Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/b5670f-e44b-43c5-ab87-45dd9369f9b3/1/PWWIG4LFihwC0tiBHzi-D4CEW_E.roa
File:                     PWWIG4LFihwC0tiBHzi-D4CEW_E.roa (raw, json)
Hash identifier:          SR2uMY0kQkiFCnLExGCvtuv0+u2NPrli7yd2uObCdE0=
Subject key identifier:   3D:65:88:1B:82:C5:8A:1C:02:D2:D8:81:1F:38:BE:0F:80:84:5B:F1
Certificate issuer:       /CN=c55aa35ddb50c90435eccf951f4db8407b6c9c91
Certificate serial:       019B7DC98E054F6A1DA7CD9EEA062E1D2B0C
Authority key identifier: C5:5A:A3:5D:DB:50:C9:04:35:EC:CF:95:1F:4D:B8:40:7B:6C:9C:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xVqjXdtQyQQ17M-VH024QHtsnJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/b5670f-e44b-43c5-ab87-45dd9369f9b3/1/PWWIG4LFihwC0tiBHzi-D4CEW_E.roa
Signing time:             Fri 02 Jan 2026 08:18:39 +0000
ROA not before:           Fri 02 Jan 2026 08:18:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56700
IP address blocks:        91.198.92.0/24 maxlen: 24
                          2001:67c:3cc::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/b5670f-e44b-43c5-ab87-45dd9369f9b3/1/xVqjXdtQyQQ17M-VH024QHtsnJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/b5670f-e44b-43c5-ab87-45dd9369f9b3/1/xVqjXdtQyQQ17M-VH024QHtsnJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xVqjXdtQyQQ17M-VH024QHtsnJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c9:8e:05:4f:6a:1d:a7:cd:9e:ea:06:2e:1d:2b:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c55aa35ddb50c90435eccf951f4db8407b6c9c91
        Validity
            Not Before: Jan  2 08:18:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3d65881b82c58a1c02d2d8811f38be0f80845bf1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:04:90:0c:bb:d8:4b:d5:66:d1:46:f9:2e:83:
                    42:87:bd:b4:84:d5:32:09:f2:2c:44:61:d5:56:44:
                    76:cf:b5:2a:f6:96:13:63:ba:8c:77:0d:78:40:a4:
                    b6:79:55:8a:a5:5d:f4:89:8a:97:7d:21:d6:e5:2d:
                    0e:e1:cc:66:e4:34:36:5c:9f:66:83:75:2c:c6:54:
                    55:04:e9:6f:a3:1b:00:9a:9b:d6:bc:43:d7:e2:0a:
                    90:c1:b6:1f:23:32:f5:2a:7f:47:8a:27:a4:33:ac:
                    bf:24:3d:0e:aa:2e:8b:63:8a:c0:e4:1b:94:16:db:
                    07:14:69:1d:a9:72:6c:ff:b8:29:f3:0d:cb:f2:b7:
                    a7:1a:6a:51:39:ae:98:e8:cb:32:f6:47:74:81:a3:
                    2a:6e:9d:7f:17:f3:72:18:94:81:a1:d1:4f:f6:83:
                    b7:8e:79:d9:68:70:df:52:8f:88:bc:cc:84:9e:4a:
                    6f:92:12:8c:12:58:77:a6:19:bd:c9:30:32:aa:52:
                    ac:7b:20:44:7b:41:f2:a3:27:fa:30:fc:07:cf:69:
                    72:37:e9:75:5d:7f:14:2c:51:b6:45:ab:96:48:7f:
                    90:19:f7:d4:e8:f1:a8:c3:00:03:e3:98:fa:84:86:
                    2e:90:0e:63:41:40:13:d1:a1:51:cd:37:33:1d:45:
                    1d:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:65:88:1B:82:C5:8A:1C:02:D2:D8:81:1F:38:BE:0F:80:84:5B:F1
            X509v3 Authority Key Identifier:
                keyid:C5:5A:A3:5D:DB:50:C9:04:35:EC:CF:95:1F:4D:B8:40:7B:6C:9C:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xVqjXdtQyQQ17M-VH024QHtsnJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/b5670f-e44b-43c5-ab87-45dd9369f9b3/1/PWWIG4LFihwC0tiBHzi-D4CEW_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/b5670f-e44b-43c5-ab87-45dd9369f9b3/1/xVqjXdtQyQQ17M-VH024QHtsnJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.92.0/24
                IPv6:
                  2001:67c:3cc::/48

    Signature Algorithm: sha256WithRSAEncryption
         54:e8:af:92:80:0c:37:0f:10:4b:1b:91:63:1b:80:65:02:9f:
         0d:63:a6:bb:b9:91:c1:d0:1d:14:05:da:44:ae:35:cf:a5:c7:
         f5:e6:c6:5e:32:28:10:cc:cb:67:24:cb:f5:c0:40:8c:f1:70:
         b9:05:19:c8:48:98:8d:fa:45:00:f5:95:2a:2d:17:aa:29:64:
         2a:cc:91:26:5d:c1:dd:6e:a7:01:08:76:c2:f2:63:66:2c:dd:
         ac:7e:7c:68:c9:cf:97:c7:10:d1:0c:6e:3e:21:b1:7d:c4:cf:
         02:4d:c7:ee:e1:21:0e:b7:c2:e5:8b:92:e5:55:8c:36:31:65:
         55:c5:9b:25:7a:09:b4:b1:44:f6:57:77:4a:8c:d4:eb:82:eb:
         c1:72:a1:9a:4c:38:69:d7:05:a6:11:52:35:e9:2f:ca:ef:aa:
         0c:39:2f:75:e1:ea:cd:41:19:4d:b5:6f:db:21:7c:28:be:93:
         7d:a4:a9:0e:77:29:a7:27:77:d7:f9:98:81:31:a5:fc:4b:98:
         92:12:ce:57:c8:0f:cd:3b:8a:c5:62:d5:e4:96:18:83:83:e9:
         69:17:3c:a2:ff:79:68:d2:8d:35:db:f9:9a:9b:af:87:97:13:
         2e:a8:f6:bc:a9:d3:3e:cb:e0:36:fe:7f:f5:e5:b4:e9:9a:ed:
         5a:0c:99:f8
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZt9yY4FT2odp82e6gYuHSsMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1NWFhMzVkZGI1MGM5MDQzNWVjY2Y5NTFmNGRiODQwN2I2
YzljOTEwHhcNMjYwMTAyMDgxODM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDY1ODgxYjgyYzU4YTFjMDJkMmQ4ODExZjM4YmUwZjgwODQ1YmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvgSQDLvYS9Vm0Ub5LoNCh720hNUy
CfIsRGHVVkR2z7Uq9pYTY7qMdw14QKS2eVWKpV30iYqXfSHW5S0O4cxm5DQ2XJ9m
g3UsxlRVBOlvoxsAmpvWvEPX4gqQwbYfIzL1Kn9HiiekM6y/JD0Oqi6LY4rA5BuU
FtsHFGkdqXJs/7gp8w3L8renGmpROa6Y6Msy9kd0gaMqbp1/F/NyGJSBodFP9oO3
jnnZaHDfUo+IvMyEnkpvkhKMElh3phm9yTAyqlKseyBEe0Hyoyf6MPwHz2lyN+l1
XX8ULFG2RauWSH+QGffU6PGowwAD45j6hIYukA5jQUAT0aFRzTczHUUd+QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFD1liBuCxYocAtLYgR84vg+AhFvxMB8GA1UdIwQY
MBaAFMVao13bUMkENezPlR9NuEB7bJyRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFZxalhkdFF5UVExN00tVkgwMjRRSHRzbkpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9iNTY3MGYtZTQ0Yi00M2M1LWFiODct
NDVkZDkzNjlmOWIzLzEvUFdXSUc0TEZpaHdDMHRpQkh6aS1ENENFV19FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9iNTY3MGYtZTQ0Yi00M2M1LWFiODctNDVkZDkzNjlmOWIz
LzEveFZxalhkdFF5UVExN00tVkgwMjRRSHRzbkpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW8ZcMA8E
AgACMAkDBwAgAQZ8A8wwDQYJKoZIhvcNAQELBQADggEBAFTor5KADDcPEEsbkWMb
gGUCnw1jpru5kcHQHRQF2kSuNc+lx/Xmxl4yKBDMy2cky/XAQIzxcLkFGchImI36
RQD1lSotF6opZCrMkSZdwd1upwEIdsLyY2Ys3ax+fGjJz5fHENEMbj4hsX3EzwJN
x+7hIQ63wuWLkuVVjDYxZVXFmyV6CbSxRPZXd0qM1OuC68FyoZpMOGnXBaYRUjXp
L8rvqgw5L3Xh6s1BGU21b9shfCi+k32kqQ53Kacnd9f5mIExpfxLmJISzlfID807
isVi1eSWGIOD6WkXPKL/eWjSjTXb+Zqbr4eXEy6o9ryp0z7L4Db+f/XltOma7VoM
mfg=
-----END CERTIFICATE-----