Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/w-8JV9tzQXIKEFhT7_r_amW94Ek.roa
File:                     w-8JV9tzQXIKEFhT7_r_amW94Ek.roa (raw, json)
Hash identifier:          +7GXZ8dLoWSUF6T+1w1xmCDurIJPtnKH2f0SGYLIe/U=
Subject key identifier:   C3:EF:09:57:DB:73:41:72:0A:10:58:53:EF:FA:FF:6A:65:BD:E0:49
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       019E2F478DD79CB9C94E9A1CF9A807BA6BE2
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/w-8JV9tzQXIKEFhT7_r_amW94Ek.roa
Signing time:             Sat 16 May 2026 05:34:38 +0000
ROA not before:           Sat 16 May 2026 05:34:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212238
IP address blocks:        178.239.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 07:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2f:47:8d:d7:9c:b9:c9:4e:9a:1c:f9:a8:07:ba:6b:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: May 16 05:34:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c3ef0957db7341720a105853effaff6a65bde049
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:e5:79:e9:1e:11:34:d5:77:b0:5c:68:a4:9d:
                    50:52:74:6f:ad:cf:8e:bf:06:76:be:67:d0:e9:a6:
                    de:1e:68:d6:65:de:73:95:99:88:47:d7:55:7c:de:
                    f5:f7:91:a5:79:9a:0b:4c:19:65:cf:7d:b8:7d:79:
                    b7:21:6b:42:e3:fd:51:9d:d7:cd:b3:11:54:1b:06:
                    a7:ae:10:70:dd:9c:09:94:e3:4b:79:48:60:3c:d8:
                    4b:dd:ed:68:fc:c9:14:37:3f:44:8c:5c:b5:c7:24:
                    66:f0:32:a3:85:eb:c4:04:06:27:0a:f5:40:6f:67:
                    4f:96:7f:3b:35:cb:c4:86:fb:be:a4:f0:77:ad:f8:
                    c9:c3:03:98:fa:ba:a6:50:ab:b0:48:0c:d9:cb:e7:
                    0d:3c:17:56:cd:5e:90:74:13:f8:ed:53:ed:6e:5e:
                    58:74:c8:ac:fe:b3:6b:8f:7c:7b:81:3d:ec:fa:2f:
                    7d:22:2b:6b:c3:97:c7:15:7d:39:24:bd:93:4d:7e:
                    29:12:2a:1c:a3:9b:61:a2:04:c8:c5:3d:91:af:3c:
                    70:1d:c3:5b:a7:85:c9:08:48:f7:7e:e2:29:01:5c:
                    e4:b9:00:33:49:0a:e6:07:8e:43:9d:9c:ee:80:8d:
                    16:00:45:c0:42:42:e9:21:5d:7d:c6:97:0c:6d:20:
                    79:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:EF:09:57:DB:73:41:72:0A:10:58:53:EF:FA:FF:6A:65:BD:E0:49
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/w-8JV9tzQXIKEFhT7_r_amW94Ek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:f8:cd:1f:3d:7a:c9:c4:4b:fa:56:7d:35:9e:2e:f1:1e:34:
         aa:7d:dd:3a:da:65:da:ad:51:e5:13:ea:df:f6:aa:b5:80:eb:
         46:97:14:63:5e:94:17:68:91:49:1c:44:28:98:38:db:1e:d8:
         4e:7d:a0:d4:4a:2e:e3:b0:14:be:66:8a:c3:73:39:e7:3f:60:
         08:5a:ea:69:89:2a:6d:1b:db:78:2b:17:87:9b:49:a9:f3:5d:
         74:13:c3:f7:ab:8a:3f:c6:52:fb:58:81:36:b8:b1:ba:6e:c7:
         2c:ab:75:b2:1c:90:45:df:13:81:24:ab:31:92:58:9d:f8:44:
         68:78:6c:4b:6e:17:fd:3c:1f:61:5a:e7:b3:2a:b4:76:0a:f8:
         96:ad:6c:5e:63:1c:9b:54:a0:61:a2:05:ad:ce:69:b6:cd:18:
         0e:a4:6d:f7:10:3b:60:ee:20:76:01:23:ca:8a:ab:00:89:99:
         76:10:47:79:2e:01:14:8f:82:cc:d6:d3:02:fc:c2:c9:f7:c4:
         bb:92:1f:7f:85:7e:5e:83:e6:7d:05:31:46:f1:63:12:77:4f:
         ea:db:53:6d:50:5d:56:c5:5a:5c:28:25:86:0d:f5:4e:73:c0:
         4d:09:a3:a9:47:43:16:e1:5a:f2:b8:1e:ef:cc:5c:9c:3c:d6:
         44:db:8c:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4vR43XnLnJTpoc+agHumviMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjYwNTE2MDUzNDM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2VmMDk1N2RiNzM0MTcyMGExMDU4NTNlZmZhZmY2YTY1YmRlMDQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArOV56R4RNNV3sFxopJ1QUnRvrc+O
vwZ2vmfQ6abeHmjWZd5zlZmIR9dVfN7195GleZoLTBllz324fXm3IWtC4/1RndfN
sxFUGwanrhBw3ZwJlONLeUhgPNhL3e1o/MkUNz9EjFy1xyRm8DKjhevEBAYnCvVA
b2dPln87NcvEhvu+pPB3rfjJwwOY+rqmUKuwSAzZy+cNPBdWzV6QdBP47VPtbl5Y
dMis/rNrj3x7gT3s+i99Iitrw5fHFX05JL2TTX4pEioco5thogTIxT2RrzxwHcNb
p4XJCEj3fuIpAVzkuQAzSQrmB45DnZzugI0WAEXAQkLpIV19xpcMbSB5OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMPvCVfbc0FyChBYU+/6/2plveBJMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvdy04SlY5dHpRWElLRUZoVDdfcl9hbVc5NEVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsu9wMA0G
CSqGSIb3DQEBCwUAA4IBAQBb+M0fPXrJxEv6Vn01ni7xHjSqfd062mXarVHlE+rf
9qq1gOtGlxRjXpQXaJFJHEQomDjbHthOfaDUSi7jsBS+ZorDcznnP2AIWuppiSpt
G9t4KxeHm0mp8110E8P3q4o/xlL7WIE2uLG6bscsq3WyHJBF3xOBJKsxklid+ERo
eGxLbhf9PB9hWuezKrR2CviWrWxeYxybVKBhogWtzmm2zRgOpG33EDtg7iB2ASPK
iqsAiZl2EEd5LgEUj4LM1tMC/MLJ98S7kh9/hX5eg+Z9BTFG8WMSd0/q21NtUF1W
xVpcKCWGDfVOc8BNCaOpR0MW4VryuB7vzFycPNZE24zr
-----END CERTIFICATE-----