Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/wEL0m2xnUOqnoMR4hx1-9e2xVoA.roa
File:                     wEL0m2xnUOqnoMR4hx1-9e2xVoA.roa (raw, json)
Hash identifier:          nuXzyo66+OQCGgqLPo+DoTkH/Kbc2R0P29NuQqSwjQk=
Subject key identifier:   C0:42:F4:9B:6C:67:50:EA:A7:A0:C4:78:87:1D:7E:F5:ED:B1:56:80
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       019E2B11F1CBCE47D16E4434C9701A3028FA
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/wEL0m2xnUOqnoMR4hx1-9e2xVoA.roa
Signing time:             Fri 15 May 2026 09:57:36 +0000
ROA not before:           Fri 15 May 2026 09:57:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        193.108.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 13:01:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2b:11:f1:cb:ce:47:d1:6e:44:34:c9:70:1a:30:28:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: May 15 09:57:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c042f49b6c6750eaa7a0c478871d7ef5edb15680
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:84:93:3a:f6:94:2f:7f:91:a4:81:fb:e3:05:
                    f9:6d:15:31:f3:08:f7:15:10:5e:12:7b:34:8f:b1:
                    19:81:a2:1f:f2:b8:25:fe:30:56:ff:37:9b:b1:88:
                    89:da:bb:e1:b1:c6:50:55:ef:9c:d2:1c:f0:06:db:
                    e5:98:b8:4a:12:27:22:72:41:fb:60:e9:48:c4:fd:
                    59:33:d2:96:02:87:63:f3:d2:9d:68:ae:b5:f1:8b:
                    52:10:d9:9b:c4:d6:cc:e9:6e:10:e3:ce:f0:9b:a4:
                    ae:af:a8:01:02:93:4e:c9:8d:b3:c6:e4:6f:d9:42:
                    fc:b1:d3:9b:d4:ad:88:81:19:58:45:6a:c3:b3:52:
                    fc:8b:0c:ee:e0:49:ea:ee:ac:4d:b6:72:52:a6:9a:
                    7f:f1:8d:4c:7f:b7:4f:f8:cf:96:43:8b:2f:a9:77:
                    4e:ab:02:41:18:d1:65:f3:3a:b6:c8:87:9f:22:66:
                    47:df:c9:4f:7b:5e:d3:02:d4:e5:77:d8:0c:40:47:
                    c2:10:c6:6c:e5:69:8f:46:32:65:83:3a:7e:69:23:
                    e1:55:0a:ff:85:ec:15:d8:4e:00:43:3a:72:06:ac:
                    20:a2:de:40:a1:10:3f:5d:d5:b9:b1:74:f2:2c:bb:
                    ae:9d:61:bf:b8:00:7d:41:18:f4:d5:b3:bb:1f:f6:
                    c6:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:42:F4:9B:6C:67:50:EA:A7:A0:C4:78:87:1D:7E:F5:ED:B1:56:80
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/wEL0m2xnUOqnoMR4hx1-9e2xVoA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:bd:fe:38:03:d7:e2:2e:e9:7d:1b:1a:50:56:7d:49:2c:88:
         e4:b9:ea:75:d8:50:ef:d6:66:ca:8a:89:2f:a3:33:1a:b3:93:
         8d:9a:00:1b:06:eb:40:f5:d7:d6:f5:6f:6e:7d:6b:86:24:55:
         c4:d6:f6:b7:f3:79:88:30:32:9e:1b:b0:dd:16:00:4d:d0:af:
         58:b3:43:69:07:be:bd:d2:e1:40:12:96:fc:ee:88:c3:a8:63:
         e6:d6:03:1f:07:f6:dc:00:49:9b:cc:1d:83:80:8b:b3:37:54:
         78:a5:2d:c0:c8:b5:b2:cc:8f:c3:1c:64:1c:99:50:1f:4f:2d:
         63:57:f1:2e:6a:28:5a:06:01:82:22:a7:5d:f0:6d:3b:1a:97:
         75:09:c1:ca:2f:a7:76:54:a9:9d:f1:e4:38:09:b1:8b:6d:72:
         7e:0d:71:3b:8b:27:b5:3e:92:ff:1a:9e:96:0b:3e:94:32:0c:
         56:ee:c0:5d:85:d8:53:c3:29:26:22:9e:cd:b1:31:e4:85:90:
         1c:9f:35:a7:eb:a6:3b:37:37:81:16:7e:30:05:2a:aa:06:1d:
         f8:98:6b:ec:b2:14:e7:75:80:c0:9a:4e:bb:81:00:d3:3b:56:
         38:73:30:45:fd:d2:b5:aa:37:d1:c1:ab:a3:9f:e6:d5:10:3c:
         b3:8d:92:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4rEfHLzkfRbkQ0yXAaMCj6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjYwNTE1MDk1NzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDQyZjQ5YjZjNjc1MGVhYTdhMGM0Nzg4NzFkN2VmNWVkYjE1NjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYSTOvaUL3+RpIH74wX5bRUx8wj3
FRBeEns0j7EZgaIf8rgl/jBW/zebsYiJ2rvhscZQVe+c0hzwBtvlmLhKEicickH7
YOlIxP1ZM9KWAodj89KdaK618YtSENmbxNbM6W4Q487wm6Sur6gBApNOyY2zxuRv
2UL8sdOb1K2IgRlYRWrDs1L8iwzu4Enq7qxNtnJSppp/8Y1Mf7dP+M+WQ4svqXdO
qwJBGNFl8zq2yIefImZH38lPe17TAtTld9gMQEfCEMZs5WmPRjJlgzp+aSPhVQr/
hewV2E4AQzpyBqwgot5AoRA/XdW5sXTyLLuunWG/uAB9QRj01bO7H/bGCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMBC9JtsZ1Dqp6DEeIcdfvXtsVaAMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvd0VMMG0yeG5VT3Fub01SNGh4MS05ZTJ4Vm9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWw4MA0G
CSqGSIb3DQEBCwUAA4IBAQCovf44A9fiLul9GxpQVn1JLIjkuep12FDv1mbKiokv
ozMas5ONmgAbButA9dfW9W9ufWuGJFXE1va383mIMDKeG7DdFgBN0K9Ys0NpB769
0uFAEpb87ojDqGPm1gMfB/bcAEmbzB2DgIuzN1R4pS3AyLWyzI/DHGQcmVAfTy1j
V/EuaihaBgGCIqdd8G07Gpd1CcHKL6d2VKmd8eQ4CbGLbXJ+DXE7iye1PpL/Gp6W
Cz6UMgxW7sBdhdhTwykmIp7NsTHkhZAcnzWn66Y7NzeBFn4wBSqqBh34mGvsshTn
dYDAmk67gQDTO1Y4czBF/dK1qjfRwaujn+bVEDyzjZIZ
-----END CERTIFICATE-----