Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/WRGpi7HwRnNDY3PI2oGKfGXaKgI.roa
File:                     WRGpi7HwRnNDY3PI2oGKfGXaKgI.roa (raw, json)
Hash identifier:          LFMATL8ZKYUpfJmXC93H6TmCx5lCUajaaJNv71P4C9w=
Subject key identifier:   59:11:A9:8B:B1:F0:46:73:43:63:73:C8:DA:81:8A:7C:65:DA:2A:02
Certificate issuer:       /CN=27c8b427c313598a92e8d8ec60e2950da39fc2c9
Certificate serial:       019DBF6601DFFC0CA1393E61930BDF2DCBC8
Authority key identifier: 27:C8:B4:27:C3:13:59:8A:92:E8:D8:EC:60:E2:95:0D:A3:9F:C2:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/WRGpi7HwRnNDY3PI2oGKfGXaKgI.roa
Signing time:             Fri 24 Apr 2026 12:10:26 +0000
ROA not before:           Fri 24 Apr 2026 12:10:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59796
IP address blocks:        91.102.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 03 May 2026 09:01:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:bf:66:01:df:fc:0c:a1:39:3e:61:93:0b:df:2d:cb:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27c8b427c313598a92e8d8ec60e2950da39fc2c9
        Validity
            Not Before: Apr 24 12:10:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5911a98bb1f04673436373c8da818a7c65da2a02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:25:d0:af:6a:1e:f0:41:70:40:f0:5c:01:4e:
                    03:67:52:be:10:4c:94:15:61:e4:c8:e2:76:4d:e9:
                    46:9f:bc:ae:23:36:4c:a5:f5:0b:80:29:b5:b8:93:
                    3f:6a:89:df:12:3b:41:cf:db:cb:d9:90:a4:6d:3b:
                    54:e7:f5:a3:08:87:a7:62:58:cf:3f:0a:3b:df:bf:
                    d3:07:94:e5:00:4d:03:4d:68:55:f2:2e:44:20:0c:
                    4c:8c:8c:57:9d:f6:8c:08:a3:09:53:1a:4c:f0:73:
                    0d:ed:fe:61:32:4f:8b:79:2e:1d:69:ee:37:46:cd:
                    08:d3:8c:8e:86:8c:50:b6:61:74:0c:01:9c:66:61:
                    0f:43:a9:a9:44:b2:cd:37:1f:b1:4a:a9:6c:c3:75:
                    c3:be:ff:03:19:e5:8b:37:01:b6:94:54:30:0e:1f:
                    dc:f2:2c:6f:e9:35:fe:fc:db:b8:ea:40:8d:8d:ae:
                    de:3b:d4:31:fb:29:05:76:98:26:b9:e0:66:25:d6:
                    d0:45:ff:9c:51:e5:1e:30:2a:bc:9a:61:2e:3e:35:
                    f9:9a:ce:7b:26:a2:a1:57:06:3d:2c:ea:7c:5e:76:
                    9d:cf:4f:42:67:f9:6d:9b:ea:40:d7:d8:fc:18:21:
                    73:1e:3f:54:6a:f8:55:e1:f4:5f:64:79:4e:cb:36:
                    02:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:11:A9:8B:B1:F0:46:73:43:63:73:C8:DA:81:8A:7C:65:DA:2A:02
            X509v3 Authority Key Identifier:
                keyid:27:C8:B4:27:C3:13:59:8A:92:E8:D8:EC:60:E2:95:0D:A3:9F:C2:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/WRGpi7HwRnNDY3PI2oGKfGXaKgI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.102.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:c8:be:50:18:71:46:94:b7:39:9f:19:7f:36:c3:9a:32:8f:
         56:c6:cf:54:ef:36:b2:91:f7:e3:d2:96:bd:41:0f:ea:ec:01:
         9c:7e:88:d5:73:a0:7a:1f:38:97:ee:20:38:db:22:11:1e:70:
         b8:07:9c:6f:a2:8d:ba:39:d3:08:01:06:98:f7:ca:95:97:2a:
         33:81:c1:3b:aa:41:40:7c:e8:cc:9e:41:ee:47:73:be:f1:0d:
         9a:aa:66:fe:13:5f:64:92:43:b6:43:c8:b5:23:ab:0a:93:43:
         66:89:4d:d9:f9:dc:ca:51:a3:bc:cd:d7:be:26:34:36:34:26:
         bf:b4:49:89:18:5a:e2:5f:f6:00:f7:38:2e:28:c0:a5:21:cb:
         ef:9c:f0:69:33:f3:b5:51:13:8d:b6:ad:4b:6b:3c:45:df:d9:
         6b:4b:58:c2:91:18:31:02:c7:43:a3:99:c6:04:62:c9:bc:5b:
         85:be:b2:b8:98:b8:cd:0b:84:4c:ca:d8:6e:1d:67:cd:7b:2b:
         7c:a5:36:9f:91:fb:9f:c9:8c:11:79:b2:de:0f:f3:14:40:86:
         27:1a:3e:a6:70:c9:77:74:1e:0a:09:6e:07:46:a0:e1:b8:0b:
         74:91:39:58:11:58:4d:d0:b7:ac:99:58:9f:0d:ad:29:ff:d6:
         9a:a1:a8:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2/ZgHf/AyhOT5hkwvfLcvIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YzhiNDI3YzMxMzU5OGE5MmU4ZDhlYzYwZTI5NTBkYTM5
ZmMyYzkwHhcNMjYwNDI0MTIxMDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTExYTk4YmIxZjA0NjczNDM2MzczYzhkYTgxOGE3YzY1ZGEyYTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvCXQr2oe8EFwQPBcAU4DZ1K+EEyU
FWHkyOJ2TelGn7yuIzZMpfULgCm1uJM/aonfEjtBz9vL2ZCkbTtU5/WjCIenYljP
Pwo737/TB5TlAE0DTWhV8i5EIAxMjIxXnfaMCKMJUxpM8HMN7f5hMk+LeS4dae43
Rs0I04yOhoxQtmF0DAGcZmEPQ6mpRLLNNx+xSqlsw3XDvv8DGeWLNwG2lFQwDh/c
8ixv6TX+/Nu46kCNja7eO9Qx+ykFdpgmueBmJdbQRf+cUeUeMCq8mmEuPjX5ms57
JqKhVwY9LOp8Xnadz09CZ/ltm+pA19j8GCFzHj9UavhV4fRfZHlOyzYCpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFkRqYux8EZzQ2NzyNqBinxl2ioCMB8GA1UdIwQY
MBaAFCfItCfDE1mKkujY7GDilQ2jn8LJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjhpMEo4TVRXWXFTNk5qc1lPS1ZEYU9md3NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9hN2NkYmYtZGE4ZS00ZDQzLWJkYzct
MWM2ZWU0NGUxMWFkLzEvV1JHcGk3SHdSbk5EWTNQSTJvR0tmR1hhS2dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9hN2NkYmYtZGE4ZS00ZDQzLWJkYzctMWM2ZWU0NGUxMWFk
LzEvSjhpMEo4TVRXWXFTNk5qc1lPS1ZEYU9md3NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2ahMA0G
CSqGSIb3DQEBCwUAA4IBAQBqyL5QGHFGlLc5nxl/NsOaMo9Wxs9U7zaykffj0pa9
QQ/q7AGcfojVc6B6HziX7iA42yIRHnC4B5xvoo26OdMIAQaY98qVlyozgcE7qkFA
fOjMnkHuR3O+8Q2aqmb+E19kkkO2Q8i1I6sKk0NmiU3Z+dzKUaO8zde+JjQ2NCa/
tEmJGFriX/YA9zguKMClIcvvnPBpM/O1URONtq1LazxF39lrS1jCkRgxAsdDo5nG
BGLJvFuFvrK4mLjNC4RMythuHWfNeyt8pTafkfufyYwRebLeD/MUQIYnGj6mcMl3
dB4KCW4HRqDhuAt0kTlYEVhN0LesmVifDa0p/9aaoajQ
-----END CERTIFICATE-----