Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/7eac4f-77dd-4077-ae3f-ce6482d0f1b6/1/wiCmzHMmJI0asghERNxqN-MynS0.roa
File:                     wiCmzHMmJI0asghERNxqN-MynS0.roa (raw, json)
Hash identifier:          bcmBxTUeR+yh0Zn1PK7SL7wVYZreCWWh7r4c30KwASE=
Subject key identifier:   C2:20:A6:CC:73:26:24:8D:1A:B2:08:44:44:DC:6A:37:E3:32:9D:2D
Certificate issuer:       /CN=3f4bfe92de10e660ddf45cc2d1f5ffb636ef3590
Certificate serial:       019B7C11A7834658680F92CDAE4672AFEC13
Authority key identifier: 3F:4B:FE:92:DE:10:E6:60:DD:F4:5C:C2:D1:F5:FF:B6:36:EF:35:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P0v-kt4Q5mDd9FzC0fX_tjbvNZA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/7eac4f-77dd-4077-ae3f-ce6482d0f1b6/1/wiCmzHMmJI0asghERNxqN-MynS0.roa
Signing time:             Fri 02 Jan 2026 00:18:10 +0000
ROA not before:           Fri 02 Jan 2026 00:18:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215844
IP address blocks:        2001:678:9d8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/7eac4f-77dd-4077-ae3f-ce6482d0f1b6/1/P0v-kt4Q5mDd9FzC0fX_tjbvNZA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/7eac4f-77dd-4077-ae3f-ce6482d0f1b6/1/P0v-kt4Q5mDd9FzC0fX_tjbvNZA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P0v-kt4Q5mDd9FzC0fX_tjbvNZA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:11:a7:83:46:58:68:0f:92:cd:ae:46:72:af:ec:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f4bfe92de10e660ddf45cc2d1f5ffb636ef3590
        Validity
            Not Before: Jan  2 00:18:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c220a6cc7326248d1ab2084444dc6a37e3329d2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:77:f4:de:66:48:75:52:dc:22:d5:48:80:c8:
                    eb:72:ba:c4:71:ef:e9:06:1a:e8:c0:f1:b7:25:83:
                    d8:38:6d:98:d8:41:de:8f:cf:dd:4a:fd:79:52:13:
                    4a:ff:78:11:c9:ad:06:0f:f9:cf:ef:79:a1:8d:07:
                    35:fe:d2:f9:75:80:6a:fc:44:93:e2:17:05:b1:b7:
                    cd:e1:35:55:24:e4:96:50:76:b5:cf:3e:1f:25:b1:
                    9c:8c:ce:0f:e1:91:e3:49:ca:1c:45:9e:1f:d3:1b:
                    e0:74:c4:19:df:30:59:c3:3f:88:d1:b0:d6:b8:bd:
                    d8:a5:8f:d0:03:b8:0f:23:04:b8:0f:50:eb:16:94:
                    32:f3:18:da:f1:a8:7a:13:12:87:ac:90:bc:d5:17:
                    61:7d:1a:50:05:8e:b3:1b:ed:cd:f5:56:34:45:71:
                    a4:84:54:4d:fd:08:36:05:b8:e8:be:d2:d4:14:8b:
                    62:e9:61:12:11:28:3e:49:49:5c:78:a6:44:fd:06:
                    f2:2c:58:df:bd:94:56:18:8d:1a:8e:94:64:d4:b7:
                    be:6c:9a:fb:4d:89:a4:6f:39:f5:59:f1:11:64:e3:
                    d1:9b:18:02:9f:b0:1a:19:28:0f:55:4d:e4:a2:c3:
                    37:d1:85:d8:f0:c8:00:bb:8d:4c:9f:0b:63:55:33:
                    78:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:20:A6:CC:73:26:24:8D:1A:B2:08:44:44:DC:6A:37:E3:32:9D:2D
            X509v3 Authority Key Identifier:
                keyid:3F:4B:FE:92:DE:10:E6:60:DD:F4:5C:C2:D1:F5:FF:B6:36:EF:35:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P0v-kt4Q5mDd9FzC0fX_tjbvNZA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/7eac4f-77dd-4077-ae3f-ce6482d0f1b6/1/wiCmzHMmJI0asghERNxqN-MynS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/7eac4f-77dd-4077-ae3f-ce6482d0f1b6/1/P0v-kt4Q5mDd9FzC0fX_tjbvNZA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:9d8::/48

    Signature Algorithm: sha256WithRSAEncryption
         3a:67:ac:35:f6:88:ff:5a:3c:fb:32:ee:03:08:fe:30:9f:d1:
         2c:f1:c6:28:d8:00:6f:9f:4c:85:8e:c7:dc:07:f1:20:88:d5:
         20:a4:4e:54:35:6e:15:fd:b5:6c:5b:4c:ae:4b:f1:d2:10:df:
         cc:05:14:1f:fb:6a:53:3e:fd:47:3a:f9:81:cc:af:6e:2e:f5:
         43:56:1e:0e:e7:82:15:0a:5c:d2:19:26:e1:d6:64:62:ff:9d:
         a0:d1:5a:db:bd:8e:54:bf:ab:40:7d:b0:49:0a:a7:2f:37:89:
         30:07:3b:f4:95:e4:6a:07:fe:91:a2:ed:1a:b3:9a:75:3d:46:
         42:ab:10:e3:42:22:ea:ee:b6:63:98:5c:8e:bf:15:59:6c:fc:
         2a:99:d2:32:83:6d:93:62:3c:1c:f8:99:29:a2:e4:18:b4:32:
         fc:9d:cd:61:af:50:6c:13:98:60:1b:53:7f:90:6c:87:7f:16:
         81:32:56:74:7b:96:92:af:2a:82:56:60:f7:a9:af:ca:df:e8:
         3d:01:02:66:96:c2:a3:59:93:d9:79:d3:58:db:51:f8:37:8d:
         4f:c2:8e:72:7a:3c:13:f6:be:77:40:e2:2a:60:48:65:fb:ba:
         8d:3e:0c:d2:86:20:aa:ca:cc:5a:ca:d6:10:7b:2c:45:6f:fd:
         44:9a:04:82
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt8EaeDRlhoD5LNrkZyr+wTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmNGJmZTkyZGUxMGU2NjBkZGY0NWNjMmQxZjVmZmI2MzZl
ZjM1OTAwHhcNMjYwMTAyMDAxODEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjIwYTZjYzczMjYyNDhkMWFiMjA4NDQ0NGRjNmEzN2UzMzI5ZDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkHf03mZIdVLcItVIgMjrcrrEce/p
BhrowPG3JYPYOG2Y2EHej8/dSv15UhNK/3gRya0GD/nP73mhjQc1/tL5dYBq/EST
4hcFsbfN4TVVJOSWUHa1zz4fJbGcjM4P4ZHjScocRZ4f0xvgdMQZ3zBZwz+I0bDW
uL3YpY/QA7gPIwS4D1DrFpQy8xja8ah6ExKHrJC81RdhfRpQBY6zG+3N9VY0RXGk
hFRN/Qg2BbjovtLUFIti6WESESg+SUlceKZE/QbyLFjfvZRWGI0ajpRk1Le+bJr7
TYmkbzn1WfERZOPRmxgCn7AaGSgPVU3kosM30YXY8MgAu41MnwtjVTN4HwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMIgpsxzJiSNGrIIRETcajfjMp0tMB8GA1UdIwQY
MBaAFD9L/pLeEOZg3fRcwtH1/7Y27zWQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDB2LWt0NFE1bURkOUZ6QzBmWF90amJ2TlpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC83ZWFjNGYtNzdkZC00MDc3LWFlM2Yt
Y2U2NDgyZDBmMWI2LzEvd2lDbXpITW1KSTBhc2doRVJOeHFOLU15blMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC83ZWFjNGYtNzdkZC00MDc3LWFlM2YtY2U2NDgyZDBmMWI2
LzEvUDB2LWt0NFE1bURkOUZ6QzBmWF90amJ2TlpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAnY
MA0GCSqGSIb3DQEBCwUAA4IBAQA6Z6w19oj/Wjz7Mu4DCP4wn9Es8cYo2ABvn0yF
jsfcB/EgiNUgpE5UNW4V/bVsW0yuS/HSEN/MBRQf+2pTPv1HOvmBzK9uLvVDVh4O
54IVClzSGSbh1mRi/52g0VrbvY5Uv6tAfbBJCqcvN4kwBzv0leRqB/6Rou0as5p1
PUZCqxDjQiLq7rZjmFyOvxVZbPwqmdIyg22TYjwc+JkpouQYtDL8nc1hr1BsE5hg
G1N/kGyHfxaBMlZ0e5aSryqCVmD3qa/K3+g9AQJmlsKjWZPZedNY21H4N41Pwo5y
ejwT9r53QOIqYEhl+7qNPgzShiCqysxaytYQeyxFb/1EmgSC
-----END CERTIFICATE-----