Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/2fbcbf-358e-4928-9a84-ce78d4c0642f/1/Wc5ljSD5VjkVZd4v1ISBd1k6dNQ.roa
File:                     Wc5ljSD5VjkVZd4v1ISBd1k6dNQ.roa (raw, json)
Hash identifier:          jyDuHZmz8mqWG2X7hHBWucB2QcY/4S07R3yhK3xzlzg=
Subject key identifier:   59:CE:65:8D:20:F9:56:39:15:65:DE:2F:D4:84:81:77:59:3A:74:D4
Certificate issuer:       /CN=db2ec22a66b5b24986395feed7fb5b90e28c9be4
Certificate serial:       019DB503510AC7AE4B31BE145057B2A45E2F
Authority key identifier: DB:2E:C2:2A:66:B5:B2:49:86:39:5F:EE:D7:FB:5B:90:E2:8C:9B:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2y7CKma1skmGOV_u1_tbkOKMm-Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/2fbcbf-358e-4928-9a84-ce78d4c0642f/1/Wc5ljSD5VjkVZd4v1ISBd1k6dNQ.roa
Signing time:             Wed 22 Apr 2026 11:46:26 +0000
ROA not before:           Wed 22 Apr 2026 11:46:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9145
IP address blocks:        185.85.40.0/22 maxlen: 24
                          195.226.216.0/24 maxlen: 24
                          2a12:5dc0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/2fbcbf-358e-4928-9a84-ce78d4c0642f/1/2y7CKma1skmGOV_u1_tbkOKMm-Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/2fbcbf-358e-4928-9a84-ce78d4c0642f/1/2y7CKma1skmGOV_u1_tbkOKMm-Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2y7CKma1skmGOV_u1_tbkOKMm-Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b5:03:51:0a:c7:ae:4b:31:be:14:50:57:b2:a4:5e:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db2ec22a66b5b24986395feed7fb5b90e28c9be4
        Validity
            Not Before: Apr 22 11:46:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=59ce658d20f956391565de2fd4848177593a74d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:07:e9:b7:41:c2:8d:72:fa:b3:cf:72:3b:58:
                    2c:01:00:a5:33:0e:44:d6:35:bf:5b:28:dc:fc:f5:
                    3b:e2:30:51:a9:58:1d:3e:3f:c2:ff:0f:70:da:a2:
                    3c:d8:0c:74:59:64:4b:6a:a6:b5:bc:af:90:d5:98:
                    e0:58:90:be:d5:af:42:6f:4c:8d:5a:89:76:e1:f6:
                    67:33:db:87:62:8c:73:f9:b6:5a:c5:08:a0:9f:75:
                    56:f9:4f:ee:42:b7:32:30:8b:40:ea:32:27:bc:f7:
                    49:cf:3d:df:2c:d1:4f:a7:31:bd:a8:35:6f:d6:57:
                    c7:49:ac:22:91:7d:26:7f:ff:d8:b4:b1:1f:7e:93:
                    5a:79:78:7b:79:f9:f9:99:4c:71:1f:b1:59:bf:6a:
                    0b:18:4d:7e:fc:4e:12:62:72:97:2e:a3:da:25:80:
                    06:2c:8c:23:5a:f2:08:40:81:79:35:f9:a6:d0:cb:
                    35:66:3d:cb:6a:e6:c0:86:ed:4e:e0:d1:5c:96:f8:
                    ac:24:51:74:37:56:b2:94:23:05:ee:e1:7a:5c:a7:
                    44:90:33:ea:16:ac:c9:f8:9d:d4:40:d1:41:63:91:
                    26:90:f9:94:4c:59:32:be:96:a5:56:73:e0:c7:dc:
                    ef:32:13:c4:a5:6d:44:a6:7e:ae:03:5a:f7:38:7b:
                    50:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:CE:65:8D:20:F9:56:39:15:65:DE:2F:D4:84:81:77:59:3A:74:D4
            X509v3 Authority Key Identifier:
                keyid:DB:2E:C2:2A:66:B5:B2:49:86:39:5F:EE:D7:FB:5B:90:E2:8C:9B:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2y7CKma1skmGOV_u1_tbkOKMm-Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/2fbcbf-358e-4928-9a84-ce78d4c0642f/1/Wc5ljSD5VjkVZd4v1ISBd1k6dNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/2fbcbf-358e-4928-9a84-ce78d4c0642f/1/2y7CKma1skmGOV_u1_tbkOKMm-Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.85.40.0/22
                  195.226.216.0/24
                IPv6:
                  2a12:5dc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7c:b8:27:aa:a9:97:87:a7:c1:67:dc:25:99:c4:46:37:76:dd:
         1c:cc:81:89:c1:ef:2c:ef:64:90:cf:cd:0d:3f:4f:5f:d4:b0:
         0e:0d:bc:6b:03:5f:3a:ad:19:76:23:18:e7:95:d6:1a:7d:e9:
         56:32:c7:59:4b:b5:c5:0b:f5:cd:85:70:bb:88:21:3f:45:ec:
         be:56:52:a7:1d:a7:a4:a4:48:d8:23:7e:77:d1:47:7d:bb:38:
         cc:fb:e8:18:8e:aa:11:0c:f0:05:8c:5b:51:09:1a:97:a3:b1:
         aa:dd:a2:64:7f:64:fe:7e:a1:22:d1:c9:8b:e6:48:f9:86:c7:
         b8:3d:88:47:ea:95:5e:b1:7b:24:b6:d9:70:36:12:b5:1e:b3:
         50:0f:d3:0a:e6:a7:33:19:8a:14:4f:3f:90:3b:e0:42:e9:ca:
         db:14:30:3f:94:dd:9f:fe:bd:26:ba:67:c4:9f:80:54:9a:c0:
         e1:f5:8c:b4:03:d6:9c:f8:a5:35:90:56:49:f6:c7:95:2a:62:
         aa:56:ff:6c:04:b1:3d:87:f8:49:d0:40:d9:55:ab:73:a8:72:
         cb:6c:8e:aa:03:62:98:9a:82:31:49:3f:fe:4b:b8:20:55:a9:
         c3:ef:f2:1e:26:a3:12:94:3a:01:45:62:35:aa:f8:6d:c2:37:
         a1:76:93:5f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZ21A1EKx65LMb4UUFeypF4vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiMmVjMjJhNjZiNWIyNDk4NjM5NWZlZWQ3ZmI1YjkwZTI4
YzliZTQwHhcNMjYwNDIyMTE0NjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWNlNjU4ZDIwZjk1NjM5MTU2NWRlMmZkNDg0ODE3NzU5M2E3NGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgfpt0HCjXL6s89yO1gsAQClMw5E
1jW/Wyjc/PU74jBRqVgdPj/C/w9w2qI82Ax0WWRLaqa1vK+Q1ZjgWJC+1a9Cb0yN
Wol24fZnM9uHYoxz+bZaxQign3VW+U/uQrcyMItA6jInvPdJzz3fLNFPpzG9qDVv
1lfHSawikX0mf//YtLEffpNaeXh7efn5mUxxH7FZv2oLGE1+/E4SYnKXLqPaJYAG
LIwjWvIIQIF5Nfmm0Ms1Zj3LaubAhu1O4NFclvisJFF0N1aylCMF7uF6XKdEkDPq
FqzJ+J3UQNFBY5EmkPmUTFkyvpalVnPgx9zvMhPEpW1Epn6uA1r3OHtQcQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFnOZY0g+VY5FWXeL9SEgXdZOnTUMB8GA1UdIwQY
MBaAFNsuwipmtbJJhjlf7tf7W5DijJvkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnk3Q0ttYTFza21HT1ZfdTFfdGJrT0tNbS1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy8yZmJjYmYtMzU4ZS00OTI4LTlhODQt
Y2U3OGQ0YzA2NDJmLzEvV2M1bGpTRDVWamtWWmQ0djFJU0JkMWs2ZE5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy8yZmJjYmYtMzU4ZS00OTI4LTlhODQtY2U3OGQ0YzA2NDJm
LzEvMnk3Q0ttYTFza21HT1ZfdTFfdGJrT0tNbS1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuVUoAwQA
w+LYMA0EAgACMAcDBQMqEl3AMA0GCSqGSIb3DQEBCwUAA4IBAQB8uCeqqZeHp8Fn
3CWZxEY3dt0czIGJwe8s72SQz80NP09f1LAODbxrA186rRl2IxjnldYafelWMsdZ
S7XFC/XNhXC7iCE/Rey+VlKnHaekpEjYI3530Ud9uzjM++gYjqoRDPAFjFtRCRqX
o7Gq3aJkf2T+fqEi0cmL5kj5hse4PYhH6pVesXskttlwNhK1HrNQD9MK5qczGYoU
Tz+QO+BC6crbFDA/lN2f/r0mumfEn4BUmsDh9Yy0A9ac+KU1kFZJ9seVKmKqVv9s
BLE9h/hJ0EDZVatzqHLLbI6qA2KYmoIxST/+S7ggVanD7/IeJqMSlDoBRWI1qvht
wjehdpNf
-----END CERTIFICATE-----