Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/WIgZ0TlkfgLqCMTp6cQhufZVKWQ.roa
File:                     WIgZ0TlkfgLqCMTp6cQhufZVKWQ.roa (raw, json)
Hash identifier:          smGUDFCXke1sxykJNs2Kvv4FHaFiDAqz3ANp0mLbH0w=
Subject key identifier:   58:88:19:D1:39:64:7E:02:EA:08:C4:E9:E9:C4:21:B9:F6:55:29:64
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       019D2163738B7FF4891A8BA46E544CC68D9D
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/WIgZ0TlkfgLqCMTp6cQhufZVKWQ.roa
Signing time:             Tue 24 Mar 2026 19:47:38 +0000
ROA not before:           Tue 24 Mar 2026 19:47:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212513
IP address blocks:        89.251.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 07:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:21:63:73:8b:7f:f4:89:1a:8b:a4:6e:54:4c:c6:8d:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Mar 24 19:47:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=588819d139647e02ea08c4e9e9c421b9f6552964
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:c3:61:3f:62:a3:b3:20:ed:9b:a7:80:75:9c:
                    c3:f6:37:8c:24:cc:39:ea:f4:dc:62:15:43:ab:5b:
                    4a:e2:10:19:59:b7:ca:37:cb:4d:d4:b4:91:39:94:
                    66:e8:38:f8:a9:34:7c:6d:4f:92:ff:af:a4:dc:f2:
                    c1:d8:4e:c2:4a:c2:5d:6e:a4:93:3a:e8:db:7e:a3:
                    c4:42:c3:ad:4d:98:67:0e:e4:55:9c:ea:bc:6d:46:
                    46:fe:f5:77:f1:a1:27:7e:0a:68:9f:d2:c0:28:aa:
                    d5:2d:82:25:1b:26:b2:ef:69:10:fc:8d:53:66:a6:
                    87:6f:9a:ac:b3:85:87:82:53:06:f2:66:ab:57:c1:
                    a1:4e:b4:f1:a3:7b:db:43:88:c9:ba:70:82:15:65:
                    d0:d2:bc:2a:e5:a0:27:a4:9a:c7:f6:d3:64:55:63:
                    25:2d:d0:cd:08:6f:b9:15:ff:ed:4b:4f:05:83:5b:
                    43:f6:b4:15:cf:94:e9:b4:ae:1a:94:01:b8:15:f9:
                    3c:22:5e:c5:ab:8a:ba:b6:b3:5e:8f:4a:b7:eb:73:
                    ae:77:e0:04:96:89:b5:24:b8:d3:5f:24:02:6c:d0:
                    fa:97:a6:3c:d9:ae:62:9e:0f:4c:f5:18:b6:d8:64:
                    ef:36:49:bd:c7:7c:e2:ce:14:e2:be:2d:de:00:d3:
                    7f:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:88:19:D1:39:64:7E:02:EA:08:C4:E9:E9:C4:21:B9:F6:55:29:64
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/WIgZ0TlkfgLqCMTp6cQhufZVKWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.251.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:e4:86:2c:bf:e7:40:f5:dc:61:56:52:2e:b7:91:6c:45:9f:
         0f:16:5b:f2:ec:04:34:8d:ac:70:f7:6e:a9:71:73:ab:74:dc:
         6c:ab:09:ae:ac:5c:e8:0e:a9:b9:18:e6:3e:54:4c:14:fd:0b:
         9b:61:3f:e2:e9:4b:55:6c:0a:3c:35:36:35:76:12:e1:d5:ae:
         38:e6:8f:15:b6:dc:27:9a:6b:b0:44:c5:a0:06:b6:31:10:6d:
         1f:97:91:57:82:c5:3a:e7:6e:bb:e9:15:fe:93:b3:04:62:f1:
         8b:15:ab:ac:48:82:62:54:96:f2:01:cc:2b:2e:af:c5:63:d3:
         61:88:1c:a3:5b:d2:67:5b:eb:0b:67:7f:a7:bd:a9:58:0b:2a:
         0a:dd:09:bb:b4:8e:ff:06:93:19:e1:93:f0:38:70:15:52:42:
         01:f1:7c:67:ce:76:c2:3a:4d:62:b3:fc:2d:82:91:f6:9d:8f:
         36:1f:d0:69:40:88:83:71:c4:89:c2:83:81:c9:3c:49:e9:10:
         1c:ea:78:73:b3:08:9b:06:83:f2:14:34:cd:6a:2d:c2:7e:e4:
         38:14:d2:c3:ee:aa:b2:a7:02:01:95:2c:ae:64:e9:ba:0b:84:
         b7:fa:c0:10:ca:ab:6d:28:76:36:1c:5f:1f:2d:b8:e2:cb:41:
         f3:d9:dd:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0hY3OLf/SJGoukblRMxo2dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjYwMzI0MTk0NzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODg4MTlkMTM5NjQ3ZTAyZWEwOGM0ZTllOWM0MjFiOWY2NTUyOTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA28NhP2KjsyDtm6eAdZzD9jeMJMw5
6vTcYhVDq1tK4hAZWbfKN8tN1LSROZRm6Dj4qTR8bU+S/6+k3PLB2E7CSsJdbqST
OujbfqPEQsOtTZhnDuRVnOq8bUZG/vV38aEnfgpon9LAKKrVLYIlGyay72kQ/I1T
ZqaHb5qss4WHglMG8marV8GhTrTxo3vbQ4jJunCCFWXQ0rwq5aAnpJrH9tNkVWMl
LdDNCG+5Ff/tS08Fg1tD9rQVz5TptK4alAG4Ffk8Il7Fq4q6trNej0q363Oud+AE
lom1JLjTXyQCbND6l6Y82a5ing9M9Ri22GTvNkm9x3zizhTivi3eANN/5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFiIGdE5ZH4C6gjE6enEIbn2VSlkMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvV0lnWjBUbGtmZ0xxQ01UcDZjUWh1ZlpWS1dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfsSMA0G
CSqGSIb3DQEBCwUAA4IBAQBw5IYsv+dA9dxhVlIut5FsRZ8PFlvy7AQ0jaxw926p
cXOrdNxsqwmurFzoDqm5GOY+VEwU/QubYT/i6UtVbAo8NTY1dhLh1a445o8Vttwn
mmuwRMWgBrYxEG0fl5FXgsU652676RX+k7MEYvGLFausSIJiVJbyAcwrLq/FY9Nh
iByjW9JnW+sLZ3+nvalYCyoK3Qm7tI7/BpMZ4ZPwOHAVUkIB8XxnznbCOk1is/wt
gpH2nY82H9BpQIiDccSJwoOByTxJ6RAc6nhzswibBoPyFDTNai3CfuQ4FNLD7qqy
pwIBlSyuZOm6C4S3+sAQyqttKHY2HF8fLbjiy0Hz2d2E
-----END CERTIFICATE-----