Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/29fb04-e07b-4e30-b8f5-54204ddd2ca6/1/w0C9G2qPZJv1Tmc5UTZM1QYjS-g.roa
File:                     w0C9G2qPZJv1Tmc5UTZM1QYjS-g.roa (raw, json)
Hash identifier:          TVbUTMbWNCbl8qQnJCJFREpOLL2oKxR2j6Nt/ivzOnc=
Subject key identifier:   C3:40:BD:1B:6A:8F:64:9B:F5:4E:67:39:51:36:4C:D5:06:23:4B:E8
Certificate issuer:       /CN=5ec1769d3ff042124698e31c472b63bbf1bbb5ad
Certificate serial:       019DB3BF37FB61DABC4553629659D9C9D1BA
Authority key identifier: 5E:C1:76:9D:3F:F0:42:12:46:98:E3:1C:47:2B:63:BB:F1:BB:B5:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XsF2nT_wQhJGmOMcRytju_G7ta0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/29fb04-e07b-4e30-b8f5-54204ddd2ca6/1/w0C9G2qPZJv1Tmc5UTZM1QYjS-g.roa
Signing time:             Wed 22 Apr 2026 05:52:26 +0000
ROA not before:           Wed 22 Apr 2026 05:52:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208185
IP address blocks:        185.84.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/29fb04-e07b-4e30-b8f5-54204ddd2ca6/1/XsF2nT_wQhJGmOMcRytju_G7ta0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/29fb04-e07b-4e30-b8f5-54204ddd2ca6/1/XsF2nT_wQhJGmOMcRytju_G7ta0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XsF2nT_wQhJGmOMcRytju_G7ta0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 17:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b3:bf:37:fb:61:da:bc:45:53:62:96:59:d9:c9:d1:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ec1769d3ff042124698e31c472b63bbf1bbb5ad
        Validity
            Not Before: Apr 22 05:52:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c340bd1b6a8f649bf54e673951364cd506234be8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:00:98:1c:d7:79:c0:e8:d9:ec:aa:9a:4b:6f:
                    6d:67:3d:fa:d3:2d:79:73:31:cb:0d:3b:b6:67:a6:
                    89:00:00:58:47:4c:58:2b:8d:f3:0f:0e:9e:85:76:
                    72:54:1c:2b:39:31:80:ce:a8:e1:41:24:bf:37:22:
                    72:90:3e:30:1b:0d:cc:38:44:ae:44:c2:ed:71:86:
                    e0:28:c8:97:92:19:3e:51:4f:58:d6:02:e3:f1:41:
                    76:8a:da:9a:a0:4c:81:0f:c8:49:85:94:b5:d6:72:
                    52:61:28:40:74:a1:67:89:1d:34:cf:1f:07:86:5a:
                    f3:cb:25:97:19:38:36:92:0a:e2:6c:8e:63:72:92:
                    cc:3c:a5:66:70:92:15:5d:66:cb:a7:54:b0:72:5d:
                    67:8a:b4:27:5e:1b:97:38:60:6c:33:fc:cc:90:ce:
                    9b:e1:89:17:72:5d:67:41:ab:ff:82:f8:8f:fe:58:
                    4b:79:50:f9:5e:2a:f3:09:ea:3a:c1:63:0d:ab:8d:
                    cc:87:47:c4:60:e2:cd:89:d5:22:a9:8b:c3:54:e7:
                    ce:67:0e:ba:72:b5:b7:4c:2e:a4:04:04:98:da:93:
                    92:c4:dc:69:c0:ea:4b:51:31:17:ba:37:3f:68:8c:
                    fb:86:da:b6:cd:73:e9:6f:6a:e4:14:25:de:90:44:
                    05:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:40:BD:1B:6A:8F:64:9B:F5:4E:67:39:51:36:4C:D5:06:23:4B:E8
            X509v3 Authority Key Identifier:
                keyid:5E:C1:76:9D:3F:F0:42:12:46:98:E3:1C:47:2B:63:BB:F1:BB:B5:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XsF2nT_wQhJGmOMcRytju_G7ta0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/29fb04-e07b-4e30-b8f5-54204ddd2ca6/1/w0C9G2qPZJv1Tmc5UTZM1QYjS-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/29fb04-e07b-4e30-b8f5-54204ddd2ca6/1/XsF2nT_wQhJGmOMcRytju_G7ta0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.84.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:2b:30:7d:f2:b9:b4:25:95:38:3a:8d:be:13:77:c4:72:6c:
         f2:79:39:c7:79:de:03:7c:76:75:6f:fc:26:eb:25:f6:54:23:
         03:c3:0b:f3:e0:71:1b:a9:99:8a:b2:cd:1c:7a:3e:8a:6f:a5:
         82:5c:64:e5:a9:10:7d:a7:7b:28:d3:be:28:98:45:01:7a:f9:
         22:27:41:ec:f7:ad:b1:84:23:1c:1a:1f:60:f1:39:a1:7b:9c:
         c3:d5:1f:b5:4f:1a:d5:4b:b3:58:dd:75:5e:a0:6d:dc:4e:93:
         3c:2d:df:87:d9:d9:7a:02:f7:d7:17:65:da:38:41:81:a6:09:
         0f:d7:4a:1a:87:bf:ea:db:0e:aa:21:22:79:ed:84:78:af:8e:
         a3:79:ad:a5:a4:d9:e7:5f:60:00:d1:77:3b:15:1d:76:a3:88:
         b8:eb:6b:64:34:d9:ef:b4:3b:0e:ef:99:56:61:3c:c5:2b:c9:
         09:89:2e:f7:38:d7:4c:27:2b:0d:06:d3:ef:d2:d5:87:82:0b:
         31:11:9d:27:cc:1d:c6:bb:21:ff:2d:9c:b1:05:95:38:40:e6:
         88:f5:44:5c:39:d2:b2:5b:f4:41:ad:2a:17:61:21:fb:0b:8d:
         98:d2:ae:74:38:25:dd:3f:d8:a1:fb:cd:a0:22:d3:d5:01:e7:
         aa:04:a6:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2zvzf7Ydq8RVNillnZydG6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlYzE3NjlkM2ZmMDQyMTI0Njk4ZTMxYzQ3MmI2M2JiZjFi
YmI1YWQwHhcNMjYwNDIyMDU1MjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzQwYmQxYjZhOGY2NDliZjU0ZTY3Mzk1MTM2NGNkNTA2MjM0YmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiQCYHNd5wOjZ7KqaS29tZz360y15
czHLDTu2Z6aJAABYR0xYK43zDw6ehXZyVBwrOTGAzqjhQSS/NyJykD4wGw3MOESu
RMLtcYbgKMiXkhk+UU9Y1gLj8UF2itqaoEyBD8hJhZS11nJSYShAdKFniR00zx8H
hlrzyyWXGTg2kgribI5jcpLMPKVmcJIVXWbLp1Swcl1nirQnXhuXOGBsM/zMkM6b
4YkXcl1nQav/gviP/lhLeVD5XirzCeo6wWMNq43Mh0fEYOLNidUiqYvDVOfOZw66
crW3TC6kBASY2pOSxNxpwOpLUTEXujc/aIz7htq2zXPpb2rkFCXekEQF8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMNAvRtqj2Sb9U5nOVE2TNUGI0voMB8GA1UdIwQY
MBaAFF7Bdp0/8EISRpjjHEcrY7vxu7WtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHNGMm5UX3dRaEpHbU9NY1J5dGp1X0c3dGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny8yOWZiMDQtZTA3Yi00ZTMwLWI4ZjUt
NTQyMDRkZGQyY2E2LzEvdzBDOUcycVBaSnYxVG1jNVVUWk0xUVlqUy1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny8yOWZiMDQtZTA3Yi00ZTMwLWI4ZjUtNTQyMDRkZGQyY2E2
LzEvWHNGMm5UX3dRaEpHbU9NY1J5dGp1X0c3dGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVSfMA0G
CSqGSIb3DQEBCwUAA4IBAQCQKzB98rm0JZU4Oo2+E3fEcmzyeTnHed4DfHZ1b/wm
6yX2VCMDwwvz4HEbqZmKss0cej6Kb6WCXGTlqRB9p3so074omEUBevkiJ0Hs962x
hCMcGh9g8Tmhe5zD1R+1TxrVS7NY3XVeoG3cTpM8Ld+H2dl6AvfXF2XaOEGBpgkP
10oah7/q2w6qISJ57YR4r46jea2lpNnnX2AA0Xc7FR12o4i462tkNNnvtDsO75lW
YTzFK8kJiS73ONdMJysNBtPv0tWHggsxEZ0nzB3GuyH/LZyxBZU4QOaI9URcOdKy
W/RBrSoXYSH7C42Y0q50OCXdP9ih+82gItPVAeeqBKZH
-----END CERTIFICATE-----