Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/269a04-77b4-4ee7-b164-c16787272049/1/Wy86CL2f4xLjz0vPQHZzN8a8unY.roa
File:                     Wy86CL2f4xLjz0vPQHZzN8a8unY.roa (raw, json)
Hash identifier:          cXavtY5dvsiYw1vJsFA6Wzgu2etlowE0a/3vzxx5WuA=
Subject key identifier:   5B:2F:3A:08:BD:9F:E3:12:E3:CF:4B:CF:40:76:73:37:C6:BC:BA:76
Certificate issuer:       /CN=de12eb9c75d359d25137b5ef4e176f5eeb6c4342
Certificate serial:       019DB4EF2C9B4319CA4353B767691D29E0F2
Authority key identifier: DE:12:EB:9C:75:D3:59:D2:51:37:B5:EF:4E:17:6F:5E:EB:6C:43:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3hLrnHXTWdJRN7XvThdvXutsQ0I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/269a04-77b4-4ee7-b164-c16787272049/1/Wy86CL2f4xLjz0vPQHZzN8a8unY.roa
Signing time:             Wed 22 Apr 2026 11:24:26 +0000
ROA not before:           Wed 22 Apr 2026 11:24:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209101
IP address blocks:        94.26.81.0/24 maxlen: 24
                          94.26.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/269a04-77b4-4ee7-b164-c16787272049/1/3hLrnHXTWdJRN7XvThdvXutsQ0I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/269a04-77b4-4ee7-b164-c16787272049/1/3hLrnHXTWdJRN7XvThdvXutsQ0I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3hLrnHXTWdJRN7XvThdvXutsQ0I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 Apr 2026 01:50:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b4:ef:2c:9b:43:19:ca:43:53:b7:67:69:1d:29:e0:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de12eb9c75d359d25137b5ef4e176f5eeb6c4342
        Validity
            Not Before: Apr 22 11:24:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5b2f3a08bd9fe312e3cf4bcf40767337c6bcba76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:f8:84:d7:c3:10:11:8e:10:bc:7a:2c:18:ab:
                    1f:e5:9a:e1:d0:5e:b8:3e:0a:09:e4:54:a7:75:35:
                    16:04:cc:5f:1c:ce:6e:7c:f4:b3:6d:0f:89:bb:45:
                    e4:b8:58:8e:69:f2:a5:45:8d:67:83:8a:89:36:3d:
                    1a:8c:f0:a4:bb:bf:a2:82:e9:87:6a:5d:2b:62:8d:
                    cf:bf:f3:df:08:17:78:a4:1c:ef:47:a6:f3:4c:fb:
                    ad:44:23:7a:8b:5e:99:6a:e8:5d:bb:3f:54:eb:10:
                    11:73:5e:92:1b:5e:0d:74:75:bd:a8:f5:15:23:fe:
                    3b:d8:21:d3:9c:d0:24:e5:da:a6:db:53:e9:a1:bc:
                    ee:7d:10:52:d8:96:2b:84:08:23:dc:a4:fa:37:15:
                    96:ef:d4:c2:32:1a:56:80:37:c6:f3:28:e0:c8:71:
                    2e:db:10:19:88:fc:38:6d:b3:7e:6e:c8:a7:7e:43:
                    f3:02:73:96:7a:ec:c5:11:e3:fb:85:90:32:8d:b7:
                    89:20:08:40:5d:77:ce:36:0e:a8:dc:ce:8b:74:c5:
                    66:75:34:0d:d5:09:59:76:e9:a6:0e:f5:c2:b4:07:
                    04:01:61:63:25:ce:57:67:1b:99:b4:7b:07:dd:12:
                    c8:7c:e0:5b:80:61:06:ea:d8:bf:fe:c0:51:a7:be:
                    d4:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:2F:3A:08:BD:9F:E3:12:E3:CF:4B:CF:40:76:73:37:C6:BC:BA:76
            X509v3 Authority Key Identifier:
                keyid:DE:12:EB:9C:75:D3:59:D2:51:37:B5:EF:4E:17:6F:5E:EB:6C:43:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3hLrnHXTWdJRN7XvThdvXutsQ0I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/269a04-77b4-4ee7-b164-c16787272049/1/Wy86CL2f4xLjz0vPQHZzN8a8unY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/269a04-77b4-4ee7-b164-c16787272049/1/3hLrnHXTWdJRN7XvThdvXutsQ0I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.26.81.0/24
                  94.26.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:d9:db:1b:fd:d9:71:90:3e:9f:43:2c:4f:9f:e0:fb:eb:82:
         6c:7f:ff:c1:de:98:63:80:02:6c:3a:9f:0f:07:4e:89:4f:12:
         8f:47:26:42:7b:ed:86:71:94:30:80:a6:a3:ab:0c:7e:cb:5f:
         3d:6f:5d:bb:4c:cc:aa:58:d3:3a:44:2e:02:f1:b9:0b:b5:42:
         ea:83:2f:c8:7a:c8:d8:68:0f:bf:1d:f5:b1:91:b0:8a:90:b3:
         e7:12:54:7e:52:6a:b6:22:86:61:03:66:f3:00:ac:21:a1:ce:
         57:84:32:30:96:c6:85:a3:df:c2:e4:4a:78:31:d1:04:61:e2:
         f1:a4:05:4d:63:df:2b:71:bc:8f:6d:5f:06:b8:35:54:68:3a:
         f3:bc:65:cc:df:17:e4:05:81:cf:86:a0:a5:75:10:28:9d:7a:
         3f:9a:53:70:26:76:e7:59:4d:0f:63:dc:24:81:c2:d1:65:22:
         d3:28:8e:24:f4:52:67:dc:fc:a8:95:f9:b7:dd:f5:4f:e9:dc:
         f1:60:6a:7b:c0:6e:de:c3:ce:06:2d:d4:83:90:94:af:f0:0e:
         98:10:2b:38:c8:51:41:08:7c:25:5d:14:7d:dd:39:01:8c:df:
         aa:27:da:83:73:8f:d2:bd:d9:9b:a4:c9:6d:0a:2f:a5:af:5e:
         38:36:4f:dd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ207yybQxnKQ1O3Z2kdKeDyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlMTJlYjljNzVkMzU5ZDI1MTM3YjVlZjRlMTc2ZjVlZWI2
YzQzNDIwHhcNMjYwNDIyMTEyNDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjJmM2EwOGJkOWZlMzEyZTNjZjRiY2Y0MDc2NzMzN2M2YmNiYTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoviE18MQEY4QvHosGKsf5Zrh0F64
PgoJ5FSndTUWBMxfHM5ufPSzbQ+Ju0XkuFiOafKlRY1ng4qJNj0ajPCku7+igumH
al0rYo3Pv/PfCBd4pBzvR6bzTPutRCN6i16Zauhduz9U6xARc16SG14NdHW9qPUV
I/472CHTnNAk5dqm21PpobzufRBS2JYrhAgj3KT6NxWW79TCMhpWgDfG8yjgyHEu
2xAZiPw4bbN+bsinfkPzAnOWeuzFEeP7hZAyjbeJIAhAXXfONg6o3M6LdMVmdTQN
1QlZdummDvXCtAcEAWFjJc5XZxuZtHsH3RLIfOBbgGEG6ti//sBRp77UdwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFsvOgi9n+MS489Lz0B2czfGvLp2MB8GA1UdIwQY
MBaAFN4S65x101nSUTe1704Xb17rbENCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2hMcm5IWFRXZEpSTjdYdlRoZHZYdXRzUTBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC8yNjlhMDQtNzdiNC00ZWU3LWIxNjQt
YzE2Nzg3MjcyMDQ5LzEvV3k4NkNMMmY0eExqejB2UFFIWnpOOGE4dW5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC8yNjlhMDQtNzdiNC00ZWU3LWIxNjQtYzE2Nzg3MjcyMDQ5
LzEvM2hMcm5IWFRXZEpSTjdYdlRoZHZYdXRzUTBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXhpRAwQA
XhpoMA0GCSqGSIb3DQEBCwUAA4IBAQCf2dsb/dlxkD6fQyxPn+D764Jsf//B3phj
gAJsOp8PB06JTxKPRyZCe+2GcZQwgKajqwx+y189b127TMyqWNM6RC4C8bkLtULq
gy/IesjYaA+/HfWxkbCKkLPnElR+Umq2IoZhA2bzAKwhoc5XhDIwlsaFo9/C5Ep4
MdEEYeLxpAVNY98rcbyPbV8GuDVUaDrzvGXM3xfkBYHPhqCldRAonXo/mlNwJnbn
WU0PY9wkgcLRZSLTKI4k9FJn3Pyolfm33fVP6dzxYGp7wG7ew84GLdSDkJSv8A6Y
ECs4yFFBCHwlXRR93TkBjN+qJ9qDc4/SvdmbpMltCi+lr144Nk/d
-----END CERTIFICATE-----