Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/be40ea-89c9-4fe3-9d0c-4c5b200b6709/1/wLmoD_8Og7x28Igym1-Hg5A410U.roa
File:                     wLmoD_8Og7x28Igym1-Hg5A410U.roa (raw, json)
Hash identifier:          +Yzl9wN++dP4CtoCNIFtppZ8l53ff/sGGZfNPkEeKbI=
Subject key identifier:   C0:B9:A8:0F:FF:0E:83:BC:76:F0:88:32:9B:5F:87:83:90:38:D7:45
Certificate issuer:       /CN=073848d8281be439e77750885b547a28152801bb
Certificate serial:       019788056122A20CF238CC887E527B452FB7
Authority key identifier: 07:38:48:D8:28:1B:E4:39:E7:77:50:88:5B:54:7A:28:15:28:01:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BzhI2Cgb5Dnnd1CIW1R6KBUoAbs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/be40ea-89c9-4fe3-9d0c-4c5b200b6709/1/wLmoD_8Og7x28Igym1-Hg5A410U.roa
Signing time:             Thu 19 Jun 2025 11:49:03 +0000
ROA not before:           Thu 19 Jun 2025 11:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3292
IP address blocks:        193.32.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/be40ea-89c9-4fe3-9d0c-4c5b200b6709/1/BzhI2Cgb5Dnnd1CIW1R6KBUoAbs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/be40ea-89c9-4fe3-9d0c-4c5b200b6709/1/BzhI2Cgb5Dnnd1CIW1R6KBUoAbs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BzhI2Cgb5Dnnd1CIW1R6KBUoAbs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 13:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:88:05:61:22:a2:0c:f2:38:cc:88:7e:52:7b:45:2f:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=073848d8281be439e77750885b547a28152801bb
        Validity
            Not Before: Jun 19 11:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c0b9a80fff0e83bc76f088329b5f87839038d745
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:89:7a:4b:b8:58:99:56:5a:48:0a:36:b6:9e:
                    7a:32:36:3a:c1:3f:3e:3a:db:6b:5a:70:59:37:d4:
                    25:a7:04:e1:ec:6a:a6:20:a7:48:34:52:3a:fb:42:
                    1c:f1:7c:c7:01:b8:85:13:6c:c6:e3:b5:82:b4:f1:
                    cc:9e:34:81:d0:cb:0c:49:b0:d9:06:9c:eb:57:2b:
                    ae:79:08:e7:85:4a:e7:85:6d:07:fa:63:43:55:d2:
                    39:10:dd:55:db:25:ff:6a:88:dd:4d:6b:a2:55:63:
                    cc:70:2b:ff:ee:44:c3:5a:c1:c8:f9:b1:a7:5c:30:
                    f4:91:8d:08:10:45:f2:9f:77:95:f0:85:25:c9:e0:
                    b1:0e:ee:3c:a1:d4:63:85:c7:11:7a:7d:5d:be:64:
                    ff:28:94:36:16:28:20:ad:9a:c6:54:e6:70:3f:70:
                    dd:b5:61:18:e3:6d:15:1e:a2:ea:af:61:cd:5a:63:
                    cb:58:48:13:d3:90:17:70:53:39:a7:05:e4:78:15:
                    4c:0b:60:37:da:45:40:c9:7c:b0:10:a9:29:82:f9:
                    34:44:d5:7a:94:45:b9:8b:fc:87:a1:75:51:0b:b6:
                    98:9d:8f:56:38:cd:e9:5b:38:4b:7b:b8:19:17:c5:
                    a9:e2:18:58:a1:0a:f5:67:24:f0:68:77:7b:b3:2c:
                    9d:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:B9:A8:0F:FF:0E:83:BC:76:F0:88:32:9B:5F:87:83:90:38:D7:45
            X509v3 Authority Key Identifier:
                keyid:07:38:48:D8:28:1B:E4:39:E7:77:50:88:5B:54:7A:28:15:28:01:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BzhI2Cgb5Dnnd1CIW1R6KBUoAbs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/be40ea-89c9-4fe3-9d0c-4c5b200b6709/1/wLmoD_8Og7x28Igym1-Hg5A410U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/be40ea-89c9-4fe3-9d0c-4c5b200b6709/1/BzhI2Cgb5Dnnd1CIW1R6KBUoAbs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:9a:3a:e2:4a:77:4f:92:93:b9:d2:e2:21:ef:09:d5:96:87:
         16:66:71:ac:9f:69:12:61:f7:da:2e:9d:b5:20:fa:ef:5e:83:
         4a:6c:d5:cb:0f:e7:f4:4d:de:b2:70:d7:a1:3f:7a:23:52:5b:
         2c:d8:5c:98:1a:85:0a:6c:b5:a5:6b:ca:67:ab:11:23:09:8e:
         f2:1e:c5:08:bb:55:cc:82:39:74:75:d8:fe:bf:51:88:bf:3e:
         46:49:c0:61:11:fa:3d:7b:50:d6:4f:2b:99:79:09:88:e7:92:
         ff:72:8c:e4:09:08:0f:95:80:9a:b4:02:24:3a:71:64:ea:81:
         d3:7f:46:a4:42:50:0e:76:4c:9d:e3:e4:ab:3e:8f:36:11:95:
         4d:93:e0:6a:3a:b4:37:81:a9:d0:3b:5c:5d:76:b2:4f:90:b4:
         cf:cb:03:fc:d6:a0:5d:ee:7d:4e:90:af:aa:eb:e2:ec:a5:48:
         5d:fa:c4:5a:88:a3:c0:e6:4a:9e:96:29:3e:7f:ef:a2:0c:65:
         6a:3f:46:2c:80:02:5d:19:61:8d:04:e3:0c:18:c2:00:54:71:
         67:6d:93:88:0a:8d:71:09:b3:5e:8b:bd:7d:02:ad:0d:a2:33:
         26:9f:89:5d:37:eb:fb:c0:9a:0f:87:fd:63:6a:82:42:af:c5:
         b6:b0:9b:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeIBWEiogzyOMyIflJ7RS+3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3Mzg0OGQ4MjgxYmU0MzllNzc3NTA4ODViNTQ3YTI4MTUy
ODAxYmIwHhcNMjUwNjE5MTE0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGI5YTgwZmZmMGU4M2JjNzZmMDg4MzI5YjVmODc4MzkwMzhkNzQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYl6S7hYmVZaSAo2tp56MjY6wT8+
OttrWnBZN9QlpwTh7GqmIKdINFI6+0Ic8XzHAbiFE2zG47WCtPHMnjSB0MsMSbDZ
BpzrVyuueQjnhUrnhW0H+mNDVdI5EN1V2yX/aojdTWuiVWPMcCv/7kTDWsHI+bGn
XDD0kY0IEEXyn3eV8IUlyeCxDu48odRjhccRen1dvmT/KJQ2FiggrZrGVOZwP3Dd
tWEY420VHqLqr2HNWmPLWEgT05AXcFM5pwXkeBVMC2A32kVAyXywEKkpgvk0RNV6
lEW5i/yHoXVRC7aYnY9WOM3pWzhLe7gZF8Wp4hhYoQr1ZyTwaHd7syydAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMC5qA//DoO8dvCIMptfh4OQONdFMB8GA1UdIwQY
MBaAFAc4SNgoG+Q553dQiFtUeigVKAG7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnpoSTJDZ2I1RG5uZDFDSVcxUjZLQlVvQWJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9iZTQwZWEtODljOS00ZmUzLTlkMGMt
NGM1YjIwMGI2NzA5LzEvd0xtb0RfOE9nN3gyOElneW0xLUhnNUE0MTBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9iZTQwZWEtODljOS00ZmUzLTlkMGMtNGM1YjIwMGI2NzA5
LzEvQnpoSTJDZ2I1RG5uZDFDSVcxUjZLQlVvQWJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSBBMA0G
CSqGSIb3DQEBCwUAA4IBAQBLmjriSndPkpO50uIh7wnVlocWZnGsn2kSYffaLp21
IPrvXoNKbNXLD+f0Td6ycNehP3ojUlss2FyYGoUKbLWla8pnqxEjCY7yHsUIu1XM
gjl0ddj+v1GIvz5GScBhEfo9e1DWTyuZeQmI55L/cozkCQgPlYCatAIkOnFk6oHT
f0akQlAOdkyd4+SrPo82EZVNk+BqOrQ3ganQO1xddrJPkLTPywP81qBd7n1OkK+q
6+LspUhd+sRaiKPA5kqelik+f++iDGVqP0YsgAJdGWGNBOMMGMIAVHFnbZOICo1x
CbNei719Aq0NojMmn4ldN+v7wJoPh/1jaoJCr8W2sJu7
-----END CERTIFICATE-----