Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/WStTkDWryShdVUwCXY7r6NUcqeo.roa
File:                     WStTkDWryShdVUwCXY7r6NUcqeo.roa (raw, json)
Hash identifier:          RYhIqNhBXlEyW4s6cfE9lRvg5qZOTyyKMBoWIvLkpbg=
Subject key identifier:   59:2B:53:90:35:AB:C9:28:5D:55:4C:02:5D:8E:EB:E8:D5:1C:A9:EA
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019EA2298D1E46529DF4FBE485C38EAF290A
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/WStTkDWryShdVUwCXY7r6NUcqeo.roa
Signing time:             Sun 07 Jun 2026 12:58:12 +0000
ROA not before:           Sun 07 Jun 2026 12:58:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199417
IP address blocks:        2a0e:97c0:c60::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Jun 2026 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a2:29:8d:1e:46:52:9d:f4:fb:e4:85:c3:8e:af:29:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jun  7 12:58:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=592b539035abc9285d554c025d8eebe8d51ca9ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:fb:b4:99:cd:a6:9f:b1:84:73:7c:8e:68:a5:
                    37:e5:17:e0:82:65:a9:2b:f0:13:de:8a:9d:05:e9:
                    aa:b1:69:6f:bf:a7:ec:48:5d:ad:cf:ca:82:23:e6:
                    06:48:4c:11:67:23:b3:07:cb:38:40:10:31:5d:57:
                    ba:a4:46:1a:8b:b1:ba:89:ab:70:b1:30:a6:3f:b5:
                    8b:29:10:22:c5:73:d7:5a:b5:4b:35:8e:c2:58:0f:
                    aa:d7:a1:f9:35:01:4c:f2:fc:91:ed:77:47:1f:1e:
                    fb:18:02:7a:03:5e:05:cb:85:3c:87:87:f3:c9:5a:
                    1b:73:b6:39:28:bc:75:4f:9d:a4:d2:a3:b1:fd:43:
                    1d:b1:01:23:2e:97:5d:82:75:cd:f3:45:55:f7:bc:
                    86:56:69:80:2d:f1:59:38:cb:da:ca:37:39:f9:28:
                    cb:14:0e:ff:2f:dd:a9:45:13:a0:68:6c:31:dd:67:
                    05:71:8d:15:07:fb:97:f0:31:d5:17:6b:b1:48:67:
                    3d:18:ae:33:f7:78:66:0e:e5:2c:e7:05:8b:be:c5:
                    74:75:b7:e7:31:fe:b1:bd:db:22:a5:1c:ff:28:0b:
                    d9:80:a1:b9:36:00:05:f3:0e:44:dd:4f:e1:49:5c:
                    c3:50:a8:21:02:99:4e:62:78:10:ce:df:4f:c0:05:
                    57:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:2B:53:90:35:AB:C9:28:5D:55:4C:02:5D:8E:EB:E8:D5:1C:A9:EA
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/WStTkDWryShdVUwCXY7r6NUcqeo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:c60::/44

    Signature Algorithm: sha256WithRSAEncryption
         3a:32:d0:78:0d:14:1a:60:e2:54:f9:2e:3a:a2:69:1f:57:59:
         b1:db:62:d0:fd:b5:48:55:8b:84:91:34:43:0d:b5:d8:10:14:
         20:b0:a3:05:60:27:bf:3f:11:f8:62:28:90:ae:b2:d3:bd:e8:
         81:09:a2:8a:72:4b:7b:8a:85:62:69:aa:78:c3:1d:3b:24:b2:
         fa:a2:85:2d:a4:8c:10:f6:35:99:98:12:58:0a:86:78:24:7d:
         55:cd:34:72:bc:03:a6:44:1b:55:4c:50:58:32:f9:30:ba:ca:
         3a:53:9c:b0:9d:05:60:7f:7b:93:2b:c0:cc:9f:01:5b:a7:b3:
         42:c5:c2:2b:a2:09:c5:ee:f8:75:e5:06:d8:51:87:fe:b3:ec:
         47:bf:c6:45:dd:9d:fb:2c:79:a9:11:ea:e2:db:dc:8c:cf:1e:
         21:f5:65:a5:ed:3d:e1:96:7a:4f:5f:cb:e9:a8:18:dc:04:ad:
         ed:af:22:58:a7:b0:da:04:d6:b6:2d:3f:6d:ac:c1:43:31:d0:
         41:3a:4f:d7:3d:a3:fd:f0:c6:ce:a8:1b:31:43:72:5c:c9:8d:
         e3:a9:da:38:68:fe:98:eb:ef:d9:f7:bf:fb:30:7b:f5:9e:08:
         e5:31:53:6c:5b:50:4d:41:01:8d:ac:83:45:51:e9:b5:a2:38:
         98:fd:ee:0c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ6iKY0eRlKd9PvkhcOOrykKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjYwNjA3MTI1ODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTJiNTM5MDM1YWJjOTI4NWQ1NTRjMDI1ZDhlZWJlOGQ1MWNhOWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/u0mc2mn7GEc3yOaKU35RfggmWp
K/AT3oqdBemqsWlvv6fsSF2tz8qCI+YGSEwRZyOzB8s4QBAxXVe6pEYai7G6iatw
sTCmP7WLKRAixXPXWrVLNY7CWA+q16H5NQFM8vyR7XdHHx77GAJ6A14Fy4U8h4fz
yVobc7Y5KLx1T52k0qOx/UMdsQEjLpddgnXN80VV97yGVmmALfFZOMvayjc5+SjL
FA7/L92pRROgaGwx3WcFcY0VB/uX8DHVF2uxSGc9GK4z93hmDuUs5wWLvsV0dbfn
Mf6xvdsipRz/KAvZgKG5NgAF8w5E3U/hSVzDUKghAplOYngQzt9PwAVXGQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFkrU5A1q8koXVVMAl2O6+jVHKnqMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvV1N0VGtEV3J5U2hkVlV3Q1hZN3I2TlVjcWVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAxg
MA0GCSqGSIb3DQEBCwUAA4IBAQA6MtB4DRQaYOJU+S46omkfV1mx22LQ/bVIVYuE
kTRDDbXYEBQgsKMFYCe/PxH4YiiQrrLTveiBCaKKckt7ioViaap4wx07JLL6ooUt
pIwQ9jWZmBJYCoZ4JH1VzTRyvAOmRBtVTFBYMvkwuso6U5ywnQVgf3uTK8DMnwFb
p7NCxcIrognF7vh15QbYUYf+s+xHv8ZF3Z37LHmpEeri29yMzx4h9WWl7T3hlnpP
X8vpqBjcBK3tryJYp7DaBNa2LT9trMFDMdBBOk/XPaP98MbOqBsxQ3JcyY3jqdo4
aP6Y6+/Z97/7MHv1ngjlMVNsW1BNQQGNrINFUem1ojiY/e4M
-----END CERTIFICATE-----