Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/WoiyQHn-1GYnUa8pie7yHKrUpN4.roa
File:                     WoiyQHn-1GYnUa8pie7yHKrUpN4.roa (raw, json)
Hash identifier:          1s258C65nLq6YtTB+kONmQbOdFjgIwfO1X/q85x6fWI=
Subject key identifier:   5A:88:B2:40:79:FE:D4:66:27:51:AF:29:89:EE:F2:1C:AA:D4:A4:DE
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019D1BB3C4C804DA4E7013E292AA4154B7B7
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/WoiyQHn-1GYnUa8pie7yHKrUpN4.roa
Signing time:             Mon 23 Mar 2026 17:17:39 +0000
ROA not before:           Mon 23 Mar 2026 17:17:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     263794
IP address blocks:        2a0d:6f80:2303::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1b:b3:c4:c8:04:da:4e:70:13:e2:92:aa:41:54:b7:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Mar 23 17:17:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5a88b24079fed4662751af2989eef21caad4a4de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:a3:94:ae:82:c6:59:05:19:ce:b2:69:f5:1e:
                    bd:54:1b:8e:73:eb:e4:52:a1:83:bf:9e:ac:a2:4b:
                    5e:23:ca:61:07:ce:6f:6b:bb:b5:d1:9b:a3:6c:57:
                    12:87:6a:c3:67:20:86:bd:2a:09:93:13:48:a1:c9:
                    e4:dd:4d:03:46:dd:4b:1a:db:05:3b:f1:ed:fd:e8:
                    33:b4:1a:29:dc:d7:2d:3c:06:78:62:c5:de:a2:b0:
                    9e:f1:3b:bb:50:ac:fc:ef:bb:ee:b7:28:23:07:6f:
                    11:5b:f2:ee:82:be:5d:2d:49:28:4f:5f:d5:f1:95:
                    c7:23:d7:80:0d:93:c2:48:88:50:8c:1e:6a:59:aa:
                    23:87:21:58:a0:27:60:f1:44:43:0a:28:7b:06:c2:
                    68:c6:b6:57:2a:7d:90:78:3b:93:8e:54:47:b0:d3:
                    70:fd:f4:3f:7d:7d:43:35:55:6e:13:aa:9f:3b:ba:
                    fb:e7:63:e9:ad:fd:fa:88:9b:e4:bb:2f:87:1a:ac:
                    a3:15:35:36:fc:38:c6:04:d2:4c:dd:16:6f:f2:c3:
                    fc:6d:5d:3a:07:c3:30:a4:e5:ca:82:65:fa:c2:73:
                    e9:6e:bc:49:99:a3:ac:73:2d:81:dd:0e:fa:8f:10:
                    81:3e:5d:07:b3:51:1e:eb:20:ec:95:b2:14:91:a7:
                    0b:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:88:B2:40:79:FE:D4:66:27:51:AF:29:89:EE:F2:1C:AA:D4:A4:DE
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/WoiyQHn-1GYnUa8pie7yHKrUpN4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:6f80:2303::/48

    Signature Algorithm: sha256WithRSAEncryption
         e1:6c:22:54:63:80:20:5a:32:a5:40:69:1b:25:fe:e4:5a:21:
         e0:62:ac:4e:7c:ec:bd:e9:9b:b0:0a:15:77:d9:e0:4a:9a:5e:
         23:55:91:aa:0c:ec:8c:d5:28:da:0b:a2:1f:6e:cb:6c:04:ae:
         6d:0c:b1:e8:75:26:fc:8a:93:54:7b:78:95:a7:6d:89:88:3a:
         44:a6:c5:f9:2d:1c:48:1b:71:db:08:53:e5:18:de:b4:c4:7b:
         61:ae:16:9c:50:3b:1e:18:4d:5e:d3:4e:01:77:3c:94:9a:61:
         27:7d:ee:ce:61:c2:cc:d4:a4:dd:56:09:93:f3:32:02:5a:ef:
         1c:22:8b:aa:72:a4:4b:7e:88:16:4f:9f:e1:a8:98:94:24:51:
         4d:29:11:47:5a:93:2b:78:5e:02:22:8f:bc:6f:1a:69:eb:66:
         b5:6b:11:55:78:7b:b5:4e:08:06:94:8d:36:20:9b:cc:0e:31:
         bb:66:80:37:9a:e5:05:61:0f:61:a9:77:19:05:34:b8:48:d4:
         4c:da:70:f4:67:fe:cf:1c:f5:27:36:f0:aa:66:1e:ef:95:6e:
         03:c6:e2:73:46:be:f9:fc:7b:48:40:a9:d4:dc:d2:97:ee:1e:
         f1:a3:1f:62:ae:e8:e5:16:4b:79:b5:0e:cd:52:f8:f3:5a:ad:
         a7:ef:49:43
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ0bs8TIBNpOcBPikqpBVLe3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjYwMzIzMTcxNzM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTg4YjI0MDc5ZmVkNDY2Mjc1MWFmMjk4OWVlZjIxY2FhZDRhNGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA16OUroLGWQUZzrJp9R69VBuOc+vk
UqGDv56sokteI8phB85va7u10ZujbFcSh2rDZyCGvSoJkxNIocnk3U0DRt1LGtsF
O/Ht/egztBop3NctPAZ4YsXeorCe8Tu7UKz877vutygjB28RW/Lugr5dLUkoT1/V
8ZXHI9eADZPCSIhQjB5qWaojhyFYoCdg8URDCih7BsJoxrZXKn2QeDuTjlRHsNNw
/fQ/fX1DNVVuE6qfO7r752Pprf36iJvkuy+HGqyjFTU2/DjGBNJM3RZv8sP8bV06
B8MwpOXKgmX6wnPpbrxJmaOscy2B3Q76jxCBPl0Hs1Ee6yDslbIUkacLlQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFqIskB5/tRmJ1GvKYnu8hyq1KTeMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvV29peVFIbi0xR1luVWE4cGllN3lIS3JVcE40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg1vgCMD
MA0GCSqGSIb3DQEBCwUAA4IBAQDhbCJUY4AgWjKlQGkbJf7kWiHgYqxOfOy96Zuw
ChV32eBKml4jVZGqDOyM1SjaC6IfbstsBK5tDLHodSb8ipNUe3iVp22JiDpEpsX5
LRxIG3HbCFPlGN60xHthrhacUDseGE1e004BdzyUmmEnfe7OYcLM1KTdVgmT8zIC
Wu8cIouqcqRLfogWT5/hqJiUJFFNKRFHWpMreF4CIo+8bxpp62a1axFVeHu1TggG
lI02IJvMDjG7ZoA3muUFYQ9hqXcZBTS4SNRM2nD0Z/7PHPUnNvCqZh7vlW4DxuJz
Rr75/HtIQKnU3NKX7h7xox9irujlFkt5tQ7NUvjzWq2n70lD
-----END CERTIFICATE-----