Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/WO5iMFxx-F4JF78W9Ca0mfMOiYc.roa
File:                     WO5iMFxx-F4JF78W9Ca0mfMOiYc.roa (raw, json)
Hash identifier:          uBIHUV8mnwau9Fyw3ey0VTaOO0smiERX1iJx5QMdF/M=
Subject key identifier:   58:EE:62:30:5C:71:F8:5E:09:17:BF:16:F4:26:B4:99:F3:0E:89:87
Certificate issuer:       /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial:       0196D0E6D3A2F453DC0AA860EAFF5506AC67
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/WO5iMFxx-F4JF78W9Ca0mfMOiYc.roa
Signing time:             Wed 14 May 2025 22:25:10 +0000
ROA not before:           Wed 14 May 2025 22:25:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396356
IP address blocks:        213.182.205.0/24 maxlen: 24
                          213.182.207.0/24 maxlen: 24
                          213.182.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:d0:e6:d3:a2:f4:53:dc:0a:a8:60:ea:ff:55:06:ac:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
        Validity
            Not Before: May 14 22:25:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=58ee62305c71f85e0917bf16f426b499f30e8987
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:0c:6a:29:7f:10:14:40:3e:5b:db:d9:47:45:
                    cd:19:9b:12:7e:3e:66:00:47:77:ef:7d:02:00:8b:
                    b5:56:a5:42:3f:bf:45:08:aa:0c:47:19:92:27:bd:
                    62:95:52:c6:9b:1b:75:14:0f:60:66:97:00:4b:35:
                    fe:6c:7c:6e:87:b4:cd:5f:c5:0b:4c:e9:c8:13:f6:
                    93:6e:2a:ee:ca:96:14:d8:10:9b:9a:7b:ea:78:ed:
                    0c:b6:ab:f0:0f:d6:98:7a:c3:39:80:a5:92:59:13:
                    99:48:61:66:02:06:7e:9c:4d:ef:b2:40:99:a3:ce:
                    ac:b3:54:9f:e0:95:6b:9b:d4:fb:db:a3:4d:7e:11:
                    35:dc:67:d7:ab:71:7e:64:44:6b:d7:d7:36:b9:3e:
                    2c:e2:fb:33:f9:56:eb:19:3e:1c:83:83:a2:bb:5e:
                    ed:18:be:ce:9a:1c:5b:dd:8a:75:48:7b:81:c9:de:
                    e3:01:fe:52:4d:cf:9c:46:9f:62:3e:6d:0e:74:dc:
                    5d:26:dd:40:61:9a:da:0c:13:5e:77:d6:c6:80:04:
                    98:a1:09:8b:4f:35:85:f0:57:95:1b:43:01:45:0a:
                    57:0a:2f:4c:90:ad:25:61:02:87:cd:ba:e0:1e:4b:
                    93:c6:18:e6:fb:a9:21:29:0f:cd:42:76:31:09:9d:
                    94:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:EE:62:30:5C:71:F8:5E:09:17:BF:16:F4:26:B4:99:F3:0E:89:87
            X509v3 Authority Key Identifier:
                keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/WO5iMFxx-F4JF78W9Ca0mfMOiYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.182.205.0/24
                  213.182.207.0/24
                  213.182.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:7e:05:2f:68:c3:04:3b:11:6b:4d:ec:6f:0a:5b:df:db:7c:
         d3:06:3c:77:46:04:68:87:e6:3b:f3:71:b7:fc:e7:0e:2c:d3:
         7b:f5:ed:15:6b:74:0a:a4:93:8f:cc:aa:76:e3:52:08:4d:8a:
         21:e0:7a:c3:ac:01:0f:3a:dc:9e:c7:0d:3a:af:61:c2:f9:1f:
         66:32:34:84:16:53:ee:5a:81:72:5e:57:95:4d:a0:e3:38:f7:
         c2:15:36:27:3f:3e:7a:a7:67:e6:f2:f9:3f:1a:f4:5b:b0:5f:
         8a:88:cc:f8:37:86:92:f1:63:b2:2d:b2:20:51:95:b6:8e:07:
         be:29:bf:87:68:75:57:a2:5a:94:6c:50:e4:e2:08:16:89:b6:
         71:e4:4d:47:9e:0f:89:f4:f3:28:cc:a4:0c:d3:4d:ef:73:c6:
         7f:d2:fa:32:6e:71:08:f6:5c:d0:08:4e:bd:e9:cc:e6:9a:f9:
         57:cd:65:f5:6a:04:10:76:dd:33:5c:b1:c9:0e:ac:93:d5:3d:
         ec:d5:d9:13:8d:9c:4f:3e:90:15:40:d4:e7:81:d0:2e:a1:a5:
         8d:ed:5d:d0:d9:8e:e4:79:89:28:d0:53:35:80:f5:7d:f8:98:
         d3:42:c7:24:ba:e0:8a:94:93:9a:0f:d3:9d:80:94:8a:d6:a1:
         9f:34:b7:2e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZbQ5tOi9FPcCqhg6v9VBqxnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjUwNTE0MjIyNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGVlNjIzMDVjNzFmODVlMDkxN2JmMTZmNDI2YjQ5OWYzMGU4OTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxgxqKX8QFEA+W9vZR0XNGZsSfj5m
AEd3730CAIu1VqVCP79FCKoMRxmSJ71ilVLGmxt1FA9gZpcASzX+bHxuh7TNX8UL
TOnIE/aTbiruypYU2BCbmnvqeO0MtqvwD9aYesM5gKWSWROZSGFmAgZ+nE3vskCZ
o86ss1Sf4JVrm9T726NNfhE13GfXq3F+ZERr19c2uT4s4vsz+VbrGT4cg4Oiu17t
GL7Omhxb3Yp1SHuByd7jAf5STc+cRp9iPm0OdNxdJt1AYZraDBNed9bGgASYoQmL
TzWF8FeVG0MBRQpXCi9MkK0lYQKHzbrgHkuTxhjm+6khKQ/NQnYxCZ2UPQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFjuYjBccfheCRe/FvQmtJnzDomHMB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEvV081aU1GeHgtRjRKRjc4VzlDYTBtZk1PaVljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQA1bbNAwQA
1bbPAwQA1bbRMA0GCSqGSIb3DQEBCwUAA4IBAQBcfgUvaMMEOxFrTexvClvf23zT
Bjx3RgRoh+Y783G3/OcOLNN79e0Va3QKpJOPzKp241IITYoh4HrDrAEPOtyexw06
r2HC+R9mMjSEFlPuWoFyXleVTaDjOPfCFTYnPz56p2fm8vk/GvRbsF+KiMz4N4aS
8WOyLbIgUZW2jge+Kb+HaHVXolqUbFDk4ggWibZx5E1Hng+J9PMozKQM003vc8Z/
0voybnEI9lzQCE696czmmvlXzWX1agQQdt0zXLHJDqyT1T3s1dkTjZxPPpAVQNTn
gdAuoaWN7V3Q2Y7keYko0FM1gPV9+JjTQsckuuCKlJOaD9OdgJSK1qGfNLcu
-----END CERTIFICATE-----