Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/wl8BD6AeBQhSvv24hHYdMrNDCrM.roa
File:                     wl8BD6AeBQhSvv24hHYdMrNDCrM.roa (raw, json)
Hash identifier:          zAgZ8yRmexkzDIuIp2EytxEuwAas/TOg4n5E7FwX/s4=
Subject key identifier:   C2:5F:01:0F:A0:1E:05:08:52:BE:FD:B8:84:76:1D:32:B3:43:0A:B3
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019DA7AD3C66271F2B5107427E94B9881B34
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/wl8BD6AeBQhSvv24hHYdMrNDCrM.roa
Signing time:             Sun 19 Apr 2026 21:37:21 +0000
ROA not before:           Sun 19 Apr 2026 21:37:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43260
IP address blocks:        77.90.54.0/24 maxlen: 24
                          217.69.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 21:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:a7:ad:3c:66:27:1f:2b:51:07:42:7e:94:b9:88:1b:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Apr 19 21:37:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c25f010fa01e050852befdb884761d32b3430ab3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:34:3c:95:b9:30:0e:1b:d0:45:c8:9d:bc:3d:
                    43:8d:18:36:fd:fd:e5:cd:42:4d:55:fe:52:ce:5a:
                    27:06:dd:f7:3d:66:60:22:e7:cc:b5:92:74:b9:27:
                    92:9a:cf:69:67:3d:ad:3e:39:d4:e8:96:86:84:f7:
                    c3:b7:28:80:b5:3b:39:22:20:a0:d3:12:be:33:46:
                    c8:f3:9f:f2:ea:29:76:04:3e:62:1c:d3:29:22:7f:
                    d2:4a:05:60:40:a4:0d:6b:3b:37:61:81:cd:68:02:
                    cf:47:12:b0:98:39:ae:ce:71:21:a5:d3:dc:66:fe:
                    4c:d9:08:f2:9d:e2:09:68:6c:c2:39:51:af:f3:e7:
                    e7:7d:77:72:f3:2c:2f:69:af:6d:36:19:da:e6:75:
                    d3:0d:e7:5d:da:f5:0d:8f:d4:01:03:8f:eb:d1:56:
                    76:d6:ca:6e:7e:e9:8b:0f:f0:8e:b4:f3:9c:38:cb:
                    1b:eb:2c:73:06:3b:8b:50:5b:02:97:d9:db:b4:c0:
                    e3:2f:eb:19:86:b4:a7:ae:d6:c4:42:47:e2:fc:d5:
                    00:28:93:8a:d1:57:58:e5:4a:91:de:93:c6:2d:a3:
                    c4:60:fb:8c:05:bb:1b:d1:85:5c:65:24:60:7e:d8:
                    7c:d5:83:dc:0e:22:9c:14:d2:62:e0:74:a9:74:d0:
                    10:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:5F:01:0F:A0:1E:05:08:52:BE:FD:B8:84:76:1D:32:B3:43:0A:B3
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/wl8BD6AeBQhSvv24hHYdMrNDCrM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.54.0/24
                  217.69.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:29:41:18:3f:df:e8:dc:a9:91:be:9b:cf:6a:67:0a:09:77:
         d7:63:d5:8e:ad:54:86:84:d5:12:ea:1c:e1:5c:56:22:5d:46:
         2a:69:7a:bf:54:e0:8e:bd:59:64:80:84:47:f5:7d:8e:83:87:
         9d:e5:ea:ee:b6:a2:72:10:6e:74:33:13:a5:95:19:5b:a6:5c:
         10:bd:3d:ca:7f:0c:5b:e5:ad:ba:5c:2a:6a:18:5f:4b:4b:e0:
         c4:24:15:29:36:44:d0:64:56:cb:ad:c5:aa:82:e1:62:00:cd:
         58:2b:40:c2:aa:03:d7:44:15:c5:b6:a4:49:f6:98:7a:b8:2b:
         3d:bd:5a:3a:31:d8:bc:8e:e8:e9:39:53:d3:e1:b7:42:88:17:
         35:ff:7c:2f:0e:22:c6:50:a6:2b:07:12:9b:a2:30:f9:f7:04:
         1b:32:c2:45:27:e3:1b:ea:f1:78:72:19:16:6d:32:31:8a:77:
         bc:2e:c0:3b:95:76:4e:58:29:86:0e:35:ec:dd:c5:74:87:a9:
         9a:bb:65:94:e9:c4:c6:cd:1d:d1:21:71:98:f9:34:ef:5f:67:
         65:83:96:75:0b:cd:69:cd:bc:55:a3:15:23:7b:ef:35:8c:51:
         2c:a0:a3:a8:e2:93:ed:b8:cd:6e:c4:1c:1c:87:a2:a5:f5:f3:
         23:3b:04:1f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2nrTxmJx8rUQdCfpS5iBs0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwNDE5MjEzNzIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjVmMDEwZmEwMWUwNTA4NTJiZWZkYjg4NDc2MWQzMmIzNDMwYWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2TQ8lbkwDhvQRcidvD1DjRg2/f3l
zUJNVf5SzlonBt33PWZgIufMtZJ0uSeSms9pZz2tPjnU6JaGhPfDtyiAtTs5IiCg
0xK+M0bI85/y6il2BD5iHNMpIn/SSgVgQKQNazs3YYHNaALPRxKwmDmuznEhpdPc
Zv5M2QjyneIJaGzCOVGv8+fnfXdy8ywvaa9tNhna5nXTDedd2vUNj9QBA4/r0VZ2
1spufumLD/COtPOcOMsb6yxzBjuLUFsCl9nbtMDjL+sZhrSnrtbEQkfi/NUAKJOK
0VdY5UqR3pPGLaPEYPuMBbsb0YVcZSRgfth81YPcDiKcFNJi4HSpdNAQeQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMJfAQ+gHgUIUr79uIR2HTKzQwqzMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvd2w4QkQ2QWVCUWhTdnYyNGhIWWRNck5EQ3JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATVo2AwQA
2UWmMA0GCSqGSIb3DQEBCwUAA4IBAQDCKUEYP9/o3KmRvpvPamcKCXfXY9WOrVSG
hNUS6hzhXFYiXUYqaXq/VOCOvVlkgIRH9X2Og4ed5erutqJyEG50MxOllRlbplwQ
vT3Kfwxb5a26XCpqGF9LS+DEJBUpNkTQZFbLrcWqguFiAM1YK0DCqgPXRBXFtqRJ
9ph6uCs9vVo6Mdi8jujpOVPT4bdCiBc1/3wvDiLGUKYrBxKbojD59wQbMsJFJ+Mb
6vF4chkWbTIxine8LsA7lXZOWCmGDjXs3cV0h6mau2WU6cTGzR3RIXGY+TTvX2dl
g5Z1C81pzbxVoxUje+81jFEsoKOo4pPtuM1uxBwch6Kl9fMjOwQf
-----END CERTIFICATE-----