Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/WpqNBUaec15TQX2JwBKoZNBPFQk.roa
File:                     WpqNBUaec15TQX2JwBKoZNBPFQk.roa (raw, json)
Hash identifier:          HbEV5v82KEzmT8vKeDUwX+hjqpvsKxnAQ4GhJSfzBaI=
Subject key identifier:   5A:9A:8D:05:46:9E:73:5E:53:41:7D:89:C0:12:A8:64:D0:4F:15:09
Certificate issuer:       /CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
Certificate serial:       019E8A3CE5569714C6B1DCF88B2F10719047
Authority key identifier: 1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/WpqNBUaec15TQX2JwBKoZNBPFQk.roa
Signing time:             Tue 02 Jun 2026 21:28:27 +0000
ROA not before:           Tue 02 Jun 2026 21:28:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50049
IP address blocks:        109.120.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8a:3c:e5:56:97:14:c6:b1:dc:f8:8b:2f:10:71:90:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
        Validity
            Not Before: Jun  2 21:28:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5a9a8d05469e735e53417d89c012a864d04f1509
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:85:5e:5a:c2:49:de:51:ff:34:27:af:52:eb:
                    b9:b6:21:28:cd:15:e7:fb:f4:1b:2f:ca:cb:58:05:
                    32:25:9c:a1:62:85:04:46:d0:85:c1:22:19:ae:e0:
                    6b:e8:08:24:2b:a9:9c:62:53:89:86:12:11:77:5f:
                    23:fd:4b:12:a9:7e:49:af:18:4c:3b:6c:5f:61:81:
                    bc:4b:38:56:1a:59:32:30:af:6f:5f:0b:91:a2:f8:
                    32:5c:2d:f5:4c:62:99:53:3e:2a:41:75:ef:7f:9e:
                    fd:94:64:bf:1e:1f:22:a6:40:82:1c:01:a4:a5:55:
                    af:72:c8:b9:93:cb:24:5a:21:f5:e3:24:f1:cd:c6:
                    08:70:ba:49:3b:6a:d4:bb:c4:39:c9:76:c4:0d:51:
                    83:90:5c:d7:fe:80:5b:16:be:eb:49:09:ba:fe:b3:
                    56:84:64:52:0b:2a:8c:44:7c:1e:05:fb:0b:6d:f0:
                    77:ea:eb:ba:8a:0e:7b:4b:cd:61:6b:27:a6:07:7b:
                    fe:94:5a:0c:27:53:d0:63:a1:c9:87:b0:74:8c:f2:
                    5b:8f:65:79:da:a7:0b:b1:83:66:e8:c5:73:f3:b3:
                    0b:7f:56:d5:47:bc:db:fc:97:33:53:17:e8:52:47:
                    46:9a:bb:c7:4b:62:b4:7c:bd:d1:53:18:19:03:49:
                    39:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:9A:8D:05:46:9E:73:5E:53:41:7D:89:C0:12:A8:64:D0:4F:15:09
            X509v3 Authority Key Identifier:
                keyid:1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/WpqNBUaec15TQX2JwBKoZNBPFQk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.120.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:36:ca:a8:28:0c:f7:3a:d3:57:50:0e:a7:b8:52:14:22:12:
         12:28:2f:3a:7b:db:dc:3d:4c:73:1e:2d:bc:ae:8e:76:0b:f9:
         08:a4:07:3d:e9:ee:57:34:0c:34:6d:b9:64:6e:8f:b4:18:3f:
         ff:e1:f3:5b:32:67:da:b7:24:8e:74:b1:71:4b:db:7a:02:41:
         c1:70:cd:b4:e7:20:ff:dd:d3:da:21:fe:24:da:f4:8b:28:cd:
         22:97:ef:7f:b8:2a:af:6b:53:34:f5:6b:7d:a0:8f:bf:dc:41:
         3a:09:2c:09:c1:37:b7:92:f2:31:fa:3f:19:93:57:7f:5d:da:
         46:5d:af:2d:51:ed:26:d6:da:02:a3:00:74:06:fc:df:c2:bc:
         eb:37:c5:7d:43:97:40:4c:60:ad:65:05:75:8f:d8:3f:2d:1b:
         0f:90:e2:89:57:25:91:c7:33:47:be:6a:5a:fa:5b:0f:9f:ff:
         95:bc:41:d1:b5:2d:a3:f1:31:37:4a:66:9d:55:6b:77:14:e6:
         00:4f:da:33:13:69:d5:7a:ec:2a:bb:49:9e:6d:7c:76:8d:be:
         75:fe:ec:92:43:9a:e2:d4:4c:af:ae:da:5b:93:65:4b:d5:97:
         12:a6:85:52:31:c1:64:a6:ea:0d:eb:2d:74:f8:a0:54:2f:24:
         14:64:03:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6KPOVWlxTGsdz4iy8QcZBHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMmMyMTlmM2MyOTdiNzc1ODgwYzNiNjUxYTIwMDNmOWJl
NmRlNWUwHhcNMjYwNjAyMjEyODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTlhOGQwNTQ2OWU3MzVlNTM0MTdkODljMDEyYTg2NGQwNGYxNTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIVeWsJJ3lH/NCevUuu5tiEozRXn
+/QbL8rLWAUyJZyhYoUERtCFwSIZruBr6AgkK6mcYlOJhhIRd18j/UsSqX5JrxhM
O2xfYYG8SzhWGlkyMK9vXwuRovgyXC31TGKZUz4qQXXvf579lGS/Hh8ipkCCHAGk
pVWvcsi5k8skWiH14yTxzcYIcLpJO2rUu8Q5yXbEDVGDkFzX/oBbFr7rSQm6/rNW
hGRSCyqMRHweBfsLbfB36uu6ig57S81hayemB3v+lFoMJ1PQY6HJh7B0jPJbj2V5
2qcLsYNm6MVz87MLf1bVR7zb/JczUxfoUkdGmrvHS2K0fL3RUxgZA0k5twIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFqajQVGnnNeU0F9icASqGTQTxUJMB8GA1UdIwQY
MBaAFBssIZ88KXt3WIDDtlGiAD+b5t5eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEt
OTJjODFmMjJlNzEyLzEvV3BxTkJVYWVjMTVUUVgySndCS29aTkJQRlFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEtOTJjODFmMjJlNzEy
LzEvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXiBMA0G
CSqGSIb3DQEBCwUAA4IBAQCPNsqoKAz3OtNXUA6nuFIUIhISKC86e9vcPUxzHi28
ro52C/kIpAc96e5XNAw0bblkbo+0GD//4fNbMmfatySOdLFxS9t6AkHBcM205yD/
3dPaIf4k2vSLKM0il+9/uCqva1M09Wt9oI+/3EE6CSwJwTe3kvIx+j8Zk1d/XdpG
Xa8tUe0m1toCowB0BvzfwrzrN8V9Q5dATGCtZQV1j9g/LRsPkOKJVyWRxzNHvmpa
+lsPn/+VvEHRtS2j8TE3SmadVWt3FOYAT9ozE2nVeuwqu0mebXx2jb51/uySQ5ri
1Eyvrtpbk2VL1ZcSpoVSMcFkpuoN6y10+KBULyQUZAMi
-----END CERTIFICATE-----