Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/d6de0b-9e38-4244-b9f3-93ba820a75b7/1/WWhjfuGXzWeUF3SrP6qTW0kig3w.roa
File:                     WWhjfuGXzWeUF3SrP6qTW0kig3w.roa (raw, json)
Hash identifier:          YpBQprObA5U7M9d1rKXR9BWlTRND9KaDzkg+3msX8mM=
Subject key identifier:   59:68:63:7E:E1:97:CD:67:94:17:74:AB:3F:AA:93:5B:49:22:83:7C
Certificate issuer:       /CN=1165cf81bf5a3d0cf59d4131148a761f34bf9ca8
Certificate serial:       019CF79A49C363D536B7C228757D42BFE5E0
Authority key identifier: 11:65:CF:81:BF:5A:3D:0C:F5:9D:41:31:14:8A:76:1F:34:BF:9C:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EWXPgb9aPQz1nUExFIp2HzS_nKg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/d6de0b-9e38-4244-b9f3-93ba820a75b7/1/WWhjfuGXzWeUF3SrP6qTW0kig3w.roa
Signing time:             Mon 16 Mar 2026 17:03:29 +0000
ROA not before:           Mon 16 Mar 2026 17:03:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197882
IP address blocks:        193.47.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/d6de0b-9e38-4244-b9f3-93ba820a75b7/1/EWXPgb9aPQz1nUExFIp2HzS_nKg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/d6de0b-9e38-4244-b9f3-93ba820a75b7/1/EWXPgb9aPQz1nUExFIp2HzS_nKg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EWXPgb9aPQz1nUExFIp2HzS_nKg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 11:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f7:9a:49:c3:63:d5:36:b7:c2:28:75:7d:42:bf:e5:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1165cf81bf5a3d0cf59d4131148a761f34bf9ca8
        Validity
            Not Before: Mar 16 17:03:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5968637ee197cd67941774ab3faa935b4922837c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:77:1b:f1:ec:5e:46:73:b5:49:6d:3c:34:55:
                    e9:af:36:1a:64:1f:28:e7:0f:73:d7:78:69:32:e4:
                    64:5e:23:0b:e1:9f:75:8e:be:a5:a2:f7:b5:85:dc:
                    0a:00:0c:fc:19:3b:36:53:4e:26:01:37:0a:ab:07:
                    28:81:6c:7c:e4:7c:e7:a2:9a:86:50:11:ed:3c:fa:
                    66:c2:ab:ce:8b:ea:fa:8c:80:b8:ed:9c:93:16:56:
                    38:62:9b:15:c4:56:d7:01:4e:7a:b0:44:51:87:09:
                    69:5d:c2:85:9f:70:2f:55:f6:9e:46:dc:f9:8d:ba:
                    d6:d5:e3:99:02:48:e6:49:55:41:0c:be:7a:72:7f:
                    4b:8d:f7:8b:31:98:ee:f4:a9:de:02:16:99:18:5b:
                    0a:ab:03:0b:f8:2c:02:6e:36:cc:b6:89:b7:9e:53:
                    cd:94:8e:1f:22:03:1c:92:24:4b:f2:38:28:4a:e3:
                    eb:16:e2:8c:43:fc:45:b5:6c:a2:85:db:9c:07:0d:
                    57:4d:e7:7c:9d:00:99:ac:0e:c3:23:0d:f9:3d:23:
                    e3:c9:1e:a3:53:db:0d:5a:7c:8a:a8:37:36:d2:53:
                    b9:a6:28:e2:c4:57:27:f9:61:48:6f:59:cb:96:d0:
                    2e:a0:21:8a:d0:fe:05:19:97:df:30:b9:14:54:69:
                    74:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:68:63:7E:E1:97:CD:67:94:17:74:AB:3F:AA:93:5B:49:22:83:7C
            X509v3 Authority Key Identifier:
                keyid:11:65:CF:81:BF:5A:3D:0C:F5:9D:41:31:14:8A:76:1F:34:BF:9C:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EWXPgb9aPQz1nUExFIp2HzS_nKg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/d6de0b-9e38-4244-b9f3-93ba820a75b7/1/WWhjfuGXzWeUF3SrP6qTW0kig3w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/d6de0b-9e38-4244-b9f3-93ba820a75b7/1/EWXPgb9aPQz1nUExFIp2HzS_nKg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.47.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:45:1c:66:3d:ce:10:7c:7e:6e:d6:de:af:d8:1f:a4:87:a5:
         c6:1d:a1:b7:98:f9:84:04:47:23:f5:ba:3c:f3:99:9c:f9:36:
         21:80:52:51:e3:16:82:41:99:5a:e5:b1:bd:bd:db:17:e2:a4:
         50:e4:95:1b:b4:67:81:56:bd:27:ad:bc:63:f0:a4:a4:0d:d7:
         9f:51:59:b0:55:fe:27:eb:fb:a3:ed:96:75:95:ac:8b:12:8b:
         91:d0:f0:1f:a1:b3:05:6c:b3:c2:24:d4:bb:26:7d:d9:2d:29:
         f8:a2:18:7d:e7:44:ce:64:01:a8:f6:bf:75:0d:10:27:27:59:
         42:e1:b7:c4:24:d7:ec:7b:03:08:48:f7:25:1a:15:1b:2b:e9:
         fa:39:55:50:cb:51:48:5d:96:54:9c:a4:1c:5d:b9:9b:8a:ec:
         e3:77:a0:fd:9e:68:47:0e:15:3b:2b:aa:0b:e5:45:f3:3a:ee:
         9f:59:e1:d7:f5:0f:12:bb:9e:48:74:50:dc:83:b9:03:3f:80:
         88:54:49:80:3d:7f:1a:51:07:a3:1f:02:8d:bd:65:af:14:aa:
         9a:04:95:03:53:8d:07:2f:5b:f2:d1:8c:df:31:a6:12:db:8a:
         94:22:36:65:1b:ec:51:47:4b:18:83:ef:00:04:2f:88:3c:df:
         52:10:aa:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz3mknDY9U2t8IodX1Cv+XgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExNjVjZjgxYmY1YTNkMGNmNTlkNDEzMTE0OGE3NjFmMzRi
ZjljYTgwHhcNMjYwMzE2MTcwMzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTY4NjM3ZWUxOTdjZDY3OTQxNzc0YWIzZmFhOTM1YjQ5MjI4MzdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvncb8exeRnO1SW08NFXprzYaZB8o
5w9z13hpMuRkXiML4Z91jr6love1hdwKAAz8GTs2U04mATcKqwcogWx85HznopqG
UBHtPPpmwqvOi+r6jIC47ZyTFlY4YpsVxFbXAU56sERRhwlpXcKFn3AvVfaeRtz5
jbrW1eOZAkjmSVVBDL56cn9LjfeLMZju9KneAhaZGFsKqwML+CwCbjbMtom3nlPN
lI4fIgMckiRL8jgoSuPrFuKMQ/xFtWyihducBw1XTed8nQCZrA7DIw35PSPjyR6j
U9sNWnyKqDc20lO5pijixFcn+WFIb1nLltAuoCGK0P4FGZffMLkUVGl0AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFloY37hl81nlBd0qz+qk1tJIoN8MB8GA1UdIwQY
MBaAFBFlz4G/Wj0M9Z1BMRSKdh80v5yoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVdYUGdiOWFQUXoxblVFeEZJcDJIelNfbktnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9kNmRlMGItOWUzOC00MjQ0LWI5ZjMt
OTNiYTgyMGE3NWI3LzEvV1doamZ1R1h6V2VVRjNTclA2cVRXMGtpZzN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9kNmRlMGItOWUzOC00MjQ0LWI5ZjMtOTNiYTgyMGE3NWI3
LzEvRVdYUGdiOWFQUXoxblVFeEZJcDJIelNfbktnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwS+9MA0G
CSqGSIb3DQEBCwUAA4IBAQCdRRxmPc4QfH5u1t6v2B+kh6XGHaG3mPmEBEcj9bo8
85mc+TYhgFJR4xaCQZla5bG9vdsX4qRQ5JUbtGeBVr0nrbxj8KSkDdefUVmwVf4n
6/uj7ZZ1layLEouR0PAfobMFbLPCJNS7Jn3ZLSn4ohh950TOZAGo9r91DRAnJ1lC
4bfEJNfsewMISPclGhUbK+n6OVVQy1FIXZZUnKQcXbmbiuzjd6D9nmhHDhU7K6oL
5UXzOu6fWeHX9Q8Su55IdFDcg7kDP4CIVEmAPX8aUQejHwKNvWWvFKqaBJUDU40H
L1vy0YzfMaYS24qUIjZlG+xRR0sYg+8ABC+IPN9SEKqL
-----END CERTIFICATE-----