Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/d92919-962b-448d-98db-5990ea58e030/1/wcgpIPyLYXjF-mxVtLsqKcIhJUw.roa
File:                     wcgpIPyLYXjF-mxVtLsqKcIhJUw.roa (raw, json)
Hash identifier:          fPxLKa63iRiB09wOZmOOW+AEuYUUjId9x8Px9btJcDE=
Subject key identifier:   C1:C8:29:20:FC:8B:61:78:C5:FA:6C:55:B4:BB:2A:29:C2:21:25:4C
Certificate issuer:       /CN=43c16595966afb0bacf1d7937f245d6a052221a3
Certificate serial:       019928738782F4DB548B735412B5C50005FF
Authority key identifier: 43:C1:65:95:96:6A:FB:0B:AC:F1:D7:93:7F:24:5D:6A:05:22:21:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q8FllZZq-wus8deTfyRdagUiIaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/d92919-962b-448d-98db-5990ea58e030/1/wcgpIPyLYXjF-mxVtLsqKcIhJUw.roa
Signing time:             Mon 08 Sep 2025 08:31:24 +0000
ROA not before:           Mon 08 Sep 2025 08:31:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212044
IP address blocks:        2a06:bbc2:1::/48 maxlen: 48
                          2a06:bbc2:2::/48 maxlen: 48
                          2a06:bbc2:3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/d92919-962b-448d-98db-5990ea58e030/1/Q8FllZZq-wus8deTfyRdagUiIaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/d92919-962b-448d-98db-5990ea58e030/1/Q8FllZZq-wus8deTfyRdagUiIaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q8FllZZq-wus8deTfyRdagUiIaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:28:73:87:82:f4:db:54:8b:73:54:12:b5:c5:00:05:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43c16595966afb0bacf1d7937f245d6a052221a3
        Validity
            Not Before: Sep  8 08:31:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c1c82920fc8b6178c5fa6c55b4bb2a29c221254c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:7a:75:38:c7:31:7b:34:e8:46:1e:d4:fa:44:
                    30:ae:50:62:0f:6e:3f:e3:16:f9:d5:bc:6c:45:23:
                    b8:cf:c8:ad:a7:b7:8a:a3:ef:d3:dc:68:ac:d9:62:
                    bb:ab:ff:22:ff:b3:11:41:41:9a:4f:ef:d7:ac:d2:
                    42:b6:21:da:89:32:3f:1d:69:b5:33:14:81:54:1c:
                    f3:e8:2e:a1:91:35:8e:41:4e:af:86:e7:00:08:45:
                    9d:6d:85:fd:7b:d6:af:5c:21:1e:e0:c3:97:fa:b8:
                    dd:14:ac:c8:1d:55:54:7c:16:dd:cb:af:05:5b:23:
                    24:a1:0b:e8:c5:96:bf:dd:02:48:9c:87:ca:23:fe:
                    de:69:b4:5e:18:8f:09:32:95:6d:c8:25:78:12:88:
                    b5:f4:2e:9f:a3:a0:73:85:f6:47:ed:2d:c4:5f:c1:
                    c0:13:f4:4f:f4:bd:7f:e5:84:6d:d6:c5:df:c3:88:
                    71:e7:54:db:f8:69:b3:0c:d8:2a:25:0f:a9:24:38:
                    5e:8b:c5:de:8f:3c:e2:33:62:bd:35:d3:af:c0:d4:
                    6d:32:82:7a:92:a3:e2:85:8e:ca:1d:72:fb:ad:56:
                    f0:9b:b1:36:6e:fc:cb:21:a3:91:77:05:b2:2a:a8:
                    bf:cb:ee:d2:87:94:11:de:3d:dc:a7:47:37:90:4c:
                    61:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:C8:29:20:FC:8B:61:78:C5:FA:6C:55:B4:BB:2A:29:C2:21:25:4C
            X509v3 Authority Key Identifier:
                keyid:43:C1:65:95:96:6A:FB:0B:AC:F1:D7:93:7F:24:5D:6A:05:22:21:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q8FllZZq-wus8deTfyRdagUiIaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/d92919-962b-448d-98db-5990ea58e030/1/wcgpIPyLYXjF-mxVtLsqKcIhJUw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/d92919-962b-448d-98db-5990ea58e030/1/Q8FllZZq-wus8deTfyRdagUiIaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:bbc2:1::-2a06:bbc2:3:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         50:04:ed:d7:1e:6e:3c:3a:61:c0:d1:0d:9e:5e:16:1e:49:eb:
         8b:e7:e5:45:4b:bd:da:41:e7:b5:5a:5d:20:c1:26:e2:bb:9e:
         c4:9a:b4:84:84:b9:b4:76:35:aa:33:13:90:5d:a3:6c:12:48:
         2f:d5:16:90:6e:77:60:0f:04:7e:93:d4:13:11:8d:d3:97:6b:
         08:59:1b:05:d9:0e:37:f3:f1:e8:31:08:c8:c5:b1:50:7d:21:
         73:a4:fb:9c:28:5e:de:bc:df:47:4f:1e:51:b0:04:f0:4a:ea:
         a9:25:79:51:cd:d3:07:23:a6:d6:ef:bb:82:2b:45:24:02:f6:
         f7:fb:df:16:09:57:4f:be:be:33:c5:c5:2d:4a:31:78:da:2c:
         27:05:6e:0e:78:69:90:43:fa:9c:8b:ab:45:82:6b:bb:7c:ae:
         f3:eb:31:a8:f4:f1:11:6e:29:20:f4:82:ff:19:88:18:00:f1:
         9c:dd:dd:9e:02:36:4a:c9:91:b5:e2:f9:0b:89:0f:c9:ca:64:
         8d:f1:8d:0a:64:2c:15:d4:5b:fc:ef:e2:5c:39:cf:7c:f4:37:
         1f:74:ef:80:96:87:8a:ea:84:5e:76:3e:d8:ba:7c:95:b4:db:
         54:27:a0:46:c3:e1:8d:97:0d:53:7b:66:cb:52:ee:f3:47:b9:
         ac:67:bf:9b
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZkoc4eC9NtUi3NUErXFAAX/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzYzE2NTk1OTY2YWZiMGJhY2YxZDc5MzdmMjQ1ZDZhMDUy
MjIxYTMwHhcNMjUwOTA4MDgzMTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWM4MjkyMGZjOGI2MTc4YzVmYTZjNTViNGJiMmEyOWMyMjEyNTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA23p1OMcxezToRh7U+kQwrlBiD24/
4xb51bxsRSO4z8itp7eKo+/T3Gis2WK7q/8i/7MRQUGaT+/XrNJCtiHaiTI/HWm1
MxSBVBzz6C6hkTWOQU6vhucACEWdbYX9e9avXCEe4MOX+rjdFKzIHVVUfBbdy68F
WyMkoQvoxZa/3QJInIfKI/7eabReGI8JMpVtyCV4Eoi19C6fo6BzhfZH7S3EX8HA
E/RP9L1/5YRt1sXfw4hx51Tb+GmzDNgqJQ+pJDhei8XejzziM2K9NdOvwNRtMoJ6
kqPihY7KHXL7rVbwm7E2bvzLIaORdwWyKqi/y+7Sh5QR3j3cp0c3kExhQQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFMHIKSD8i2F4xfpsVbS7KinCISVMMB8GA1UdIwQY
MBaAFEPBZZWWavsLrPHXk38kXWoFIiGjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUThGbGxaWnEtd3VzOGRlVGZ5UmRhZ1VpSWFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9kOTI5MTktOTYyYi00NDhkLTk4ZGIt
NTk5MGVhNThlMDMwLzEvd2NncElQeUxZWGpGLW14VnRMc3FLY0loSlV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS9kOTI5MTktOTYyYi00NDhkLTk4ZGItNTk5MGVhNThlMDMw
LzEvUThGbGxaWnEtd3VzOGRlVGZ5UmRhZ1VpSWFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwAqBrvC
AAEDBwIqBrvCAAAwDQYJKoZIhvcNAQELBQADggEBAFAE7dcebjw6YcDRDZ5eFh5J
64vn5UVLvdpB57VaXSDBJuK7nsSatISEubR2NaozE5Bdo2wSSC/VFpBud2APBH6T
1BMRjdOXawhZGwXZDjfz8egxCMjFsVB9IXOk+5woXt6830dPHlGwBPBK6qkleVHN
0wcjptbvu4IrRSQC9vf73xYJV0++vjPFxS1KMXjaLCcFbg54aZBD+pyLq0WCa7t8
rvPrMaj08RFuKSD0gv8ZiBgA8Zzd3Z4CNkrJkbXi+QuJD8nKZI3xjQpkLBXUW/zv
4lw5z3z0Nx9074CWh4rqhF52Pti6fJW021QnoEbD4Y2XDVN7ZstS7vNHuaxnv5s=
-----END CERTIFICATE-----