Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/wTJ_C-dHa_YC0YaPRRArBwkXQCI.roa
File:                     wTJ_C-dHa_YC0YaPRRArBwkXQCI.roa (raw, json)
Hash identifier:          m3xr5x0LZS9Tb0mqyHZiSXVhFpmAus+lr+3Q2xaJxvc=
Subject key identifier:   C1:32:7F:0B:E7:47:6B:F6:02:D1:86:8F:45:10:2B:07:09:17:40:22
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       019A31785DE14D8A25AC5DD1A2A0D5A861FC
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/wTJ_C-dHa_YC0YaPRRArBwkXQCI.roa
Signing time:             Wed 29 Oct 2025 19:36:03 +0000
ROA not before:           Wed 29 Oct 2025 19:36:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205886
IP address blocks:        109.122.46.0/24 maxlen: 24
                          193.93.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Nov 2025 01:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:31:78:5d:e1:4d:8a:25:ac:5d:d1:a2:a0:d5:a8:61:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Oct 29 19:36:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c1327f0be7476bf602d1868f45102b0709174022
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:4a:c8:fa:ae:6e:69:4f:84:7f:30:e5:fc:a1:
                    ce:d4:96:37:4b:43:90:ff:2c:58:aa:f5:71:7f:68:
                    d5:c9:88:aa:40:42:39:7e:3e:d7:d1:f8:77:f7:96:
                    53:06:df:1f:c1:b3:07:56:55:8a:ec:aa:62:2e:32:
                    3b:ac:35:eb:9b:e8:71:36:2f:d4:4e:7b:b7:06:3b:
                    5b:37:14:92:fe:17:11:93:9f:a8:d5:9f:d8:ea:da:
                    31:6c:a6:38:79:ec:dc:8e:3a:dc:4d:58:c0:22:7d:
                    c9:fc:f1:af:e9:7f:c0:5c:6f:a7:ab:cd:80:72:1c:
                    40:f8:3c:26:d0:69:3b:e9:0b:cb:fa:01:7b:48:18:
                    2a:8f:bf:48:63:5e:12:a5:b3:8b:d1:7b:84:58:a3:
                    1f:90:a2:1f:6b:b9:9d:c9:49:f4:e9:6b:e7:24:77:
                    0a:63:e0:b0:1e:16:f9:b2:88:dd:a6:56:b4:49:5e:
                    e1:65:62:17:e0:61:54:63:52:6b:21:38:25:05:43:
                    2e:f4:9a:f7:16:7d:90:5e:55:1d:c5:57:11:05:43:
                    ff:cf:78:a1:25:e3:0b:2a:30:70:23:8f:44:29:2c:
                    b9:56:56:e2:a5:c4:45:3b:40:c3:4c:7f:a6:86:bc:
                    8b:1f:54:31:88:a0:10:b7:8d:28:6c:38:3b:11:f9:
                    c3:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:32:7F:0B:E7:47:6B:F6:02:D1:86:8F:45:10:2B:07:09:17:40:22
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/wTJ_C-dHa_YC0YaPRRArBwkXQCI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.46.0/24
                  193.93.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:33:18:0a:2a:64:13:6d:57:56:a2:96:69:5d:78:28:f9:6e:
         73:d0:e1:da:a9:7f:71:e8:99:70:4d:a4:bb:21:5a:16:a6:6b:
         1c:66:be:3f:28:6c:a0:36:31:4d:57:8d:1b:16:08:67:0b:a7:
         18:da:95:4b:7f:d7:93:7a:56:13:64:7d:ae:15:28:f7:a7:2e:
         2c:87:61:ad:b6:92:1b:57:18:de:71:1b:73:29:e1:dc:33:c4:
         32:e8:41:d2:ba:62:a3:67:3f:83:c9:64:ab:90:a0:d1:22:67:
         48:5d:35:01:54:04:af:10:4d:cb:22:b9:a2:7a:b8:96:ce:95:
         c7:a2:08:fa:c8:c0:09:29:d9:bc:17:40:68:a6:ae:38:61:6a:
         a7:b8:26:9b:95:3e:c9:f8:6e:ef:77:12:b7:0e:f7:ef:0a:f6:
         76:6e:07:26:82:d8:4b:9b:d4:cd:c0:a1:21:25:f7:10:3d:72:
         a3:05:22:1b:58:a5:38:b4:a1:47:71:2d:fe:0a:82:58:93:8b:
         e6:bb:91:86:0f:09:7e:fe:64:48:2c:97:aa:3e:3e:a5:2c:4a:
         28:88:6c:69:12:92:21:0b:12:92:55:c9:5a:b5:f9:01:22:dc:
         78:ad:9f:13:03:f5:c0:60:cd:d3:f9:ba:07:50:dc:3e:88:94:
         92:cb:89:b0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZoxeF3hTYolrF3RoqDVqGH8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjUxMDI5MTkzNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTMyN2YwYmU3NDc2YmY2MDJkMTg2OGY0NTEwMmIwNzA5MTc0MDIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuUrI+q5uaU+EfzDl/KHO1JY3S0OQ
/yxYqvVxf2jVyYiqQEI5fj7X0fh395ZTBt8fwbMHVlWK7KpiLjI7rDXrm+hxNi/U
Tnu3BjtbNxSS/hcRk5+o1Z/Y6toxbKY4eezcjjrcTVjAIn3J/PGv6X/AXG+nq82A
chxA+Dwm0Gk76QvL+gF7SBgqj79IY14SpbOL0XuEWKMfkKIfa7mdyUn06WvnJHcK
Y+CwHhb5sojdpla0SV7hZWIX4GFUY1JrITglBUMu9Jr3Fn2QXlUdxVcRBUP/z3ih
JeMLKjBwI49EKSy5VlbipcRFO0DDTH+mhryLH1QxiKAQt40obDg7EfnDtQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMEyfwvnR2v2AtGGj0UQKwcJF0AiMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvd1RKX0MtZEhhX1lDMFlhUFJSQXJCd2tYUUNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbXouAwQA
wV02MA0GCSqGSIb3DQEBCwUAA4IBAQA7MxgKKmQTbVdWopZpXXgo+W5z0OHaqX9x
6JlwTaS7IVoWpmscZr4/KGygNjFNV40bFghnC6cY2pVLf9eTelYTZH2uFSj3py4s
h2GttpIbVxjecRtzKeHcM8Qy6EHSumKjZz+DyWSrkKDRImdIXTUBVASvEE3LIrmi
eriWzpXHogj6yMAJKdm8F0Bopq44YWqnuCablT7J+G7vdxK3DvfvCvZ2bgcmgthL
m9TNwKEhJfcQPXKjBSIbWKU4tKFHcS3+CoJYk4vmu5GGDwl+/mRILJeqPj6lLEoo
iGxpEpIhCxKSVclatfkBItx4rZ8TA/XAYM3T+boHUNw+iJSSy4mw
-----END CERTIFICATE-----