Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/0b8a5e-66ea-4e20-9ea8-2edd21783703/1/wdB9LGkt5Z89Nz8-5AtftRQ5SVU.roa
File:                     wdB9LGkt5Z89Nz8-5AtftRQ5SVU.roa (raw, json)
Hash identifier:          c6g0hcWzs9a8z0GrkzCUUkEWc4LjOJBHcb0RnnSjyIE=
Subject key identifier:   C1:D0:7D:2C:69:2D:E5:9F:3D:37:3F:3E:E4:0B:5F:B5:14:39:49:55
Certificate issuer:       /CN=375619200ec963d194a8018d4163d778a5cb526a
Certificate serial:       019DC423FF17736CF492806416CF4865E79C
Authority key identifier: 37:56:19:20:0E:C9:63:D1:94:A8:01:8D:41:63:D7:78:A5:CB:52:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N1YZIA7JY9GUqAGNQWPXeKXLUmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/0b8a5e-66ea-4e20-9ea8-2edd21783703/1/wdB9LGkt5Z89Nz8-5AtftRQ5SVU.roa
Signing time:             Sat 25 Apr 2026 10:16:26 +0000
ROA not before:           Sat 25 Apr 2026 10:16:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207477
IP address blocks:        213.173.13.0/24 maxlen: 24
                          2a13:8041::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/0b8a5e-66ea-4e20-9ea8-2edd21783703/1/N1YZIA7JY9GUqAGNQWPXeKXLUmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/0b8a5e-66ea-4e20-9ea8-2edd21783703/1/N1YZIA7JY9GUqAGNQWPXeKXLUmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N1YZIA7JY9GUqAGNQWPXeKXLUmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:c4:23:ff:17:73:6c:f4:92:80:64:16:cf:48:65:e7:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=375619200ec963d194a8018d4163d778a5cb526a
        Validity
            Not Before: Apr 25 10:16:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c1d07d2c692de59f3d373f3ee40b5fb514394955
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:b3:6f:cb:0f:e7:4d:36:b4:f2:b7:1d:7e:f9:
                    73:9f:d5:cb:30:dd:5e:ee:a0:23:2d:51:b0:a7:5c:
                    04:21:f6:9a:46:c1:20:d5:f4:f2:d8:0a:f0:0f:7c:
                    6f:d0:a0:c4:15:ee:b8:4c:0d:a5:fb:6e:d1:e0:af:
                    1e:93:d3:4c:3a:30:0d:a1:0e:76:a9:c3:b3:8d:fc:
                    92:4b:1f:59:41:87:17:61:f1:a6:fc:e9:21:0b:45:
                    14:7b:8d:2b:cc:ed:01:b0:d5:b1:21:ee:5b:e0:2f:
                    ed:ff:70:05:e4:4a:4a:8c:29:11:2a:80:21:6f:18:
                    1b:67:ae:55:68:cf:58:7b:4c:f4:53:e0:da:b1:fd:
                    47:6c:bf:c9:55:9d:73:0b:ca:55:d0:6e:26:0a:f4:
                    f1:75:82:76:bc:6b:8b:0b:3b:e2:16:71:69:0b:2d:
                    74:f4:0b:47:8a:30:8f:c6:9e:ba:50:27:28:45:19:
                    63:3f:d8:28:68:1c:5c:7b:0a:a6:14:8a:2d:40:7d:
                    ae:73:a3:c5:f1:63:20:e2:28:05:42:c5:a8:ac:75:
                    f5:4a:5f:c0:a4:53:a4:09:2e:86:d1:84:98:e7:bf:
                    4e:c1:4e:c9:34:8f:4c:d2:6a:f4:9e:43:e1:1e:68:
                    05:fc:8b:d3:4e:0d:b3:ef:0d:25:e2:c9:81:c4:73:
                    26:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:D0:7D:2C:69:2D:E5:9F:3D:37:3F:3E:E4:0B:5F:B5:14:39:49:55
            X509v3 Authority Key Identifier:
                keyid:37:56:19:20:0E:C9:63:D1:94:A8:01:8D:41:63:D7:78:A5:CB:52:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N1YZIA7JY9GUqAGNQWPXeKXLUmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/0b8a5e-66ea-4e20-9ea8-2edd21783703/1/wdB9LGkt5Z89Nz8-5AtftRQ5SVU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/0b8a5e-66ea-4e20-9ea8-2edd21783703/1/N1YZIA7JY9GUqAGNQWPXeKXLUmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.173.13.0/24
                IPv6:
                  2a13:8041::/32

    Signature Algorithm: sha256WithRSAEncryption
         a4:d5:d9:73:7e:d7:81:01:fc:9f:0d:0e:89:d3:4d:ad:15:2f:
         64:21:4e:9f:12:96:50:e4:eb:e4:58:52:11:f7:46:cd:b1:32:
         fb:77:8e:99:7e:74:76:92:71:b1:b3:60:55:a8:12:14:82:f3:
         3e:b4:9e:f4:52:91:4a:fe:8f:c3:72:5a:d0:e1:06:ae:68:de:
         01:44:de:27:7b:3f:f7:b8:ab:b6:c8:c6:40:13:06:c3:5f:5b:
         24:42:37:aa:17:68:20:06:4d:59:42:6d:bd:6d:1b:d5:00:76:
         ce:34:c3:1c:1a:65:0b:4a:74:a9:cd:f4:04:77:e0:e4:12:7c:
         95:f9:0a:8a:1e:74:79:10:1b:0a:4f:06:e8:5b:26:86:05:24:
         fb:90:ba:b3:53:a1:ed:18:fc:49:52:e1:97:d6:7e:f2:16:93:
         f0:59:70:9c:02:42:4a:72:e5:e8:5c:2b:91:e0:18:c4:68:47:
         56:f1:3d:46:d8:35:5e:11:99:cf:2a:cd:d5:ee:06:b2:1e:31:
         ad:09:98:76:5e:bd:5e:68:43:5b:dc:11:2d:59:8f:3f:bd:4d:
         a3:39:d6:0e:e9:bb:22:48:b0:dc:94:92:32:59:b5:34:d6:35:
         33:95:5a:db:ad:d7:1c:b8:f8:36:e1:2b:cf:72:df:06:22:95:
         3f:02:e2:f5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ3EI/8Xc2z0koBkFs9IZeecMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NTYxOTIwMGVjOTYzZDE5NGE4MDE4ZDQxNjNkNzc4YTVj
YjUyNmEwHhcNMjYwNDI1MTAxNjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWQwN2QyYzY5MmRlNTlmM2QzNzNmM2VlNDBiNWZiNTE0Mzk0OTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl7Nvyw/nTTa08rcdfvlzn9XLMN1e
7qAjLVGwp1wEIfaaRsEg1fTy2ArwD3xv0KDEFe64TA2l+27R4K8ek9NMOjANoQ52
qcOzjfySSx9ZQYcXYfGm/OkhC0UUe40rzO0BsNWxIe5b4C/t/3AF5EpKjCkRKoAh
bxgbZ65VaM9Ye0z0U+Dasf1HbL/JVZ1zC8pV0G4mCvTxdYJ2vGuLCzviFnFpCy10
9AtHijCPxp66UCcoRRljP9goaBxcewqmFIotQH2uc6PF8WMg4igFQsWorHX1Sl/A
pFOkCS6G0YSY579OwU7JNI9M0mr0nkPhHmgF/IvTTg2z7w0l4smBxHMmGQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMHQfSxpLeWfPTc/PuQLX7UUOUlVMB8GA1UdIwQY
MBaAFDdWGSAOyWPRlKgBjUFj13ily1JqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjFZWklBN0pZOUdVcUFHTlFXUFhlS1hMVW1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8wYjhhNWUtNjZlYS00ZTIwLTllYTgt
MmVkZDIxNzgzNzAzLzEvd2RCOUxHa3Q1Wjg5Tno4LTVBdGZ0UlE1U1ZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8wYjhhNWUtNjZlYS00ZTIwLTllYTgtMmVkZDIxNzgzNzAz
LzEvTjFZWklBN0pZOUdVcUFHTlFXUFhlS1hMVW1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA1a0NMA0E
AgACMAcDBQAqE4BBMA0GCSqGSIb3DQEBCwUAA4IBAQCk1dlzfteBAfyfDQ6J002t
FS9kIU6fEpZQ5OvkWFIR90bNsTL7d46ZfnR2knGxs2BVqBIUgvM+tJ70UpFK/o/D
clrQ4QauaN4BRN4nez/3uKu2yMZAEwbDX1skQjeqF2ggBk1ZQm29bRvVAHbONMMc
GmULSnSpzfQEd+DkEnyV+QqKHnR5EBsKTwboWyaGBST7kLqzU6HtGPxJUuGX1n7y
FpPwWXCcAkJKcuXoXCuR4BjEaEdW8T1G2DVeEZnPKs3V7gayHjGtCZh2Xr1eaENb
3BEtWY8/vU2jOdYO6bsiSLDclJIyWbU01jUzlVrbrdccuPg24SvPct8GIpU/AuL1
-----END CERTIFICATE-----