Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/wLenhQFsuSLCwYXZncb0yLg71-M.roa
File:                     wLenhQFsuSLCwYXZncb0yLg71-M.roa (raw, json)
Hash identifier:          dddbiY/EtjgN2niK28Vk/3dSWCYor5BQPW3BdmG3koo=
Subject key identifier:   C0:B7:A7:85:01:6C:B9:22:C2:C1:85:D9:9D:C6:F4:C8:B8:3B:D7:E3
Certificate issuer:       /CN=6f5e0230be799e44829c8720ca38347045494e20
Certificate serial:       019ECEEF5C9B59DBFA8888B540CD3563A8BC
Authority key identifier: 6F:5E:02:30:BE:79:9E:44:82:9C:87:20:CA:38:34:70:45:49:4E:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/wLenhQFsuSLCwYXZncb0yLg71-M.roa
Signing time:             Tue 16 Jun 2026 05:37:33 +0000
ROA not before:           Tue 16 Jun 2026 05:37:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        85.232.178.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ce:ef:5c:9b:59:db:fa:88:88:b5:40:cd:35:63:a8:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f5e0230be799e44829c8720ca38347045494e20
        Validity
            Not Before: Jun 16 05:37:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c0b7a785016cb922c2c185d99dc6f4c8b83bd7e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:a0:bf:6a:c7:34:5f:04:50:1b:0d:85:ff:5f:
                    ee:8d:e1:16:66:40:eb:39:a7:ac:56:5d:35:97:62:
                    57:a8:87:9e:6c:ef:46:fa:68:45:ce:53:dc:d2:40:
                    40:11:73:cb:dc:99:c8:ab:f3:fe:31:8c:55:01:f9:
                    fd:7d:bf:c1:b5:48:a2:f4:bf:35:24:6e:90:12:a0:
                    29:f4:b2:99:c6:76:d9:65:6b:0c:9f:a8:09:ba:2e:
                    fb:ff:ac:c0:c0:15:28:af:d4:a1:be:eb:2a:80:15:
                    79:2e:42:f4:66:7b:14:9a:44:fe:e2:78:97:19:17:
                    de:b5:e1:51:b8:f6:71:43:cd:ae:c7:46:49:91:c8:
                    ac:29:8c:aa:a7:61:bf:3e:91:e1:51:d9:f1:3a:17:
                    69:4c:7c:b3:77:26:3c:e0:0b:39:aa:8b:f9:14:c7:
                    76:9e:3c:cf:f1:6c:c9:42:77:e8:ef:24:d7:17:17:
                    37:fb:31:31:e8:16:64:f7:68:2b:d2:fc:22:9a:ad:
                    d4:d5:cb:ec:dd:b5:f6:be:66:ee:4c:ab:b8:c3:99:
                    88:3b:40:ae:e6:8f:2d:8d:ff:f7:09:eb:e6:de:65:
                    59:d7:0d:d4:07:b2:89:ca:a2:9a:0c:f7:b0:82:4b:
                    1f:d1:37:0a:eb:b0:83:39:8a:f5:54:91:19:98:46:
                    7e:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:B7:A7:85:01:6C:B9:22:C2:C1:85:D9:9D:C6:F4:C8:B8:3B:D7:E3
            X509v3 Authority Key Identifier:
                keyid:6F:5E:02:30:BE:79:9E:44:82:9C:87:20:CA:38:34:70:45:49:4E:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/wLenhQFsuSLCwYXZncb0yLg71-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.232.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:3e:46:87:68:c0:25:f4:7e:32:45:80:e9:83:2b:f9:da:44:
         f1:7a:66:7b:0d:13:5b:8b:a8:40:be:83:0d:53:93:1c:ae:8c:
         96:d9:54:2b:7a:38:9c:e3:8f:48:e2:1e:4d:ab:5c:83:17:fa:
         90:bc:47:dd:11:01:94:45:a9:6a:bb:1a:89:d0:1c:48:13:d3:
         8f:95:64:5f:ce:54:c8:06:ce:f2:40:11:83:1f:ee:51:01:14:
         79:44:b5:dc:25:e2:f7:59:29:52:39:85:de:04:ce:73:d5:24:
         60:fe:f5:4c:97:fd:12:9e:ac:b7:4d:87:cb:03:10:10:cd:21:
         67:cd:4b:e9:2e:92:6f:6c:c2:81:94:b5:be:78:a3:2a:b4:f7:
         bd:9e:77:7b:44:98:a2:68:19:4e:81:97:c0:a1:8b:0e:b9:37:
         9f:4a:c5:a2:b3:e6:09:47:3b:ce:f8:60:83:d9:43:93:27:92:
         5e:ca:fb:52:19:ee:00:fd:57:a1:cf:6d:d6:aa:7a:11:43:a4:
         39:34:b1:cb:44:18:c3:d6:38:16:03:f8:d2:97:ce:7b:9f:09:
         0a:9e:79:03:f9:ef:15:6f:db:e1:00:00:fb:28:90:c9:6f:27:
         00:44:91:3f:85:1e:99:ef:ba:8e:19:7c:37:0b:7f:fe:cc:19:
         7f:5f:4a:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7O71ybWdv6iIi1QM01Y6i8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNWUwMjMwYmU3OTllNDQ4MjljODcyMGNhMzgzNDcwNDU0
OTRlMjAwHhcNMjYwNjE2MDUzNzMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGI3YTc4NTAxNmNiOTIyYzJjMTg1ZDk5ZGM2ZjRjOGI4M2JkN2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0KC/asc0XwRQGw2F/1/ujeEWZkDr
OaesVl01l2JXqIeebO9G+mhFzlPc0kBAEXPL3JnIq/P+MYxVAfn9fb/BtUii9L81
JG6QEqAp9LKZxnbZZWsMn6gJui77/6zAwBUor9ShvusqgBV5LkL0ZnsUmkT+4niX
GRfeteFRuPZxQ82ux0ZJkcisKYyqp2G/PpHhUdnxOhdpTHyzdyY84As5qov5FMd2
njzP8WzJQnfo7yTXFxc3+zEx6BZk92gr0vwimq3U1cvs3bX2vmbuTKu4w5mIO0Cu
5o8tjf/3Cevm3mVZ1w3UB7KJyqKaDPewgksf0TcK67CDOYr1VJEZmEZ+8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMC3p4UBbLkiwsGF2Z3G9Mi4O9fjMB8GA1UdIwQY
MBaAFG9eAjC+eZ5EgpyHIMo4NHBFSU4gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjE0Q01MNTVua1NDbkljZ3lqZzBjRVZKVGlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny83MGNjZWYtMTdmMy00OTI4LTljMGIt
YmE3YzdkODE5MGNhLzEvd0xlbmhRRnN1U0xDd1lYWm5jYjB5TGc3MS1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny83MGNjZWYtMTdmMy00OTI4LTljMGItYmE3YzdkODE5MGNh
LzEvYjE0Q01MNTVua1NDbkljZ3lqZzBjRVZKVGlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVeiyMA0G
CSqGSIb3DQEBCwUAA4IBAQAePkaHaMAl9H4yRYDpgyv52kTxemZ7DRNbi6hAvoMN
U5McroyW2VQrejic449I4h5Nq1yDF/qQvEfdEQGURalquxqJ0BxIE9OPlWRfzlTI
Bs7yQBGDH+5RARR5RLXcJeL3WSlSOYXeBM5z1SRg/vVMl/0Snqy3TYfLAxAQzSFn
zUvpLpJvbMKBlLW+eKMqtPe9nnd7RJiiaBlOgZfAoYsOuTefSsWis+YJRzvO+GCD
2UOTJ5JeyvtSGe4A/Vehz23WqnoRQ6Q5NLHLRBjD1jgWA/jSl857nwkKnnkD+e8V
b9vhAAD7KJDJbycARJE/hR6Z77qOGXw3C3/+zBl/X0pS
-----END CERTIFICATE-----