Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/wA_XOVQl-oHNVyX-tZD3gm3ftc8.roa
File:                     wA_XOVQl-oHNVyX-tZD3gm3ftc8.roa (raw, json)
Hash identifier:          8dtutP+ArPMmfuWgJQ2C6BSFjKfN3xYHSFrKhnPsqSc=
Subject key identifier:   C0:0F:D7:39:54:25:FA:81:CD:57:25:FE:B5:90:F7:82:6D:DF:B5:CF
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019D0AABE2D69C7EBF5197372A051967CC1B
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/wA_XOVQl-oHNVyX-tZD3gm3ftc8.roa
Signing time:             Fri 20 Mar 2026 09:55:29 +0000
ROA not before:           Fri 20 Mar 2026 09:55:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16276
IP address blocks:        188.255.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0a:ab:e2:d6:9c:7e:bf:51:97:37:2a:05:19:67:cc:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Mar 20 09:55:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c00fd7395425fa81cd5725feb590f7826ddfb5cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:dc:52:ad:27:0f:1e:64:97:6f:ba:2a:a7:4d:
                    ef:a2:53:37:82:a8:79:29:5e:91:6a:98:28:be:c4:
                    38:60:06:26:dd:2b:08:12:c7:9f:08:e1:0d:49:d1:
                    5d:04:7e:57:27:98:7e:98:e9:e8:6d:6a:35:a8:2e:
                    2d:c4:77:44:13:d0:f2:3c:46:e9:8c:69:ce:b2:46:
                    f2:16:21:ab:92:1e:36:18:91:03:1e:df:f6:87:38:
                    6a:aa:16:b3:ee:ff:1a:5f:14:25:0f:5c:b6:31:5e:
                    b8:da:e5:63:17:f8:62:e4:37:0b:ea:80:0b:34:b9:
                    59:3a:51:6c:bd:4d:91:6d:06:e9:ed:4d:e5:49:75:
                    7c:a2:e2:3a:98:05:e2:e0:22:ea:2b:10:b2:3b:40:
                    13:87:1e:af:52:9e:b6:01:81:30:a4:e9:31:2c:2f:
                    02:96:0f:b5:11:40:11:ce:01:0d:ec:5b:c7:92:9b:
                    5d:55:79:da:14:e2:bd:38:56:6d:bd:ff:70:cf:86:
                    54:31:d5:ca:ac:09:1f:55:d9:9f:5e:5c:f6:59:60:
                    d1:b3:69:4a:4a:e5:b7:47:06:9f:3e:5c:0b:85:88:
                    05:8b:89:60:b1:1c:8b:17:0b:fc:26:32:20:69:79:
                    68:a2:66:dc:e9:63:e5:29:74:29:aa:31:50:a6:d9:
                    d2:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:0F:D7:39:54:25:FA:81:CD:57:25:FE:B5:90:F7:82:6D:DF:B5:CF
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/wA_XOVQl-oHNVyX-tZD3gm3ftc8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.255.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:e1:29:ed:86:f4:c1:ad:b9:2e:2e:05:1a:9c:ec:54:91:04:
         f3:2d:73:d9:1b:91:61:38:d9:11:12:1c:6a:b2:28:c6:e6:82:
         43:d6:9d:d2:91:bb:f5:76:eb:8a:82:6e:86:97:d3:c1:fc:96:
         93:f4:a4:3f:5d:fd:46:28:70:4c:8e:95:3d:31:e8:80:cf:f0:
         4d:2a:71:04:a8:82:48:51:30:21:b6:d2:7c:98:cf:a6:57:5f:
         fb:4b:5f:70:8e:75:6c:76:46:6e:e4:72:4d:e1:6f:31:16:29:
         1b:01:9f:e4:42:ba:f5:99:30:53:fc:df:39:0b:ad:99:eb:4b:
         53:84:19:6d:a2:d0:56:3d:64:ea:45:df:ee:59:06:ae:60:0f:
         7d:fa:d4:de:81:44:21:51:84:5f:a6:ac:a2:8c:66:09:a2:31:
         c5:74:8a:59:37:03:41:2f:a8:12:f8:e7:ab:0c:42:dd:cf:28:
         cd:cc:d9:a9:97:ac:40:82:39:05:a3:6d:c3:24:38:59:f9:30:
         6b:a7:0a:a2:ce:47:ce:46:d7:3c:2f:8a:ab:ab:f5:2c:8b:03:
         b5:44:32:ef:62:e1:91:59:0d:68:1a:b6:bf:43:14:3e:70:58:
         77:c8:d4:01:66:81:aa:49:46:01:a8:80:2f:fa:1c:2d:ff:b9:
         7c:f5:17:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0Kq+LWnH6/UZc3KgUZZ8wbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwMzIwMDk1NTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDBmZDczOTU0MjVmYTgxY2Q1NzI1ZmViNTkwZjc4MjZkZGZiNWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz9xSrScPHmSXb7oqp03volM3gqh5
KV6RapgovsQ4YAYm3SsIEsefCOENSdFdBH5XJ5h+mOnobWo1qC4txHdEE9DyPEbp
jGnOskbyFiGrkh42GJEDHt/2hzhqqhaz7v8aXxQlD1y2MV642uVjF/hi5DcL6oAL
NLlZOlFsvU2RbQbp7U3lSXV8ouI6mAXi4CLqKxCyO0AThx6vUp62AYEwpOkxLC8C
lg+1EUARzgEN7FvHkptdVXnaFOK9OFZtvf9wz4ZUMdXKrAkfVdmfXlz2WWDRs2lK
SuW3RwafPlwLhYgFi4lgsRyLFwv8JjIgaXloombc6WPlKXQpqjFQptnS7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMAP1zlUJfqBzVcl/rWQ94Jt37XPMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvd0FfWE9WUWwtb0hOVnlYLXRaRDNnbTNmdGM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvP/BMA0G
CSqGSIb3DQEBCwUAA4IBAQAo4SnthvTBrbkuLgUanOxUkQTzLXPZG5FhONkREhxq
sijG5oJD1p3Skbv1duuKgm6Gl9PB/JaT9KQ/Xf1GKHBMjpU9MeiAz/BNKnEEqIJI
UTAhttJ8mM+mV1/7S19wjnVsdkZu5HJN4W8xFikbAZ/kQrr1mTBT/N85C62Z60tT
hBltotBWPWTqRd/uWQauYA99+tTegUQhUYRfpqyijGYJojHFdIpZNwNBL6gS+Oer
DELdzyjNzNmpl6xAgjkFo23DJDhZ+TBrpwqizkfORtc8L4qrq/UsiwO1RDLvYuGR
WQ1oGra/QxQ+cFh3yNQBZoGqSUYBqIAv+hwt/7l89Rc9
-----END CERTIFICATE-----