Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/W5olfq9Y7_Lj6KMnAWRUMCZAxjo.roa
File:                     W5olfq9Y7_Lj6KMnAWRUMCZAxjo.roa (raw, json)
Hash identifier:          qmwFKXQc7nyx5IpOYqlWD91kE3wC9gbI51Kb8YcehEw=
Subject key identifier:   5B:9A:25:7E:AF:58:EF:F2:E3:E8:A3:27:01:64:54:30:26:40:C6:3A
Certificate issuer:       /CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Certificate serial:       019CF5D6F0091CB81AD6CDE0B4B3CE9D3E85
Authority key identifier: 06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/W5olfq9Y7_Lj6KMnAWRUMCZAxjo.roa
Signing time:             Mon 16 Mar 2026 08:50:29 +0000
ROA not before:           Mon 16 Mar 2026 08:50:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     137235
IP address blocks:        213.220.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f5:d6:f0:09:1c:b8:1a:d6:cd:e0:b4:b3:ce:9d:3e:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
        Validity
            Not Before: Mar 16 08:50:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5b9a257eaf58eff2e3e8a327016454302640c63a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:2a:b9:7c:8d:fb:9b:66:dd:83:d2:96:e5:36:
                    38:ee:2a:82:6e:2d:f1:9e:da:69:c7:8c:32:39:8a:
                    d9:02:c4:32:41:b0:bf:54:42:ff:63:08:d0:12:37:
                    f4:2d:f8:29:f2:e4:7e:49:78:bc:24:81:2f:c9:94:
                    ef:76:85:18:e5:0d:2f:b4:15:45:d3:f1:78:73:4d:
                    92:5f:c9:11:11:c4:5e:1a:20:11:23:ea:1d:15:fb:
                    db:39:40:b5:69:d4:72:62:6f:84:b4:81:1f:b8:2f:
                    8d:21:2a:f1:6d:1f:dd:c0:88:e3:b7:8b:9b:1b:0e:
                    31:7c:86:6f:c4:9c:f6:13:d9:0d:8e:86:fe:fd:1b:
                    2e:d0:27:23:d5:cd:37:33:93:76:3e:42:85:e1:97:
                    62:b2:ad:4f:eb:03:44:04:97:0c:8e:b7:63:a6:02:
                    37:7c:79:5d:e2:3c:e5:51:3c:56:b8:82:1d:8a:9f:
                    0e:da:33:22:ad:50:14:b1:59:19:ce:a1:4b:be:ac:
                    0d:cf:5e:22:e8:12:80:12:be:a2:07:e3:ae:22:c1:
                    55:01:db:7e:30:c9:26:18:bf:46:32:8d:33:e6:36:
                    0f:5f:f1:bd:23:6f:96:8e:93:05:43:74:a8:90:89:
                    51:b3:a5:a8:3e:83:11:e4:f0:1e:19:ab:45:a0:26:
                    61:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:9A:25:7E:AF:58:EF:F2:E3:E8:A3:27:01:64:54:30:26:40:C6:3A
            X509v3 Authority Key Identifier:
                keyid:06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/W5olfq9Y7_Lj6KMnAWRUMCZAxjo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.220.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:19:61:dd:55:cb:9a:e0:74:ec:3c:e1:24:bb:ba:0c:41:69:
         16:73:94:23:d5:59:06:3d:12:fc:b5:98:75:4e:c6:a3:21:55:
         2c:42:7e:26:0c:72:12:61:3e:53:27:28:51:ac:67:b3:25:a9:
         b9:71:bd:b0:09:54:69:92:de:f6:c5:9a:33:a1:97:a6:54:a4:
         3f:5b:80:71:b9:e5:ec:9c:77:0c:58:ac:e9:4f:e3:47:e4:02:
         2f:d0:09:47:8b:cc:9e:c2:00:f3:18:69:d8:1e:eb:14:0b:09:
         89:9f:60:29:64:6a:ef:b1:05:c8:4a:5b:4e:cc:38:c8:77:b7:
         1b:42:3f:6b:9a:00:32:e5:01:4c:30:b0:cd:04:a1:0b:ca:24:
         e1:48:e5:6a:cb:14:96:d3:1d:3d:36:c0:12:d0:61:9d:e4:de:
         9d:8e:6a:60:e6:52:8f:f5:31:41:85:6c:49:3f:45:66:f9:3b:
         f7:d4:17:78:34:72:4e:f7:70:4f:28:a8:bb:b6:54:07:9c:53:
         18:df:a1:58:3d:37:42:46:cd:0f:68:6e:53:27:ca:80:e6:2d:
         b7:c1:0e:39:49:0f:b0:29:35:04:06:94:97:e6:42:f8:54:9c:
         cb:7f:e6:86:b8:7e:38:d3:16:35:83:3b:a7:fc:b8:2a:2f:4e:
         9f:2f:0f:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz11vAJHLga1s3gtLPOnT6FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NzFkY2M3YTlhYzczNTFjNzFlMGJjMjI3OGNmNDVmZDAy
MGFlMmUwHhcNMjYwMzE2MDg1MDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjlhMjU3ZWFmNThlZmYyZTNlOGEzMjcwMTY0NTQzMDI2NDBjNjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAziq5fI37m2bdg9KW5TY47iqCbi3x
ntppx4wyOYrZAsQyQbC/VEL/YwjQEjf0Lfgp8uR+SXi8JIEvyZTvdoUY5Q0vtBVF
0/F4c02SX8kREcReGiARI+odFfvbOUC1adRyYm+EtIEfuC+NISrxbR/dwIjjt4ub
Gw4xfIZvxJz2E9kNjob+/Rsu0Ccj1c03M5N2PkKF4Zdisq1P6wNEBJcMjrdjpgI3
fHld4jzlUTxWuIIdip8O2jMirVAUsVkZzqFLvqwNz14i6BKAEr6iB+OuIsFVAdt+
MMkmGL9GMo0z5jYPX/G9I2+WjpMFQ3SokIlRs6WoPoMR5PAeGatFoCZhQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFuaJX6vWO/y4+ijJwFkVDAmQMY6MB8GA1UdIwQY
MBaAFAZx3MeprHNRxx4LwieM9F/QIK4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvVzVvbGZxOVk3X0xqNktNbkFXUlVNQ1pBeGpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dwqMA0G
CSqGSIb3DQEBCwUAA4IBAQCkGWHdVcua4HTsPOEku7oMQWkWc5Qj1VkGPRL8tZh1
TsajIVUsQn4mDHISYT5TJyhRrGezJam5cb2wCVRpkt72xZozoZemVKQ/W4BxueXs
nHcMWKzpT+NH5AIv0AlHi8yewgDzGGnYHusUCwmJn2ApZGrvsQXISltOzDjId7cb
Qj9rmgAy5QFMMLDNBKELyiThSOVqyxSW0x09NsAS0GGd5N6djmpg5lKP9TFBhWxJ
P0Vm+Tv31Bd4NHJO93BPKKi7tlQHnFMY36FYPTdCRs0PaG5TJ8qA5i23wQ45SQ+w
KTUEBpSX5kL4VJzLf+aGuH440xY1gzun/LgqL06fLw9P
-----END CERTIFICATE-----