Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/512f64-20a5-4c37-9b6b-81104758c93c/1/wn0IY0Am8dbWKWFYL-XocK9wI1M.roa
File:                     wn0IY0Am8dbWKWFYL-XocK9wI1M.roa (raw, json)
Hash identifier:          f5YL150E3HRR/Y+EFdyKEJdNywzJxXemEPh++b/gfAQ=
Subject key identifier:   C2:7D:08:63:40:26:F1:D6:D6:29:61:58:2F:E5:E8:70:AF:70:23:53
Certificate issuer:       /CN=97192b65d65341f372f067634f11ff3c96c44ab3
Certificate serial:       019DB548E61296F3D289AE337BE331EE6A9E
Authority key identifier: 97:19:2B:65:D6:53:41:F3:72:F0:67:63:4F:11:FF:3C:96:C4:4A:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lxkrZdZTQfNy8GdjTxH_PJbESrM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/512f64-20a5-4c37-9b6b-81104758c93c/1/wn0IY0Am8dbWKWFYL-XocK9wI1M.roa
Signing time:             Wed 22 Apr 2026 13:02:26 +0000
ROA not before:           Wed 22 Apr 2026 13:02:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39686
IP address blocks:        195.191.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/512f64-20a5-4c37-9b6b-81104758c93c/1/lxkrZdZTQfNy8GdjTxH_PJbESrM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/512f64-20a5-4c37-9b6b-81104758c93c/1/lxkrZdZTQfNy8GdjTxH_PJbESrM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lxkrZdZTQfNy8GdjTxH_PJbESrM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 17:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b5:48:e6:12:96:f3:d2:89:ae:33:7b:e3:31:ee:6a:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97192b65d65341f372f067634f11ff3c96c44ab3
        Validity
            Not Before: Apr 22 13:02:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c27d08634026f1d6d62961582fe5e870af702353
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:ac:e2:b4:43:fc:0d:96:d7:5e:0c:02:57:c4:
                    bf:93:3c:1c:bb:ac:b1:f8:d7:cd:e3:f5:2f:0e:3a:
                    e3:ec:cb:9f:f1:96:7c:48:ab:d9:50:8a:19:3b:e5:
                    03:66:ed:60:8a:37:4b:eb:da:10:d3:0a:f9:db:e7:
                    d8:1a:e6:de:d3:a4:ec:f6:a7:4c:ff:7b:22:d0:07:
                    34:d8:54:40:fc:59:80:a4:3c:0b:66:17:62:fc:26:
                    62:c1:59:21:3d:1b:f8:3b:74:d3:e8:c7:c3:d2:2a:
                    a2:b2:12:d4:0f:5b:89:0b:35:12:c0:0a:39:99:db:
                    5e:01:08:d0:ed:0d:02:08:6e:f6:05:b0:d5:4d:3d:
                    b1:87:50:bc:d8:7f:77:d1:7a:6c:43:36:36:c0:5b:
                    18:ae:07:a0:fe:6e:bc:45:36:ff:db:05:91:3c:85:
                    6f:8c:ab:e0:3c:1c:b9:57:2f:17:5d:ee:37:22:84:
                    84:1c:5a:50:b2:6b:af:ef:21:2f:43:97:c6:6d:c2:
                    61:2e:82:48:74:d4:c4:a2:24:b6:b5:d9:94:fa:cd:
                    74:43:88:e3:f1:6f:72:45:c4:5a:c3:e0:db:a5:a0:
                    c1:7d:fd:4f:04:2c:2c:c2:e3:93:22:79:7e:97:72:
                    e1:21:5f:e3:ee:41:07:c7:22:62:f8:a9:9d:53:17:
                    95:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:7D:08:63:40:26:F1:D6:D6:29:61:58:2F:E5:E8:70:AF:70:23:53
            X509v3 Authority Key Identifier:
                keyid:97:19:2B:65:D6:53:41:F3:72:F0:67:63:4F:11:FF:3C:96:C4:4A:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lxkrZdZTQfNy8GdjTxH_PJbESrM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/512f64-20a5-4c37-9b6b-81104758c93c/1/wn0IY0Am8dbWKWFYL-XocK9wI1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/512f64-20a5-4c37-9b6b-81104758c93c/1/lxkrZdZTQfNy8GdjTxH_PJbESrM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.191.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:d6:4c:ad:c6:a2:02:58:a8:df:6f:9e:c5:bb:ad:5e:18:a0:
         b2:36:09:96:e0:a6:53:ad:3c:4a:02:f6:f8:c7:07:1e:c1:d7:
         30:6f:75:9d:a1:4d:a8:f4:a9:3c:e9:9c:30:d4:ad:33:1e:75:
         09:23:49:c7:c2:05:e9:53:94:3c:81:a8:4d:55:e7:4c:1a:54:
         4d:9b:a2:39:da:63:9a:8d:38:27:82:fe:1f:6b:67:19:ae:06:
         48:18:34:9f:c9:d2:76:b8:e6:f6:6b:dc:51:b2:f6:c6:5a:7a:
         3e:09:c5:9f:c4:cf:89:e1:bc:e1:01:21:d7:82:f5:ee:88:80:
         8c:65:3a:fe:ff:f9:47:f4:e0:9a:7d:3b:66:c6:ec:48:ab:5c:
         e1:5e:d8:14:7d:e3:58:cb:4b:98:e4:b1:6b:96:55:d3:51:73:
         8b:78:c6:1e:02:3e:41:63:9e:45:dc:7a:48:07:b9:a8:91:cb:
         e0:74:e5:60:70:b8:a0:8a:c5:93:9e:63:88:41:46:bb:a7:7b:
         92:10:30:b5:c0:e4:81:5f:d7:49:9f:bc:49:01:de:49:b8:58:
         2b:f7:46:71:69:11:2c:be:4c:03:f0:dd:9b:87:b6:94:58:33:
         c9:36:4d:58:70:b3:1f:85:65:c8:6e:e8:16:94:06:98:08:7b:
         43:bc:bc:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ21SOYSlvPSia4ze+Mx7mqeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3MTkyYjY1ZDY1MzQxZjM3MmYwNjc2MzRmMTFmZjNjOTZj
NDRhYjMwHhcNMjYwNDIyMTMwMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjdkMDg2MzQwMjZmMWQ2ZDYyOTYxNTgyZmU1ZTg3MGFmNzAyMzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArazitEP8DZbXXgwCV8S/kzwcu6yx
+NfN4/UvDjrj7Muf8ZZ8SKvZUIoZO+UDZu1gijdL69oQ0wr52+fYGube06Ts9qdM
/3si0Ac02FRA/FmApDwLZhdi/CZiwVkhPRv4O3TT6MfD0iqishLUD1uJCzUSwAo5
mdteAQjQ7Q0CCG72BbDVTT2xh1C82H930XpsQzY2wFsYrgeg/m68RTb/2wWRPIVv
jKvgPBy5Vy8XXe43IoSEHFpQsmuv7yEvQ5fGbcJhLoJIdNTEoiS2tdmU+s10Q4jj
8W9yRcRaw+DbpaDBff1PBCwswuOTInl+l3LhIV/j7kEHxyJi+KmdUxeViQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMJ9CGNAJvHW1ilhWC/l6HCvcCNTMB8GA1UdIwQY
MBaAFJcZK2XWU0HzcvBnY08R/zyWxEqzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHhrclpkWlRRZk55OEdkalR4SF9QSmJFU3JNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi81MTJmNjQtMjBhNS00YzM3LTliNmIt
ODExMDQ3NThjOTNjLzEvd24wSVkwQW04ZGJXS1dGWUwtWG9jSzl3STFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi81MTJmNjQtMjBhNS00YzM3LTliNmItODExMDQ3NThjOTNj
LzEvbHhrclpkWlRRZk55OEdkalR4SF9QSmJFU3JNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7/mMA0G
CSqGSIb3DQEBCwUAA4IBAQAG1kytxqICWKjfb57Fu61eGKCyNgmW4KZTrTxKAvb4
xwcewdcwb3WdoU2o9Kk86Zww1K0zHnUJI0nHwgXpU5Q8gahNVedMGlRNm6I52mOa
jTgngv4fa2cZrgZIGDSfydJ2uOb2a9xRsvbGWno+CcWfxM+J4bzhASHXgvXuiICM
ZTr+//lH9OCafTtmxuxIq1zhXtgUfeNYy0uY5LFrllXTUXOLeMYeAj5BY55F3HpI
B7mokcvgdOVgcLigisWTnmOIQUa7p3uSEDC1wOSBX9dJn7xJAd5JuFgr90ZxaREs
vkwD8N2bh7aUWDPJNk1YcLMfhWXIbugWlAaYCHtDvLyq
-----END CERTIFICATE-----