Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/6f6b96-b8b7-49f4-8c85-6a52c11d27a5/1/WcvGmVBQh07jSf5jDrMVsS6ZHpc.roa
File:                     WcvGmVBQh07jSf5jDrMVsS6ZHpc.roa (raw, json)
Hash identifier:          X051kpS+ioibrLfUT13OB2q4ttAQvXZO/Na1WKpoa5I=
Subject key identifier:   59:CB:C6:99:50:50:87:4E:E3:49:FE:63:0E:B3:15:B1:2E:99:1E:97
Certificate issuer:       /CN=202a321f867aeef710fb9ccbe135a2890273f072
Certificate serial:       019E16EF869B6282CF3AEF542698EDE0D5A6
Authority key identifier: 20:2A:32:1F:86:7A:EE:F7:10:FB:9C:CB:E1:35:A2:89:02:73:F0:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ICoyH4Z67vcQ-5zL4TWiiQJz8HI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/6f6b96-b8b7-49f4-8c85-6a52c11d27a5/1/WcvGmVBQh07jSf5jDrMVsS6ZHpc.roa
Signing time:             Mon 11 May 2026 12:07:36 +0000
ROA not before:           Mon 11 May 2026 12:07:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203997
IP address blocks:        2a10:e8c0::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/6f6b96-b8b7-49f4-8c85-6a52c11d27a5/1/ICoyH4Z67vcQ-5zL4TWiiQJz8HI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/6f6b96-b8b7-49f4-8c85-6a52c11d27a5/1/ICoyH4Z67vcQ-5zL4TWiiQJz8HI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ICoyH4Z67vcQ-5zL4TWiiQJz8HI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:16:ef:86:9b:62:82:cf:3a:ef:54:26:98:ed:e0:d5:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=202a321f867aeef710fb9ccbe135a2890273f072
        Validity
            Not Before: May 11 12:07:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=59cbc6995050874ee349fe630eb315b12e991e97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:80:17:6e:e1:5e:8f:7f:8b:d8:e3:45:07:26:
                    f9:d6:d1:75:69:ad:89:b0:b8:be:f8:16:32:07:7c:
                    d5:09:bd:62:e8:53:47:e2:dc:77:ad:9d:15:5a:86:
                    8f:58:d6:a8:34:7e:2b:de:59:98:c7:29:3b:17:98:
                    62:d3:fd:31:89:27:c8:a5:b7:8b:c5:b6:e4:f3:a0:
                    66:22:f1:39:8d:4b:2b:21:7a:31:3d:35:b8:7a:ce:
                    71:d1:23:4e:1b:fb:f8:cb:a7:0d:a1:bd:63:be:97:
                    63:ab:a5:25:a0:29:7f:a4:99:39:5e:8f:fc:1f:30:
                    d0:9b:cc:71:51:86:5a:5e:d6:fb:d6:35:17:b6:9e:
                    ef:89:b8:ce:3f:bc:ac:fc:56:d6:73:49:26:a4:8c:
                    5b:58:0f:d1:37:61:b9:75:59:94:35:b8:ec:84:2d:
                    85:cc:d0:7b:09:f7:8e:76:40:3e:ec:50:e5:dd:34:
                    45:24:60:a3:c9:4f:cd:b0:38:b9:d0:f6:e2:4f:f3:
                    93:a4:52:0b:af:22:a2:eb:9c:ef:ba:9a:06:d4:4c:
                    58:d9:5a:3d:5b:58:80:a5:39:c0:86:dd:2c:96:51:
                    3d:cd:fc:5b:b2:b6:f3:df:5a:de:d8:61:30:bb:66:
                    6e:30:e5:37:30:9e:60:07:d3:ff:0b:c2:03:09:53:
                    08:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:CB:C6:99:50:50:87:4E:E3:49:FE:63:0E:B3:15:B1:2E:99:1E:97
            X509v3 Authority Key Identifier:
                keyid:20:2A:32:1F:86:7A:EE:F7:10:FB:9C:CB:E1:35:A2:89:02:73:F0:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ICoyH4Z67vcQ-5zL4TWiiQJz8HI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/6f6b96-b8b7-49f4-8c85-6a52c11d27a5/1/WcvGmVBQh07jSf5jDrMVsS6ZHpc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/6f6b96-b8b7-49f4-8c85-6a52c11d27a5/1/ICoyH4Z67vcQ-5zL4TWiiQJz8HI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:e8c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         1e:64:52:b6:96:cd:07:05:16:0d:02:56:47:16:df:0e:10:1e:
         ea:01:e5:18:60:7c:4b:c0:14:d9:12:c8:77:38:1c:f2:61:87:
         a0:88:bd:8b:46:0e:6b:b1:99:8c:82:bc:f0:ac:8f:c9:38:69:
         18:e6:71:c7:22:6d:4f:5f:7f:38:87:f6:eb:b0:f0:e6:29:0e:
         f7:10:ac:ee:8d:51:b6:98:a0:38:77:c1:67:51:fe:d5:46:33:
         20:e6:e3:ef:00:33:0a:44:f9:a3:86:82:f3:13:b0:2c:a5:cc:
         0f:82:f0:cf:20:32:c4:2f:20:83:88:54:c3:fd:68:69:f8:ee:
         b1:83:4e:7c:e9:eb:97:97:23:f0:73:6f:69:36:3b:38:73:e3:
         48:5f:60:47:37:9d:22:26:c5:61:bb:f2:78:56:da:b3:c8:53:
         b7:e8:0d:5b:f5:53:88:4f:45:a6:55:98:45:0c:0e:9f:09:2b:
         66:8c:f5:7a:94:b0:34:f8:bb:51:c8:e0:ae:fa:4a:42:0f:53:
         20:ac:05:14:1f:5b:57:db:57:a9:fa:90:7b:51:4b:7f:25:1b:
         ac:73:a1:af:1a:e0:97:04:0e:e0:1d:75:89:ad:a2:6b:40:5d:
         4b:6a:d9:15:6b:3d:25:62:b4:73:2c:a4:25:b2:b1:a5:da:a0:
         1a:6b:d8:ff
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ4W74abYoLPOu9UJpjt4NWmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwMmEzMjFmODY3YWVlZjcxMGZiOWNjYmUxMzVhMjg5MDI3
M2YwNzIwHhcNMjYwNTExMTIwNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWNiYzY5OTUwNTA4NzRlZTM0OWZlNjMwZWIzMTViMTJlOTkxZTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoAXbuFej3+L2ONFByb51tF1aa2J
sLi++BYyB3zVCb1i6FNH4tx3rZ0VWoaPWNaoNH4r3lmYxyk7F5hi0/0xiSfIpbeL
xbbk86BmIvE5jUsrIXoxPTW4es5x0SNOG/v4y6cNob1jvpdjq6UloCl/pJk5Xo/8
HzDQm8xxUYZaXtb71jUXtp7vibjOP7ys/FbWc0kmpIxbWA/RN2G5dVmUNbjshC2F
zNB7CfeOdkA+7FDl3TRFJGCjyU/NsDi50PbiT/OTpFILryKi65zvupoG1ExY2Vo9
W1iApTnAht0sllE9zfxbsrbz31re2GEwu2ZuMOU3MJ5gB9P/C8IDCVMI1wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFnLxplQUIdO40n+Yw6zFbEumR6XMB8GA1UdIwQY
MBaAFCAqMh+Geu73EPucy+E1ookCc/ByMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUNveUg0WjY3dmNRLTV6TDRUV2lpUUp6OEhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny82ZjZiOTYtYjhiNy00OWY0LThjODUt
NmE1MmMxMWQyN2E1LzEvV2N2R21WQlFoMDdqU2Y1akRyTVZzUzZaSHBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny82ZjZiOTYtYjhiNy00OWY0LThjODUtNmE1MmMxMWQyN2E1
LzEvSUNveUg0WjY3dmNRLTV6TDRUV2lpUUp6OEhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhDowDAN
BgkqhkiG9w0BAQsFAAOCAQEAHmRStpbNBwUWDQJWRxbfDhAe6gHlGGB8S8AU2RLI
dzgc8mGHoIi9i0YOa7GZjIK88KyPyThpGOZxxyJtT19/OIf267Dw5ikO9xCs7o1R
tpigOHfBZ1H+1UYzIObj7wAzCkT5o4aC8xOwLKXMD4LwzyAyxC8gg4hUw/1oafju
sYNOfOnrl5cj8HNvaTY7OHPjSF9gRzedIibFYbvyeFbas8hTt+gNW/VTiE9FplWY
RQwOnwkrZoz1epSwNPi7UcjgrvpKQg9TIKwFFB9bV9tXqfqQe1FLfyUbrHOhrxrg
lwQO4B11ia2ia0BdS2rZFWs9JWK0cyykJbKxpdqgGmvY/w==
-----END CERTIFICATE-----