Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/W-2e8Eey8jqzM0PRGwNAP_tPVxk.roa
File:                     W-2e8Eey8jqzM0PRGwNAP_tPVxk.roa (raw, json)
Hash identifier:          QAVF+Cayj3Lmli9A+Khw1j1IEm8G06a4ehskjGEb46I=
Subject key identifier:   5B:ED:9E:F0:47:B2:F2:3A:B3:33:43:D1:1B:03:40:3F:FB:4F:57:19
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       0198A3A1C5B83E253D10DDF36B944DBE038A
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/W-2e8Eey8jqzM0PRGwNAP_tPVxk.roa
Signing time:             Wed 13 Aug 2025 13:32:24 +0000
ROA not before:           Wed 13 Aug 2025 13:32:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214526
IP address blocks:        178.239.144.0/24 maxlen: 24
                          178.239.157.0/24 maxlen: 24
                          185.124.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 23:01:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a3:a1:c5:b8:3e:25:3d:10:dd:f3:6b:94:4d:be:03:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Aug 13 13:32:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5bed9ef047b2f23ab33343d11b03403ffb4f5719
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:3e:9e:c5:b2:a1:a3:24:98:2c:ff:7f:a4:bb:
                    56:32:f5:1a:15:a9:42:62:76:e4:0a:bd:8b:70:bb:
                    2b:ec:8a:5d:4b:18:3f:09:bd:32:ef:7d:33:e9:5d:
                    05:75:7f:c2:42:50:41:70:53:ef:ec:50:12:cd:02:
                    d9:05:82:de:6b:3f:68:8a:b2:d4:30:0f:0b:69:39:
                    f8:73:a6:75:de:98:76:77:44:77:fa:97:39:0c:ac:
                    c7:e6:b6:c1:94:0b:51:4f:e5:05:17:db:a3:27:ce:
                    eb:0d:2f:5b:5e:f7:21:db:42:63:b8:6d:e6:3d:ff:
                    5c:47:40:7e:c8:15:cd:19:1d:7e:de:e0:c3:51:70:
                    b8:3b:07:15:93:08:84:65:f0:de:d0:c0:47:44:5a:
                    43:ca:4f:63:ad:54:e7:a7:21:0e:af:15:32:f5:bd:
                    e1:47:40:a6:ff:65:34:1b:f4:bc:88:c6:29:fc:3b:
                    a6:16:17:1e:e4:05:3b:7a:73:19:5b:69:c0:5a:bb:
                    f3:22:91:76:24:19:e1:37:08:b2:29:57:9d:17:f8:
                    26:6c:ef:1e:f4:1a:6c:5e:24:23:0a:4b:24:bd:b1:
                    0b:55:bb:02:04:ac:cb:a5:f3:4b:fd:d7:15:96:1b:
                    80:a2:04:32:2c:28:cc:00:37:2e:93:e7:3f:83:86:
                    33:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:ED:9E:F0:47:B2:F2:3A:B3:33:43:D1:1B:03:40:3F:FB:4F:57:19
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/W-2e8Eey8jqzM0PRGwNAP_tPVxk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.144.0/24
                  178.239.157.0/24
                  185.124.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:06:e2:ff:06:75:9f:77:47:b0:61:f0:b7:04:cc:a8:75:e9:
         c3:74:c2:c7:7b:0e:20:2a:f3:8f:be:00:90:8b:c7:ff:0b:bf:
         30:7c:cc:1b:8e:2d:6a:19:52:22:d2:d5:bc:aa:c5:97:fd:2d:
         9b:4b:f2:53:82:36:1e:b3:6e:eb:e1:f8:f0:b4:46:68:f5:c5:
         5a:fd:a1:5d:94:a1:67:7f:26:a2:6e:5b:5a:c2:66:36:cd:5d:
         b7:5d:1c:1f:1a:32:4e:e9:33:ad:06:be:76:d0:5c:36:e7:5e:
         85:c2:cb:be:a5:be:47:9a:ed:5e:72:38:67:ff:0d:91:b5:84:
         27:32:5e:28:07:a6:d7:0a:1b:d4:76:fb:40:40:14:7e:5e:f6:
         2f:93:a7:cd:ce:64:63:20:59:0b:dc:c1:de:2f:ae:d4:ea:ec:
         78:5f:e5:27:32:79:9f:34:9b:26:15:c5:90:4b:78:47:7e:f5:
         5e:f7:53:30:c6:01:63:78:59:29:9f:41:14:fa:97:81:87:0f:
         b7:9a:64:25:e5:01:4d:5c:b5:fc:6a:90:cf:2b:e4:38:31:e8:
         fd:70:f5:e8:ce:83:63:dd:ee:de:03:8d:6c:9d:52:ba:77:08:
         e8:3b:99:93:20:03:34:36:6d:ce:38:12:0b:3a:16:18:49:24:
         ae:40:5a:cf
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZijocW4PiU9EN3za5RNvgOKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjUwODEzMTMzMjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmVkOWVmMDQ3YjJmMjNhYjMzMzQzZDExYjAzNDAzZmZiNGY1NzE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0D6exbKhoySYLP9/pLtWMvUaFalC
YnbkCr2LcLsr7IpdSxg/Cb0y730z6V0FdX/CQlBBcFPv7FASzQLZBYLeaz9oirLU
MA8LaTn4c6Z13ph2d0R3+pc5DKzH5rbBlAtRT+UFF9ujJ87rDS9bXvch20JjuG3m
Pf9cR0B+yBXNGR1+3uDDUXC4OwcVkwiEZfDe0MBHRFpDyk9jrVTnpyEOrxUy9b3h
R0Cm/2U0G/S8iMYp/DumFhce5AU7enMZW2nAWrvzIpF2JBnhNwiyKVedF/gmbO8e
9BpsXiQjCkskvbELVbsCBKzLpfNL/dcVlhuAogQyLCjMADcuk+c/g4Yz9wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFvtnvBHsvI6szND0RsDQD/7T1cZMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvVy0yZThFZXk4anF6TTBQUkd3TkFQX3RQVnhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAsu+QAwQA
su+dAwQAuXyvMA0GCSqGSIb3DQEBCwUAA4IBAQCDBuL/BnWfd0ewYfC3BMyodenD
dMLHew4gKvOPvgCQi8f/C78wfMwbji1qGVIi0tW8qsWX/S2bS/JTgjYes27r4fjw
tEZo9cVa/aFdlKFnfyaibltawmY2zV23XRwfGjJO6TOtBr520Fw2516Fwsu+pb5H
mu1ecjhn/w2RtYQnMl4oB6bXChvUdvtAQBR+XvYvk6fNzmRjIFkL3MHeL67U6ux4
X+UnMnmfNJsmFcWQS3hHfvVe91MwxgFjeFkpn0EU+peBhw+3mmQl5QFNXLX8apDP
K+Q4Mej9cPXozoNj3e7eA41snVK6dwjoO5mTIAM0Nm3OOBILOhYYSSSuQFrP
-----END CERTIFICATE-----