Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/a97f86-fb18-483e-926c-832d55590f29/1/wdZYfAFUeN1uYq_6mZZzbvOEO9E.roa
File:                     wdZYfAFUeN1uYq_6mZZzbvOEO9E.roa (raw, json)
Hash identifier:          qIQR+crOVY1d0komneMfNh35fcgqDk/iAFOlKpD6isU=
Subject key identifier:   C1:D6:58:7C:01:54:78:DD:6E:62:AF:FA:99:96:73:6E:F3:84:3B:D1
Certificate issuer:       /CN=0afefc3abbb3bfade9adf14269f3602307c92e5e
Certificate serial:       019CE64CAE2D13E33162C1AF82BF6E9F3C3E
Authority key identifier: 0A:FE:FC:3A:BB:B3:BF:AD:E9:AD:F1:42:69:F3:60:23:07:C9:2E:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Cv78Oruzv63prfFCafNgIwfJLl4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/a97f86-fb18-483e-926c-832d55590f29/1/wdZYfAFUeN1uYq_6mZZzbvOEO9E.roa
Signing time:             Fri 13 Mar 2026 08:25:10 +0000
ROA not before:           Fri 13 Mar 2026 08:25:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1213
IP address blocks:        157.190.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/a97f86-fb18-483e-926c-832d55590f29/1/Cv78Oruzv63prfFCafNgIwfJLl4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/a97f86-fb18-483e-926c-832d55590f29/1/Cv78Oruzv63prfFCafNgIwfJLl4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Cv78Oruzv63prfFCafNgIwfJLl4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 12:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e6:4c:ae:2d:13:e3:31:62:c1:af:82:bf:6e:9f:3c:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0afefc3abbb3bfade9adf14269f3602307c92e5e
        Validity
            Not Before: Mar 13 08:25:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c1d6587c015478dd6e62affa9996736ef3843bd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:e7:da:d3:70:13:e6:6e:dd:0f:45:22:ff:25:
                    d2:fa:dd:49:13:86:4c:3f:c5:ab:7a:06:ad:30:12:
                    a7:89:5a:99:1d:5b:45:d8:6b:6e:b2:e8:14:fc:07:
                    87:11:8a:02:ae:a5:91:76:b9:bc:8e:7d:92:bf:14:
                    c7:ba:fd:66:10:85:15:e8:13:43:4b:3e:af:fa:07:
                    a2:3a:f7:a6:1b:79:01:4a:35:35:5e:07:62:f9:d1:
                    d0:99:e5:b3:27:a3:75:12:60:db:0b:a1:a7:a2:c5:
                    c2:32:9b:31:4e:f7:a5:59:d0:d8:ac:2b:e7:ca:c2:
                    09:95:5a:cd:b6:67:cb:c2:a4:7c:be:13:d3:81:82:
                    00:4c:11:42:9a:81:93:d2:b6:61:5f:38:eb:6f:19:
                    bb:1a:14:ae:d3:e4:2c:82:d6:a4:c6:e1:55:e2:0f:
                    13:00:fb:14:8d:e8:14:de:5d:e5:72:df:2f:dc:54:
                    05:b5:9b:09:a8:71:fe:dd:fe:4e:e8:37:83:87:a7:
                    32:fe:64:a1:ef:38:69:80:c6:0c:9e:00:e1:0d:d6:
                    cd:12:1b:75:98:81:0e:b8:72:50:cb:1e:c7:15:18:
                    72:c8:c9:e2:d6:5e:cd:82:0d:79:87:c8:d7:bf:dd:
                    e2:f8:50:7a:bd:38:28:49:ce:eb:36:d3:67:58:6f:
                    de:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:D6:58:7C:01:54:78:DD:6E:62:AF:FA:99:96:73:6E:F3:84:3B:D1
            X509v3 Authority Key Identifier:
                keyid:0A:FE:FC:3A:BB:B3:BF:AD:E9:AD:F1:42:69:F3:60:23:07:C9:2E:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cv78Oruzv63prfFCafNgIwfJLl4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/a97f86-fb18-483e-926c-832d55590f29/1/wdZYfAFUeN1uYq_6mZZzbvOEO9E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/a97f86-fb18-483e-926c-832d55590f29/1/Cv78Oruzv63prfFCafNgIwfJLl4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.190.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         0e:5f:f5:4b:17:e1:5e:db:88:23:78:a0:72:6a:fe:be:ff:35:
         4e:e1:73:53:b9:44:61:98:25:cc:17:ab:cd:d2:cf:64:e8:f3:
         f7:7f:78:c6:2e:e4:0f:ff:a4:fe:92:53:92:51:17:c9:ba:3f:
         c1:e2:02:6b:cb:33:ea:3f:cf:99:9c:3d:ac:8e:8e:10:dd:d7:
         be:6c:51:88:ad:0a:04:eb:20:f1:8f:a6:7d:dd:4b:3a:84:54:
         e8:65:ba:c2:83:df:cd:65:6f:83:00:d2:7a:3a:00:1e:ea:30:
         48:21:9b:99:7e:a8:bc:ef:a6:c4:27:f0:7c:3d:89:71:1c:91:
         d8:d2:81:46:57:20:1f:e8:ce:97:cf:a0:32:64:b7:68:02:91:
         be:d6:44:26:87:47:4a:fc:01:b3:6a:d0:a0:9c:2b:10:ce:ed:
         63:98:3a:fb:90:df:58:5c:45:41:da:b0:51:73:af:90:77:16:
         d9:94:57:81:76:cb:08:28:18:ff:c6:e8:8f:83:62:4c:ab:ee:
         48:dd:a7:35:47:f2:59:cc:68:4d:45:9a:d3:b3:a1:f1:cc:8b:
         1f:07:74:e8:a4:8f:da:15:fb:ef:fe:18:08:85:99:d9:ac:5f:
         d8:91:64:b1:30:33:21:83:9d:99:20:89:e2:cf:63:62:81:0c:
         f7:02:1c:08
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZzmTK4tE+MxYsGvgr9unzw+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhZmVmYzNhYmJiM2JmYWRlOWFkZjE0MjY5ZjM2MDIzMDdj
OTJlNWUwHhcNMjYwMzEzMDgyNTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWQ2NTg3YzAxNTQ3OGRkNmU2MmFmZmE5OTk2NzM2ZWYzODQzYmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5efa03AT5m7dD0Ui/yXS+t1JE4ZM
P8WregatMBKniVqZHVtF2GtusugU/AeHEYoCrqWRdrm8jn2SvxTHuv1mEIUV6BND
Sz6v+geiOvemG3kBSjU1Xgdi+dHQmeWzJ6N1EmDbC6GnosXCMpsxTvelWdDYrCvn
ysIJlVrNtmfLwqR8vhPTgYIATBFCmoGT0rZhXzjrbxm7GhSu0+QsgtakxuFV4g8T
APsUjegU3l3lct8v3FQFtZsJqHH+3f5O6DeDh6cy/mSh7zhpgMYMngDhDdbNEht1
mIEOuHJQyx7HFRhyyMni1l7Ngg15h8jXv93i+FB6vTgoSc7rNtNnWG/euwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFMHWWHwBVHjdbmKv+pmWc27zhDvRMB8GA1UdIwQY
MBaAFAr+/Dq7s7+t6a3xQmnzYCMHyS5eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3Y3OE9ydXp2NjNwcmZGQ2FmTmdJd2ZKTGw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9hOTdmODYtZmIxOC00ODNlLTkyNmMt
ODMyZDU1NTkwZjI5LzEvd2RaWWZBRlVlTjF1WXFfNm1aWnpidk9FTzlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9hOTdmODYtZmIxOC00ODNlLTkyNmMtODMyZDU1NTkwZjI5
LzEvQ3Y3OE9ydXp2NjNwcmZGQ2FmTmdJd2ZKTGw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAnb4wDQYJ
KoZIhvcNAQELBQADggEBAA5f9UsX4V7biCN4oHJq/r7/NU7hc1O5RGGYJcwXq83S
z2To8/d/eMYu5A//pP6SU5JRF8m6P8HiAmvLM+o/z5mcPayOjhDd175sUYitCgTr
IPGPpn3dSzqEVOhlusKD381lb4MA0no6AB7qMEghm5l+qLzvpsQn8Hw9iXEckdjS
gUZXIB/ozpfPoDJkt2gCkb7WRCaHR0r8AbNq0KCcKxDO7WOYOvuQ31hcRUHasFFz
r5B3FtmUV4F2ywgoGP/G6I+DYkyr7kjdpzVH8lnMaE1FmtOzofHMix8HdOikj9oV
++/+GAiFmdmsX9iRZLEwMyGDnZkgieLPY2KBDPcCHAg=
-----END CERTIFICATE-----