Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/wHBGPU0Ha84Ez5ymPjJl3Se1w30.roa
File:                     wHBGPU0Ha84Ez5ymPjJl3Se1w30.roa (raw, json)
Hash identifier:          PzUq4n9BO/IOMJYmwBnvDFcxJXka4ZX3XfOuk/wmT6Q=
Subject key identifier:   C0:70:46:3D:4D:07:6B:CE:04:CF:9C:A6:3E:32:65:DD:27:B5:C3:7D
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019E0B88D544E824714E0C5F71FEE78A7245
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/wHBGPU0Ha84Ez5ymPjJl3Se1w30.roa
Signing time:             Sat 09 May 2026 06:59:37 +0000
ROA not before:           Sat 09 May 2026 06:59:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402298
IP address blocks:        194.231.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 22:44:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:0b:88:d5:44:e8:24:71:4e:0c:5f:71:fe:e7:8a:72:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: May  9 06:59:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c070463d4d076bce04cf9ca63e3265dd27b5c37d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:cc:6d:8a:69:3d:46:28:6c:6b:a4:13:6e:91:
                    c2:be:78:d5:55:17:54:f1:0a:eb:20:d5:09:b8:ca:
                    d8:51:7a:e5:74:e4:6e:26:34:13:2b:66:e5:f2:39:
                    77:21:5b:4b:36:cc:f7:c1:bc:f8:e9:8b:4c:56:22:
                    3f:97:81:d5:91:09:56:e6:34:a1:d8:4e:14:fd:55:
                    06:9d:c4:2c:f3:2f:89:d6:4c:b0:6e:5f:27:e9:39:
                    72:2e:97:78:1d:11:b1:32:e8:7a:9b:aa:2c:6e:9a:
                    e1:da:db:b2:49:b3:b8:22:79:2c:d3:c3:f6:81:71:
                    0e:a9:42:d7:49:58:6d:a2:7a:d2:31:e6:1a:81:d0:
                    6a:d6:e6:e9:e4:3c:e5:94:69:36:cd:f3:59:00:b2:
                    ea:4c:f2:d4:ae:00:b4:39:0f:fb:a3:02:4c:35:3a:
                    4d:22:59:c2:df:97:8e:5c:a9:68:dc:ce:48:0e:87:
                    a0:e0:b2:2e:b6:04:c4:fa:37:31:56:c4:26:a9:b4:
                    fb:b9:84:1a:f9:58:35:a6:23:e4:a9:b6:c0:80:25:
                    c8:ce:9a:c0:44:71:93:0c:03:99:7b:62:69:d8:4f:
                    92:b4:a4:2c:df:54:21:d5:07:6e:e1:bd:51:f5:ca:
                    15:89:d9:0f:ee:9a:ec:7a:69:73:57:39:1b:fd:14:
                    2c:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:70:46:3D:4D:07:6B:CE:04:CF:9C:A6:3E:32:65:DD:27:B5:C3:7D
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/wHBGPU0Ha84Ez5ymPjJl3Se1w30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e2:1e:b8:e7:d5:48:e8:1b:f3:6e:3d:f2:5b:04:2f:ee:f2:0d:
         b8:62:b0:cc:27:da:f7:bf:26:cd:26:58:10:b9:c6:e4:69:4b:
         11:92:31:9a:36:7c:60:e9:0d:27:cd:ff:f9:87:97:05:be:d5:
         25:2d:32:84:e8:a7:3c:ad:49:5b:53:0c:c2:c1:3e:0d:ec:6f:
         78:80:58:ab:64:5c:c2:8a:cb:97:7a:a6:58:fd:2f:86:8c:e9:
         53:68:cb:66:ec:16:c9:36:6c:e9:51:cf:1f:51:b6:ef:32:1c:
         c2:64:de:86:d3:b9:4d:99:6f:df:a8:b1:2c:31:41:f8:56:04:
         db:42:a9:d6:f7:16:cc:d4:23:53:fb:40:3a:88:b9:b0:da:32:
         f0:5c:c8:8c:63:cc:3c:99:d6:14:0d:f3:29:ba:2e:44:64:4e:
         9f:70:8a:41:f4:3e:53:d8:0f:4b:14:4a:c7:53:af:90:d2:ee:
         71:8a:dd:2a:21:93:1c:93:63:b7:d4:b6:62:91:91:1b:b8:8b:
         24:f9:4c:bb:2d:0a:ce:16:c5:d2:f5:cd:36:2c:28:90:30:d2:
         78:90:49:ca:df:c4:27:a4:3e:f7:09:05:68:f8:49:e9:ac:fe:
         62:34:fc:df:a3:7f:ba:1e:4e:c5:0d:cc:aa:33:de:9d:ab:9c:
         7d:7b:67:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4LiNVE6CRxTgxfcf7ninJFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwNTA5MDY1OTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDcwNDYzZDRkMDc2YmNlMDRjZjljYTYzZTMyNjVkZDI3YjVjMzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAncxtimk9Rihsa6QTbpHCvnjVVRdU
8QrrINUJuMrYUXrldORuJjQTK2bl8jl3IVtLNsz3wbz46YtMViI/l4HVkQlW5jSh
2E4U/VUGncQs8y+J1kywbl8n6TlyLpd4HRGxMuh6m6osbprh2tuySbO4Inks08P2
gXEOqULXSVhtonrSMeYagdBq1ubp5DzllGk2zfNZALLqTPLUrgC0OQ/7owJMNTpN
IlnC35eOXKlo3M5IDoeg4LIutgTE+jcxVsQmqbT7uYQa+Vg1piPkqbbAgCXIzprA
RHGTDAOZe2Jp2E+StKQs31Qh1Qdu4b1R9coVidkP7prsemlzVzkb/RQsNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMBwRj1NB2vOBM+cpj4yZd0ntcN9MB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvd0hCR1BVMEhhODRFejV5bVBqSmwzU2UxdzMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwufLMA0G
CSqGSIb3DQEBCwUAA4IBAQDiHrjn1UjoG/NuPfJbBC/u8g24YrDMJ9r3vybNJlgQ
ucbkaUsRkjGaNnxg6Q0nzf/5h5cFvtUlLTKE6Kc8rUlbUwzCwT4N7G94gFirZFzC
isuXeqZY/S+GjOlTaMtm7BbJNmzpUc8fUbbvMhzCZN6G07lNmW/fqLEsMUH4VgTb
QqnW9xbM1CNT+0A6iLmw2jLwXMiMY8w8mdYUDfMpui5EZE6fcIpB9D5T2A9LFErH
U6+Q0u5xit0qIZMck2O31LZikZEbuIsk+Uy7LQrOFsXS9c02LCiQMNJ4kEnK38Qn
pD73CQVo+EnprP5iNPzfo3+6Hk7FDcyqM96dq5x9e2cc
-----END CERTIFICATE-----