Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/0e3f23-5897-48f2-a888-7d242fcab170/1/WwDOvongC1_X8P9dsP5SDAx3pIw.roa
File:                     WwDOvongC1_X8P9dsP5SDAx3pIw.roa (raw, json)
Hash identifier:          OvjUCdki/Xpiry32DFBQzx/CWIybLt/kwDkvEQjTH6I=
Subject key identifier:   5B:00:CE:BE:89:E0:0B:5F:D7:F0:FF:5D:B0:FE:52:0C:0C:77:A4:8C
Certificate issuer:       /CN=601b4ba133f238dd6ab3e0a9ac8875c8d80bf6b7
Certificate serial:       019D9A87BE96690909FE28EDDD7A36B09A5B
Authority key identifier: 60:1B:4B:A1:33:F2:38:DD:6A:B3:E0:A9:AC:88:75:C8:D8:0B:F6:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YBtLoTPyON1qs-CprIh1yNgL9rc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/0e3f23-5897-48f2-a888-7d242fcab170/1/WwDOvongC1_X8P9dsP5SDAx3pIw.roa
Signing time:             Fri 17 Apr 2026 08:21:20 +0000
ROA not before:           Fri 17 Apr 2026 08:21:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216472
IP address blocks:        2a0b:3840::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/0e3f23-5897-48f2-a888-7d242fcab170/1/YBtLoTPyON1qs-CprIh1yNgL9rc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/0e3f23-5897-48f2-a888-7d242fcab170/1/YBtLoTPyON1qs-CprIh1yNgL9rc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YBtLoTPyON1qs-CprIh1yNgL9rc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 May 2026 11:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9a:87:be:96:69:09:09:fe:28:ed:dd:7a:36:b0:9a:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=601b4ba133f238dd6ab3e0a9ac8875c8d80bf6b7
        Validity
            Not Before: Apr 17 08:21:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5b00cebe89e00b5fd7f0ff5db0fe520c0c77a48c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:68:53:74:67:10:0a:e6:f3:2a:5a:0f:d5:17:
                    b2:84:c6:73:62:57:5f:b1:6c:fb:45:df:9f:4f:6d:
                    57:77:1c:ae:03:bf:ef:05:f9:cd:f9:88:6e:f5:5f:
                    68:b2:42:30:a9:f6:d1:88:b1:63:30:c1:e5:d7:a6:
                    1e:f1:83:6e:7a:fa:53:ce:4e:ff:a3:dc:57:53:a9:
                    38:9d:d8:9e:e4:52:1f:6f:f4:51:05:ca:b0:a1:b7:
                    38:da:bb:78:6b:9f:13:95:80:37:ff:3a:e6:47:37:
                    a0:20:38:52:29:59:4d:cc:91:f0:9c:ab:e0:4f:e1:
                    5b:8d:5a:8a:a5:f5:75:93:b8:56:c8:e4:95:f7:d6:
                    b7:1e:8d:2b:dd:30:67:f1:49:ad:7a:d0:49:14:3b:
                    94:8b:04:ab:5a:0e:ba:73:ab:ee:08:13:f9:59:51:
                    6d:07:29:3e:7e:71:a4:29:c8:79:43:21:ed:96:08:
                    ae:1d:dd:2d:f5:43:e1:a0:e5:de:55:8c:ed:0d:aa:
                    18:37:e2:e6:fe:b5:41:2a:18:2b:13:81:76:d9:b6:
                    02:0d:df:05:bf:d0:c2:5c:19:95:46:b4:3a:29:0d:
                    09:33:b2:56:47:74:b7:a1:ae:9d:33:e7:fa:60:61:
                    88:45:cb:10:16:25:ca:2e:b6:23:8d:98:a6:23:dd:
                    ee:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:00:CE:BE:89:E0:0B:5F:D7:F0:FF:5D:B0:FE:52:0C:0C:77:A4:8C
            X509v3 Authority Key Identifier:
                keyid:60:1B:4B:A1:33:F2:38:DD:6A:B3:E0:A9:AC:88:75:C8:D8:0B:F6:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YBtLoTPyON1qs-CprIh1yNgL9rc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/0e3f23-5897-48f2-a888-7d242fcab170/1/WwDOvongC1_X8P9dsP5SDAx3pIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/0e3f23-5897-48f2-a888-7d242fcab170/1/YBtLoTPyON1qs-CprIh1yNgL9rc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:3840::/29

    Signature Algorithm: sha256WithRSAEncryption
         6c:a4:8f:27:40:b0:36:a2:61:19:7c:86:c7:91:e8:82:7b:4a:
         0a:f8:1b:43:20:62:cc:68:4d:2c:1c:b9:a2:0d:e4:f0:a6:ff:
         34:42:66:2c:f0:6f:16:80:c1:55:78:db:ec:9d:a1:8e:d0:53:
         b7:9a:a7:9d:1d:d3:83:e4:5d:9c:da:6a:10:5c:88:0c:1a:96:
         b5:d1:3f:8e:26:14:4a:b7:99:2e:5e:be:ce:27:f5:fe:37:88:
         f8:63:da:57:82:cc:e8:d5:88:04:dd:93:87:2c:42:ec:8f:2a:
         e4:b8:88:a2:42:00:81:55:79:40:52:f8:52:83:8c:c0:50:76:
         66:1b:6e:18:a9:b6:5e:a3:34:69:34:d4:fc:72:45:7c:21:76:
         8b:40:79:c3:e7:79:ad:2a:71:4e:c3:8c:2e:9c:5d:50:2a:57:
         9e:18:1b:b1:f1:40:b8:67:a1:e3:e2:a8:04:b0:3a:92:a5:99:
         7d:22:cd:35:e8:81:e9:49:77:1c:c0:c3:a4:f9:a6:8c:02:98:
         e3:a2:ed:b5:01:86:99:3f:13:1a:c2:a7:77:16:2b:ea:ee:78:
         af:b2:34:92:58:53:b8:7a:b6:15:06:22:eb:48:8d:81:d0:18:
         0f:17:06:64:be:65:b3:08:f1:b9:20:d9:b4:1b:4e:9d:18:20:
         d6:a0:ea:21
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ2ah76WaQkJ/ijt3Xo2sJpbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwMWI0YmExMzNmMjM4ZGQ2YWIzZTBhOWFjODg3NWM4ZDgw
YmY2YjcwHhcNMjYwNDE3MDgyMTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjAwY2ViZTg5ZTAwYjVmZDdmMGZmNWRiMGZlNTIwYzBjNzdhNDhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx2hTdGcQCubzKloP1ReyhMZzYldf
sWz7Rd+fT21XdxyuA7/vBfnN+Yhu9V9oskIwqfbRiLFjMMHl16Ye8YNuevpTzk7/
o9xXU6k4ndie5FIfb/RRBcqwobc42rt4a58TlYA3/zrmRzegIDhSKVlNzJHwnKvg
T+FbjVqKpfV1k7hWyOSV99a3Ho0r3TBn8UmtetBJFDuUiwSrWg66c6vuCBP5WVFt
Byk+fnGkKch5QyHtlgiuHd0t9UPhoOXeVYztDaoYN+Lm/rVBKhgrE4F22bYCDd8F
v9DCXBmVRrQ6KQ0JM7JWR3S3oa6dM+f6YGGIRcsQFiXKLrYjjZimI93u8wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFsAzr6J4Atf1/D/XbD+UgwMd6SMMB8GA1UdIwQY
MBaAFGAbS6Ez8jjdarPgqayIdcjYC/a3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUJ0TG9UUHlPTjFxcy1DcHJJaDF5TmdMOXJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My8wZTNmMjMtNTg5Ny00OGYyLWE4ODgt
N2QyNDJmY2FiMTcwLzEvV3dET3ZvbmdDMV9YOFA5ZHNQNVNEQXgzcEl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My8wZTNmMjMtNTg5Ny00OGYyLWE4ODgtN2QyNDJmY2FiMTcw
LzEvWUJ0TG9UUHlPTjFxcy1DcHJJaDF5TmdMOXJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgs4QDAN
BgkqhkiG9w0BAQsFAAOCAQEAbKSPJ0CwNqJhGXyGx5HogntKCvgbQyBizGhNLBy5
og3k8Kb/NEJmLPBvFoDBVXjb7J2hjtBTt5qnnR3Tg+RdnNpqEFyIDBqWtdE/jiYU
SreZLl6+zif1/jeI+GPaV4LM6NWIBN2ThyxC7I8q5LiIokIAgVV5QFL4UoOMwFB2
ZhtuGKm2XqM0aTTU/HJFfCF2i0B5w+d5rSpxTsOMLpxdUCpXnhgbsfFAuGeh4+Ko
BLA6kqWZfSLNNeiB6Ul3HMDDpPmmjAKY46LttQGGmT8TGsKndxYr6u54r7I0klhT
uHq2FQYi60iNgdAYDxcGZL5lswjxuSDZtBtOnRgg1qDqIQ==
-----END CERTIFICATE-----