Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/ddcbb9-8fd2-4dc1-bbd6-2890055914c5/1/wLZVru27R5hLrY-IBfRtSt_tUx8.roa
File:                     wLZVru27R5hLrY-IBfRtSt_tUx8.roa (raw, json)
Hash identifier:          76J4QSugwyDTtKGwWKRlLvHMLnsw0aj0+Qke60PpJqM=
Subject key identifier:   C0:B6:55:AE:ED:BB:47:98:4B:AD:8F:88:05:F4:6D:4A:DF:ED:53:1F
Certificate issuer:       /CN=8ea26b458ad41d47d261a76d8c5dc0fc8d1a9e2c
Certificate serial:       0197668899C04F91EECDFB353295D8BEDFF6
Authority key identifier: 8E:A2:6B:45:8A:D4:1D:47:D2:61:A7:6D:8C:5D:C0:FC:8D:1A:9E:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jqJrRYrUHUfSYadtjF3A_I0aniw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/ddcbb9-8fd2-4dc1-bbd6-2890055914c5/1/wLZVru27R5hLrY-IBfRtSt_tUx8.roa
Signing time:             Thu 12 Jun 2025 23:45:17 +0000
ROA not before:           Thu 12 Jun 2025 23:45:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        194.150.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/ddcbb9-8fd2-4dc1-bbd6-2890055914c5/1/jqJrRYrUHUfSYadtjF3A_I0aniw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/ddcbb9-8fd2-4dc1-bbd6-2890055914c5/1/jqJrRYrUHUfSYadtjF3A_I0aniw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jqJrRYrUHUfSYadtjF3A_I0aniw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 07:53:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:66:88:99:c0:4f:91:ee:cd:fb:35:32:95:d8:be:df:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ea26b458ad41d47d261a76d8c5dc0fc8d1a9e2c
        Validity
            Not Before: Jun 12 23:45:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c0b655aeedbb47984bad8f8805f46d4adfed531f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:94:dc:c5:42:eb:4e:04:6b:9a:49:a7:33:82:
                    b2:f8:65:50:44:17:cc:50:8e:dd:2f:f4:81:f7:07:
                    1e:e0:6e:fb:36:de:4d:13:c8:63:07:15:9b:6c:94:
                    a7:a9:f2:82:f0:94:df:f6:b5:49:bd:b4:e8:0a:1b:
                    67:3e:b6:83:e2:90:3e:70:ae:3d:a0:52:34:08:e0:
                    c1:e9:c2:84:51:bc:1c:d9:da:5a:c1:dc:4b:a1:7f:
                    ea:57:71:7e:3c:d5:5a:70:32:ba:96:a3:24:35:78:
                    be:61:e7:db:57:d1:5d:92:9c:d5:c4:c5:e0:0a:70:
                    1b:c4:09:7f:bf:76:b0:f4:76:e7:f1:9f:38:70:8f:
                    88:90:7b:28:16:14:74:9b:1e:72:ae:88:bc:38:7e:
                    fd:e5:01:05:3c:23:16:45:ed:7b:ac:42:b9:94:a5:
                    ce:c6:54:c6:1e:5c:00:58:e3:12:47:d7:70:f0:47:
                    c0:80:ca:90:54:52:7f:b7:70:af:a1:55:02:c9:2a:
                    39:09:42:49:16:eb:68:63:9b:7e:f8:f8:fc:70:d0:
                    f7:7a:16:c3:a6:92:50:f8:e0:79:be:32:b7:90:55:
                    f4:98:d8:a4:73:1d:9a:cd:76:be:63:9a:97:dc:f3:
                    c7:56:4e:5e:e6:59:a3:da:da:bb:81:2c:1d:4d:c2:
                    cc:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:B6:55:AE:ED:BB:47:98:4B:AD:8F:88:05:F4:6D:4A:DF:ED:53:1F
            X509v3 Authority Key Identifier:
                keyid:8E:A2:6B:45:8A:D4:1D:47:D2:61:A7:6D:8C:5D:C0:FC:8D:1A:9E:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jqJrRYrUHUfSYadtjF3A_I0aniw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/ddcbb9-8fd2-4dc1-bbd6-2890055914c5/1/wLZVru27R5hLrY-IBfRtSt_tUx8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/ddcbb9-8fd2-4dc1-bbd6-2890055914c5/1/jqJrRYrUHUfSYadtjF3A_I0aniw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.150.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:c5:7f:c3:dd:85:c8:d9:7a:cf:7f:27:eb:62:f3:c8:b8:81:
         c6:5c:be:d9:87:ab:5b:16:f6:0a:e5:92:ac:6f:a3:3a:b6:cd:
         41:5a:e2:9c:85:1d:b5:a6:55:3b:3b:78:54:a0:6e:64:c8:77:
         cd:b7:ef:59:28:a3:42:3b:34:43:08:0b:ff:58:84:48:0c:af:
         0d:52:38:58:52:df:e8:68:42:27:6f:0b:7a:8d:f1:50:a0:50:
         fa:20:4e:80:e8:34:c6:9a:b8:ac:6c:f2:61:af:04:46:4b:25:
         d1:fd:3f:f2:80:28:53:f1:82:a0:4c:c3:a3:36:56:c1:c0:4f:
         9a:ee:b8:ea:c3:b9:5c:cb:5e:17:4c:e1:97:2a:69:93:d8:52:
         68:b3:ed:c8:45:9e:22:bd:c9:81:56:d1:15:ea:e3:d7:b5:d2:
         89:c2:ce:1b:ac:fb:1e:35:95:75:03:5b:0e:df:e2:95:41:ac:
         c3:c6:64:f6:05:8c:c6:96:a2:34:b5:41:ab:11:58:20:89:6d:
         c7:93:a9:5d:36:e6:9b:5c:f4:25:39:aa:fa:30:1f:ac:57:f3:
         1d:64:f2:b4:ae:a3:40:76:2c:f3:4b:38:0b:19:7d:34:77:02:
         d9:d6:4f:af:ea:43:f8:d4:37:2b:55:77:85:7f:c4:6c:1e:71:
         a7:09:fb:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdmiJnAT5Huzfs1MpXYvt/2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYTI2YjQ1OGFkNDFkNDdkMjYxYTc2ZDhjNWRjMGZjOGQx
YTllMmMwHhcNMjUwNjEyMjM0NTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGI2NTVhZWVkYmI0Nzk4NGJhZDhmODgwNWY0NmQ0YWRmZWQ1MzFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZTcxULrTgRrmkmnM4Ky+GVQRBfM
UI7dL/SB9wce4G77Nt5NE8hjBxWbbJSnqfKC8JTf9rVJvbToChtnPraD4pA+cK49
oFI0CODB6cKEUbwc2dpawdxLoX/qV3F+PNVacDK6lqMkNXi+YefbV9FdkpzVxMXg
CnAbxAl/v3aw9Hbn8Z84cI+IkHsoFhR0mx5yroi8OH795QEFPCMWRe17rEK5lKXO
xlTGHlwAWOMSR9dw8EfAgMqQVFJ/t3CvoVUCySo5CUJJFutoY5t++Pj8cND3ehbD
ppJQ+OB5vjK3kFX0mNikcx2azXa+Y5qX3PPHVk5e5lmj2tq7gSwdTcLMXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMC2Va7tu0eYS62PiAX0bUrf7VMfMB8GA1UdIwQY
MBaAFI6ia0WK1B1H0mGnbYxdwPyNGp4sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanFKclJZclVIVWZTWWFkdGpGM0FfSTBhbml3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9kZGNiYjktOGZkMi00ZGMxLWJiZDYt
Mjg5MDA1NTkxNGM1LzEvd0xaVnJ1MjdSNWhMclktSUJmUnRTdF90VXg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9kZGNiYjktOGZkMi00ZGMxLWJiZDYtMjg5MDA1NTkxNGM1
LzEvanFKclJZclVIVWZTWWFkdGpGM0FfSTBhbml3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpalMA0G
CSqGSIb3DQEBCwUAA4IBAQAGxX/D3YXI2XrPfyfrYvPIuIHGXL7Zh6tbFvYK5ZKs
b6M6ts1BWuKchR21plU7O3hUoG5kyHfNt+9ZKKNCOzRDCAv/WIRIDK8NUjhYUt/o
aEInbwt6jfFQoFD6IE6A6DTGmrisbPJhrwRGSyXR/T/ygChT8YKgTMOjNlbBwE+a
7rjqw7lcy14XTOGXKmmT2FJos+3IRZ4ivcmBVtEV6uPXtdKJws4brPseNZV1A1sO
3+KVQazDxmT2BYzGlqI0tUGrEVggiW3Hk6ldNuabXPQlOar6MB+sV/MdZPK0rqNA
dizzSzgLGX00dwLZ1k+v6kP41DcrVXeFf8RsHnGnCfs9
-----END CERTIFICATE-----