Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/1WFTW_XNP-qj9QwtLvnY8K90GHo.roa
File:                     1WFTW_XNP-qj9QwtLvnY8K90GHo.roa (raw, json)
Hash identifier:          TT0O/NxdJaHvvJ9dp0/GHhMEHYZPpkP2KSw3SR8SILQ=
Subject key identifier:   D5:61:53:5B:F5:CD:3F:EA:A3:F5:0C:2D:2E:F9:D8:F0:AF:74:18:7A
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       01982241AC96F889B01F4CFAC628F0DB3BFC
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/1WFTW_XNP-qj9QwtLvnY8K90GHo.roa
Signing time:             Sat 19 Jul 2025 10:36:26 +0000
ROA not before:           Sat 19 Jul 2025 10:36:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        185.221.26.0/24 maxlen: 24
                          194.146.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 04:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:22:41:ac:96:f8:89:b0:1f:4c:fa:c6:28:f0:db:3b:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Jul 19 10:36:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d561535bf5cd3feaa3f50c2d2ef9d8f0af74187a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:14:31:3c:9b:91:97:de:ae:5d:95:68:9c:0e:
                    2a:21:a4:18:b2:57:53:d9:ff:12:58:80:e6:f4:8b:
                    b8:3e:59:f1:d0:b9:96:76:49:8a:57:3c:ec:87:88:
                    52:78:03:69:c5:d4:7c:2a:5b:d4:ad:ff:61:01:22:
                    ec:f9:5f:c6:39:c1:63:a4:c1:fe:62:bd:1a:8b:b3:
                    7c:65:fa:0e:c3:23:d9:2f:55:da:74:2e:86:44:96:
                    c3:32:c7:c1:2d:2e:d2:ff:47:49:5b:4b:89:0d:30:
                    8f:89:d9:ad:5d:76:27:40:96:df:eb:99:df:16:52:
                    33:50:3e:e7:40:c2:8b:1d:9b:0d:d3:73:78:27:71:
                    cc:8c:fc:a2:c7:e6:6a:b5:6b:ee:d1:da:26:33:0c:
                    98:da:d4:e9:a4:fb:34:6c:fb:dd:c5:ce:65:81:16:
                    9d:f1:96:15:b0:af:2b:6a:1e:1f:2e:4e:c6:91:21:
                    52:a2:c2:1f:51:27:97:a1:2a:cc:92:a6:5a:bf:fc:
                    2c:7f:00:8d:7c:bd:e6:ce:ac:82:fe:d3:ac:b1:b4:
                    d4:71:8c:3d:94:34:2f:6e:f5:52:f8:14:54:96:a5:
                    fe:a7:dc:7d:52:a8:43:8f:61:04:2a:ed:5b:01:dc:
                    6d:30:1d:ee:ed:8b:9f:05:2f:73:1d:70:61:1e:21:
                    77:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:61:53:5B:F5:CD:3F:EA:A3:F5:0C:2D:2E:F9:D8:F0:AF:74:18:7A
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/1WFTW_XNP-qj9QwtLvnY8K90GHo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.26.0/24
                  194.146.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:e3:53:70:06:dd:b9:b3:20:0b:39:f0:e9:d8:5e:2e:41:6e:
         ba:85:c3:f1:ad:45:3c:11:e7:d7:b0:8a:3f:06:c5:f3:2f:f3:
         43:51:88:b0:22:6c:e2:f3:78:0d:d7:f1:ce:58:be:1a:9d:cb:
         17:f1:dc:37:ac:e3:35:80:17:f6:59:09:c2:28:5d:c9:e1:f9:
         4e:32:ba:7a:c3:83:e7:92:62:05:9d:02:ee:43:61:cd:fb:d3:
         eb:a5:70:a1:2d:53:d3:ab:9b:04:5e:54:68:5a:33:52:a5:c1:
         17:0e:fb:81:a8:1f:86:02:d3:ad:e4:27:20:5f:ba:25:b7:5d:
         d5:97:a9:d3:d2:d5:32:60:37:d4:4b:b3:3e:0f:0a:bb:f0:a8:
         44:0f:f5:fc:ac:61:7c:c0:22:3a:c8:9d:40:d7:f0:20:23:dd:
         2e:80:94:5d:6a:cc:f9:4b:aa:84:bd:61:ed:55:fc:4d:b6:c1:
         0c:89:74:6c:a1:9f:ef:fe:39:68:0f:a2:67:d6:e0:c5:e8:9b:
         1d:9e:e2:94:05:f1:5d:a2:b2:c0:d2:bb:3a:11:f4:be:63:e8:
         a8:dc:37:c0:4d:56:48:6d:ad:35:99:3b:1e:0c:ef:82:82:e4:
         26:96:a3:fa:27:92:0b:a8:c6:8e:ee:11:dd:58:0a:b7:9c:f7:
         cc:03:e1:c4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZgiQayW+ImwH0z6xijw2zv8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjUwNzE5MTAzNjI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTYxNTM1YmY1Y2QzZmVhYTNmNTBjMmQyZWY5ZDhmMGFmNzQxODdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoxQxPJuRl96uXZVonA4qIaQYsldT
2f8SWIDm9Iu4Plnx0LmWdkmKVzzsh4hSeANpxdR8KlvUrf9hASLs+V/GOcFjpMH+
Yr0ai7N8ZfoOwyPZL1XadC6GRJbDMsfBLS7S/0dJW0uJDTCPidmtXXYnQJbf65nf
FlIzUD7nQMKLHZsN03N4J3HMjPyix+ZqtWvu0domMwyY2tTppPs0bPvdxc5lgRad
8ZYVsK8rah4fLk7GkSFSosIfUSeXoSrMkqZav/wsfwCNfL3mzqyC/tOssbTUcYw9
lDQvbvVS+BRUlqX+p9x9UqhDj2EEKu1bAdxtMB3u7YufBS9zHXBhHiF3NwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNVhU1v1zT/qo/UMLS752PCvdBh6MB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvMVdGVFdfWE5QLXFqOVF3dEx2blk4SzkwR0hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAud0aAwQA
wpJcMA0GCSqGSIb3DQEBCwUAA4IBAQAc41NwBt25syALOfDp2F4uQW66hcPxrUU8
EefXsIo/BsXzL/NDUYiwImzi83gN1/HOWL4ancsX8dw3rOM1gBf2WQnCKF3J4flO
Mrp6w4PnkmIFnQLuQ2HN+9PrpXChLVPTq5sEXlRoWjNSpcEXDvuBqB+GAtOt5Ccg
X7olt13Vl6nT0tUyYDfUS7M+Dwq78KhED/X8rGF8wCI6yJ1A1/AgI90ugJRdasz5
S6qEvWHtVfxNtsEMiXRsoZ/v/jloD6Jn1uDF6JsdnuKUBfFdorLA0rs6EfS+Y+io
3DfATVZIba01mTseDO+CguQmlqP6J5ILqMaO7hHdWAq3nPfMA+HE
-----END CERTIFICATE-----