Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/14f305-013b-453e-ac53-081cb2b17ab5/1/wdNyk0cj7ZXHBOyRtNKSRHIMVM4.roa
File:                     wdNyk0cj7ZXHBOyRtNKSRHIMVM4.roa (raw, json)
Hash identifier:          oARchr96uMH1VEdClz/RFIsJnl10GfEYjwsXH9UCt0s=
Subject key identifier:   C1:D3:72:93:47:23:ED:95:C7:04:EC:91:B4:D2:92:44:72:0C:54:CE
Certificate issuer:       /CN=f4b9ea4d9d83a728dd41029e86af8a130d389ed4
Certificate serial:       019ECBB3B95A681F98C30577DB02F31E6024
Authority key identifier: F4:B9:EA:4D:9D:83:A7:28:DD:41:02:9E:86:AF:8A:13:0D:38:9E:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9LnqTZ2DpyjdQQKehq-KEw04ntQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/14f305-013b-453e-ac53-081cb2b17ab5/1/wdNyk0cj7ZXHBOyRtNKSRHIMVM4.roa
Signing time:             Mon 15 Jun 2026 14:33:33 +0000
ROA not before:           Mon 15 Jun 2026 14:33:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6830
IP address blocks:        31.133.92.0/22 maxlen: 22
                          176.103.228.0/22 maxlen: 22
                          176.103.232.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/14f305-013b-453e-ac53-081cb2b17ab5/1/9LnqTZ2DpyjdQQKehq-KEw04ntQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/14f305-013b-453e-ac53-081cb2b17ab5/1/9LnqTZ2DpyjdQQKehq-KEw04ntQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9LnqTZ2DpyjdQQKehq-KEw04ntQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Jun 2026 23:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:cb:b3:b9:5a:68:1f:98:c3:05:77:db:02:f3:1e:60:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4b9ea4d9d83a728dd41029e86af8a130d389ed4
        Validity
            Not Before: Jun 15 14:33:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c1d372934723ed95c704ec91b4d29244720c54ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:76:ef:2d:42:bd:9c:5a:20:b3:cf:20:2d:57:
                    f5:0c:7b:81:dd:cc:08:cd:a4:5c:c5:72:1f:60:f7:
                    ae:f7:23:94:3d:32:e4:05:2d:6d:f6:f1:a6:28:e0:
                    f5:6e:85:28:95:f0:fe:45:e0:24:6c:c7:c4:a8:22:
                    25:26:b1:fe:25:fe:fb:7e:44:0a:d7:bd:fb:5b:4e:
                    41:32:99:b4:71:f6:b0:6e:87:71:94:41:ce:60:af:
                    c5:5d:a3:c0:b8:02:44:88:97:0c:37:09:b6:d2:28:
                    9e:fe:e4:fa:e6:a2:50:da:6e:6d:f1:b2:8a:6d:91:
                    65:88:3f:9d:c4:78:ce:b3:6b:03:d9:af:31:c6:35:
                    d4:19:f4:45:70:fa:48:26:d7:db:3d:37:bc:bc:97:
                    c1:2c:6a:70:22:07:1d:f0:0e:c6:99:ad:e3:f5:ae:
                    b7:1a:52:3c:0d:2c:d6:a1:6a:fb:4f:18:7b:82:6e:
                    f7:36:a8:29:91:1b:48:01:f8:8f:6b:68:b0:92:c3:
                    06:4c:df:c2:33:c1:29:92:4c:9e:3f:e8:aa:ee:32:
                    86:a9:94:32:c2:4a:78:03:fb:6f:62:88:a5:25:4f:
                    c4:c8:95:ed:40:2b:46:94:dd:6a:e9:0c:06:95:dd:
                    18:47:6a:db:d5:b0:fb:4f:85:70:12:9f:0e:07:86:
                    83:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:D3:72:93:47:23:ED:95:C7:04:EC:91:B4:D2:92:44:72:0C:54:CE
            X509v3 Authority Key Identifier:
                keyid:F4:B9:EA:4D:9D:83:A7:28:DD:41:02:9E:86:AF:8A:13:0D:38:9E:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9LnqTZ2DpyjdQQKehq-KEw04ntQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/14f305-013b-453e-ac53-081cb2b17ab5/1/wdNyk0cj7ZXHBOyRtNKSRHIMVM4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/14f305-013b-453e-ac53-081cb2b17ab5/1/9LnqTZ2DpyjdQQKehq-KEw04ntQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.133.92.0/22
                  176.103.228.0-176.103.235.255

    Signature Algorithm: sha256WithRSAEncryption
         8f:39:82:03:74:8e:3d:90:e1:b6:59:f5:42:88:a8:f2:42:00:
         01:7d:f5:a1:74:cf:02:a4:8d:fc:99:f9:6c:1f:e7:6f:06:ca:
         8d:8c:ac:f6:fc:af:4d:02:46:b3:7a:88:41:7f:a6:9b:f4:3b:
         da:c5:e4:de:33:98:52:e6:4f:c2:a9:1d:8d:e7:42:68:c5:0d:
         de:c3:c5:d9:fd:30:cf:82:b2:38:10:a9:fc:70:90:00:de:6e:
         b7:7f:18:b8:d3:4d:7d:14:d2:63:57:b1:3d:0a:d8:19:48:ee:
         36:61:78:a8:34:51:9e:b1:91:15:e0:bb:65:3b:55:f3:9e:00:
         6c:be:5d:f9:bf:d6:82:14:a7:86:c7:b0:d3:0b:b1:00:c5:35:
         bf:4e:4b:6c:9e:4c:88:9a:e4:ab:cb:42:2f:cf:f3:17:c5:31:
         68:ec:b7:80:5a:d3:70:2d:f4:96:78:a0:64:2b:d4:2d:e8:68:
         1c:1b:6a:17:6a:89:13:a5:2a:6b:14:e6:eb:e1:33:d3:2f:22:
         7c:ec:4c:27:54:84:99:09:39:18:a0:c8:aa:08:36:11:37:a9:
         ab:b1:bb:b6:90:1f:13:5a:33:7c:45:00:b7:7a:4f:4c:85:c2:
         9e:52:f5:57:c4:74:bd:f2:0c:42:db:23:4c:dd:4c:ea:97:f3:
         5e:4e:00:89
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ7Ls7laaB+YwwV32wLzHmAkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0YjllYTRkOWQ4M2E3MjhkZDQxMDI5ZTg2YWY4YTEzMGQz
ODllZDQwHhcNMjYwNjE1MTQzMzMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWQzNzI5MzQ3MjNlZDk1YzcwNGVjOTFiNGQyOTI0NDcyMGM1NGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA33bvLUK9nFogs88gLVf1DHuB3cwI
zaRcxXIfYPeu9yOUPTLkBS1t9vGmKOD1boUolfD+ReAkbMfEqCIlJrH+Jf77fkQK
1737W05BMpm0cfawbodxlEHOYK/FXaPAuAJEiJcMNwm20iie/uT65qJQ2m5t8bKK
bZFliD+dxHjOs2sD2a8xxjXUGfRFcPpIJtfbPTe8vJfBLGpwIgcd8A7Gma3j9a63
GlI8DSzWoWr7Txh7gm73NqgpkRtIAfiPa2iwksMGTN/CM8EpkkyeP+iq7jKGqZQy
wkp4A/tvYoilJU/EyJXtQCtGlN1q6QwGld0YR2rb1bD7T4VwEp8OB4aDTQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFMHTcpNHI+2VxwTskbTSkkRyDFTOMB8GA1UdIwQY
MBaAFPS56k2dg6co3UECnoavihMNOJ7UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUxucVRaMkRweWpkUVFLZWhxLUtFdzA0bnRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My8xNGYzMDUtMDEzYi00NTNlLWFjNTMt
MDgxY2IyYjE3YWI1LzEvd2ROeWswY2o3WlhIQk95UnROS1NSSElNVk00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My8xNGYzMDUtMDEzYi00NTNlLWFjNTMtMDgxY2IyYjE3YWI1
LzEvOUxucVRaMkRweWpkUVFLZWhxLUtFdzA0bnRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQCH4VcMAwD
BAKwZ+QDBAKwZ+gwDQYJKoZIhvcNAQELBQADggEBAI85ggN0jj2Q4bZZ9UKIqPJC
AAF99aF0zwKkjfyZ+Wwf528Gyo2MrPb8r00CRrN6iEF/ppv0O9rF5N4zmFLmT8Kp
HY3nQmjFDd7Dxdn9MM+CsjgQqfxwkADebrd/GLjTTX0U0mNXsT0K2BlI7jZheKg0
UZ6xkRXgu2U7VfOeAGy+Xfm/1oIUp4bHsNMLsQDFNb9OS2yeTIia5KvLQi/P8xfF
MWjst4Ba03At9JZ4oGQr1C3oaBwbahdqiROlKmsU5uvhM9MvInzsTCdUhJkJORig
yKoINhE3qauxu7aQHxNaM3xFALd6T0yFwp5S9VfEdL3yDELbI0zdTOqX815OAIk=
-----END CERTIFICATE-----