Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/b2064b-be09-43d9-b087-a4e991b0f144/1/wWTX7M2skLtK6c09950us11Gw7s.roa
File:                     wWTX7M2skLtK6c09950us11Gw7s.roa (raw, json)
Hash identifier:          dUde1BEXiGue0SJ6on321asNs1mJmZR7Exs/hdG2AFw=
Subject key identifier:   C1:64:D7:EC:CD:AC:90:BB:4A:E9:CD:3D:F7:9D:2E:B3:5D:46:C3:BB
Certificate issuer:       /CN=02930f8c688c04d17433a2b9c7249bc625bce316
Certificate serial:       019E15B2C083033CA372CD98517B98B9F5B9
Authority key identifier: 02:93:0F:8C:68:8C:04:D1:74:33:A2:B9:C7:24:9B:C6:25:BC:E3:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ApMPjGiMBNF0M6K5xySbxiW84xY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/b2064b-be09-43d9-b087-a4e991b0f144/1/wWTX7M2skLtK6c09950us11Gw7s.roa
Signing time:             Mon 11 May 2026 06:21:36 +0000
ROA not before:           Mon 11 May 2026 06:21:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6682
IP address blocks:        37.186.80.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/b2064b-be09-43d9-b087-a4e991b0f144/1/ApMPjGiMBNF0M6K5xySbxiW84xY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/b2064b-be09-43d9-b087-a4e991b0f144/1/ApMPjGiMBNF0M6K5xySbxiW84xY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ApMPjGiMBNF0M6K5xySbxiW84xY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:15:b2:c0:83:03:3c:a3:72:cd:98:51:7b:98:b9:f5:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02930f8c688c04d17433a2b9c7249bc625bce316
        Validity
            Not Before: May 11 06:21:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c164d7eccdac90bb4ae9cd3df79d2eb35d46c3bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:4f:dc:61:db:2c:15:77:1f:b1:36:f1:98:4c:
                    f0:a9:72:50:40:e9:a9:34:9c:03:73:32:51:8a:78:
                    2b:dc:5b:93:b7:02:46:9b:f3:89:52:e0:72:6c:b4:
                    de:2d:d1:8c:d1:fb:ee:2d:48:bc:ec:70:64:64:09:
                    7c:44:7b:87:c6:b6:a8:41:79:41:f7:75:24:19:10:
                    29:41:7f:11:88:2f:24:6d:b5:6b:ac:9a:3e:03:42:
                    25:3f:f4:e6:e7:05:8f:1c:ec:ab:8c:50:14:a5:a2:
                    57:0c:69:0f:e1:f1:10:ad:56:2d:2d:83:4b:03:6c:
                    74:e0:5a:b2:af:85:18:50:83:a6:39:d4:da:0c:09:
                    a3:ac:0f:3f:2d:f8:b3:a8:20:d0:22:07:82:b2:29:
                    86:a2:dd:35:64:a6:c1:47:6b:b5:52:35:49:2c:f4:
                    7e:d5:c3:fd:1f:fe:1f:04:66:5f:ac:33:00:6c:7d:
                    a5:0c:b8:1e:50:b0:ba:f0:e6:e6:0e:63:e7:aa:63:
                    c6:12:3c:6e:82:e9:c8:29:33:70:fe:14:da:7b:4e:
                    e0:c3:21:08:3f:de:9b:e6:1d:99:e8:00:c8:61:a7:
                    37:d0:02:4c:9e:83:f8:80:48:65:08:a6:5a:23:f0:
                    89:b2:18:4e:53:b6:f2:a8:71:d9:52:d1:46:ed:5d:
                    b6:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:64:D7:EC:CD:AC:90:BB:4A:E9:CD:3D:F7:9D:2E:B3:5D:46:C3:BB
            X509v3 Authority Key Identifier:
                keyid:02:93:0F:8C:68:8C:04:D1:74:33:A2:B9:C7:24:9B:C6:25:BC:E3:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ApMPjGiMBNF0M6K5xySbxiW84xY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/b2064b-be09-43d9-b087-a4e991b0f144/1/wWTX7M2skLtK6c09950us11Gw7s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/b2064b-be09-43d9-b087-a4e991b0f144/1/ApMPjGiMBNF0M6K5xySbxiW84xY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.186.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         36:e2:1d:77:35:59:f6:f7:08:10:59:ff:0e:c9:d5:8b:95:c2:
         25:9b:76:f0:ae:75:ee:88:3e:92:32:ba:bb:98:5b:42:10:7a:
         ce:de:f1:ba:9c:8d:6a:a9:dd:11:4f:97:c3:8d:13:3d:5e:21:
         da:81:09:d5:64:53:0c:93:4b:4f:a3:be:e5:e1:cc:1c:32:b8:
         f7:cb:e2:84:7b:b4:35:ba:5d:7e:75:bb:eb:f2:f5:f8:8c:6a:
         80:29:ea:24:7e:e8:de:39:3a:c4:0c:b3:b4:23:4b:c0:a2:ea:
         28:f8:53:eb:6f:3a:a4:b1:50:8b:51:b3:cf:a4:f1:b3:bc:e1:
         16:74:d7:f5:63:17:6f:4f:5c:0c:1b:90:3e:73:01:be:f3:df:
         e6:db:1b:65:e3:3e:a0:5e:c1:a9:8e:c9:77:20:2a:7d:a4:43:
         36:6b:46:a4:86:ac:76:2c:8a:dc:5a:9a:a2:90:de:c9:db:01:
         04:63:2c:60:c8:3c:28:fb:da:01:44:65:9d:1c:bd:3f:3f:dc:
         68:be:0c:a9:41:98:cc:85:5c:27:31:c6:7d:d7:44:df:79:ea:
         6d:a1:b6:41:5d:97:0d:17:45:f8:e3:71:e6:83:b4:24:92:3d:
         a5:13:eb:6f:20:db:08:84:cc:89:03:48:da:3e:12:dc:66:43:
         0c:7c:bf:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4VssCDAzyjcs2YUXuYufW5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyOTMwZjhjNjg4YzA0ZDE3NDMzYTJiOWM3MjQ5YmM2MjVi
Y2UzMTYwHhcNMjYwNTExMDYyMTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTY0ZDdlY2NkYWM5MGJiNGFlOWNkM2RmNzlkMmViMzVkNDZjM2JiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0/cYdssFXcfsTbxmEzwqXJQQOmp
NJwDczJRingr3FuTtwJGm/OJUuBybLTeLdGM0fvuLUi87HBkZAl8RHuHxraoQXlB
93UkGRApQX8RiC8kbbVrrJo+A0IlP/Tm5wWPHOyrjFAUpaJXDGkP4fEQrVYtLYNL
A2x04Fqyr4UYUIOmOdTaDAmjrA8/LfizqCDQIgeCsimGot01ZKbBR2u1UjVJLPR+
1cP9H/4fBGZfrDMAbH2lDLgeULC68ObmDmPnqmPGEjxugunIKTNw/hTae07gwyEI
P96b5h2Z6ADIYac30AJMnoP4gEhlCKZaI/CJshhOU7byqHHZUtFG7V22IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMFk1+zNrJC7SunNPfedLrNdRsO7MB8GA1UdIwQY
MBaAFAKTD4xojATRdDOiucckm8YlvOMWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXBNUGpHaU1CTkYwTTZLNXh5U2J4aVc4NHhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9iMjA2NGItYmUwOS00M2Q5LWIwODct
YTRlOTkxYjBmMTQ0LzEvd1dUWDdNMnNrTHRLNmMwOTk1MHVzMTFHdzdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9iMjA2NGItYmUwOS00M2Q5LWIwODctYTRlOTkxYjBmMTQ0
LzEvQXBNUGpHaU1CTkYwTTZLNXh5U2J4aVc4NHhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCJbpQMA0G
CSqGSIb3DQEBCwUAA4IBAQA24h13NVn29wgQWf8OydWLlcIlm3bwrnXuiD6SMrq7
mFtCEHrO3vG6nI1qqd0RT5fDjRM9XiHagQnVZFMMk0tPo77l4cwcMrj3y+KEe7Q1
ul1+dbvr8vX4jGqAKeokfujeOTrEDLO0I0vAouoo+FPrbzqksVCLUbPPpPGzvOEW
dNf1YxdvT1wMG5A+cwG+89/m2xtl4z6gXsGpjsl3ICp9pEM2a0akhqx2LIrcWpqi
kN7J2wEEYyxgyDwo+9oBRGWdHL0/P9xovgypQZjMhVwnMcZ910TfeeptobZBXZcN
F0X443Hmg7Qkkj2lE+tvINsIhMyJA0jaPhLcZkMMfL8o
-----END CERTIFICATE-----