Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/1d7b0c-2251-4dd3-8690-52874611cd21/1/WKOKVKl28HtFspcKHQBVFmETqIc.roa
File:                     WKOKVKl28HtFspcKHQBVFmETqIc.roa (raw, json)
Hash identifier:          SYeFtPD+C2AS7thwtnIBrj8wTw204QOZOHmVtJCMITk=
Subject key identifier:   58:A3:8A:54:A9:76:F0:7B:45:B2:97:0A:1D:00:55:16:61:13:A8:87
Certificate issuer:       /CN=b93d4908d9c43a85f85be19334a26f5d51350bcb
Certificate serial:       0198BF8C1069305F969F52E391D60ABE2EB4
Authority key identifier: B9:3D:49:08:D9:C4:3A:85:F8:5B:E1:93:34:A2:6F:5D:51:35:0B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uT1JCNnEOoX4W-GTNKJvXVE1C8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/1d7b0c-2251-4dd3-8690-52874611cd21/1/WKOKVKl28HtFspcKHQBVFmETqIc.roa
Signing time:             Mon 18 Aug 2025 23:38:04 +0000
ROA not before:           Mon 18 Aug 2025 23:38:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202391
IP address blocks:        45.89.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/1d7b0c-2251-4dd3-8690-52874611cd21/1/uT1JCNnEOoX4W-GTNKJvXVE1C8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/1d7b0c-2251-4dd3-8690-52874611cd21/1/uT1JCNnEOoX4W-GTNKJvXVE1C8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uT1JCNnEOoX4W-GTNKJvXVE1C8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 11:02:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:bf:8c:10:69:30:5f:96:9f:52:e3:91:d6:0a:be:2e:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b93d4908d9c43a85f85be19334a26f5d51350bcb
        Validity
            Not Before: Aug 18 23:38:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=58a38a54a976f07b45b2970a1d0055166113a887
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:25:cd:32:f8:d9:ba:82:db:80:44:ee:2a:93:
                    be:b2:f9:bf:89:e0:81:3e:1d:6e:51:8b:fe:50:20:
                    b0:31:55:d4:3f:52:f4:bf:e8:f7:2a:b2:19:52:45:
                    d2:48:4d:c6:9c:15:15:c1:c2:85:90:9c:ef:13:d3:
                    b0:c6:04:f7:1f:b5:d1:9e:04:68:d9:71:79:db:23:
                    f5:c6:cf:b1:85:a9:99:8b:c8:b8:5f:ff:0a:49:47:
                    e2:fb:b3:a8:c8:df:be:a9:96:71:56:50:fa:40:f6:
                    6b:bf:eb:39:f5:52:7c:a6:2b:c5:81:a8:34:a8:04:
                    43:07:49:f0:4b:25:71:ca:ee:d0:bd:c4:93:49:43:
                    d2:d2:35:be:8e:16:2f:72:ee:c5:f4:b2:5f:b9:71:
                    92:d1:94:35:a1:43:03:d7:be:79:a9:a7:f7:f6:1e:
                    19:68:d4:37:eb:08:28:a8:a5:d7:80:7b:95:4c:f1:
                    5e:e4:a9:19:3f:52:92:ca:35:34:f7:88:64:37:1c:
                    d1:34:bc:54:a0:09:17:b5:36:22:c7:e4:4f:63:55:
                    bd:6b:ce:4e:60:a9:d5:9f:56:e3:43:47:11:13:06:
                    34:56:4c:69:9a:0e:88:5d:12:36:bf:3c:f5:3f:6a:
                    aa:82:2e:aa:18:5a:ce:10:a5:6e:9f:d1:ce:ee:23:
                    4a:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:A3:8A:54:A9:76:F0:7B:45:B2:97:0A:1D:00:55:16:61:13:A8:87
            X509v3 Authority Key Identifier:
                keyid:B9:3D:49:08:D9:C4:3A:85:F8:5B:E1:93:34:A2:6F:5D:51:35:0B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uT1JCNnEOoX4W-GTNKJvXVE1C8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/1d7b0c-2251-4dd3-8690-52874611cd21/1/WKOKVKl28HtFspcKHQBVFmETqIc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/1d7b0c-2251-4dd3-8690-52874611cd21/1/uT1JCNnEOoX4W-GTNKJvXVE1C8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:85:4d:60:f9:8d:ae:70:33:ee:78:41:2b:ee:51:4b:1b:3a:
         84:a8:a9:01:ab:6e:74:f6:c7:61:11:ec:93:d0:24:96:9f:cc:
         a9:14:33:92:7e:47:4b:28:36:15:83:f8:7a:ee:38:f0:72:44:
         b9:95:e5:85:06:97:87:48:69:54:a5:8d:d8:0d:b3:9e:78:22:
         0a:5b:8e:18:42:f4:32:53:25:40:00:c4:74:94:a9:97:bd:22:
         97:82:a0:9a:1c:1b:b6:c6:4c:50:f4:71:9a:2a:10:d3:19:5a:
         94:81:3b:2d:d0:72:87:9f:99:1f:f4:b2:98:bc:e9:15:c0:d2:
         8a:53:dc:b9:d6:9a:95:30:93:c8:2e:32:b5:a7:01:bc:67:5a:
         19:97:e1:da:32:26:47:80:c4:ac:4c:20:98:97:f6:df:cb:54:
         ef:b8:c9:c5:b8:2a:6e:f6:ab:8f:9c:6d:21:be:2c:45:6d:81:
         6b:a3:e8:79:28:89:ac:f1:b4:3f:d7:18:f6:cf:5a:df:28:09:
         ce:02:3f:13:14:9b:9e:48:6c:2f:8a:e6:29:50:e6:0a:2e:32:
         30:c7:b1:5e:46:32:34:03:e0:fb:b3:09:6a:33:c6:d0:b8:70:
         6a:e5:69:3b:de:d6:60:4f:f3:bd:6e:b5:59:3e:a6:36:a4:9b:
         6e:fd:b1:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZi/jBBpMF+Wn1LjkdYKvi60MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5M2Q0OTA4ZDljNDNhODVmODViZTE5MzM0YTI2ZjVkNTEz
NTBiY2IwHhcNMjUwODE4MjMzODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGEzOGE1NGE5NzZmMDdiNDViMjk3MGExZDAwNTUxNjYxMTNhODg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2SXNMvjZuoLbgETuKpO+svm/ieCB
Ph1uUYv+UCCwMVXUP1L0v+j3KrIZUkXSSE3GnBUVwcKFkJzvE9OwxgT3H7XRngRo
2XF52yP1xs+xhamZi8i4X/8KSUfi+7OoyN++qZZxVlD6QPZrv+s59VJ8pivFgag0
qARDB0nwSyVxyu7QvcSTSUPS0jW+jhYvcu7F9LJfuXGS0ZQ1oUMD1755qaf39h4Z
aNQ36wgoqKXXgHuVTPFe5KkZP1KSyjU094hkNxzRNLxUoAkXtTYix+RPY1W9a85O
YKnVn1bjQ0cREwY0Vkxpmg6IXRI2vzz1P2qqgi6qGFrOEKVun9HO7iNKgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFijilSpdvB7RbKXCh0AVRZhE6iHMB8GA1UdIwQY
MBaAFLk9SQjZxDqF+FvhkzSib11RNQvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVQxSkNObkVPb1g0Vy1HVE5LSnZYVkUxQzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8xZDdiMGMtMjI1MS00ZGQzLTg2OTAt
NTI4NzQ2MTFjZDIxLzEvV0tPS1ZLbDI4SHRGc3BjS0hRQlZGbUVUcUljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8xZDdiMGMtMjI1MS00ZGQzLTg2OTAtNTI4NzQ2MTFjZDIx
LzEvdVQxSkNObkVPb1g0Vy1HVE5LSnZYVkUxQzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVnfMA0G
CSqGSIb3DQEBCwUAA4IBAQCehU1g+Y2ucDPueEEr7lFLGzqEqKkBq2509sdhEeyT
0CSWn8ypFDOSfkdLKDYVg/h67jjwckS5leWFBpeHSGlUpY3YDbOeeCIKW44YQvQy
UyVAAMR0lKmXvSKXgqCaHBu2xkxQ9HGaKhDTGVqUgTst0HKHn5kf9LKYvOkVwNKK
U9y51pqVMJPILjK1pwG8Z1oZl+HaMiZHgMSsTCCYl/bfy1TvuMnFuCpu9quPnG0h
vixFbYFro+h5KIms8bQ/1xj2z1rfKAnOAj8TFJueSGwviuYpUOYKLjIwx7FeRjI0
A+D7swlqM8bQuHBq5Wk73tZgT/O9brVZPqY2pJtu/bGG
-----END CERTIFICATE-----