Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/W6jn-ALYoP-t7X7NgHuP9jq7CL0.roa
File:                     W6jn-ALYoP-t7X7NgHuP9jq7CL0.roa (raw, json)
Hash identifier:          7J3TT/aBCBiCDlu/v4GnhDzbGN6I9+a7vTFrwNjsAPw=
Subject key identifier:   5B:A8:E7:F8:02:D8:A0:FF:AD:ED:7E:CD:80:7B:8F:F6:3A:BB:08:BD
Certificate issuer:       /CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
Certificate serial:       019E4163C088A30162693B6037C9D7F7CCEE
Authority key identifier: 12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/W6jn-ALYoP-t7X7NgHuP9jq7CL0.roa
Signing time:             Tue 19 May 2026 17:58:36 +0000
ROA not before:           Tue 19 May 2026 17:58:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215245
IP address blocks:        31.22.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 17:49:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:41:63:c0:88:a3:01:62:69:3b:60:37:c9:d7:f7:cc:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
        Validity
            Not Before: May 19 17:58:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5ba8e7f802d8a0ffaded7ecd807b8ff63abb08bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:56:41:77:8c:ae:b1:0d:5c:35:7a:38:5b:ba:
                    c1:22:bc:94:88:b8:7f:89:0b:79:bb:e1:34:7a:d1:
                    49:f2:51:22:74:e3:10:3e:c9:85:27:73:59:6b:42:
                    e0:79:87:5d:56:e5:db:df:28:27:0b:c1:9a:0a:fd:
                    97:44:25:b1:f9:17:64:1b:34:ee:bf:b2:af:5c:1f:
                    6c:0c:38:9d:b2:98:74:59:2d:9e:58:1e:dc:8d:e4:
                    ee:0a:be:c0:47:1e:80:ba:f2:8d:2b:94:3f:45:c8:
                    43:dd:5b:13:f9:9f:0e:8d:d9:eb:5e:55:d4:88:ac:
                    ec:bf:7a:d2:fe:5b:4a:1f:d2:d0:ef:c6:04:5f:91:
                    d9:2f:ac:1a:77:c8:df:56:8b:82:fd:91:bb:69:ec:
                    b6:56:36:3f:e6:b8:a5:3f:74:d2:a8:92:21:4d:e3:
                    1b:e0:ab:a0:2d:ab:d1:62:d9:e0:df:55:26:16:a2:
                    1e:e3:63:15:df:81:3d:a9:ed:14:f2:6a:be:bd:25:
                    60:0f:ec:e7:30:f7:aa:9f:9c:83:74:f5:24:2b:79:
                    b4:b3:5d:20:4c:22:43:78:aa:2a:b3:3b:92:97:75:
                    2f:43:35:c2:a3:d6:b0:84:89:60:ec:9a:68:c6:1f:
                    2f:84:06:02:de:98:31:9d:09:7c:97:00:9d:53:66:
                    c4:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:A8:E7:F8:02:D8:A0:FF:AD:ED:7E:CD:80:7B:8F:F6:3A:BB:08:BD
            X509v3 Authority Key Identifier:
                keyid:12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/W6jn-ALYoP-t7X7NgHuP9jq7CL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.22.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:b3:81:d9:bc:47:56:a9:7e:f1:48:f7:34:90:8b:db:54:77:
         c8:4a:f7:bb:19:cc:ce:37:c3:af:21:86:8f:89:c4:15:01:89:
         90:64:64:bf:0c:fd:3f:59:2d:21:18:91:8f:e7:dc:c5:53:d8:
         98:97:95:e4:cd:fe:eb:66:bc:b4:db:19:bc:6e:92:6d:5d:b5:
         35:16:6e:4e:1d:e8:23:f6:ad:eb:f3:0e:cc:32:ca:b6:66:27:
         53:f3:02:fb:6e:3d:e4:b6:c0:1e:65:15:8c:72:3f:54:37:9b:
         25:3f:fa:0e:e3:3b:5b:20:1d:15:dd:b1:99:90:ec:59:f9:b4:
         2f:c2:26:4e:67:1d:3f:45:02:96:97:60:fb:ca:8c:c3:e1:22:
         8d:a6:98:61:68:61:62:1c:61:83:4a:3b:c0:98:7c:b9:02:1b:
         6e:33:5a:23:0b:5e:5c:3a:26:f8:8a:20:cf:40:ce:15:cf:2b:
         48:04:87:46:32:73:4d:68:54:df:25:79:3a:7e:e3:ea:23:ab:
         ef:45:18:7f:54:25:2a:1a:5d:f2:aa:b0:5a:92:23:81:41:d0:
         77:14:dc:55:a7:50:6f:22:15:20:9e:31:0d:39:20:6c:94:72:
         80:91:69:1e:f2:2a:f0:71:70:c9:ab:ed:be:55:b2:f0:29:61:
         d7:cb:52:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5BY8CIowFiaTtgN8nX98zuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYmUyOWM5NTY4OTRjNDljNmQ0YmUwZWQ5ODg4MmI5MGQx
YmM3N2YwHhcNMjYwNTE5MTc1ODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmE4ZTdmODAyZDhhMGZmYWRlZDdlY2Q4MDdiOGZmNjNhYmIwOGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA01ZBd4yusQ1cNXo4W7rBIryUiLh/
iQt5u+E0etFJ8lEidOMQPsmFJ3NZa0LgeYddVuXb3ygnC8GaCv2XRCWx+RdkGzTu
v7KvXB9sDDidsph0WS2eWB7cjeTuCr7ARx6AuvKNK5Q/RchD3VsT+Z8OjdnrXlXU
iKzsv3rS/ltKH9LQ78YEX5HZL6wad8jfVouC/ZG7aey2VjY/5rilP3TSqJIhTeMb
4KugLavRYtng31UmFqIe42MV34E9qe0U8mq+vSVgD+znMPeqn5yDdPUkK3m0s10g
TCJDeKoqszuSl3UvQzXCo9awhIlg7Jpoxh8vhAYC3pgxnQl8lwCdU2bENwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFuo5/gC2KD/re1+zYB7j/Y6uwi9MB8GA1UdIwQY
MBaAFBK+KclWiUxJxtS+DtmIgrkNG8d/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjIt
YWE2ZWQ0ZGFmYjNiLzEvVzZqbi1BTFlvUC10N1g3TmdIdVA5anE3Q0wwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjItYWE2ZWQ0ZGFmYjNi
LzEvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHxZNMA0G
CSqGSIb3DQEBCwUAA4IBAQBGs4HZvEdWqX7xSPc0kIvbVHfISve7GczON8OvIYaP
icQVAYmQZGS/DP0/WS0hGJGP59zFU9iYl5Xkzf7rZry02xm8bpJtXbU1Fm5OHegj
9q3r8w7MMsq2ZidT8wL7bj3ktsAeZRWMcj9UN5slP/oO4ztbIB0V3bGZkOxZ+bQv
wiZOZx0/RQKWl2D7yozD4SKNpphhaGFiHGGDSjvAmHy5AhtuM1ojC15cOib4iiDP
QM4VzytIBIdGMnNNaFTfJXk6fuPqI6vvRRh/VCUqGl3yqrBakiOBQdB3FNxVp1Bv
IhUgnjENOSBslHKAkWke8irwcXDJq+2+VbLwKWHXy1I2
-----END CERTIFICATE-----