Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/wpk44n_r5AT7MPdbwfoHwqwEN1g.roa
File:                     wpk44n_r5AT7MPdbwfoHwqwEN1g.roa (raw, json)
Hash identifier:          OEmREU+uP7MuT6j5xB9EYxVEEOnHYRANjVT14LQPfCA=
Subject key identifier:   C2:99:38:E2:7F:EB:E4:04:FB:30:F7:5B:C1:FA:07:C2:AC:04:37:58
Certificate issuer:       /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial:       019911A2775D015776426072EF67578E63F7
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/wpk44n_r5AT7MPdbwfoHwqwEN1g.roa
Signing time:             Wed 03 Sep 2025 22:11:24 +0000
ROA not before:           Wed 03 Sep 2025 22:11:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214979
IP address blocks:        86.106.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 15 Sep 2025 10:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:11:a2:77:5d:01:57:76:42:60:72:ef:67:57:8e:63:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
        Validity
            Not Before: Sep  3 22:11:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c29938e27febe404fb30f75bc1fa07c2ac043758
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:03:12:1d:b2:5d:8e:e9:5e:22:09:dd:8c:df:
                    be:a5:91:a0:f5:00:50:bf:43:cc:ed:e5:53:33:30:
                    08:aa:69:d4:a2:86:f1:76:e4:66:d7:a0:26:00:88:
                    40:de:62:47:9c:ea:e8:e6:9c:ff:8b:bf:59:66:5e:
                    ad:66:6f:31:54:87:a6:96:e6:2e:ef:46:1f:b6:1d:
                    bb:eb:a2:80:a5:da:09:d4:6b:33:b7:34:d8:dc:84:
                    03:33:48:9e:ea:e2:7e:fc:b4:d7:6a:e4:68:f3:50:
                    02:2b:a2:ff:8a:98:4e:c2:87:9b:f1:d5:90:e3:a4:
                    ea:f6:b2:cf:e3:11:c3:b7:99:57:df:57:1a:f6:9e:
                    4a:21:28:3f:93:29:df:a7:ef:4c:c3:3c:a6:bd:b4:
                    85:ff:1f:2d:1f:5b:9d:60:0c:72:32:12:4c:67:91:
                    a2:5d:22:dc:80:10:74:89:4e:fa:f3:6c:cc:66:76:
                    b6:77:5e:1a:2b:1b:09:b0:25:3c:b2:cd:80:8b:f1:
                    06:2d:c1:98:26:e2:36:9e:55:7f:c1:54:7b:a7:a7:
                    cc:85:c0:b6:35:65:5d:a8:ee:0b:88:c6:44:96:2d:
                    af:2d:c1:e8:86:94:d7:41:28:e8:e7:a1:9e:be:1c:
                    58:76:5e:72:1d:7d:ad:99:37:27:c6:7c:68:0f:22:
                    8e:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:99:38:E2:7F:EB:E4:04:FB:30:F7:5B:C1:FA:07:C2:AC:04:37:58
            X509v3 Authority Key Identifier:
                keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/wpk44n_r5AT7MPdbwfoHwqwEN1g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.106.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:01:b6:62:c7:7a:60:ce:3e:f9:09:43:50:eb:88:57:d5:31:
         19:42:ed:8b:fe:a6:04:e2:59:e7:67:4f:ac:75:96:a7:f8:1c:
         85:ba:48:30:da:9d:ba:43:83:fa:30:aa:5f:45:e6:a0:5b:b7:
         d9:ca:c9:a3:37:2c:e1:68:b5:89:7b:b1:f1:50:6c:cf:05:86:
         6e:5e:b8:72:f6:bc:59:1f:08:8e:e5:99:f8:41:48:f0:10:7e:
         f4:aa:b4:f1:ab:ac:7d:37:70:b3:00:4d:b3:ef:c0:45:f9:cc:
         90:11:99:e3:e8:c8:6b:d8:57:55:9f:d9:61:51:71:15:da:5f:
         e5:66:03:26:b2:8a:70:be:88:d4:2c:fa:a1:78:99:7d:b7:e3:
         b8:58:4b:8e:44:05:23:72:da:96:08:56:6d:36:43:c8:96:c8:
         54:45:60:43:d6:49:d8:59:8e:a7:0f:76:61:4f:ac:6a:86:62:
         30:43:78:22:a7:9a:5c:45:4f:e1:26:8e:f1:01:a6:0f:8b:aa:
         e0:8e:07:17:07:59:f4:9b:0b:37:9d:db:8d:43:69:38:99:e5:
         a7:aa:80:6e:13:d1:8f:37:36:5d:98:64:ac:cd:12:19:63:90:
         34:d1:05:74:a9:bd:6e:d7:99:9f:e0:6f:44:b0:32:71:42:df:
         03:63:e2:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkRonddAVd2QmBy72dXjmP3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjUwOTAzMjIxMTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjk5MzhlMjdmZWJlNDA0ZmIzMGY3NWJjMWZhMDdjMmFjMDQzNzU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2gMSHbJdjuleIgndjN++pZGg9QBQ
v0PM7eVTMzAIqmnUoobxduRm16AmAIhA3mJHnOro5pz/i79ZZl6tZm8xVIemluYu
70Yfth2766KApdoJ1GsztzTY3IQDM0ie6uJ+/LTXauRo81ACK6L/iphOwoeb8dWQ
46Tq9rLP4xHDt5lX31ca9p5KISg/kynfp+9MwzymvbSF/x8tH1udYAxyMhJMZ5Gi
XSLcgBB0iU7682zMZna2d14aKxsJsCU8ss2Ai/EGLcGYJuI2nlV/wVR7p6fMhcC2
NWVdqO4LiMZEli2vLcHohpTXQSjo56GevhxYdl5yHX2tmTcnxnxoDyKO8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMKZOOJ/6+QE+zD3W8H6B8KsBDdYMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvd3BrNDRuX3I1QVQ3TVBkYndmb0h3cXdFTjFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVmpsMA0G
CSqGSIb3DQEBCwUAA4IBAQBgAbZix3pgzj75CUNQ64hX1TEZQu2L/qYE4lnnZ0+s
dZan+ByFukgw2p26Q4P6MKpfReagW7fZysmjNyzhaLWJe7HxUGzPBYZuXrhy9rxZ
HwiO5Zn4QUjwEH70qrTxq6x9N3CzAE2z78BF+cyQEZnj6Mhr2FdVn9lhUXEV2l/l
ZgMmsopwvojULPqheJl9t+O4WEuORAUjctqWCFZtNkPIlshURWBD1knYWY6nD3Zh
T6xqhmIwQ3gip5pcRU/hJo7xAaYPi6rgjgcXB1n0mws3nduNQ2k4meWnqoBuE9GP
NzZdmGSszRIZY5A00QV0qb1u15mf4G9EsDJxQt8DY+Lz
-----END CERTIFICATE-----