Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/Wv5388wlQhklHahSmTc__s3NoLE.roa
File:                     Wv5388wlQhklHahSmTc__s3NoLE.roa (raw, json)
Hash identifier:          aHba1yC3JOAv35PLRKxvMiDiBWSyoqXiiA/VAVtP0+E=
Subject key identifier:   5A:FE:77:F3:CC:25:42:19:25:1D:A8:52:99:37:3F:FE:CD:CD:A0:B1
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       0196144C598E040BBE2181BEDD645BCC6081
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/Wv5388wlQhklHahSmTc__s3NoLE.roa
Signing time:             Tue 08 Apr 2025 07:27:50 +0000
ROA not before:           Tue 08 Apr 2025 07:27:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31715
IP address blocks:        194.61.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 May 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:14:4c:59:8e:04:0b:be:21:81:be:dd:64:5b:cc:60:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Apr  8 07:27:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5afe77f3cc254219251da85299373ffecdcda0b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:f2:eb:22:be:6c:d1:bb:81:0e:16:c7:a8:cb:
                    9d:57:54:6b:ab:61:42:27:71:34:cc:c4:5b:c1:20:
                    b5:eb:c5:23:48:b0:0d:60:ee:e6:6e:a1:d2:5b:44:
                    85:9a:35:3c:8a:82:de:6e:ae:06:a7:4a:3c:57:b8:
                    e4:21:e3:f3:e7:d4:56:8d:db:8c:47:4c:16:6f:22:
                    cd:12:da:f7:60:fc:66:8c:7b:85:41:1e:8d:c3:a7:
                    16:bc:ee:7f:df:59:89:a0:e0:c9:a7:a5:bc:53:65:
                    78:ea:0e:95:4a:66:90:5b:ca:a5:8e:7c:ac:bd:d2:
                    3a:b7:39:2e:d1:b5:c8:cc:f9:67:6e:7e:4e:2e:eb:
                    f4:2c:4a:16:72:81:77:8c:7c:e0:be:8a:72:83:41:
                    23:0d:50:21:0e:90:db:b3:6b:96:66:0a:99:bb:21:
                    29:05:54:17:e5:81:5b:ec:3d:84:1d:45:3b:64:1c:
                    e5:75:57:69:ef:00:ac:27:45:46:58:cd:08:b6:96:
                    c1:29:06:0e:62:9b:ce:99:bc:be:fb:63:bd:07:1d:
                    99:32:b3:90:30:27:aa:35:86:22:a2:1c:9d:75:db:
                    5b:d7:1b:e4:57:58:c1:3a:f8:f1:7d:24:6f:27:02:
                    26:cf:2e:29:0e:b1:69:4b:f8:ab:26:14:b7:aa:98:
                    bc:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:FE:77:F3:CC:25:42:19:25:1D:A8:52:99:37:3F:FE:CD:CD:A0:B1
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/Wv5388wlQhklHahSmTc__s3NoLE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.61.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:eb:cf:73:b6:f9:e8:9c:d8:c4:cf:25:7c:3a:ed:2d:11:c1:
         ff:d9:6c:52:a4:39:65:e2:e2:62:ff:58:06:ac:32:03:79:4c:
         e8:a5:84:0f:91:d3:38:ed:98:9d:75:21:4a:70:51:25:d9:b0:
         64:a7:f5:bf:8d:84:ef:ef:68:d7:2a:00:c5:82:86:20:5a:db:
         90:52:fa:83:50:00:34:36:5b:6b:ea:a5:f2:bc:74:a6:5e:e5:
         86:98:4a:20:38:fc:6b:27:38:e4:2c:1d:5a:8a:36:10:3c:4e:
         cc:ac:00:74:51:71:21:a2:a3:da:19:2c:cc:9c:23:8f:14:ab:
         91:da:08:33:7e:a8:82:4f:eb:54:8a:37:de:8b:15:d2:8d:3b:
         dc:8d:2c:de:c0:58:f8:e0:a2:2e:84:d3:86:d2:52:4a:ad:e1:
         e3:09:41:64:b7:c4:a4:bf:09:84:bc:11:65:f1:6e:ed:3d:a0:
         b2:55:80:c3:88:6e:48:28:4d:95:22:51:01:7e:0a:5e:11:1d:
         19:a1:f7:77:41:e2:9f:74:31:da:32:ec:d0:eb:8d:15:e4:79:
         40:78:73:e9:0c:ca:9f:c1:e0:23:49:33:3c:86:6f:dd:32:5f:
         ec:f1:4d:12:bb:d5:66:2c:6a:66:1c:ab:ca:a6:6c:d9:38:25:
         38:74:7a:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYUTFmOBAu+IYG+3WRbzGCBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjUwNDA4MDcyNzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWZlNzdmM2NjMjU0MjE5MjUxZGE4NTI5OTM3M2ZmZWNkY2RhMGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkPLrIr5s0buBDhbHqMudV1Rrq2FC
J3E0zMRbwSC168UjSLANYO7mbqHSW0SFmjU8ioLebq4Gp0o8V7jkIePz59RWjduM
R0wWbyLNEtr3YPxmjHuFQR6Nw6cWvO5/31mJoODJp6W8U2V46g6VSmaQW8qljnys
vdI6tzku0bXIzPlnbn5OLuv0LEoWcoF3jHzgvopyg0EjDVAhDpDbs2uWZgqZuyEp
BVQX5YFb7D2EHUU7ZBzldVdp7wCsJ0VGWM0ItpbBKQYOYpvOmby++2O9Bx2ZMrOQ
MCeqNYYiohydddtb1xvkV1jBOvjxfSRvJwImzy4pDrFpS/irJhS3qpi8awIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFr+d/PMJUIZJR2oUpk3P/7NzaCxMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvV3Y1Mzg4d2xRaGtsSGFoU21UY19fczNOb0xFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwj1IMA0G
CSqGSIb3DQEBCwUAA4IBAQAr689ztvnonNjEzyV8Ou0tEcH/2WxSpDll4uJi/1gG
rDIDeUzopYQPkdM47ZiddSFKcFEl2bBkp/W/jYTv72jXKgDFgoYgWtuQUvqDUAA0
Nltr6qXyvHSmXuWGmEogOPxrJzjkLB1aijYQPE7MrAB0UXEhoqPaGSzMnCOPFKuR
2ggzfqiCT+tUijfeixXSjTvcjSzewFj44KIuhNOG0lJKreHjCUFkt8SkvwmEvBFl
8W7tPaCyVYDDiG5IKE2VIlEBfgpeER0Zofd3QeKfdDHaMuzQ640V5HlAeHPpDMqf
weAjSTM8hm/dMl/s8U0Su9VmLGpmHKvKpmzZOCU4dHra
-----END CERTIFICATE-----