Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/wPCv26wfxY8VW04IKmzosnE2Ej4.roa
File:                     wPCv26wfxY8VW04IKmzosnE2Ej4.roa (raw, json)
Hash identifier:          OK9zSwBoeuBjvzJvjvJqJkmfmHWylLh+y92o+xXlsr4=
Subject key identifier:   C0:F0:AF:DB:AC:1F:C5:8F:15:5B:4E:08:2A:6C:E8:B2:71:36:12:3E
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019DEA4D052F9660E23850262E6CCA2B7131
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/wPCv26wfxY8VW04IKmzosnE2Ej4.roa
Signing time:             Sat 02 May 2026 20:06:49 +0000
ROA not before:           Sat 02 May 2026 20:06:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49453
IP address blocks:        109.122.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 17:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ea:4d:05:2f:96:60:e2:38:50:26:2e:6c:ca:2b:71:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: May  2 20:06:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c0f0afdbac1fc58f155b4e082a6ce8b27136123e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:d6:43:4c:cf:97:e6:cc:6f:f3:c1:db:73:8c:
                    c6:a2:84:46:c6:20:a5:a7:7f:27:a3:20:40:11:bb:
                    4d:3d:cb:1a:a8:86:b9:7c:a6:1e:46:49:de:f0:9f:
                    3a:a3:e0:b6:5e:33:6c:b5:54:46:32:53:3f:86:8c:
                    96:87:28:e7:96:1e:bc:50:9c:df:cc:8e:f7:bd:16:
                    2a:c5:bc:e1:5d:15:9c:68:c8:de:0c:1e:f4:6b:7f:
                    c1:21:7e:14:35:fd:0f:01:ed:86:0f:d9:51:56:8c:
                    5a:f8:f5:66:41:d1:c3:5e:f5:93:dc:31:43:be:46:
                    78:bf:c5:8e:f6:e9:da:46:e8:79:d9:57:95:36:cd:
                    cb:62:aa:f8:6e:a1:9f:9f:56:4d:42:11:5f:01:a5:
                    4c:27:29:23:19:23:58:b1:20:82:aa:9e:b1:b4:ef:
                    3a:18:79:d7:d0:07:d7:e2:47:ae:54:f1:21:cb:05:
                    01:e6:14:97:ff:44:12:51:6b:80:b3:d8:c6:7f:61:
                    a2:ac:96:5f:98:a4:0a:fa:4b:3a:8d:91:48:e1:a4:
                    e6:a5:cb:01:38:60:62:5a:68:5f:c5:e3:04:02:64:
                    5e:e4:26:17:ea:af:db:0c:2c:99:c6:fa:2a:cb:cf:
                    2b:5d:27:5c:45:29:25:1c:61:7e:60:55:62:97:fc:
                    37:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:F0:AF:DB:AC:1F:C5:8F:15:5B:4E:08:2A:6C:E8:B2:71:36:12:3E
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/wPCv26wfxY8VW04IKmzosnE2Ej4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:07:91:c8:fc:e8:c3:7c:5a:74:8f:a7:60:69:eb:e3:de:eb:
         f5:20:4e:f7:fe:b3:82:49:d0:f7:9b:fb:4d:9c:80:88:c7:f2:
         b3:83:56:4a:b5:d5:ac:87:ba:c4:25:f2:56:06:0d:20:a7:3e:
         4e:95:8a:a5:fd:17:b2:fb:80:18:65:b5:13:44:8e:8a:4a:6d:
         c9:ae:72:7b:42:21:bf:19:c8:81:5b:73:62:61:be:fc:24:8c:
         10:ff:75:e1:13:de:fe:f4:22:48:38:14:05:1e:ab:be:9b:40:
         12:82:db:c7:4f:a8:95:17:12:1e:5d:58:0c:43:4b:26:70:da:
         67:fa:bb:fb:2b:8b:f8:14:65:bc:3b:90:e0:29:e2:8f:7b:49:
         03:2b:8a:90:eb:23:ad:e3:b4:51:e0:22:8b:ca:f2:88:b9:32:
         10:62:c0:5b:f0:2a:2e:80:44:f6:cb:aa:f2:70:f8:8d:91:b7:
         7f:ea:12:f4:22:a9:ff:0b:f4:4d:f3:0d:cc:e5:33:09:7b:9d:
         1a:04:42:ed:9a:4d:ab:05:6a:cb:f1:a3:77:69:21:b8:b1:b2:
         90:3d:d0:83:df:da:b1:14:e1:a1:f7:2b:56:b8:43:72:8e:bc:
         a9:f6:52:87:62:5d:b4:3a:ff:8e:40:ee:19:1c:6c:ae:57:f3:
         07:19:a0:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3qTQUvlmDiOFAmLmzKK3ExMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjYwNTAyMjAwNjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGYwYWZkYmFjMWZjNThmMTU1YjRlMDgyYTZjZThiMjcxMzYxMjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNZDTM+X5sxv88Hbc4zGooRGxiCl
p38noyBAEbtNPcsaqIa5fKYeRkne8J86o+C2XjNstVRGMlM/hoyWhyjnlh68UJzf
zI73vRYqxbzhXRWcaMjeDB70a3/BIX4UNf0PAe2GD9lRVoxa+PVmQdHDXvWT3DFD
vkZ4v8WO9unaRuh52VeVNs3LYqr4bqGfn1ZNQhFfAaVMJykjGSNYsSCCqp6xtO86
GHnX0AfX4keuVPEhywUB5hSX/0QSUWuAs9jGf2GirJZfmKQK+ks6jZFI4aTmpcsB
OGBiWmhfxeMEAmRe5CYX6q/bDCyZxvoqy88rXSdcRSklHGF+YFVil/w3mwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMDwr9usH8WPFVtOCCps6LJxNhI+MB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvd1BDdjI2d2Z4WThWVzA0SUttem9zbkUyRWo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXofMA0G
CSqGSIb3DQEBCwUAA4IBAQCoB5HI/OjDfFp0j6dgaevj3uv1IE73/rOCSdD3m/tN
nICIx/Kzg1ZKtdWsh7rEJfJWBg0gpz5OlYql/Rey+4AYZbUTRI6KSm3JrnJ7QiG/
GciBW3NiYb78JIwQ/3XhE97+9CJIOBQFHqu+m0ASgtvHT6iVFxIeXVgMQ0smcNpn
+rv7K4v4FGW8O5DgKeKPe0kDK4qQ6yOt47RR4CKLyvKIuTIQYsBb8CougET2y6ry
cPiNkbd/6hL0Iqn/C/RN8w3M5TMJe50aBELtmk2rBWrL8aN3aSG4sbKQPdCD39qx
FOGh9ytWuENyjryp9lKHYl20Ov+OQO4ZHGyuV/MHGaDu
-----END CERTIFICATE-----