Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/c89677-1d9a-418d-8593-c18e3ccc742b/1/WoqoURpuf-LfwneXNP3lJ7x4hN4.roa
File:                     WoqoURpuf-LfwneXNP3lJ7x4hN4.roa (raw, json)
Hash identifier:          CVWC2o5Apdhb47YyER68E1mWDGEQNgPjn8K4MFtzg8w=
Subject key identifier:   5A:8A:A8:51:1A:6E:7F:E2:DF:C2:77:97:34:FD:E5:27:BC:78:84:DE
Certificate issuer:       /CN=5c6b0c001a99ab6296e242173bf7e7fdcf03c019
Certificate serial:       019D1FF45373F4A68FFB963BED3D6DE04092
Authority key identifier: 5C:6B:0C:00:1A:99:AB:62:96:E2:42:17:3B:F7:E7:FD:CF:03:C0:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XGsMABqZq2KW4kIXO_fn_c8DwBk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/c89677-1d9a-418d-8593-c18e3ccc742b/1/WoqoURpuf-LfwneXNP3lJ7x4hN4.roa
Signing time:             Tue 24 Mar 2026 13:06:39 +0000
ROA not before:           Tue 24 Mar 2026 13:06:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402047
IP address blocks:        178.214.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/c89677-1d9a-418d-8593-c18e3ccc742b/1/XGsMABqZq2KW4kIXO_fn_c8DwBk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/c89677-1d9a-418d-8593-c18e3ccc742b/1/XGsMABqZq2KW4kIXO_fn_c8DwBk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XGsMABqZq2KW4kIXO_fn_c8DwBk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1f:f4:53:73:f4:a6:8f:fb:96:3b:ed:3d:6d:e0:40:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c6b0c001a99ab6296e242173bf7e7fdcf03c019
        Validity
            Not Before: Mar 24 13:06:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5a8aa8511a6e7fe2dfc2779734fde527bc7884de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:30:e3:ea:36:6c:ab:6e:05:ae:c5:61:a4:5d:
                    d2:b1:75:b1:65:d8:3a:54:01:98:7b:5f:4a:dc:dd:
                    7f:3c:93:83:94:a4:d0:b5:e8:c8:6f:60:ff:5d:bf:
                    3b:38:84:9a:78:b1:99:91:39:3f:84:03:07:6f:c2:
                    be:b9:ae:f2:d6:c9:38:b7:c0:5a:e2:61:25:80:9f:
                    1b:6f:04:57:40:db:96:df:2c:29:42:2d:48:af:45:
                    33:c2:12:60:56:b7:4b:02:d8:a2:47:c6:0f:d7:c5:
                    2c:3e:43:d4:b2:69:75:6c:aa:fc:e4:ba:37:61:c9:
                    ec:07:e3:d3:94:56:0f:9c:1c:48:88:87:a6:c2:0b:
                    6d:31:f6:e3:17:b8:56:4f:28:69:9f:12:f7:12:95:
                    d7:fd:cb:a4:64:e9:66:08:ca:a6:95:cc:da:76:26:
                    03:9b:ed:d9:d7:6a:92:8e:17:64:1a:11:9f:dc:3d:
                    81:2b:09:49:77:ab:09:27:8f:5a:2b:3b:88:8e:49:
                    e2:56:1c:f9:82:86:ea:5b:32:f9:62:49:1f:65:64:
                    fb:26:0c:f0:9b:74:f7:63:76:58:4a:89:24:96:9d:
                    d0:74:f4:69:31:4a:26:21:c7:e0:f1:2e:1e:f9:04:
                    aa:38:fd:ef:12:09:01:9a:cf:a0:0d:32:fc:5b:c9:
                    75:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:8A:A8:51:1A:6E:7F:E2:DF:C2:77:97:34:FD:E5:27:BC:78:84:DE
            X509v3 Authority Key Identifier:
                keyid:5C:6B:0C:00:1A:99:AB:62:96:E2:42:17:3B:F7:E7:FD:CF:03:C0:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XGsMABqZq2KW4kIXO_fn_c8DwBk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/c89677-1d9a-418d-8593-c18e3ccc742b/1/WoqoURpuf-LfwneXNP3lJ7x4hN4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/c89677-1d9a-418d-8593-c18e3ccc742b/1/XGsMABqZq2KW4kIXO_fn_c8DwBk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.214.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:10:03:39:78:71:0a:28:6f:b5:11:5c:75:f6:80:db:18:08:
         ac:1f:f7:8e:9f:dd:e6:f0:11:ee:d1:10:f8:d4:fb:8f:54:e7:
         28:0b:a0:d1:61:09:01:9b:ca:c9:3c:09:fd:80:d5:4a:b5:3a:
         63:83:80:75:58:85:51:62:c4:47:7a:b2:24:74:98:2d:a9:f5:
         9c:3a:4b:56:ab:bb:99:9e:ce:c3:ff:9b:13:45:dc:e5:aa:82:
         23:4d:99:24:2c:0f:b2:7a:c3:88:bf:a6:ec:c2:4d:56:52:60:
         9e:86:09:13:64:c3:84:b2:43:ff:19:64:bd:d1:f9:56:2f:74:
         10:73:00:93:cb:93:18:2d:2e:48:53:60:d7:22:69:21:f9:ff:
         29:7d:63:1a:d2:10:8f:59:5f:e0:d2:cb:77:13:0d:79:ba:70:
         e4:ac:78:40:00:4d:a8:36:41:37:43:b2:ba:82:9a:32:5d:dc:
         ee:c8:00:27:43:6a:85:78:64:1e:7f:8a:33:f4:ae:ca:e2:ff:
         af:07:12:f4:a3:09:ba:30:bd:f9:7a:90:a9:95:63:e4:7f:8e:
         56:d5:83:84:4f:0b:27:bc:69:d3:f4:b4:9e:96:fc:b8:f6:d4:
         36:35:07:51:76:6d:55:83:de:6c:ac:35:5f:a2:4a:13:ce:5c:
         5f:6e:65:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0f9FNz9KaP+5Y77T1t4ECSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNmIwYzAwMWE5OWFiNjI5NmUyNDIxNzNiZjdlN2ZkY2Yw
M2MwMTkwHhcNMjYwMzI0MTMwNjM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YThhYTg1MTFhNmU3ZmUyZGZjMjc3OTczNGZkZTUyN2JjNzg4NGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5jDj6jZsq24FrsVhpF3SsXWxZdg6
VAGYe19K3N1/PJODlKTQtejIb2D/Xb87OISaeLGZkTk/hAMHb8K+ua7y1sk4t8Ba
4mElgJ8bbwRXQNuW3ywpQi1Ir0UzwhJgVrdLAtiiR8YP18UsPkPUsml1bKr85Lo3
YcnsB+PTlFYPnBxIiIemwgttMfbjF7hWTyhpnxL3EpXX/cukZOlmCMqmlczadiYD
m+3Z12qSjhdkGhGf3D2BKwlJd6sJJ49aKzuIjkniVhz5gobqWzL5YkkfZWT7Jgzw
m3T3Y3ZYSokklp3QdPRpMUomIcfg8S4e+QSqOP3vEgkBms+gDTL8W8l1vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFqKqFEabn/i38J3lzT95Se8eITeMB8GA1UdIwQY
MBaAFFxrDAAamatiluJCFzv35/3PA8AZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEdzTUFCcVpxMktXNGtJWE9fZm5fYzhEd0JrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9jODk2NzctMWQ5YS00MThkLTg1OTMt
YzE4ZTNjY2M3NDJiLzEvV29xb1VScHVmLUxmd25lWE5QM2xKN3g0aE40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9jODk2NzctMWQ5YS00MThkLTg1OTMtYzE4ZTNjY2M3NDJi
LzEvWEdzTUFCcVpxMktXNGtJWE9fZm5fYzhEd0JrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAstbZMA0G
CSqGSIb3DQEBCwUAA4IBAQABEAM5eHEKKG+1EVx19oDbGAisH/eOn93m8BHu0RD4
1PuPVOcoC6DRYQkBm8rJPAn9gNVKtTpjg4B1WIVRYsRHerIkdJgtqfWcOktWq7uZ
ns7D/5sTRdzlqoIjTZkkLA+yesOIv6bswk1WUmCehgkTZMOEskP/GWS90flWL3QQ
cwCTy5MYLS5IU2DXImkh+f8pfWMa0hCPWV/g0st3Ew15unDkrHhAAE2oNkE3Q7K6
gpoyXdzuyAAnQ2qFeGQef4oz9K7K4v+vBxL0owm6ML35epCplWPkf45W1YOETwsn
vGnT9LSelvy49tQ2NQdRdm1Vg95srDVfokoTzlxfbmUu
-----END CERTIFICATE-----