Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/WgcyTBI6WQF-QElIsEG49yh-7h0.roa
File:                     WgcyTBI6WQF-QElIsEG49yh-7h0.roa (raw, json)
Hash identifier:          TC2zRRjTs1RWW7bvJExhW23Tz7D+SN6qVY8OuAQ4+YU=
Subject key identifier:   5A:07:32:4C:12:3A:59:01:7E:40:49:48:B0:41:B8:F7:28:7E:EE:1D
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       01994E443331A3333E7BF56704006BCF810F
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/WgcyTBI6WQF-QElIsEG49yh-7h0.roa
Signing time:             Mon 15 Sep 2025 16:45:16 +0000
ROA not before:           Mon 15 Sep 2025 16:45:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     265827
IP address blocks:        45.86.20.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Sep 2025 07:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:4e:44:33:31:a3:33:3e:7b:f5:67:04:00:6b:cf:81:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Sep 15 16:45:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5a07324c123a59017e404948b041b8f7287eee1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:76:23:56:b9:32:24:82:81:85:da:56:4b:fd:
                    18:68:40:86:32:5a:9b:74:81:0c:55:5a:00:4d:30:
                    a2:c3:2b:15:f4:ae:ae:11:c1:2e:4a:98:f9:13:3f:
                    1e:15:8e:fb:39:98:a5:d1:da:50:3a:75:0b:93:2c:
                    5e:b1:51:a3:0e:5c:93:b9:19:49:f6:23:88:57:ad:
                    db:c5:5b:45:c1:57:9a:89:f5:84:65:78:79:e8:7d:
                    7b:dc:f6:b4:4e:a6:92:66:a4:78:e9:17:c8:20:01:
                    b7:05:3a:27:21:39:14:65:fa:2d:f7:1d:19:22:50:
                    45:78:0d:59:9e:7c:e7:8d:cc:83:5f:f4:91:eb:8f:
                    ee:e0:82:b6:3b:8f:33:7e:71:30:2a:c3:cd:a8:fc:
                    38:2b:c1:80:c3:3d:17:49:1e:7d:84:b3:40:af:36:
                    ad:b4:1e:06:4f:d6:d6:07:60:cf:9b:3f:ed:45:82:
                    22:18:3e:82:a5:0e:36:d7:c2:b5:16:5e:ec:9b:f6:
                    84:59:0c:ee:2b:0a:d3:64:b7:9c:2b:4c:3e:14:08:
                    f6:0b:8d:34:9b:4e:3e:90:a9:bc:1b:2c:51:30:42:
                    b0:d8:68:07:59:c8:66:ae:cd:17:26:5a:f5:f0:9f:
                    9e:ba:14:dc:c4:26:d9:e5:ff:14:a4:32:ca:d5:9a:
                    a3:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:07:32:4C:12:3A:59:01:7E:40:49:48:B0:41:B8:F7:28:7E:EE:1D
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/WgcyTBI6WQF-QElIsEG49yh-7h0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2a:72:d0:d6:f6:ad:06:97:ef:e1:d9:37:b7:ec:32:ba:ed:71:
         07:6a:16:5c:f3:9b:13:2f:30:cf:d4:78:b5:b4:3a:f7:04:4e:
         f9:e7:70:63:58:26:fd:f6:3d:8e:14:0a:c0:81:94:cc:31:50:
         90:74:19:ea:9d:23:57:4e:0e:4a:1b:7c:8b:2e:48:69:4c:7e:
         9d:fe:32:b3:ee:70:50:9a:db:ee:86:b7:63:97:7f:29:1e:23:
         63:86:7a:0b:5c:91:3d:f3:3a:6d:c5:a4:24:c4:b8:26:20:ef:
         e0:d5:82:89:be:06:fe:d7:29:d4:c5:77:da:8d:fb:75:fb:4f:
         ca:20:13:8e:ec:1a:aa:79:3e:65:f0:ba:90:08:90:d8:32:69:
         bb:1d:69:19:36:85:f0:82:da:c4:92:ff:e7:a4:b9:06:b8:bf:
         b9:95:cd:e1:66:a2:91:cf:6e:99:38:18:48:80:c7:46:9a:f6:
         0c:eb:4f:06:0b:f0:62:1b:17:31:5e:bc:e1:73:06:af:f8:35:
         77:8c:ec:be:c9:22:97:8a:af:d3:30:e5:23:f9:63:ac:aa:a2:
         3e:58:5c:e4:d4:f3:33:91:d8:11:2f:84:0b:de:9e:71:d8:cf:
         7d:d2:07:7c:df:d7:b0:cb:f4:be:1f:8d:3e:8f:1f:9a:c7:dd:
         8e:a4:e3:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlORDMxozM+e/VnBABrz4EPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjUwOTE1MTY0NTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTA3MzI0YzEyM2E1OTAxN2U0MDQ5NDhiMDQxYjhmNzI4N2VlZTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsnYjVrkyJIKBhdpWS/0YaECGMlqb
dIEMVVoATTCiwysV9K6uEcEuSpj5Ez8eFY77OZil0dpQOnULkyxesVGjDlyTuRlJ
9iOIV63bxVtFwVeaifWEZXh56H173Pa0TqaSZqR46RfIIAG3BTonITkUZfot9x0Z
IlBFeA1ZnnznjcyDX/SR64/u4IK2O48zfnEwKsPNqPw4K8GAwz0XSR59hLNArzat
tB4GT9bWB2DPmz/tRYIiGD6CpQ4218K1Fl7sm/aEWQzuKwrTZLecK0w+FAj2C400
m04+kKm8GyxRMEKw2GgHWchmrs0XJlr18J+euhTcxCbZ5f8UpDLK1ZqjEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFoHMkwSOlkBfkBJSLBBuPcofu4dMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvV2djeVRCSTZXUUYtUUVsSXNFRzQ5eWgtN2gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVYUMA0G
CSqGSIb3DQEBCwUAA4IBAQAqctDW9q0Gl+/h2Te37DK67XEHahZc85sTLzDP1Hi1
tDr3BE7553BjWCb99j2OFArAgZTMMVCQdBnqnSNXTg5KG3yLLkhpTH6d/jKz7nBQ
mtvuhrdjl38pHiNjhnoLXJE98zptxaQkxLgmIO/g1YKJvgb+1ynUxXfajft1+0/K
IBOO7BqqeT5l8LqQCJDYMmm7HWkZNoXwgtrEkv/npLkGuL+5lc3hZqKRz26ZOBhI
gMdGmvYM608GC/BiGxcxXrzhcwav+DV3jOy+ySKXiq/TMOUj+WOsqqI+WFzk1PMz
kdgRL4QL3p5x2M990gd839ewy/S+H40+jx+ax92OpOPN
-----END CERTIFICATE-----