not Before: Jul  9 13:45:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c3e9226b40dc97e0f44b5705ec5f5cf91946ef8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:94:87:9a:e8:80:43:c3:4f:fd:e0:cb:76:d5:
                    ee:a7:b0:d8:d2:b4:54:9f:70:ea:21:c2:c9:33:92:
                    b9:1a:84:61:8b:99:98:12:93:1c:af:84:aa:51:26:
                    29:32:81:74:d0:7e:29:d7:83:97:78:f5:0d:ec:54:
                    4f:a0:5e:12:12:17:09:23:c6:76:9d:de:50:26:9d:
                    9b:5e:3e:b8:19:b0:fa:1b:60:06:07:46:07:bc:b0:
                    68:98:75:ab:72:79:c7:ff:39:d4:74:9d:aa:2b:1d:
                    19:1d:34:fd:84:87:66:9d:f5:72:ba:32:b3:4b:b3:
                    d9:be:28:0e:ac:96:16:93:23:7f:be:a8:fe:ff:98:
                    cb:98:79:55:6b:12:20:de:0e:06:08:cb:7b:a1:23:
                    12:f6:49:28:b7:1c:37:22:19:46:b5:32:a1:70:ba:
                    e5:5e:fe:9f:67:dc:f0:c7:1c:46:5c:7e:5b:ed:09:
                    d8:36:17:80:5a:34:d1:36:f0:37:54:d3:c0:03:5c:
                    bc:23:96:2b:9f:2c:f9:55:24:29:62:46:52:76:d7:
                    8d:7b:3f:ba:a3:c0:50:25:05:eb:40:87:89:bd:e9:
                    b3:d6:e2:6f:51:22:93:2b:f5:e1:6b:48:d7:0c:bf:
                    5e:62:22:ad:fc:1f:fb:50:f0:f1:23:c4:77:40:df:
                    38:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:E9:22:6B:40:DC:97:E0:F4:4B:57:05:EC:5F:5C:F9:19:46:EF:8F
            X509v3 Authority Key Identifier:
                keyid:29:7E:F9:BE:FD:1A:7E:24:C0:CC:97:29:98:7F:C0:65:D6:B7:13:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/w-kia0Dcl-D0S1cF7F9c-RlG748.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.10.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:62:b2:e7:54:ca:33:ed:6c:f7:5f:ab:91:8e:fa:8f:7d:9e:
         fe:41:de:4e:9a:5a:c0:3b:a8:21:22:79:f8:86:67:98:6a:f2:
         51:2e:b7:28:bf:44:36:59:50:83:c2:69:d8:a6:e9:ea:43:39:
         24:ab:74:d4:4a:12:c7:57:28:a4:f3:b4:b7:65:2c:e7:81:14:
         66:cd:ac:96:88:7c:a4:03:dd:ae:65:9d:01:1d:cc:f4:dc:6e:
         21:41:de:43:d8:c7:49:84:78:60:d8:e9:a0:9c:60:f8:da:fc:
         8c:54:35:4c:71:de:32:a6:50:9b:56:d1:bc:76:54:99:d3:61:
         ca:73:ea:7b:96:26:14:19:e8:da:be:52:06:88:b4:58:f1:0b:
         dc:5c:b0:01:79:a7:80:b5:dc:64:7f:39:99:88:70:11:81:ed:
         cc:4e:7d:4b:e9:88:f2:ae:b3:bf:44:dc:dc:ad:59:13:37:cb:
         dc:58:da:56:02:e0:2f:77:7a:da:a8:bd:12:83:d3:e1:ce:a5:
         f4:f1:2b:2d:06:ac:a0:25:d2:91:1d:7b:ed:45:65:5c:ab:e9:
         a6:cd:ea:46:68:7e:2a:18:32:ab:a9:3a:6a:54:72:32:67:40:
         e8:92:1e:cd:57:7f:33:6d:3a:f9:4b:fa:9c:15:95:df:ff:c6:
         c2:d0:92:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfvbtnwdqXtoGM1wiO8+XJAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5N2VmOWJlZmQxYTdlMjRjMGNjOTcyOTk4N2ZjMDY1ZDZi
NzEzMmYwHhcNMjUwNzA5MTM0NTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2U5MjI2YjQwZGM5N2UwZjQ0YjU3MDVlYzVmNWNmOTE5NDZlZjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5SHmuiAQ8NP/eDLdtXup7DY0rRU
n3DqIcLJM5K5GoRhi5mYEpMcr4SqUSYpMoF00H4p14OXePUN7FRPoF4SEhcJI8Z2
nd5QJp2bXj64GbD6G2AGB0YHvLBomHWrcnnH/znUdJ2qKx0ZHTT9hIdmnfVyujKz
S7PZvigOrJYWkyN/vqj+/5jLmHlVaxIg3g4GCMt7oSMS9kkotxw3IhlGtTKhcLrl
Xv6fZ9zwxxxGXH5b7QnYNheAWjTRNvA3VNPAA1y8I5Yrnyz5VSQpYkZSdteNez+6
o8BQJQXrQIeJvemz1uJvUSKTK/Xha0jXDL9eYiKt/B/7UPDxI8R3QN84TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMPpImtA3Jfg9EtXBexfXPkZRu+PMB8GA1UdIwQY
MBaAFCl++b79Gn4kwMyXKZh/wGXWtxMvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1g3NXZ2MGFmaVRBekpjcG1IX0FaZGEzRXk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9iZTQ5MDktNzQ1Zi00ZDBjLWJmYWIt
ZGVlNzY4NjAwMTNkLzEvdy1raWEwRGNsLUQwUzFjRjdGOWMtUmxHNzQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9iZTQ5MDktNzQ1Zi00ZDBjLWJmYWItZGVlNzY4NjAwMTNk
LzEvS1g3NXZ2MGFmaVRBekpjcG1IX0FaZGEzRXk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABQraMA0G
CSqGSIb3DQEBCwUAA4IBAQBaYrLnVMoz7Wz3X6uRjvqPfZ7+Qd5OmlrAO6ghInn4
hmeYavJRLrcov0Q2WVCDwmnYpunqQzkkq3TUShLHVyik87S3ZSzngRRmzayWiHyk
A92uZZ0BHcz03G4hQd5D2MdJhHhg2OmgnGD42vyMVDVMcd4yplCbVtG8dlSZ02HK
c+p7liYUGejavlIGiLRY8QvcXLABeaeAtdxkfzmZiHARge3MTn1L6YjyrrO/RNzc
rVkTN8vcWNpWAuAvd3raqL0Sg9PhzqX08SstBqygJdKRHXvtRWVcq+mmzepGaH4q
GDKrqTpqVHIyZ0Dokh7NV38zbTr5S/qcFZXf/8bC0JIW
-----END CERTIFICATE-----