Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/W0gNgYoCeAM0Ni7qpJAj1L463QQ.roa
File:                     W0gNgYoCeAM0Ni7qpJAj1L463QQ.roa (raw, json)
Hash identifier:          wScHN6zoxEUq0bDpBObSAweoykHAk6cbjieXwziC6O0=
Subject key identifier:   5B:48:0D:81:8A:02:78:03:34:36:2E:EA:A4:90:23:D4:BE:3A:DD:04
Certificate issuer:       /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial:       0196E47059EDA91CE9EE1B6DEB32785EFDA9
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/W0gNgYoCeAM0Ni7qpJAj1L463QQ.roa
Signing time:             Sun 18 May 2025 17:28:10 +0000
ROA not before:           Sun 18 May 2025 17:28:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43641
IP address blocks:        212.87.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 20:42:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:e4:70:59:ed:a9:1c:e9:ee:1b:6d:eb:32:78:5e:fd:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
        Validity
            Not Before: May 18 17:28:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5b480d818a02780334362eeaa49023d4be3add04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:8a:b1:33:fb:1d:c0:bd:f4:99:80:d0:55:31:
                    fb:c5:8c:a5:08:e3:60:db:c4:17:51:4c:0e:13:03:
                    35:c3:d9:95:62:af:8e:98:ea:fa:94:a1:b4:33:df:
                    74:1a:5c:30:43:20:51:92:53:68:2a:12:8a:1f:a7:
                    64:69:d8:a3:17:93:51:5e:9b:43:a3:46:a7:ab:3c:
                    94:e5:dc:2a:8b:93:6c:57:e3:7a:75:2a:e8:f6:63:
                    c4:63:7f:87:fe:d3:9c:9d:72:50:d0:4a:07:99:1f:
                    a6:8b:65:6f:62:ac:e3:ed:59:81:9b:9b:c3:88:a7:
                    54:7f:91:65:7e:0e:31:89:0c:e2:e1:ec:61:b5:a5:
                    77:52:43:7d:10:69:23:fd:1d:6c:67:8a:24:f4:07:
                    9b:8d:c4:47:eb:b5:6c:c1:ef:84:ac:e8:76:97:d9:
                    ee:3e:ae:7b:52:57:8a:14:63:17:c9:ef:63:40:d9:
                    d7:bf:1b:b8:d8:fd:23:a0:41:44:7f:34:ff:5c:e9:
                    31:bf:7d:91:2d:eb:bb:d9:3f:63:c9:a4:61:3d:31:
                    4b:3e:f0:28:1d:02:2c:87:09:aa:99:dc:a1:6b:b9:
                    d3:f8:ec:ed:4e:cc:bf:2e:cd:d8:0f:d4:2d:5e:59:
                    41:cd:2c:82:a8:55:dc:a6:19:d0:e7:a3:c4:46:9d:
                    d8:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:48:0D:81:8A:02:78:03:34:36:2E:EA:A4:90:23:D4:BE:3A:DD:04
            X509v3 Authority Key Identifier:
                keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/W0gNgYoCeAM0Ni7qpJAj1L463QQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.87.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:9c:8e:c7:a2:87:2d:f3:cc:6a:a1:e5:28:ad:aa:60:35:c1:
         d5:30:0a:da:1e:62:cd:cf:69:36:27:5d:dc:78:60:a9:33:d4:
         a3:c8:70:9f:e7:ca:7c:f1:f3:7a:29:fe:e5:9e:bd:32:33:b9:
         2f:76:7b:3a:f9:e3:58:48:f5:bd:f6:47:d4:65:54:80:e9:24:
         ae:9f:c8:3a:53:10:e1:1f:70:83:23:08:d9:1c:99:9c:fd:68:
         85:62:c9:c0:9c:bd:62:fd:b4:86:2d:d6:83:ef:ea:b3:c7:74:
         42:c1:d7:6f:41:13:a8:4f:ba:df:cd:11:a3:ba:b7:39:1e:48:
         ec:e2:a7:a2:ae:7f:70:2b:33:83:37:9b:b0:73:6c:1e:72:93:
         0d:ab:6c:49:45:ee:0d:43:62:d0:c8:8f:73:0a:b5:6f:d9:bd:
         38:8c:6b:b9:6f:09:94:1a:3c:4d:63:b7:76:69:aa:cf:1e:ec:
         50:94:44:20:91:07:95:18:8c:fa:64:10:f1:4f:09:64:4d:db:
         e4:da:49:2b:dd:15:0b:43:e7:21:a9:0b:1f:6c:6f:c5:18:4d:
         f9:f1:e4:93:d3:24:c4:52:88:ba:67:f3:24:8f:6a:2e:f3:2c:
         11:99:4f:5d:01:27:c5:3f:74:07:3e:65:4c:78:b1:a8:b5:d3:
         69:0a:4e:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbkcFntqRzp7htt6zJ4Xv2pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIzMDlhNjgxNDY3OGFkNzJlM2YzMWE0ZmUwMjcyZjQw
YmQ5ODYwHhcNMjUwNTE4MTcyODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjQ4MGQ4MThhMDI3ODAzMzQzNjJlZWFhNDkwMjNkNGJlM2FkZDA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjoqxM/sdwL30mYDQVTH7xYylCONg
28QXUUwOEwM1w9mVYq+OmOr6lKG0M990GlwwQyBRklNoKhKKH6dkadijF5NRXptD
o0anqzyU5dwqi5NsV+N6dSro9mPEY3+H/tOcnXJQ0EoHmR+mi2VvYqzj7VmBm5vD
iKdUf5Flfg4xiQzi4exhtaV3UkN9EGkj/R1sZ4ok9AebjcRH67Vswe+ErOh2l9nu
Pq57UleKFGMXye9jQNnXvxu42P0joEFEfzT/XOkxv32RLeu72T9jyaRhPTFLPvAo
HQIshwmqmdyha7nT+OztTsy/Ls3YD9QtXllBzSyCqFXcphnQ56PERp3YVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFtIDYGKAngDNDYu6qSQI9S+Ot0EMB8GA1UdIwQY
MBaAFP+CMJpoFGeK1y4/MaT+AnL0C9mGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTkt
ZjUyNTgxNjQwMmJkLzEvVzBnTmdZb0NlQU0wTmk3cXBKQWoxTDQ2M1FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTktZjUyNTgxNjQwMmJk
LzEvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1FfJMA0G
CSqGSIb3DQEBCwUAA4IBAQA4nI7Hooct88xqoeUorapgNcHVMAraHmLNz2k2J13c
eGCpM9SjyHCf58p88fN6Kf7lnr0yM7kvdns6+eNYSPW99kfUZVSA6SSun8g6UxDh
H3CDIwjZHJmc/WiFYsnAnL1i/bSGLdaD7+qzx3RCwddvQROoT7rfzRGjurc5Hkjs
4qeirn9wKzODN5uwc2wecpMNq2xJRe4NQ2LQyI9zCrVv2b04jGu5bwmUGjxNY7d2
aarPHuxQlEQgkQeVGIz6ZBDxTwlkTdvk2kkr3RULQ+chqQsfbG/FGE358eST0yTE
Uoi6Z/Mkj2ou8ywRmU9dASfFP3QHPmVMeLGotdNpCk7Q
-----END CERTIFICATE-----