Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/9aad6c-e01d-4133-a63f-0530a6cffa3c/1/wV_a04Winoh39sOwGH3_ZcknMH8.roa
File:                     wV_a04Winoh39sOwGH3_ZcknMH8.roa (raw, json)
Hash identifier:          yosw8T08uVoT4Dz0+iSF39BAslFv7TeHxE3tRY6UqoM=
Subject key identifier:   C1:5F:DA:D3:85:A2:9E:88:77:F6:C3:B0:18:7D:FF:65:C9:27:30:7F
Certificate issuer:       /CN=8053abc3d49f565b94878ed8f220ce327f974a32
Certificate serial:       019E9767BB92CD2056DBFBDA154BD0652D80
Authority key identifier: 80:53:AB:C3:D4:9F:56:5B:94:87:8E:D8:F2:20:CE:32:7F:97:4A:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gFOrw9SfVluUh47Y8iDOMn-XSjI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/9aad6c-e01d-4133-a63f-0530a6cffa3c/1/wV_a04Winoh39sOwGH3_ZcknMH8.roa
Signing time:             Fri 05 Jun 2026 10:50:18 +0000
ROA not before:           Fri 05 Jun 2026 10:50:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20473
IP address blocks:        213.177.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/9aad6c-e01d-4133-a63f-0530a6cffa3c/1/gFOrw9SfVluUh47Y8iDOMn-XSjI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/9aad6c-e01d-4133-a63f-0530a6cffa3c/1/gFOrw9SfVluUh47Y8iDOMn-XSjI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gFOrw9SfVluUh47Y8iDOMn-XSjI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 08:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:97:67:bb:92:cd:20:56:db:fb:da:15:4b:d0:65:2d:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8053abc3d49f565b94878ed8f220ce327f974a32
        Validity
            Not Before: Jun  5 10:50:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c15fdad385a29e8877f6c3b0187dff65c927307f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:b3:ed:d6:79:e9:91:92:0c:27:3b:ce:7f:3f:
                    9f:a1:85:c9:82:61:0a:84:cc:20:f0:11:42:63:79:
                    dd:80:e7:af:6b:54:32:86:7b:2d:46:2e:64:0d:2b:
                    dc:82:48:dd:61:6c:08:0f:f9:e4:80:0d:dc:75:64:
                    48:8f:03:66:20:a4:cf:91:bd:ab:f9:bc:08:c0:d2:
                    b3:58:0f:d8:80:9a:a1:0d:64:e1:e1:e1:d7:5f:bb:
                    cd:55:82:9c:15:68:9e:44:6c:33:09:5b:5e:bd:3e:
                    be:76:de:89:6d:90:78:44:a4:1d:c1:5d:0b:a7:35:
                    3c:dd:74:70:a3:cf:f0:75:e0:c2:06:0b:64:e9:e5:
                    1a:10:a4:6b:45:87:7c:6a:97:e9:90:28:57:8b:a3:
                    30:c5:f8:61:4e:48:d4:1f:83:50:ac:78:f1:ef:4a:
                    8d:64:64:db:da:eb:30:da:06:1a:38:e6:fc:74:a1:
                    5b:7d:12:c8:88:96:e2:55:38:28:ee:b0:8f:d3:3e:
                    2b:e0:7e:d4:20:95:d0:61:01:54:07:92:32:fc:2d:
                    c4:90:0d:fd:8b:2b:8b:2f:4a:2f:86:30:98:a3:55:
                    5d:3b:a0:d5:25:76:98:d3:8f:c6:32:30:2b:fd:97:
                    16:37:18:7f:b2:3e:b4:82:0a:84:8b:ad:75:84:0e:
                    b8:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:5F:DA:D3:85:A2:9E:88:77:F6:C3:B0:18:7D:FF:65:C9:27:30:7F
            X509v3 Authority Key Identifier:
                keyid:80:53:AB:C3:D4:9F:56:5B:94:87:8E:D8:F2:20:CE:32:7F:97:4A:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gFOrw9SfVluUh47Y8iDOMn-XSjI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/9aad6c-e01d-4133-a63f-0530a6cffa3c/1/wV_a04Winoh39sOwGH3_ZcknMH8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/9aad6c-e01d-4133-a63f-0530a6cffa3c/1/gFOrw9SfVluUh47Y8iDOMn-XSjI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.177.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:d3:d1:18:cd:cb:e8:ab:53:3b:e6:1d:7a:0b:01:8c:ee:bd:
         a1:e0:9e:1d:de:91:63:df:7a:32:8c:59:8e:69:63:e3:ae:1a:
         dd:89:22:1f:e8:da:c5:a6:29:32:80:42:6d:1a:29:3a:b8:f1:
         80:f3:92:ec:22:6c:3a:ed:cc:52:a2:a3:bc:b1:82:b8:aa:49:
         8f:14:26:c5:6f:a4:0d:70:ac:a3:c5:c9:85:9c:7b:8f:eb:29:
         36:60:ca:6d:ba:9e:49:e9:73:e7:80:2b:f9:09:94:b8:c3:b4:
         c0:d6:7d:3a:65:83:02:12:74:57:9d:45:5e:7c:df:9c:36:10:
         05:3b:c5:3f:91:73:81:87:a3:50:ea:2d:b4:e7:3e:99:b9:b5:
         97:3a:59:af:2c:3f:c0:1a:93:30:bf:99:60:55:f6:06:cc:58:
         db:a7:d4:8a:27:b7:0b:3b:e7:f3:25:af:26:53:0b:58:bc:45:
         52:b8:34:26:df:75:51:49:cb:98:61:90:1b:57:d3:c1:b5:24:
         57:9c:41:25:fe:6a:2e:ec:b3:39:a8:fd:f8:a9:a3:f6:f6:f8:
         0f:8d:e6:11:c5:1e:a5:25:b0:98:bb:90:97:56:33:06:7a:8f:
         9a:d2:bb:c2:be:b2:4e:b5:44:e6:30:7e:eb:9c:fa:9e:f4:5a:
         59:22:2f:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6XZ7uSzSBW2/vaFUvQZS2AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwNTNhYmMzZDQ5ZjU2NWI5NDg3OGVkOGYyMjBjZTMyN2Y5
NzRhMzIwHhcNMjYwNjA1MTA1MDE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTVmZGFkMzg1YTI5ZTg4NzdmNmMzYjAxODdkZmY2NWM5MjczMDdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0bPt1nnpkZIMJzvOfz+foYXJgmEK
hMwg8BFCY3ndgOeva1QyhnstRi5kDSvcgkjdYWwID/nkgA3cdWRIjwNmIKTPkb2r
+bwIwNKzWA/YgJqhDWTh4eHXX7vNVYKcFWieRGwzCVtevT6+dt6JbZB4RKQdwV0L
pzU83XRwo8/wdeDCBgtk6eUaEKRrRYd8apfpkChXi6MwxfhhTkjUH4NQrHjx70qN
ZGTb2usw2gYaOOb8dKFbfRLIiJbiVTgo7rCP0z4r4H7UIJXQYQFUB5Iy/C3EkA39
iyuLL0ovhjCYo1VdO6DVJXaY04/GMjAr/ZcWNxh/sj60ggqEi611hA64ywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMFf2tOFop6Id/bDsBh9/2XJJzB/MB8GA1UdIwQY
MBaAFIBTq8PUn1ZblIeO2PIgzjJ/l0oyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0ZPcnc5U2ZWbHVVaDQ3WThpRE9Nbi1YU2pJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS85YWFkNmMtZTAxZC00MTMzLWE2M2Yt
MDUzMGE2Y2ZmYTNjLzEvd1ZfYTA0V2lub2gzOXNPd0dIM19aY2tuTUg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS85YWFkNmMtZTAxZC00MTMzLWE2M2YtMDUzMGE2Y2ZmYTNj
LzEvZ0ZPcnc5U2ZWbHVVaDQ3WThpRE9Nbi1YU2pJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1bGnMA0G
CSqGSIb3DQEBCwUAA4IBAQCC09EYzcvoq1M75h16CwGM7r2h4J4d3pFj33oyjFmO
aWPjrhrdiSIf6NrFpikygEJtGik6uPGA85LsImw67cxSoqO8sYK4qkmPFCbFb6QN
cKyjxcmFnHuP6yk2YMptup5J6XPngCv5CZS4w7TA1n06ZYMCEnRXnUVefN+cNhAF
O8U/kXOBh6NQ6i205z6ZubWXOlmvLD/AGpMwv5lgVfYGzFjbp9SKJ7cLO+fzJa8m
UwtYvEVSuDQm33VRScuYYZAbV9PBtSRXnEEl/mou7LM5qP34qaP29vgPjeYRxR6l
JbCYu5CXVjMGeo+a0rvCvrJOtUTmMH7rnPqe9FpZIi9E
-----END CERTIFICATE-----