Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/a6cb86-96a3-4a39-91cb-7377b9b78972/1/WPIzOxqwaHsyTVNqPtr_Bne7NDY.roa
File:                     WPIzOxqwaHsyTVNqPtr_Bne7NDY.roa (raw, json)
Hash identifier:          o8qawauUjrQA0Yw/eow656zocqEhFlEGKxiQ0qSxgHg=
Subject key identifier:   58:F2:33:3B:1A:B0:68:7B:32:4D:53:6A:3E:DA:FF:06:77:BB:34:36
Certificate issuer:       /CN=347e3357829f9b447af70b60b2192f8b6b18ffde
Certificate serial:       019D29512C713133C01D577A4B02376D076B
Authority key identifier: 34:7E:33:57:82:9F:9B:44:7A:F7:0B:60:B2:19:2F:8B:6B:18:FF:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NH4zV4Kfm0R69wtgshkvi2sY_94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/a6cb86-96a3-4a39-91cb-7377b9b78972/1/WPIzOxqwaHsyTVNqPtr_Bne7NDY.roa
Signing time:             Thu 26 Mar 2026 08:44:38 +0000
ROA not before:           Thu 26 Mar 2026 08:44:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15623
IP address blocks:        194.0.238.0/24 maxlen: 24
                          194.165.44.0/24 maxlen: 24
                          2a05:53c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/a6cb86-96a3-4a39-91cb-7377b9b78972/1/NH4zV4Kfm0R69wtgshkvi2sY_94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/a6cb86-96a3-4a39-91cb-7377b9b78972/1/NH4zV4Kfm0R69wtgshkvi2sY_94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NH4zV4Kfm0R69wtgshkvi2sY_94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:29:51:2c:71:31:33:c0:1d:57:7a:4b:02:37:6d:07:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=347e3357829f9b447af70b60b2192f8b6b18ffde
        Validity
            Not Before: Mar 26 08:44:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=58f2333b1ab0687b324d536a3edaff0677bb3436
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:04:70:25:06:cc:c4:6a:69:72:3f:fe:67:09:
                    3c:39:00:89:85:03:02:40:f7:51:fb:18:b4:56:00:
                    8e:41:76:a8:2d:6a:57:23:1f:ab:4d:24:8f:4c:4a:
                    38:13:6b:80:c4:2a:90:f5:89:84:a2:50:f0:0f:ad:
                    e6:27:42:f3:01:61:5a:23:bc:18:10:1f:cb:a3:f8:
                    ae:96:72:fe:30:ac:20:22:97:9f:85:eb:f9:74:6f:
                    48:79:6e:9d:d0:bd:d0:28:67:fe:73:6f:15:de:05:
                    5c:28:03:26:9c:bf:6c:f7:75:95:6b:e7:c7:59:50:
                    99:6a:7f:ab:50:91:11:45:d9:57:df:c4:76:cc:7b:
                    5e:a6:9d:e8:2d:df:b2:55:bd:4e:ec:71:20:bd:2c:
                    80:21:1d:52:45:72:69:8d:82:29:68:8d:41:22:50:
                    d0:89:63:39:f7:81:10:f6:8a:aa:1e:17:19:07:b3:
                    8d:b4:c9:58:93:48:b8:4a:ec:67:d2:30:5e:e1:64:
                    8f:1d:66:6f:24:3c:a9:16:85:b9:a5:4b:bc:f5:0d:
                    85:0d:77:ae:90:3c:4e:18:eb:c2:cf:66:6e:e0:09:
                    24:d5:b1:3c:e4:7f:f0:40:e9:fd:ed:c4:81:c6:f7:
                    4c:70:3c:f8:23:a8:f9:a1:40:5f:7a:31:64:99:52:
                    69:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:F2:33:3B:1A:B0:68:7B:32:4D:53:6A:3E:DA:FF:06:77:BB:34:36
            X509v3 Authority Key Identifier:
                keyid:34:7E:33:57:82:9F:9B:44:7A:F7:0B:60:B2:19:2F:8B:6B:18:FF:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NH4zV4Kfm0R69wtgshkvi2sY_94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/a6cb86-96a3-4a39-91cb-7377b9b78972/1/WPIzOxqwaHsyTVNqPtr_Bne7NDY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/a6cb86-96a3-4a39-91cb-7377b9b78972/1/NH4zV4Kfm0R69wtgshkvi2sY_94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.238.0/24
                  194.165.44.0/24
                IPv6:
                  2a05:53c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         a3:20:08:f6:9d:7b:3b:10:95:73:b8:4d:28:ba:f7:fc:68:2f:
         cb:0f:82:c5:c0:8f:00:09:52:9b:92:07:7e:89:64:e1:c1:a1:
         88:86:4c:17:17:7f:00:a0:27:af:e7:68:6c:e2:d3:54:b7:03:
         1f:70:4d:c4:4a:9b:51:58:eb:db:c3:f6:00:6f:4f:29:43:71:
         19:ab:7d:ba:6e:70:1d:f6:4e:0c:b4:9c:84:5d:fb:46:ff:9d:
         fe:e2:b0:2c:a9:6e:b6:9f:10:29:ab:cd:7e:cf:9e:1a:38:9a:
         3c:6b:c9:c9:2b:98:c5:b6:48:f2:94:20:5d:b5:f9:d0:0e:11:
         ad:4b:cc:d3:1b:b3:03:7d:80:44:f3:64:26:1d:ba:39:7c:0d:
         7f:1b:fc:fc:87:05:cf:85:3a:06:50:8b:54:6d:6b:65:11:32:
         07:24:73:9a:03:f7:10:70:ae:1e:81:f1:7c:77:f7:d0:9e:f5:
         98:bf:a1:9d:98:c9:0a:7d:ac:aa:63:79:ae:10:21:2f:df:c4:
         3b:ae:3b:9c:84:c9:e8:b9:6b:07:ce:d3:50:9d:03:e0:de:47:
         ee:d3:b2:40:15:c5:a6:fc:0c:99:b4:7e:b1:61:6a:ca:44:06:
         4b:bf:71:8f:5b:79:39:c0:98:42:48:c6:da:9e:36:a8:fd:b8:
         80:a3:58:bb
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZ0pUSxxMTPAHVd6SwI3bQdrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0N2UzMzU3ODI5ZjliNDQ3YWY3MGI2MGIyMTkyZjhiNmIx
OGZmZGUwHhcNMjYwMzI2MDg0NDM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGYyMzMzYjFhYjA2ODdiMzI0ZDUzNmEzZWRhZmYwNjc3YmIzNDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQRwJQbMxGppcj/+Zwk8OQCJhQMC
QPdR+xi0VgCOQXaoLWpXIx+rTSSPTEo4E2uAxCqQ9YmEolDwD63mJ0LzAWFaI7wY
EB/Lo/iulnL+MKwgIpefhev5dG9IeW6d0L3QKGf+c28V3gVcKAMmnL9s93WVa+fH
WVCZan+rUJERRdlX38R2zHtepp3oLd+yVb1O7HEgvSyAIR1SRXJpjYIpaI1BIlDQ
iWM594EQ9oqqHhcZB7ONtMlYk0i4Suxn0jBe4WSPHWZvJDypFoW5pUu89Q2FDXeu
kDxOGOvCz2Zu4Akk1bE85H/wQOn97cSBxvdMcDz4I6j5oUBfejFkmVJpWwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFjyMzsasGh7Mk1Taj7a/wZ3uzQ2MB8GA1UdIwQY
MBaAFDR+M1eCn5tEevcLYLIZL4trGP/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkg0elY0S2ZtMFI2OXd0Z3Noa3ZpMnNZXzk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My9hNmNiODYtOTZhMy00YTM5LTkxY2It
NzM3N2I5Yjc4OTcyLzEvV1BJek94cXdhSHN5VFZOcVB0cl9CbmU3TkRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My9hNmNiODYtOTZhMy00YTM5LTkxY2ItNzM3N2I5Yjc4OTcy
LzEvTkg0elY0S2ZtMFI2OXd0Z3Noa3ZpMnNZXzk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAwgDuAwQA
wqUsMA0EAgACMAcDBQMqBVPAMA0GCSqGSIb3DQEBCwUAA4IBAQCjIAj2nXs7EJVz
uE0ouvf8aC/LD4LFwI8ACVKbkgd+iWThwaGIhkwXF38AoCev52hs4tNUtwMfcE3E
SptRWOvbw/YAb08pQ3EZq326bnAd9k4MtJyEXftG/53+4rAsqW62nxApq81+z54a
OJo8a8nJK5jFtkjylCBdtfnQDhGtS8zTG7MDfYBE82QmHbo5fA1/G/z8hwXPhToG
UItUbWtlETIHJHOaA/cQcK4egfF8d/fQnvWYv6GdmMkKfayqY3muECEv38Q7rjuc
hMnouWsHztNQnQPg3kfu07JAFcWm/AyZtH6xYWrKRAZLv3GPW3k5wJhCSMbanjao
/biAo1i7
-----END CERTIFICATE-----