Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/fe07b7-f464-4e67-8299-ca5e685438a2/1/WLPv_kiHkV3foWtvEt3ca8XVjG4.roa
File:                     WLPv_kiHkV3foWtvEt3ca8XVjG4.roa (raw, json)
Hash identifier:          485f4Pk93SekykKHn/Aq62sR6+/AvJghjHie2NYKlhI=
Subject key identifier:   58:B3:EF:FE:48:87:91:5D:DF:A1:6B:6F:12:DD:DC:6B:C5:D5:8C:6E
Certificate issuer:       /CN=b972bd49d551b4ada5bd6bb695618a79451ad34e
Certificate serial:       0197EA0B0FF8E3950DD8F0031C6A80451265
Authority key identifier: B9:72:BD:49:D5:51:B4:AD:A5:BD:6B:B6:95:61:8A:79:45:1A:D3:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uXK9SdVRtK2lvWu2lWGKeUUa004.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/fe07b7-f464-4e67-8299-ca5e685438a2/1/WLPv_kiHkV3foWtvEt3ca8XVjG4.roa
Signing time:             Tue 08 Jul 2025 12:38:02 +0000
ROA not before:           Tue 08 Jul 2025 12:38:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50489
IP address blocks:        178.18.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/fe07b7-f464-4e67-8299-ca5e685438a2/1/uXK9SdVRtK2lvWu2lWGKeUUa004.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/fe07b7-f464-4e67-8299-ca5e685438a2/1/uXK9SdVRtK2lvWu2lWGKeUUa004.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uXK9SdVRtK2lvWu2lWGKeUUa004.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 20:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ea:0b:0f:f8:e3:95:0d:d8:f0:03:1c:6a:80:45:12:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b972bd49d551b4ada5bd6bb695618a79451ad34e
        Validity
            Not Before: Jul  8 12:38:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=58b3effe4887915ddfa16b6f12dddc6bc5d58c6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:03:25:d6:55:e7:fe:8f:b1:50:d5:57:4b:6b:
                    e0:7a:97:82:dd:b6:fd:30:8b:85:a4:f0:7e:0c:7c:
                    73:1b:be:7d:d2:72:9e:60:4c:eb:42:58:ed:65:c6:
                    ee:ed:da:cd:41:eb:45:0d:31:4a:de:38:4b:26:fd:
                    24:dd:3d:b2:4e:8a:3b:c1:e5:ee:c4:5b:2d:dc:a0:
                    6d:e3:db:47:6f:68:44:2d:8d:89:4b:37:e7:a2:3e:
                    c9:af:c4:d3:39:2a:98:00:8a:a1:9b:be:f7:f9:87:
                    86:df:5a:77:6c:7a:e5:5f:4c:6a:3c:c0:f4:8b:7f:
                    93:56:4d:11:8f:5d:33:ad:98:bf:53:04:38:21:32:
                    a3:43:59:ba:62:0d:82:55:ae:0f:14:54:5c:a4:e8:
                    67:f7:29:b7:34:00:c5:72:db:2e:39:bf:80:ff:74:
                    8a:a0:f1:a1:b4:0f:7e:97:f0:ea:79:ec:cf:51:49:
                    a5:ab:f4:27:f6:3c:72:7d:96:a5:8a:ac:f0:3b:cd:
                    92:4e:fb:e0:1a:1b:93:43:88:18:f3:2c:69:33:b0:
                    6f:32:8f:aa:a4:77:f8:4a:8d:24:3e:a8:3c:5d:f2:
                    3c:0a:3c:2f:a6:d6:bf:84:0b:fe:da:cc:55:5c:90:
                    42:d2:f0:94:5a:94:3a:2b:6f:aa:af:4d:ea:18:ce:
                    b0:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:B3:EF:FE:48:87:91:5D:DF:A1:6B:6F:12:DD:DC:6B:C5:D5:8C:6E
            X509v3 Authority Key Identifier:
                keyid:B9:72:BD:49:D5:51:B4:AD:A5:BD:6B:B6:95:61:8A:79:45:1A:D3:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uXK9SdVRtK2lvWu2lWGKeUUa004.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/fe07b7-f464-4e67-8299-ca5e685438a2/1/WLPv_kiHkV3foWtvEt3ca8XVjG4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/fe07b7-f464-4e67-8299-ca5e685438a2/1/uXK9SdVRtK2lvWu2lWGKeUUa004.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.18.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:63:22:5f:24:73:10:bc:93:a0:9d:ea:99:b6:49:3f:b9:0e:
         29:d8:e7:0d:87:12:f8:80:2f:8c:1b:ae:8d:9a:2d:04:11:ad:
         75:9d:ed:c8:64:14:dc:7b:f1:4f:44:fc:60:90:e7:ea:f2:69:
         e5:bb:b8:51:82:22:55:29:c1:c2:a9:fc:49:86:25:07:dd:01:
         41:9d:66:9c:cb:00:d9:2e:4b:0a:5a:52:c3:fd:60:fe:9d:ad:
         4e:c6:b5:dd:c5:9d:82:fb:1c:e1:a1:15:4f:4a:73:8a:af:15:
         7b:49:3f:cf:00:78:53:14:30:a5:8c:c8:be:ea:77:25:38:2c:
         34:c8:4e:63:da:4c:74:97:57:33:a5:89:37:c3:a1:cd:42:7a:
         81:62:e0:18:9c:49:cd:2a:c0:cb:a0:be:a8:19:f6:00:6d:57:
         b8:f1:b5:c3:70:38:c0:f4:fc:22:74:82:4f:49:7b:72:f1:55:
         cc:66:71:25:c4:7d:97:57:9d:38:0b:55:79:a3:38:be:a5:d7:
         01:a7:04:2f:85:be:18:c5:69:81:92:f1:6a:7e:00:cd:57:05:
         a6:95:d2:cc:2b:a2:1e:11:f5:ab:40:a7:4a:f6:f9:80:de:d9:
         31:c2:28:a5:d6:00:93:24:83:a6:9a:e3:2f:48:9f:6f:b1:30:
         68:ab:8b:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfqCw/445UN2PADHGqARRJlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5NzJiZDQ5ZDU1MWI0YWRhNWJkNmJiNjk1NjE4YTc5NDUx
YWQzNGUwHhcNMjUwNzA4MTIzODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGIzZWZmZTQ4ODc5MTVkZGZhMTZiNmYxMmRkZGM2YmM1ZDU4YzZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyAMl1lXn/o+xUNVXS2vgepeC3bb9
MIuFpPB+DHxzG7590nKeYEzrQljtZcbu7drNQetFDTFK3jhLJv0k3T2yToo7weXu
xFst3KBt49tHb2hELY2JSzfnoj7Jr8TTOSqYAIqhm773+YeG31p3bHrlX0xqPMD0
i3+TVk0Rj10zrZi/UwQ4ITKjQ1m6Yg2CVa4PFFRcpOhn9ym3NADFctsuOb+A/3SK
oPGhtA9+l/DqeezPUUmlq/Qn9jxyfZaliqzwO82STvvgGhuTQ4gY8yxpM7BvMo+q
pHf4So0kPqg8XfI8Cjwvpta/hAv+2sxVXJBC0vCUWpQ6K2+qr03qGM6wWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFiz7/5Ih5Fd36FrbxLd3GvF1YxuMB8GA1UdIwQY
MBaAFLlyvUnVUbStpb1rtpVhinlFGtNOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVhLOVNkVlJ0SzJsdld1MmxXR0tlVVVhMDA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mZTA3YjctZjQ2NC00ZTY3LTgyOTkt
Y2E1ZTY4NTQzOGEyLzEvV0xQdl9raUhrVjNmb1d0dkV0M2NhOFhWakc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mZTA3YjctZjQ2NC00ZTY3LTgyOTktY2E1ZTY4NTQzOGEy
LzEvdVhLOVNkVlJ0SzJsdld1MmxXR0tlVVVhMDA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAshJ2MA0G
CSqGSIb3DQEBCwUAA4IBAQBqYyJfJHMQvJOgneqZtkk/uQ4p2OcNhxL4gC+MG66N
mi0EEa11ne3IZBTce/FPRPxgkOfq8mnlu7hRgiJVKcHCqfxJhiUH3QFBnWacywDZ
LksKWlLD/WD+na1OxrXdxZ2C+xzhoRVPSnOKrxV7ST/PAHhTFDCljMi+6nclOCw0
yE5j2kx0l1czpYk3w6HNQnqBYuAYnEnNKsDLoL6oGfYAbVe48bXDcDjA9PwidIJP
SXty8VXMZnElxH2XV504C1V5ozi+pdcBpwQvhb4YxWmBkvFqfgDNVwWmldLMK6Ie
EfWrQKdK9vmA3tkxwiil1gCTJIOmmuMvSJ9vsTBoq4uN
-----END CERTIFICATE-----