Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/W5P57l-PU-Z0PABARZaDgV3tS-c.roa
File:                     W5P57l-PU-Z0PABARZaDgV3tS-c.roa (raw, json)
Hash identifier:          2/N0MJI14TX0RhlVfUsv6alV4bkqCLo9l4PuEdaHr18=
Subject key identifier:   5B:93:F9:EE:5F:8F:53:E6:74:3C:00:40:45:96:83:81:5D:ED:4B:E7
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019DF24B6043FC923D572C8DDC5F8DD676A8
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/W5P57l-PU-Z0PABARZaDgV3tS-c.roa
Signing time:             Mon 04 May 2026 09:21:59 +0000
ROA not before:           Mon 04 May 2026 09:21:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207252
IP address blocks:        178.253.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f2:4b:60:43:fc:92:3d:57:2c:8d:dc:5f:8d:d6:76:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: May  4 09:21:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5b93f9ee5f8f53e6743c0040459683815ded4be7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:66:7e:c9:7b:07:b2:c5:9a:04:21:71:5b:14:
                    05:ab:7c:07:0d:98:e5:f6:cb:d3:99:5a:43:95:2a:
                    6c:1e:ea:1c:9b:7f:04:e7:bd:1e:23:3f:6d:56:0b:
                    7a:02:31:29:ce:3d:d3:d0:16:c8:fc:bd:a8:6c:0c:
                    09:88:79:08:be:3c:36:f9:ed:71:73:ea:97:a2:e0:
                    fd:de:67:39:81:29:fc:97:d8:30:1a:5c:7c:7f:f4:
                    e9:db:bc:02:be:8f:d7:d9:a7:50:2e:34:b9:8c:bc:
                    0d:70:11:ff:54:9d:1f:b2:57:d6:6f:cc:39:0e:dd:
                    10:ab:e7:d4:60:22:dd:7d:4d:82:d3:9a:96:07:3f:
                    ff:9a:28:1f:e4:d4:31:c2:9e:e3:95:9a:49:f4:04:
                    e7:55:97:38:96:3d:b7:20:82:27:a0:c3:34:88:11:
                    9e:c6:4d:f9:85:7f:55:15:ba:2e:20:63:e7:6e:ae:
                    cb:8b:93:bf:c2:7e:c9:a5:3b:f8:32:5d:de:fd:21:
                    82:9a:f1:53:b4:7f:43:1a:1f:11:a9:5b:4f:89:3b:
                    58:b0:7c:7c:f6:da:c6:c9:42:eb:6f:97:33:d8:4d:
                    71:fc:66:64:93:bb:5d:54:d6:63:da:bd:6c:25:6d:
                    95:0c:82:da:41:69:d7:e4:f7:a4:95:7d:9c:16:44:
                    b5:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:93:F9:EE:5F:8F:53:E6:74:3C:00:40:45:96:83:81:5D:ED:4B:E7
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/W5P57l-PU-Z0PABARZaDgV3tS-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.253.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:86:46:12:72:9a:6f:29:b5:95:a5:5d:03:8e:d7:5d:10:42:
         fd:89:38:21:40:eb:9d:f3:1a:22:81:9d:48:ad:d0:db:a0:73:
         51:f1:90:e1:e3:d0:af:f4:ef:8b:a3:52:50:d9:61:4c:21:2a:
         f0:10:cc:c1:43:60:24:bd:6f:77:59:39:03:73:60:11:eb:d2:
         75:51:6c:04:e9:f2:db:30:21:fa:72:8b:fd:41:d8:c9:af:33:
         99:a6:20:55:8f:6d:aa:29:0a:4b:e2:d3:2c:2a:cd:6d:ea:b6:
         21:64:72:07:c2:9e:21:d0:6f:3e:65:fa:fa:01:69:a3:ad:83:
         bb:bb:32:36:db:b3:85:c9:97:57:cc:99:2b:ae:03:e1:b9:0a:
         23:67:f2:3f:e7:7c:78:c1:3e:81:c8:4c:fc:c9:65:c4:6a:57:
         97:53:74:88:f3:c2:49:a2:1e:a4:db:8e:86:e9:50:ff:db:31:
         da:d7:0a:fb:93:e0:29:1b:c7:d8:69:59:fc:99:05:5c:6b:a2:
         af:df:3c:d0:3c:34:d9:c1:3d:50:51:a2:be:a9:86:ad:b6:73:
         d5:30:2d:5e:4b:82:c4:32:e9:ba:f2:58:89:95:92:50:d6:5b:
         95:56:31:39:61:29:c0:85:f2:3b:90:30:3c:4e:19:23:04:6f:
         f5:af:62:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3yS2BD/JI9VyyN3F+N1naoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwNTA0MDkyMTU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjkzZjllZTVmOGY1M2U2NzQzYzAwNDA0NTk2ODM4MTVkZWQ0YmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxGZ+yXsHssWaBCFxWxQFq3wHDZjl
9svTmVpDlSpsHuocm38E570eIz9tVgt6AjEpzj3T0BbI/L2obAwJiHkIvjw2+e1x
c+qXouD93mc5gSn8l9gwGlx8f/Tp27wCvo/X2adQLjS5jLwNcBH/VJ0fslfWb8w5
Dt0Qq+fUYCLdfU2C05qWBz//migf5NQxwp7jlZpJ9ATnVZc4lj23IIInoMM0iBGe
xk35hX9VFbouIGPnbq7Li5O/wn7JpTv4Ml3e/SGCmvFTtH9DGh8RqVtPiTtYsHx8
9trGyULrb5cz2E1x/GZkk7tdVNZj2r1sJW2VDILaQWnX5PeklX2cFkS1dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFuT+e5fj1PmdDwAQEWWg4Fd7UvnMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvVzVQNTdsLVBVLVowUEFCQVJaYURnVjN0Uy1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv3SMA0G
CSqGSIb3DQEBCwUAA4IBAQA3hkYScppvKbWVpV0DjtddEEL9iTghQOud8xoigZ1I
rdDboHNR8ZDh49Cv9O+Lo1JQ2WFMISrwEMzBQ2AkvW93WTkDc2AR69J1UWwE6fLb
MCH6cov9QdjJrzOZpiBVj22qKQpL4tMsKs1t6rYhZHIHwp4h0G8+Zfr6AWmjrYO7
uzI227OFyZdXzJkrrgPhuQojZ/I/53x4wT6ByEz8yWXEaleXU3SI88JJoh6k246G
6VD/2zHa1wr7k+ApG8fYaVn8mQVca6Kv3zzQPDTZwT1QUaK+qYattnPVMC1eS4LE
Mum68liJlZJQ1luVVjE5YSnAhfI7kDA8ThkjBG/1r2Jy
-----END CERTIFICATE-----