Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/Wxba01eGRfIHYvB1oPclxJQ4A0o.roa
File:                     Wxba01eGRfIHYvB1oPclxJQ4A0o.roa (raw, json)
Hash identifier:          sSvWgZ3B4RqSdjjqU7MubuyAeeaSCSvFOe1guspwNLI=
Subject key identifier:   5B:16:DA:D3:57:86:45:F2:07:62:F0:75:A0:F7:25:C4:94:38:03:4A
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       019789DCE11B206ACB61CD68020B8FC2A1CF
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/Wxba01eGRfIHYvB1oPclxJQ4A0o.roa
Signing time:             Thu 19 Jun 2025 20:24:03 +0000
ROA not before:           Thu 19 Jun 2025 20:24:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60871
IP address blocks:        5.159.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 22:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:89:dc:e1:1b:20:6a:cb:61:cd:68:02:0b:8f:c2:a1:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Jun 19 20:24:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5b16dad3578645f20762f075a0f725c49438034a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:07:79:ef:bf:0b:94:50:89:02:ac:9e:7e:38:
                    46:e1:19:1d:11:a5:1c:db:c5:26:8b:b1:6c:92:e8:
                    84:30:f9:f4:a3:79:de:04:82:5f:e3:c6:f7:4e:9f:
                    44:9e:7c:57:c5:36:1d:0a:86:26:26:50:84:0d:df:
                    e5:e4:62:8e:1d:e1:55:45:c7:5b:b1:6c:e6:60:3f:
                    fe:b1:b8:01:90:69:a2:b7:a9:db:54:57:14:70:d8:
                    93:64:db:bb:7d:6d:a6:81:a7:21:ff:fc:cd:15:02:
                    1e:2f:3e:14:e5:18:9d:12:fc:08:34:8b:5b:be:43:
                    34:71:77:5c:ae:3c:c6:ed:29:79:84:5e:54:fc:b5:
                    75:9e:06:c7:dc:b4:8f:7e:44:8e:06:88:0b:93:6f:
                    ee:a4:c4:3e:57:30:f3:e6:e8:15:a1:4a:41:06:37:
                    61:36:53:0f:3c:45:3b:94:48:1d:30:42:db:60:31:
                    90:ac:86:cb:32:41:56:f3:c4:b3:a3:fe:7c:c1:ba:
                    97:17:56:64:96:48:84:77:4a:90:71:5b:72:89:77:
                    e6:74:81:f7:f3:ad:0e:48:19:8c:5d:30:92:01:ee:
                    22:08:7b:18:a2:bd:39:80:4e:ea:80:44:15:e6:75:
                    e4:f8:43:f4:90:8a:63:2f:ab:ec:bd:39:95:a9:75:
                    24:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:16:DA:D3:57:86:45:F2:07:62:F0:75:A0:F7:25:C4:94:38:03:4A
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/Wxba01eGRfIHYvB1oPclxJQ4A0o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.159.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:4e:8a:5e:50:09:26:6c:5c:1b:38:11:3f:32:f3:e8:62:83:
         8a:ed:45:85:67:1f:e0:02:c4:0e:a1:3f:47:15:43:55:48:44:
         42:21:39:2a:9e:d0:0c:ff:8b:43:8c:4f:ad:05:ce:fd:06:f0:
         bb:c0:c3:55:f2:19:f9:a9:31:4e:a5:9e:90:37:fe:ce:3d:0b:
         f6:ae:1e:7d:ae:a3:16:00:34:84:6f:d2:1d:ef:c4:bc:3c:59:
         69:81:fd:fb:ae:22:2d:2e:f0:5a:eb:1a:5e:c4:ed:aa:9a:83:
         5f:28:a5:32:ea:e5:de:70:7f:e9:99:86:83:3c:bc:1a:0b:93:
         3f:56:1c:3f:87:3f:89:58:d6:6e:68:bd:86:03:62:eb:e9:5f:
         cb:62:0a:7e:d0:29:c5:31:11:f9:54:fc:ec:ac:50:83:eb:d5:
         61:af:6d:98:65:3e:45:63:8d:47:a3:05:71:7b:f7:bb:cc:75:
         1b:ef:73:b7:24:7f:80:36:83:9b:c5:e7:20:b2:8a:f0:ae:23:
         2a:b3:cc:39:1f:60:66:c6:e2:37:3d:71:4a:ec:5f:ad:29:9c:
         da:e5:1d:31:71:31:71:37:d5:c5:b1:7f:b1:3f:81:bb:ad:82:
         6e:ec:37:37:7e:5e:85:b7:bd:d5:7f:bb:53:f2:01:2d:24:54:
         bf:6a:d5:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeJ3OEbIGrLYc1oAguPwqHPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjUwNjE5MjAyNDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjE2ZGFkMzU3ODY0NWYyMDc2MmYwNzVhMGY3MjVjNDk0MzgwMzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwd5778LlFCJAqyefjhG4RkdEaUc
28Umi7FskuiEMPn0o3neBIJf48b3Tp9EnnxXxTYdCoYmJlCEDd/l5GKOHeFVRcdb
sWzmYD/+sbgBkGmit6nbVFcUcNiTZNu7fW2mgach//zNFQIeLz4U5RidEvwINItb
vkM0cXdcrjzG7Sl5hF5U/LV1ngbH3LSPfkSOBogLk2/upMQ+VzDz5ugVoUpBBjdh
NlMPPEU7lEgdMELbYDGQrIbLMkFW88Szo/58wbqXF1ZklkiEd0qQcVtyiXfmdIH3
860OSBmMXTCSAe4iCHsYor05gE7qgEQV5nXk+EP0kIpjL6vsvTmVqXUkxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFsW2tNXhkXyB2LwdaD3JcSUOANKMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvV3hiYTAxZUdSZklIWXZCMW9QY2x4SlE0QTBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABZ82MA0G
CSqGSIb3DQEBCwUAA4IBAQA+TopeUAkmbFwbOBE/MvPoYoOK7UWFZx/gAsQOoT9H
FUNVSERCITkqntAM/4tDjE+tBc79BvC7wMNV8hn5qTFOpZ6QN/7OPQv2rh59rqMW
ADSEb9Id78S8PFlpgf37riItLvBa6xpexO2qmoNfKKUy6uXecH/pmYaDPLwaC5M/
Vhw/hz+JWNZuaL2GA2Lr6V/LYgp+0CnFMRH5VPzsrFCD69Vhr22YZT5FY41HowVx
e/e7zHUb73O3JH+ANoObxecgsorwriMqs8w5H2BmxuI3PXFK7F+tKZza5R0xcTFx
N9XFsX+xP4G7rYJu7Dc3fl6Ft73Vf7tT8gEtJFS/atVF
-----END CERTIFICATE-----