Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/68a4b2-5894-47c5-be01-66aa2a23239e/1/WZ2jJ_eUYCIdOJhT2cQcjz-Dw9w.roa
File:                     WZ2jJ_eUYCIdOJhT2cQcjz-Dw9w.roa (raw, json)
Hash identifier:          DZZSiAeLEaIbjxQA8htWapoGDjJjgT0boPO+D7q1Tuc=
Subject key identifier:   59:9D:A3:27:F7:94:60:22:1D:38:98:53:D9:C4:1C:8F:3F:83:C3:DC
Certificate issuer:       /CN=23e45164c572edde5df253917cc12a2dfd398b97
Certificate serial:       019DDE9D02F756B592165DBAC3EC18A8D90D
Authority key identifier: 23:E4:51:64:C5:72:ED:DE:5D:F2:53:91:7C:C1:2A:2D:FD:39:8B:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I-RRZMVy7d5d8lORfMEqLf05i5c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/68a4b2-5894-47c5-be01-66aa2a23239e/1/WZ2jJ_eUYCIdOJhT2cQcjz-Dw9w.roa
Signing time:             Thu 30 Apr 2026 13:38:44 +0000
ROA not before:           Thu 30 Apr 2026 13:38:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205311
IP address blocks:        185.229.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/68a4b2-5894-47c5-be01-66aa2a23239e/1/I-RRZMVy7d5d8lORfMEqLf05i5c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/68a4b2-5894-47c5-be01-66aa2a23239e/1/I-RRZMVy7d5d8lORfMEqLf05i5c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I-RRZMVy7d5d8lORfMEqLf05i5c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 22:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:de:9d:02:f7:56:b5:92:16:5d:ba:c3:ec:18:a8:d9:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23e45164c572edde5df253917cc12a2dfd398b97
        Validity
            Not Before: Apr 30 13:38:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=599da327f79460221d389853d9c41c8f3f83c3dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:a8:23:f5:ae:b7:c0:ae:2e:b3:83:f4:0e:6f:
                    a1:d9:bf:68:b5:33:89:86:00:4f:e1:89:7a:1b:79:
                    68:d0:45:4a:73:90:88:e3:71:c8:96:03:27:df:7c:
                    98:8e:18:a6:2d:2a:35:e9:31:e4:12:47:9e:21:49:
                    b1:e8:09:43:d8:37:20:18:4a:e9:0a:9f:94:df:3f:
                    61:c2:d8:33:52:8f:ea:76:bf:35:8f:d7:f1:d2:ea:
                    20:c2:eb:02:9c:6d:3a:97:d0:c5:a2:ea:12:df:dc:
                    ff:1d:c7:bc:5b:31:b3:df:08:4c:16:59:21:7e:7a:
                    95:be:37:8f:b3:ba:ce:36:22:27:72:c3:e5:18:de:
                    64:ff:8d:f5:ca:06:66:a7:9c:0c:85:45:a9:b6:0a:
                    42:82:e0:5c:5e:b6:07:d0:ed:c6:f6:3b:5c:44:54:
                    ae:38:58:de:6b:58:77:d1:79:e2:a3:3a:d8:fd:44:
                    eb:a2:96:ca:db:c6:2d:c0:85:f3:65:75:48:bb:38:
                    c5:71:85:8c:22:0c:df:7e:3b:67:cf:eb:99:19:03:
                    1c:f1:d1:11:3d:37:6d:1e:65:ce:93:63:38:87:8b:
                    01:3b:1c:36:cc:76:a3:24:0b:b6:11:2e:d9:ea:fd:
                    a4:83:f5:24:12:d6:80:d4:e4:42:c7:ed:74:01:d0:
                    47:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:9D:A3:27:F7:94:60:22:1D:38:98:53:D9:C4:1C:8F:3F:83:C3:DC
            X509v3 Authority Key Identifier:
                keyid:23:E4:51:64:C5:72:ED:DE:5D:F2:53:91:7C:C1:2A:2D:FD:39:8B:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I-RRZMVy7d5d8lORfMEqLf05i5c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/68a4b2-5894-47c5-be01-66aa2a23239e/1/WZ2jJ_eUYCIdOJhT2cQcjz-Dw9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/68a4b2-5894-47c5-be01-66aa2a23239e/1/I-RRZMVy7d5d8lORfMEqLf05i5c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.229.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:5b:64:00:ed:24:ba:63:80:8d:50:70:bc:e4:20:49:0a:bb:
         b4:24:61:82:a5:ea:29:55:9f:50:4b:69:66:67:4b:e1:90:09:
         7b:7e:8a:bb:d3:c9:f6:25:53:36:15:bc:03:89:49:ba:6e:42:
         1b:e0:9d:3c:1a:89:dd:48:0d:d7:2a:be:34:5d:9d:39:47:bf:
         69:4d:09:f1:c9:e9:5c:02:26:10:90:48:72:27:e7:c3:47:ed:
         b4:44:0d:4e:c8:9f:ad:d6:c0:1c:50:cb:8b:12:3b:9d:40:c4:
         fd:e0:fc:2d:5f:23:34:71:f4:11:9f:f8:e0:77:ed:ef:21:4a:
         3f:38:a6:1d:72:4e:43:2d:81:cc:fe:8e:a9:28:87:6c:c6:fc:
         fb:7d:86:b3:fa:17:e8:c6:60:8f:f9:2a:c2:04:6a:12:9a:6f:
         20:f5:a0:de:e9:5f:20:9e:e0:7e:c6:c0:5f:bc:5d:b8:a6:b2:
         15:44:39:fe:88:72:f3:33:12:4b:49:b3:58:8e:bb:36:60:9b:
         17:5e:7a:dc:5b:be:04:51:ae:22:54:41:99:66:29:57:63:fa:
         61:29:b9:6d:52:52:36:94:19:41:1a:1a:b4:af:26:99:ef:f2:
         f1:39:be:6d:e8:cd:5e:a7:43:9a:3c:bc:ac:bd:e7:2f:5f:5e:
         67:35:f9:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3enQL3VrWSFl26w+wYqNkNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzZTQ1MTY0YzU3MmVkZGU1ZGYyNTM5MTdjYzEyYTJkZmQz
OThiOTcwHhcNMjYwNDMwMTMzODQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTlkYTMyN2Y3OTQ2MDIyMWQzODk4NTNkOWM0MWM4ZjNmODNjM2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArqgj9a63wK4us4P0Dm+h2b9otTOJ
hgBP4Yl6G3lo0EVKc5CI43HIlgMn33yYjhimLSo16THkEkeeIUmx6AlD2DcgGErp
Cp+U3z9hwtgzUo/qdr81j9fx0uogwusCnG06l9DFouoS39z/Hce8WzGz3whMFlkh
fnqVvjePs7rONiIncsPlGN5k/431ygZmp5wMhUWptgpCguBcXrYH0O3G9jtcRFSu
OFjea1h30XniozrY/UTropbK28YtwIXzZXVIuzjFcYWMIgzffjtnz+uZGQMc8dER
PTdtHmXOk2M4h4sBOxw2zHajJAu2ES7Z6v2kg/UkEtaA1ORCx+10AdBHbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFmdoyf3lGAiHTiYU9nEHI8/g8PcMB8GA1UdIwQY
MBaAFCPkUWTFcu3eXfJTkXzBKi39OYuXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSS1SUlpNVnk3ZDVkOGxPUmZNRXFMZjA1aTVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi82OGE0YjItNTg5NC00N2M1LWJlMDEt
NjZhYTJhMjMyMzllLzEvV1oyakpfZVVZQ0lkT0poVDJjUWNqei1Edzl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi82OGE0YjItNTg5NC00N2M1LWJlMDEtNjZhYTJhMjMyMzll
LzEvSS1SUlpNVnk3ZDVkOGxPUmZNRXFMZjA1aTVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueUzMA0G
CSqGSIb3DQEBCwUAA4IBAQAPW2QA7SS6Y4CNUHC85CBJCru0JGGCpeopVZ9QS2lm
Z0vhkAl7foq708n2JVM2FbwDiUm6bkIb4J08GondSA3XKr40XZ05R79pTQnxyelc
AiYQkEhyJ+fDR+20RA1OyJ+t1sAcUMuLEjudQMT94PwtXyM0cfQRn/jgd+3vIUo/
OKYdck5DLYHM/o6pKIdsxvz7fYaz+hfoxmCP+SrCBGoSmm8g9aDe6V8gnuB+xsBf
vF24prIVRDn+iHLzMxJLSbNYjrs2YJsXXnrcW74EUa4iVEGZZilXY/phKbltUlI2
lBlBGhq0ryaZ7/LxOb5t6M1ep0OaPLysvecvX15nNfm2
-----END CERTIFICATE-----