Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/WJktxVFLpTm6tpO2__Lkr6DHPsA.roa
File:                     WJktxVFLpTm6tpO2__Lkr6DHPsA.roa (raw, json)
Hash identifier:          zm8yGpp7f7Ndi5oR3wIlntqY2OUTsGH2t+cJacynsIA=
Subject key identifier:   58:99:2D:C5:51:4B:A5:39:BA:B6:93:B6:FF:F2:E4:AF:A0:C7:3E:C0
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       0199A159864C446D80ED062F3A3C31B79774
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/WJktxVFLpTm6tpO2__Lkr6DHPsA.roa
Signing time:             Wed 01 Oct 2025 19:57:02 +0000
ROA not before:           Wed 01 Oct 2025 19:57:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58061
IP address blocks:        5.178.108.0/24 maxlen: 24
                          103.101.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a1:59:86:4c:44:6d:80:ed:06:2f:3a:3c:31:b7:97:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Oct  1 19:57:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=58992dc5514ba539bab693b6fff2e4afa0c73ec0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:fc:6e:8c:9c:31:65:b4:bf:4a:ec:44:de:67:
                    40:c5:6b:59:5f:af:6e:97:e9:2a:f3:a3:c7:f3:85:
                    08:42:94:75:4f:20:3f:86:c9:74:f8:48:cc:b1:34:
                    1b:b3:2d:07:b3:6f:62:66:4e:a4:2c:74:a2:d6:c5:
                    66:aa:ef:b5:e1:a4:59:e2:f9:f0:75:5e:16:29:62:
                    79:c7:71:4b:6d:bb:3d:52:4c:0d:09:8a:ec:3c:b8:
                    12:f3:2a:4c:be:32:3b:bd:c5:ff:ab:3b:5e:b9:54:
                    51:5c:70:d3:01:7e:b6:61:69:ba:a7:29:28:54:db:
                    c5:05:18:94:53:9f:06:da:59:c1:cf:75:0b:eb:27:
                    e0:bb:25:c1:77:45:e2:16:f5:64:62:3a:a2:7f:d5:
                    f8:af:72:db:cb:37:25:4f:81:56:71:a3:79:10:e6:
                    5c:20:77:65:c7:79:61:53:d7:97:36:0a:b3:85:b7:
                    56:63:ba:a3:6b:18:eb:c4:40:c6:1a:5b:9b:65:c6:
                    66:cd:43:df:70:34:d6:42:ce:13:8d:30:99:55:e3:
                    4f:b2:35:3f:91:1d:9a:f7:4b:24:68:3d:1e:59:97:
                    43:76:b4:49:76:ee:9d:b9:94:97:a3:cb:c8:41:ef:
                    02:7a:5e:98:de:63:b0:96:b4:89:e7:5f:bd:e4:a3:
                    10:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:99:2D:C5:51:4B:A5:39:BA:B6:93:B6:FF:F2:E4:AF:A0:C7:3E:C0
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/WJktxVFLpTm6tpO2__Lkr6DHPsA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.178.108.0/24
                  103.101.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:4b:a3:06:ca:e8:65:9c:66:55:52:09:ac:39:aa:14:d6:43:
         d5:6b:d2:24:77:7f:fc:10:7a:8d:64:62:18:a8:6f:b2:1c:c7:
         5e:8b:2b:f2:ba:6f:2d:95:68:65:c4:6d:8f:57:03:99:a5:91:
         23:4f:a0:30:b9:dd:ec:b2:61:39:0d:85:49:f6:7e:68:db:c7:
         f4:d9:78:3e:ba:fb:6b:48:9a:6f:24:7d:0c:cf:ff:bd:80:ce:
         84:c9:20:7a:f1:51:fb:20:07:2c:28:8c:15:19:8b:9d:c2:b9:
         f9:67:da:5f:13:ff:8a:a7:05:3a:ee:bd:65:61:0d:29:57:4a:
         3b:01:48:1a:5a:b0:7d:d5:2e:42:11:56:cb:21:49:67:94:70:
         ff:50:33:c2:9c:9c:9b:be:91:9e:9a:c7:41:45:dc:41:3b:58:
         0a:a6:40:ea:46:86:ed:77:29:ac:19:7e:19:32:0b:46:43:20:
         11:a7:1d:56:6d:4f:24:01:59:ac:d9:00:ec:10:82:4a:91:5b:
         91:e1:67:e8:0e:b0:1c:69:88:21:67:4c:7e:5e:cb:92:85:16:
         a4:f5:d9:fe:45:39:0d:81:1b:71:ae:78:d0:81:5b:d0:68:9b:
         23:78:af:73:e5:0b:ea:83:b4:0e:81:e5:8d:05:81:fa:d3:b1:
         d0:e8:20:ef
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZmhWYZMRG2A7QYvOjwxt5d0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjUxMDAxMTk1NzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODk5MmRjNTUxNGJhNTM5YmFiNjkzYjZmZmYyZTRhZmEwYzczZWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2PxujJwxZbS/SuxE3mdAxWtZX69u
l+kq86PH84UIQpR1TyA/hsl0+EjMsTQbsy0Hs29iZk6kLHSi1sVmqu+14aRZ4vnw
dV4WKWJ5x3FLbbs9UkwNCYrsPLgS8ypMvjI7vcX/qzteuVRRXHDTAX62YWm6pyko
VNvFBRiUU58G2lnBz3UL6yfguyXBd0XiFvVkYjqif9X4r3LbyzclT4FWcaN5EOZc
IHdlx3lhU9eXNgqzhbdWY7qjaxjrxEDGGlubZcZmzUPfcDTWQs4TjTCZVeNPsjU/
kR2a90skaD0eWZdDdrRJdu6duZSXo8vIQe8Cel6Y3mOwlrSJ51+95KMQfwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFiZLcVRS6U5uraTtv/y5K+gxz7AMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvV0prdHhWRkxwVG02dHBPMl9fTGtyNkRIUHNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABbJsAwQA
Z2VWMA0GCSqGSIb3DQEBCwUAA4IBAQCXS6MGyuhlnGZVUgmsOaoU1kPVa9Ikd3/8
EHqNZGIYqG+yHMdeiyvyum8tlWhlxG2PVwOZpZEjT6Awud3ssmE5DYVJ9n5o28f0
2Xg+uvtrSJpvJH0Mz/+9gM6EySB68VH7IAcsKIwVGYudwrn5Z9pfE/+KpwU67r1l
YQ0pV0o7AUgaWrB91S5CEVbLIUlnlHD/UDPCnJybvpGemsdBRdxBO1gKpkDqRobt
dymsGX4ZMgtGQyARpx1WbU8kAVms2QDsEIJKkVuR4WfoDrAcaYghZ0x+XsuShRak
9dn+RTkNgRtxrnjQgVvQaJsjeK9z5Qvqg7QOgeWNBYH607HQ6CDv
-----END CERTIFICATE-----