Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/2WrIc3-SP4DwQkwPJgua1bGNJ8U.roa
File:                     2WrIc3-SP4DwQkwPJgua1bGNJ8U.roa (raw, json)
Hash identifier:          1n+jxmJd5F9eDLk5zWmpaiLv++ZbzD7Fd2FD1jx9EQI=
Subject key identifier:   D9:6A:C8:73:7F:92:3F:80:F0:42:4C:0F:26:0B:9A:D5:B1:8D:27:C5
Certificate issuer:       /CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
Certificate serial:       019CAA7393281B03E7B852811A65F4813A79
Authority key identifier: D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/2WrIc3-SP4DwQkwPJgua1bGNJ8U.roa
Signing time:             Sun 01 Mar 2026 17:30:26 +0000
ROA not before:           Sun 01 Mar 2026 17:30:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9009
IP address blocks:        37.49.149.0/24 maxlen: 24
                          37.49.151.0/24 maxlen: 24
                          109.203.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Mar 2026 14:20:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:aa:73:93:28:1b:03:e7:b8:52:81:1a:65:f4:81:3a:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
        Validity
            Not Before: Mar  1 17:30:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d96ac8737f923f80f0424c0f260b9ad5b18d27c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:f1:6f:61:a5:9e:6f:a9:2b:17:89:47:04:12:
                    e9:45:09:31:09:d1:3f:bb:16:8f:8e:60:52:ab:fe:
                    c0:96:34:14:25:e0:9d:80:9f:9c:b6:ce:e7:af:99:
                    cf:54:c0:99:e4:72:16:3f:36:63:1f:f1:6c:97:83:
                    ef:30:b1:39:dc:df:45:cd:50:2a:25:b9:52:1a:1b:
                    c1:5e:81:82:09:ac:84:0f:4e:d3:ab:ed:be:da:81:
                    9d:0c:c5:9d:1d:5d:55:8f:d9:eb:e1:4e:df:ae:89:
                    7a:54:6b:00:3f:90:40:31:2b:93:da:98:d1:09:f5:
                    1e:cf:9b:52:ed:7e:73:0c:28:03:12:54:e6:b5:8a:
                    9e:a3:cd:30:5c:c8:33:e8:68:e9:14:cb:24:4c:5c:
                    03:e6:9b:0f:d6:88:91:ab:6b:54:3e:e4:d0:ff:38:
                    f4:20:2e:df:27:03:ff:73:df:ea:10:d2:15:0e:9a:
                    f8:70:ff:f9:19:46:d8:5c:b0:9b:e7:92:e1:22:ce:
                    66:46:71:76:59:cc:c6:89:82:d3:19:f2:50:04:ef:
                    ce:f0:c5:33:8d:33:d8:43:4c:07:46:04:f8:8d:60:
                    6b:3f:1f:2b:26:eb:d9:7e:c3:b9:4d:35:0d:eb:98:
                    9a:89:12:e3:df:e8:ce:8d:89:8c:60:ce:d3:82:18:
                    e5:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:6A:C8:73:7F:92:3F:80:F0:42:4C:0F:26:0B:9A:D5:B1:8D:27:C5
            X509v3 Authority Key Identifier:
                keyid:D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/2WrIc3-SP4DwQkwPJgua1bGNJ8U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.49.149.0/24
                  37.49.151.0/24
                  109.203.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:b1:c6:15:70:14:62:ce:a6:2a:82:f0:5b:6c:e0:3c:91:b9:
         46:ad:da:19:f0:f6:43:12:ae:98:54:f1:50:58:22:c0:41:e5:
         04:bd:df:58:c1:62:3a:97:79:26:84:e6:dc:df:c6:24:44:ec:
         ea:0b:d7:b3:f3:e7:86:c9:26:31:8e:e8:7e:30:b2:fa:7a:14:
         76:6d:74:ee:7d:a6:85:e1:bb:c9:f5:1e:0b:17:eb:16:44:a4:
         ee:98:b7:ce:56:c3:fe:6e:45:0d:f1:2f:80:dc:88:8b:25:24:
         e0:68:43:de:d0:e9:b9:79:c4:e4:63:62:73:65:12:e3:f7:56:
         d9:8d:7d:1c:14:a9:0f:37:62:51:71:bd:d1:47:c8:b8:60:69:
         42:cc:23:41:26:4c:39:4f:11:05:0a:95:d4:17:95:0f:6c:ac:
         c9:32:49:7a:ba:1f:65:18:6c:ee:79:1e:b9:c0:2e:9f:e3:28:
         13:f5:8b:4f:39:66:1d:32:58:32:ad:c4:97:b0:50:fc:6a:b9:
         17:7f:2d:19:c7:39:3f:9b:31:3e:8d:cd:19:de:c9:da:12:7b:
         ef:04:1c:1d:6e:6d:e6:1d:38:7b:40:b8:05:c5:75:09:84:9e:
         14:bf:d2:0e:56:f2:91:19:67:83:31:20:94:3f:37:52:3e:b3:
         4d:61:bf:de
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZyqc5MoGwPnuFKBGmX0gTp5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MDQ3NWViZTdmMDdkNzQxNTNjYjFjY2EzMzhjMTZkODAx
ZjQ1ZjcwHhcNMjYwMzAxMTczMDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTZhYzg3MzdmOTIzZjgwZjA0MjRjMGYyNjBiOWFkNWIxOGQyN2M1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyfFvYaWeb6krF4lHBBLpRQkxCdE/
uxaPjmBSq/7AljQUJeCdgJ+cts7nr5nPVMCZ5HIWPzZjH/Fsl4PvMLE53N9FzVAq
JblSGhvBXoGCCayED07Tq+2+2oGdDMWdHV1Vj9nr4U7frol6VGsAP5BAMSuT2pjR
CfUez5tS7X5zDCgDElTmtYqeo80wXMgz6GjpFMskTFwD5psP1oiRq2tUPuTQ/zj0
IC7fJwP/c9/qENIVDpr4cP/5GUbYXLCb55LhIs5mRnF2WczGiYLTGfJQBO/O8MUz
jTPYQ0wHRgT4jWBrPx8rJuvZfsO5TTUN65iaiRLj3+jOjYmMYM7TghjlwwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNlqyHN/kj+A8EJMDyYLmtWxjSfFMB8GA1UdIwQY
MBaAFNYEdevn8H10FTyxzKM4wW2AH0X3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2Mt
NDk2ZjhlYmIyZDYxLzEvMldySWMzLVNQNER3UWt3UEpndWExYkdOSjhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2MtNDk2ZjhlYmIyZDYx
LzEvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAJTGVAwQA
JTGXAwQAbcugMA0GCSqGSIb3DQEBCwUAA4IBAQAIscYVcBRizqYqgvBbbOA8kblG
rdoZ8PZDEq6YVPFQWCLAQeUEvd9YwWI6l3kmhObc38YkROzqC9ez8+eGySYxjuh+
MLL6ehR2bXTufaaF4bvJ9R4LF+sWRKTumLfOVsP+bkUN8S+A3IiLJSTgaEPe0Om5
ecTkY2JzZRLj91bZjX0cFKkPN2JRcb3RR8i4YGlCzCNBJkw5TxEFCpXUF5UPbKzJ
Mkl6uh9lGGzueR65wC6f4ygT9YtPOWYdMlgyrcSXsFD8arkXfy0Zxzk/mzE+jc0Z
3snaEnvvBBwdbm3mHTh7QLgFxXUJhJ4Uv9IOVvKRGWeDMSCUPzdSPrNNYb/e
-----END CERTIFICATE-----