Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/woNKZx83u_fKxpzaohuQPgtyFXg.roa
File:                     woNKZx83u_fKxpzaohuQPgtyFXg.roa (raw, json)
Hash identifier:          RVbhjKnB3YrDSiBxg610hvxMSKex6MsVSh9YV58YYxk=
Subject key identifier:   C2:83:4A:67:1F:37:BB:F7:CA:C6:9C:DA:A2:1B:90:3E:0B:72:15:78
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019D19D6A44D1D7156B521222638F3FF311F
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/woNKZx83u_fKxpzaohuQPgtyFXg.roa
Signing time:             Mon 23 Mar 2026 08:36:30 +0000
ROA not before:           Mon 23 Mar 2026 08:36:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49392
IP address blocks:        89.125.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 07:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:19:d6:a4:4d:1d:71:56:b5:21:22:26:38:f3:ff:31:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Mar 23 08:36:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c2834a671f37bbf7cac69cdaa21b903e0b721578
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:53:2a:05:9e:12:b4:e0:23:7b:5e:46:65:85:
                    34:3f:88:f0:bf:db:c6:37:ed:2c:cb:9c:42:ab:ea:
                    c9:85:41:63:22:6d:d7:ca:30:d9:d9:73:7b:fc:39:
                    de:d8:09:40:c3:8f:00:46:e3:34:e4:e3:ba:1f:63:
                    97:04:a7:85:50:e0:10:9b:72:fb:02:15:ba:ee:e5:
                    7c:21:26:28:f1:57:c1:00:41:bb:1f:9a:12:6f:1d:
                    84:af:17:ad:31:22:55:dc:b0:da:3e:94:45:5e:f4:
                    86:9d:35:3e:99:83:0a:69:e6:66:13:a7:1e:8c:4d:
                    2d:df:47:d4:b6:6e:49:b4:24:ec:6a:3b:79:04:8c:
                    29:ec:59:26:ae:46:3b:12:45:6b:bd:78:ec:af:e6:
                    cb:94:ba:52:11:6c:dc:c9:9f:61:2b:2a:f7:ee:c4:
                    e9:cc:c5:a5:53:3d:13:96:b5:02:87:60:c0:8c:43:
                    b3:b8:30:01:32:c3:a5:eb:0a:32:93:11:e7:9c:b0:
                    98:e2:ad:de:2d:16:48:4f:72:eb:96:c6:1d:cb:44:
                    6f:9b:02:81:f5:1d:56:80:8c:56:04:bb:42:9e:c4:
                    07:1b:52:52:c8:3d:57:09:12:e4:28:62:9a:94:b7:
                    f1:27:c5:1d:92:74:7c:5a:59:82:9f:98:5f:63:93:
                    be:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:83:4A:67:1F:37:BB:F7:CA:C6:9C:DA:A2:1B:90:3E:0B:72:15:78
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/woNKZx83u_fKxpzaohuQPgtyFXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.125.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:92:b7:2d:25:f6:26:5b:6e:4b:b7:2f:c0:3b:9f:2a:32:67:
         e4:2c:9d:7a:2e:3d:cf:8f:cc:e9:e1:4c:3f:2b:df:27:a2:aa:
         82:1a:71:84:bf:c2:ab:5e:8b:be:e1:d8:a9:b7:fd:64:43:d6:
         04:66:c1:3e:28:3b:9f:e7:1a:c0:10:34:90:49:11:c8:05:bf:
         53:8d:d4:7e:e5:e2:e0:ad:ab:3b:c0:0a:de:28:7a:89:5f:c2:
         ce:a4:ca:3c:f9:a3:7d:97:ce:b4:f6:77:4a:ea:46:8a:eb:49:
         5c:84:62:af:8c:8d:8b:de:8e:96:34:01:7e:d0:56:4a:a5:ac:
         5a:2d:4e:8e:ed:a5:a0:03:c2:90:3d:05:e2:9f:72:79:8d:f8:
         82:4e:b4:6d:f7:da:31:59:b9:a7:35:e4:7c:5b:e9:4d:83:a5:
         7b:8c:7a:fa:d5:59:90:20:4e:1a:46:9a:25:79:4c:da:e8:60:
         ba:e2:94:fa:49:89:a2:6e:e8:63:8b:fa:7b:01:88:0b:6b:56:
         40:a0:d5:2a:90:78:7c:d7:c5:9a:0a:ee:48:fd:d3:a9:54:bf:
         b0:7f:82:d3:5f:d6:fe:de:cf:65:bc:50:6e:61:39:1a:98:a8:
         bc:36:1f:e6:79:6c:be:9a:94:2d:7f:68:57:2d:04:f5:66:32:
         a9:14:15:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0Z1qRNHXFWtSEiJjjz/zEfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwMzIzMDgzNjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjgzNGE2NzFmMzdiYmY3Y2FjNjljZGFhMjFiOTAzZTBiNzIxNTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx1MqBZ4StOAje15GZYU0P4jwv9vG
N+0sy5xCq+rJhUFjIm3XyjDZ2XN7/Dne2AlAw48ARuM05OO6H2OXBKeFUOAQm3L7
AhW67uV8ISYo8VfBAEG7H5oSbx2ErxetMSJV3LDaPpRFXvSGnTU+mYMKaeZmE6ce
jE0t30fUtm5JtCTsajt5BIwp7FkmrkY7EkVrvXjsr+bLlLpSEWzcyZ9hKyr37sTp
zMWlUz0TlrUCh2DAjEOzuDABMsOl6woykxHnnLCY4q3eLRZIT3LrlsYdy0RvmwKB
9R1WgIxWBLtCnsQHG1JSyD1XCRLkKGKalLfxJ8UdknR8WlmCn5hfY5O+9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMKDSmcfN7v3ysac2qIbkD4LchV4MB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvd29OS1p4ODN1X2ZLeHB6YW9odVFQZ3R5RlhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWX1nMA0G
CSqGSIb3DQEBCwUAA4IBAQANkrctJfYmW25Lty/AO58qMmfkLJ16Lj3Pj8zp4Uw/
K98noqqCGnGEv8KrXou+4dipt/1kQ9YEZsE+KDuf5xrAEDSQSRHIBb9TjdR+5eLg
ras7wAreKHqJX8LOpMo8+aN9l8609ndK6kaK60lchGKvjI2L3o6WNAF+0FZKpaxa
LU6O7aWgA8KQPQXin3J5jfiCTrRt99oxWbmnNeR8W+lNg6V7jHr61VmQIE4aRpol
eUza6GC64pT6SYmibuhji/p7AYgLa1ZAoNUqkHh818WaCu5I/dOpVL+wf4LTX9b+
3s9lvFBuYTkamKi8Nh/meWy+mpQtf2hXLQT1ZjKpFBUW
-----END CERTIFICATE-----