Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/W0wwe8SBgrorcIdIh1C6dywoblE.roa
File:                     W0wwe8SBgrorcIdIh1C6dywoblE.roa (raw, json)
Hash identifier:          o7y7OudSu2OxvsqJQhdu7LZqt6SiNfP9ooVaizbrRo4=
Subject key identifier:   5B:4C:30:7B:C4:81:82:BA:2B:70:87:48:87:50:BA:77:2C:28:6E:51
Certificate issuer:       /CN=92e720465c5cd0da9c6a13b44fa0d86f649e5055
Certificate serial:       0197C5D617B4939E1E9B225D4A2BDD9F23F0
Authority key identifier: 92:E7:20:46:5C:5C:D0:DA:9C:6A:13:B4:4F:A0:D8:6F:64:9E:50:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/W0wwe8SBgrorcIdIh1C6dywoblE.roa
Signing time:             Tue 01 Jul 2025 11:53:51 +0000
ROA not before:           Tue 01 Jul 2025 11:53:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63023
IP address blocks:        185.189.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 08:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c5:d6:17:b4:93:9e:1e:9b:22:5d:4a:2b:dd:9f:23:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92e720465c5cd0da9c6a13b44fa0d86f649e5055
        Validity
            Not Before: Jul  1 11:53:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5b4c307bc48182ba2b7087488750ba772c286e51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:b4:0b:e4:b1:86:5f:6d:18:5c:01:39:a3:36:
                    3c:0d:80:36:01:36:20:cc:9f:f4:74:4c:3f:b8:13:
                    57:e5:d0:46:99:fc:98:39:e7:e3:df:de:98:79:bf:
                    52:66:83:e0:2b:c5:f2:98:f8:6d:c6:a8:18:62:c1:
                    30:26:62:6a:0b:2a:5e:d8:13:49:19:ec:a7:6c:15:
                    09:dd:2a:4e:2b:22:1e:84:0a:78:d4:6e:3f:60:83:
                    65:e5:73:cb:51:b0:a6:7a:99:37:4e:ef:88:d1:3a:
                    11:1e:9a:36:52:52:73:60:11:54:a0:59:d0:09:fc:
                    ad:26:be:d9:2a:88:49:5e:16:b5:1c:5d:b8:60:63:
                    71:5e:23:f8:94:bc:74:21:0e:52:52:77:bf:f6:a4:
                    28:e4:bf:95:67:99:a2:91:5f:0b:b0:03:12:01:0c:
                    0e:ae:9c:25:3f:16:49:03:32:e3:66:bf:be:79:5d:
                    ca:d1:93:42:29:00:e2:c5:f8:51:65:52:ce:69:59:
                    39:0e:e6:c2:9f:01:e4:c3:a8:0b:bc:a1:57:bc:77:
                    4a:14:42:8a:4a:06:54:85:59:45:a3:08:7d:d9:c4:
                    8c:af:86:38:8c:54:e6:24:51:a7:ee:2a:e3:89:01:
                    7f:6a:d7:72:03:42:e2:38:3d:9b:80:02:99:dd:0a:
                    30:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:4C:30:7B:C4:81:82:BA:2B:70:87:48:87:50:BA:77:2C:28:6E:51
            X509v3 Authority Key Identifier:
                keyid:92:E7:20:46:5C:5C:D0:DA:9C:6A:13:B4:4F:A0:D8:6F:64:9E:50:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/W0wwe8SBgrorcIdIh1C6dywoblE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.189.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:a0:cc:c1:f3:55:80:bb:ec:02:d6:86:d8:9f:cd:88:23:91:
         ed:67:f7:87:c4:45:97:8a:c2:7b:8e:fc:b6:a3:bd:bf:c5:18:
         12:aa:f7:cc:4d:a0:4c:12:56:ea:bf:83:2a:bf:90:35:a0:1b:
         85:da:9f:06:0a:23:90:12:86:6e:8e:53:80:3d:f5:08:44:9a:
         a4:8f:a5:d1:13:e2:a9:c2:0f:81:9f:9e:4e:3f:4a:50:ba:ab:
         21:d4:f3:a5:a5:0c:62:11:75:cb:15:0f:8f:75:f1:7e:6c:2d:
         46:ba:15:a7:cc:0e:18:02:cd:39:aa:f8:11:16:03:33:44:c5:
         54:1e:d4:ad:41:5c:74:5d:96:c8:7f:0c:0b:42:f7:cd:c7:bc:
         da:14:fc:47:98:df:36:bc:f0:4e:a7:d6:97:90:fd:d4:3b:74:
         cc:7c:4c:86:b7:c0:aa:dc:23:77:2e:2c:80:f7:fd:3d:a1:ef:
         e3:9d:a7:9b:59:2d:d6:30:f3:4d:47:e5:65:cb:4b:18:dc:f2:
         86:fc:d4:5a:22:5b:50:01:1f:b8:be:52:24:eb:2f:65:8c:b4:
         1c:e4:8c:68:b2:da:36:13:a1:ee:5c:72:df:ac:99:76:9f:d6:
         60:25:ee:1a:1a:ee:82:be:27:d6:eb:dd:af:32:14:67:65:f8:
         74:8d:1f:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfF1he0k54emyJdSivdnyPwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZTcyMDQ2NWM1Y2QwZGE5YzZhMTNiNDRmYTBkODZmNjQ5
ZTUwNTUwHhcNMjUwNzAxMTE1MzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjRjMzA3YmM0ODE4MmJhMmI3MDg3NDg4NzUwYmE3NzJjMjg2ZTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxbQL5LGGX20YXAE5ozY8DYA2ATYg
zJ/0dEw/uBNX5dBGmfyYOefj396Yeb9SZoPgK8XymPhtxqgYYsEwJmJqCype2BNJ
GeynbBUJ3SpOKyIehAp41G4/YINl5XPLUbCmepk3Tu+I0ToRHpo2UlJzYBFUoFnQ
CfytJr7ZKohJXha1HF24YGNxXiP4lLx0IQ5SUne/9qQo5L+VZ5mikV8LsAMSAQwO
rpwlPxZJAzLjZr++eV3K0ZNCKQDixfhRZVLOaVk5DubCnwHkw6gLvKFXvHdKFEKK
SgZUhVlFowh92cSMr4Y4jFTmJFGn7irjiQF/atdyA0LiOD2bgAKZ3QowFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFtMMHvEgYK6K3CHSIdQuncsKG5RMB8GA1UdIwQY
MBaAFJLnIEZcXNDanGoTtE+g2G9knlBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3VjZ1JseGMwTnFjYWhPMFQ2RFliMlNlVUZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9mOGE5ZWItN2Y4ZC00YmY3LTgzZDkt
OTA5NmUxNjc0ZTIyLzEvVzB3d2U4U0Jncm9yY0lkSWgxQzZkeXdvYmxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9mOGE5ZWItN2Y4ZC00YmY3LTgzZDktOTA5NmUxNjc0ZTIy
LzEva3VjZ1JseGMwTnFjYWhPMFQ2RFliMlNlVUZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAub0gMA0G
CSqGSIb3DQEBCwUAA4IBAQASoMzB81WAu+wC1obYn82II5HtZ/eHxEWXisJ7jvy2
o72/xRgSqvfMTaBMElbqv4Mqv5A1oBuF2p8GCiOQEoZujlOAPfUIRJqkj6XRE+Kp
wg+Bn55OP0pQuqsh1POlpQxiEXXLFQ+PdfF+bC1GuhWnzA4YAs05qvgRFgMzRMVU
HtStQVx0XZbIfwwLQvfNx7zaFPxHmN82vPBOp9aXkP3UO3TMfEyGt8Cq3CN3LiyA
9/09oe/jnaebWS3WMPNNR+Vly0sY3PKG/NRaIltQAR+4vlIk6y9ljLQc5Ixosto2
E6HuXHLfrJl2n9ZgJe4aGu6CvifW692vMhRnZfh0jR/8
-----END CERTIFICATE-----