Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/WfPDLG9d3P0odX-1Vlst8Jp1kvw.roa
File:                     WfPDLG9d3P0odX-1Vlst8Jp1kvw.roa (raw, json)
Hash identifier:          ZATprMIHzA2xNFiI/sOckBgM3YrzY31QiXzVSmJLcyc=
Subject key identifier:   59:F3:C3:2C:6F:5D:DC:FD:28:75:7F:B5:56:5B:2D:F0:9A:75:92:FC
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019CF53B7130DDEAD1A88A3859734EDEB004
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/WfPDLG9d3P0odX-1Vlst8Jp1kvw.roa
Signing time:             Mon 16 Mar 2026 06:00:39 +0000
ROA not before:           Mon 16 Mar 2026 06:00:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     272391
IP address blocks:        89.42.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f5:3b:71:30:dd:ea:d1:a8:8a:38:59:73:4e:de:b0:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Mar 16 06:00:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=59f3c32c6f5ddcfd28757fb5565b2df09a7592fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:15:19:47:aa:19:5e:93:d1:ce:be:cd:13:26:
                    ca:84:5d:de:c7:0a:89:c0:f7:09:3a:b5:1b:89:9a:
                    fe:b4:67:8d:cc:91:6e:ea:e8:b6:da:88:b6:e9:b6:
                    8d:91:17:a2:76:83:c1:48:01:7a:e7:98:0d:b4:c8:
                    9f:58:73:96:b2:74:41:9b:23:6e:ce:23:44:12:e1:
                    dd:cb:79:30:b5:ad:09:e7:0f:29:1e:21:f5:51:8e:
                    ac:b2:79:2f:83:42:ca:4e:70:67:e6:94:0c:06:2b:
                    56:ac:e7:45:60:e5:72:cd:b5:b6:af:a7:75:31:6b:
                    07:fa:7f:8e:a3:17:82:70:db:6c:9d:d8:fb:3c:9b:
                    2f:01:bf:81:40:22:a7:9e:ad:a8:ba:fa:53:c4:c2:
                    ec:a0:7a:f0:04:fe:fc:0b:e4:5f:61:b6:a5:5f:cd:
                    9e:0f:77:78:e6:ea:da:4e:91:d6:61:70:97:13:85:
                    16:45:46:ac:f5:e7:ec:79:82:19:ed:e4:f6:e4:90:
                    48:e8:90:06:b1:8a:a0:4d:e4:1f:da:11:d9:de:81:
                    ba:88:da:9f:41:7c:eb:d3:2f:6a:9d:75:3b:c4:a8:
                    c3:f5:30:07:85:c9:eb:a0:cc:b5:72:15:02:c7:4f:
                    82:47:2e:d3:f6:05:69:0c:3f:77:31:a4:2d:8f:62:
                    19:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:F3:C3:2C:6F:5D:DC:FD:28:75:7F:B5:56:5B:2D:F0:9A:75:92:FC
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/WfPDLG9d3P0odX-1Vlst8Jp1kvw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:76:29:73:53:c3:0b:c5:db:25:78:e6:16:95:07:b7:d7:9c:
         3f:bb:14:83:90:f7:04:d8:a7:3f:93:7a:03:70:17:b5:7e:42:
         cb:38:c6:ae:19:53:90:eb:0f:f9:d8:59:90:bf:7f:68:7f:27:
         45:89:97:a5:26:7c:bd:da:97:c8:85:2b:52:6b:61:9e:e1:7c:
         cb:c9:b1:c5:3d:87:98:02:45:35:57:f8:58:78:5e:2c:3f:d0:
         f3:e3:c1:15:a0:81:56:45:8e:2e:43:67:bf:c6:fe:c1:44:47:
         85:f4:37:de:30:4a:30:a6:7b:56:07:a3:79:6a:3c:34:b7:18:
         1a:ad:2f:f5:ec:41:92:f3:13:fe:bb:4a:f5:5b:57:ec:16:2b:
         c7:f1:4b:b0:fe:57:e5:5b:e1:ed:3e:f5:97:df:b6:a4:56:9d:
         9c:b1:01:51:e9:21:1f:8c:b0:78:4f:2f:df:9b:7a:99:33:d5:
         66:79:be:ed:12:dd:d1:30:30:05:0f:aa:17:3c:a8:2b:15:07:
         b5:46:b8:d7:48:2c:3b:3f:bf:9c:b6:9f:54:6b:e1:7b:fb:d0:
         eb:b5:fd:d2:4f:a2:9b:08:76:bd:89:4c:70:39:04:fb:d5:e0:
         4d:61:f7:58:67:a2:e5:32:75:c8:db:4a:44:fc:ff:7b:af:16:
         f8:47:a2:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz1O3Ew3erRqIo4WXNO3rAEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjYwMzE2MDYwMDM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWYzYzMyYzZmNWRkY2ZkMjg3NTdmYjU1NjViMmRmMDlhNzU5MmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1hUZR6oZXpPRzr7NEybKhF3exwqJ
wPcJOrUbiZr+tGeNzJFu6ui22oi26baNkReidoPBSAF655gNtMifWHOWsnRBmyNu
ziNEEuHdy3kwta0J5w8pHiH1UY6ssnkvg0LKTnBn5pQMBitWrOdFYOVyzbW2r6d1
MWsH+n+OoxeCcNtsndj7PJsvAb+BQCKnnq2ouvpTxMLsoHrwBP78C+RfYbalX82e
D3d45uraTpHWYXCXE4UWRUas9efseYIZ7eT25JBI6JAGsYqgTeQf2hHZ3oG6iNqf
QXzr0y9qnXU7xKjD9TAHhcnroMy1chUCx0+CRy7T9gVpDD93MaQtj2IZWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFnzwyxvXdz9KHV/tVZbLfCadZL8MB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvV2ZQRExHOWQzUDBvZFgtMVZsc3Q4SnAxa3Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSpwMA0G
CSqGSIb3DQEBCwUAA4IBAQA0dilzU8MLxdsleOYWlQe315w/uxSDkPcE2Kc/k3oD
cBe1fkLLOMauGVOQ6w/52FmQv39ofydFiZelJny92pfIhStSa2Ge4XzLybHFPYeY
AkU1V/hYeF4sP9Dz48EVoIFWRY4uQ2e/xv7BREeF9DfeMEowpntWB6N5ajw0txga
rS/17EGS8xP+u0r1W1fsFivH8Uuw/lflW+HtPvWX37akVp2csQFR6SEfjLB4Ty/f
m3qZM9Vmeb7tEt3RMDAFD6oXPKgrFQe1RrjXSCw7P7+ctp9Ua+F7+9Drtf3ST6Kb
CHa9iUxwOQT71eBNYfdYZ6LlMnXI20pE/P97rxb4R6Ib
-----END CERTIFICATE-----