Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/wLocbmUMe22Q0_z17ABS3IwjG9U.roa
File:                     wLocbmUMe22Q0_z17ABS3IwjG9U.roa (raw, json)
Hash identifier:          eyLQ2EHsSzHSKJPSOCX/RrI5ZzjB4y9V5Grt58tisxQ=
Subject key identifier:   C0:BA:1C:6E:65:0C:7B:6D:90:D3:FC:F5:EC:00:52:DC:8C:23:1B:D5
Certificate issuer:       /CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
Certificate serial:       019EB219205E0CD9F7EE5BA048EABF36F4F5
Authority key identifier: E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/wLocbmUMe22Q0_z17ABS3IwjG9U.roa
Signing time:             Wed 10 Jun 2026 15:14:11 +0000
ROA not before:           Wed 10 Jun 2026 15:14:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219518
IP address blocks:        153.56.168.0/24 maxlen: 24
                          153.56.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 10:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b2:19:20:5e:0c:d9:f7:ee:5b:a0:48:ea:bf:36:f4:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
        Validity
            Not Before: Jun 10 15:14:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c0ba1c6e650c7b6d90d3fcf5ec0052dc8c231bd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:07:1d:e3:55:2a:6c:fe:fa:cf:68:71:27:d0:
                    a6:56:63:2f:8f:72:ae:2f:cc:6b:8b:e9:a9:f6:c1:
                    a3:46:f4:40:91:97:db:b0:a3:a8:11:3e:09:91:5f:
                    9f:ca:81:73:4e:47:67:c6:62:ed:da:56:db:bc:71:
                    74:f0:9f:bf:22:4d:b7:4f:f3:7d:e7:7e:1f:b7:8f:
                    a3:92:fa:c7:79:2d:6a:3f:04:84:29:54:69:32:76:
                    e9:f7:8a:da:d9:d0:7d:49:97:fb:49:54:3f:1a:87:
                    12:e8:e2:ed:8c:94:b5:d4:a6:6f:0f:1a:7d:4f:86:
                    4e:77:ab:87:1f:26:62:96:2a:aa:34:db:ad:af:ca:
                    84:10:a1:e4:34:3c:24:cf:d3:0f:bb:4b:d6:e4:69:
                    87:f2:68:70:5d:99:1e:7a:d0:f9:61:85:d2:67:73:
                    ea:43:72:43:51:95:d9:43:ea:8e:27:66:b7:73:5a:
                    df:a2:2b:9a:e4:e8:c9:6b:aa:7b:f0:5a:6f:78:06:
                    f5:a8:bf:a2:36:42:24:4e:51:27:27:b5:63:9b:ac:
                    45:d0:b2:e6:e8:c3:fd:81:68:ab:81:ad:c1:55:f3:
                    88:5f:8f:b9:e6:6d:38:ac:aa:36:07:b1:c2:c5:df:
                    1f:86:f5:4a:69:85:6e:ca:34:81:6e:f2:a3:27:b0:
                    ff:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:BA:1C:6E:65:0C:7B:6D:90:D3:FC:F5:EC:00:52:DC:8C:23:1B:D5
            X509v3 Authority Key Identifier:
                keyid:E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/wLocbmUMe22Q0_z17ABS3IwjG9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.56.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         71:17:8a:59:fc:e2:fe:34:ce:00:ce:14:6c:04:49:16:3b:0b:
         d6:fd:85:42:f3:64:53:30:82:30:33:90:11:41:cf:db:e7:21:
         c7:1e:cd:52:b5:66:27:f8:e0:ca:59:a9:3d:c2:40:4a:f6:a2:
         50:6e:14:fd:c5:3b:4b:83:21:ff:ee:4c:fa:2a:66:6a:fd:9f:
         01:c3:63:b1:97:89:ee:14:90:5c:4d:34:23:ac:72:2e:be:4d:
         43:08:7d:b4:5e:d5:9d:6d:72:07:97:eb:36:31:06:30:0c:e0:
         18:04:c7:2f:37:e9:ad:e0:b7:c2:a5:92:21:95:ef:3c:5c:55:
         c2:5f:5b:1a:f1:33:88:cd:32:e6:d3:46:0a:ae:76:08:b8:5d:
         8c:55:ec:fe:00:2a:ae:10:b3:1b:28:39:2c:b1:ab:d7:dc:b7:
         39:dc:d2:3c:8e:f2:c4:84:88:e1:c6:76:88:3f:75:06:13:c2:
         27:d6:df:99:06:b1:49:13:d1:96:c1:09:8e:a6:b4:33:e2:30:
         f8:d6:2c:2b:80:a7:1f:f2:53:45:dc:d3:72:c0:aa:7d:e8:a6:
         f5:ad:5b:7a:8e:c1:c9:8e:b7:03:e7:81:8b:f0:4c:e6:b1:40:
         bc:d6:e5:92:4f:0f:58:9a:6f:61:70:04:a5:90:84:77:de:78:
         92:7d:40:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6yGSBeDNn37lugSOq/NvT1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNTU5Y2U4ODlhZTQyNDExMjFmZTBhMTY1M2U0Yjk1NWYz
ZWRmNGIwHhcNMjYwNjEwMTUxNDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGJhMWM2ZTY1MGM3YjZkOTBkM2ZjZjVlYzAwNTJkYzhjMjMxYmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQcd41UqbP76z2hxJ9CmVmMvj3Ku
L8xri+mp9sGjRvRAkZfbsKOoET4JkV+fyoFzTkdnxmLt2lbbvHF08J+/Ik23T/N9
534ft4+jkvrHeS1qPwSEKVRpMnbp94ra2dB9SZf7SVQ/GocS6OLtjJS11KZvDxp9
T4ZOd6uHHyZiliqqNNutr8qEEKHkNDwkz9MPu0vW5GmH8mhwXZkeetD5YYXSZ3Pq
Q3JDUZXZQ+qOJ2a3c1rfoiua5OjJa6p78FpveAb1qL+iNkIkTlEnJ7Vjm6xF0LLm
6MP9gWirga3BVfOIX4+55m04rKo2B7HCxd8fhvVKaYVuyjSBbvKjJ7D/wwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMC6HG5lDHttkNP89ewAUtyMIxvVMB8GA1UdIwQY
MBaAFOBVnOiJrkJBEh/goWU+S5VfPt9LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYt
OTQ0OTk1N2ZkNWE1LzEvd0xvY2JtVU1lMjJRMF96MTdBQlMzSXdqRzlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYtOTQ0OTk1N2ZkNWE1
LzEvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBmTioMA0G
CSqGSIb3DQEBCwUAA4IBAQBxF4pZ/OL+NM4AzhRsBEkWOwvW/YVC82RTMIIwM5AR
Qc/b5yHHHs1StWYn+ODKWak9wkBK9qJQbhT9xTtLgyH/7kz6KmZq/Z8Bw2Oxl4nu
FJBcTTQjrHIuvk1DCH20XtWdbXIHl+s2MQYwDOAYBMcvN+mt4LfCpZIhle88XFXC
X1sa8TOIzTLm00YKrnYIuF2MVez+ACquELMbKDkssavX3Lc53NI8jvLEhIjhxnaI
P3UGE8In1t+ZBrFJE9GWwQmOprQz4jD41iwrgKcf8lNF3NNywKp96Kb1rVt6jsHJ
jrcD54GL8EzmsUC81uWSTw9Ymm9hcASlkIR33niSfUBv
-----END CERTIFICATE-----