Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/10ebec-2784-4daa-8df7-be4d5d09d710/1/WHeuBr41SRHYb97wRA-9N6rZlYY.roa
File:                     WHeuBr41SRHYb97wRA-9N6rZlYY.roa (raw, json)
Hash identifier:          JKr5DtUCS/MHFFPv5d8SACsCIRv8QZPYpdOpKjP/pqM=
Subject key identifier:   58:77:AE:06:BE:35:49:11:D8:6F:DE:F0:44:0F:BD:37:AA:D9:95:86
Certificate issuer:       /CN=f2a253cdf507a03e1f579d202d8df11d68f5c3d7
Certificate serial:       019DF51F68FCEAF82D3F9875DFBC3C8BB75D
Authority key identifier: F2:A2:53:CD:F5:07:A0:3E:1F:57:9D:20:2D:8D:F1:1D:68:F5:C3:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8qJTzfUHoD4fV50gLY3xHWj1w9c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/10ebec-2784-4daa-8df7-be4d5d09d710/1/WHeuBr41SRHYb97wRA-9N6rZlYY.roa
Signing time:             Mon 04 May 2026 22:32:49 +0000
ROA not before:           Mon 04 May 2026 22:32:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     36231
IP address blocks:        45.88.228.0/22 maxlen: 24
                          45.88.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/10ebec-2784-4daa-8df7-be4d5d09d710/1/8qJTzfUHoD4fV50gLY3xHWj1w9c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/10ebec-2784-4daa-8df7-be4d5d09d710/1/8qJTzfUHoD4fV50gLY3xHWj1w9c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8qJTzfUHoD4fV50gLY3xHWj1w9c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 18:48:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f5:1f:68:fc:ea:f8:2d:3f:98:75:df:bc:3c:8b:b7:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2a253cdf507a03e1f579d202d8df11d68f5c3d7
        Validity
            Not Before: May  4 22:32:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5877ae06be354911d86fdef0440fbd37aad99586
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:df:4c:0e:a5:94:3a:8c:73:2d:80:32:ac:05:
                    e4:a5:61:65:0f:3f:a0:07:11:8f:23:61:f6:16:7b:
                    13:96:ad:88:ac:30:9b:59:95:c1:bb:80:17:39:2b:
                    37:14:3a:18:d3:09:2c:4d:5b:d0:5f:3a:06:11:25:
                    f8:86:12:77:50:4f:1f:dd:b1:b0:51:4d:09:1f:4a:
                    5e:54:ea:16:55:a1:d9:b4:93:c4:64:95:3a:6c:d7:
                    ba:4c:23:e1:45:ad:9c:1b:99:ac:84:03:58:ac:5b:
                    f7:d2:18:96:e5:be:d0:6b:f3:4a:7f:d1:3a:cb:b5:
                    8f:86:c9:83:cd:e4:fe:d0:c5:2a:70:fe:0a:bd:34:
                    c8:37:9f:43:d9:85:97:20:b8:7d:bb:6a:8f:cc:39:
                    7d:0f:a4:b9:60:9e:33:a1:35:32:0b:18:fe:c0:41:
                    27:8a:86:bc:92:99:bc:d1:77:f3:50:18:eb:5c:9f:
                    a0:99:af:30:f0:b4:42:ea:ad:91:a5:3f:3b:f0:55:
                    56:bf:07:b1:e1:e7:86:ec:10:9f:6d:af:7f:17:2c:
                    2d:9d:39:4d:e0:34:cf:20:5d:6a:ae:f0:4c:fe:ac:
                    57:4c:a6:88:4e:36:72:8d:c6:5c:ad:76:62:ba:3b:
                    fb:49:4e:9b:cf:b3:89:24:bd:b6:c2:53:57:12:39:
                    72:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:77:AE:06:BE:35:49:11:D8:6F:DE:F0:44:0F:BD:37:AA:D9:95:86
            X509v3 Authority Key Identifier:
                keyid:F2:A2:53:CD:F5:07:A0:3E:1F:57:9D:20:2D:8D:F1:1D:68:F5:C3:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8qJTzfUHoD4fV50gLY3xHWj1w9c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/10ebec-2784-4daa-8df7-be4d5d09d710/1/WHeuBr41SRHYb97wRA-9N6rZlYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/10ebec-2784-4daa-8df7-be4d5d09d710/1/8qJTzfUHoD4fV50gLY3xHWj1w9c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         54:7d:45:6b:3e:cc:85:e2:4b:31:a1:e3:62:42:fe:65:a1:e9:
         b1:f0:07:5b:c0:54:1b:ef:02:fc:70:32:2b:7b:6d:88:0d:ed:
         e2:11:53:aa:9d:41:27:32:aa:54:fd:06:98:01:6d:a0:d1:cc:
         2b:d3:cf:d7:fd:ca:8d:b9:fe:ff:96:4f:97:94:a6:5c:45:a0:
         45:fa:fb:12:c2:d6:ac:fd:0f:1b:3b:12:62:2b:4a:b0:83:c8:
         da:bb:4c:a3:5c:4c:28:92:3b:59:4d:90:13:61:66:61:99:d0:
         79:5a:11:36:1b:6b:82:f9:4c:ea:0c:32:11:22:6a:26:7f:d2:
         8e:1b:76:3c:e3:55:95:de:1c:04:ad:6c:fe:e2:99:77:b6:bb:
         ba:d2:a9:10:ea:2d:ce:00:ce:bc:27:7b:da:86:9d:66:28:bd:
         77:05:8d:b0:a4:e4:30:b7:cb:91:a3:b0:b0:91:c5:23:17:2d:
         b5:bc:ca:f6:58:3f:5c:19:08:13:61:3c:16:06:23:ab:f9:47:
         86:48:8f:18:31:af:6d:4f:60:3d:d9:63:3d:c9:79:17:72:2a:
         ef:e6:3b:bb:bb:c5:7f:c9:7d:ce:0e:ca:a2:e6:e8:b9:b3:0d:
         0f:f4:e9:36:33:6c:40:b7:b6:63:44:2c:2f:d4:1a:14:c6:d6:
         52:49:d9:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ31H2j86vgtP5h137w8i7ddMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyYTI1M2NkZjUwN2EwM2UxZjU3OWQyMDJkOGRmMTFkNjhm
NWMzZDcwHhcNMjYwNTA0MjIzMjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODc3YWUwNmJlMzU0OTExZDg2ZmRlZjA0NDBmYmQzN2FhZDk5NTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArN9MDqWUOoxzLYAyrAXkpWFlDz+g
BxGPI2H2FnsTlq2IrDCbWZXBu4AXOSs3FDoY0wksTVvQXzoGESX4hhJ3UE8f3bGw
UU0JH0peVOoWVaHZtJPEZJU6bNe6TCPhRa2cG5mshANYrFv30hiW5b7Qa/NKf9E6
y7WPhsmDzeT+0MUqcP4KvTTIN59D2YWXILh9u2qPzDl9D6S5YJ4zoTUyCxj+wEEn
ioa8kpm80XfzUBjrXJ+gma8w8LRC6q2RpT878FVWvwex4eeG7BCfba9/FywtnTlN
4DTPIF1qrvBM/qxXTKaITjZyjcZcrXZiujv7SU6bz7OJJL22wlNXEjlyOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFh3rga+NUkR2G/e8EQPvTeq2ZWGMB8GA1UdIwQY
MBaAFPKiU831B6A+H1edIC2N8R1o9cPXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHFKVHpmVUhvRDRmVjUwZ0xZM3hIV2oxdzljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8xMGViZWMtMjc4NC00ZGFhLThkZjct
YmU0ZDVkMDlkNzEwLzEvV0hldUJyNDFTUkhZYjk3d1JBLTlONnJabFlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8xMGViZWMtMjc4NC00ZGFhLThkZjctYmU0ZDVkMDlkNzEw
LzEvOHFKVHpmVUhvRDRmVjUwZ0xZM3hIV2oxdzljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVjkMA0G
CSqGSIb3DQEBCwUAA4IBAQBUfUVrPsyF4ksxoeNiQv5loemx8AdbwFQb7wL8cDIr
e22IDe3iEVOqnUEnMqpU/QaYAW2g0cwr08/X/cqNuf7/lk+XlKZcRaBF+vsSwtas
/Q8bOxJiK0qwg8jau0yjXEwokjtZTZATYWZhmdB5WhE2G2uC+UzqDDIRImomf9KO
G3Y841WV3hwErWz+4pl3tru60qkQ6i3OAM68J3vahp1mKL13BY2wpOQwt8uRo7Cw
kcUjFy21vMr2WD9cGQgTYTwWBiOr+UeGSI8YMa9tT2A92WM9yXkXcirv5ju7u8V/
yX3ODsqi5ui5sw0P9Ok2M2xAt7ZjRCwv1BoUxtZSSdkf
-----END CERTIFICATE-----