Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/WGjiujLOuuOMzeq5qZIClszPW1M.roa
File:                     WGjiujLOuuOMzeq5qZIClszPW1M.roa (raw, json)
Hash identifier:          O/EAhkWdzhGmiMAnV0b4Fh9oCWFKJcMW6EgTymaPAQY=
Subject key identifier:   58:68:E2:BA:32:CE:BA:E3:8C:CD:EA:B9:A9:92:02:96:CC:CF:5B:53
Certificate issuer:       /CN=ef57c2d9d93ac7cf9b2f17caa7859b6985b39b9d
Certificate serial:       019CB1D70E3C5D5CCC33C39B6B07D63FE1E4
Authority key identifier: EF:57:C2:D9:D9:3A:C7:CF:9B:2F:17:CA:A7:85:9B:69:85:B3:9B:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/WGjiujLOuuOMzeq5qZIClszPW1M.roa
Signing time:             Tue 03 Mar 2026 03:56:26 +0000
ROA not before:           Tue 03 Mar 2026 03:56:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209272
IP address blocks:        89.185.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Mar 2026 12:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b1:d7:0e:3c:5d:5c:cc:33:c3:9b:6b:07:d6:3f:e1:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef57c2d9d93ac7cf9b2f17caa7859b6985b39b9d
        Validity
            Not Before: Mar  3 03:56:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5868e2ba32cebae38ccdeab9a9920296cccf5b53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:6f:ee:c2:39:7f:37:4f:b7:05:d1:90:16:4c:
                    3a:27:5a:9d:f9:10:f1:c5:ec:b1:45:d6:2f:0a:41:
                    ec:e4:82:b5:f8:26:25:34:ac:71:b7:99:18:d5:4d:
                    d2:ca:97:2a:a1:7a:4b:5e:74:d5:eb:e2:c1:08:d7:
                    b2:52:14:5e:a0:55:ab:4c:59:ab:09:00:ff:40:4b:
                    1a:44:95:51:f4:aa:0e:57:42:e4:49:44:89:be:7c:
                    db:89:e3:c9:12:72:57:24:5f:d9:79:8e:ed:da:06:
                    d6:0b:f7:ca:ff:a0:c8:76:df:0b:b0:76:b2:27:46:
                    47:a6:ea:ca:91:05:fe:26:7f:1c:d6:88:18:0a:2e:
                    4b:52:5d:d3:fe:a3:11:b6:c4:cd:a9:54:f5:4c:f6:
                    bc:04:7e:f9:f3:05:59:f5:89:75:ed:7e:20:a4:77:
                    b9:6b:43:96:4f:7d:a8:b7:b4:96:79:be:f0:e7:b6:
                    4e:0d:8d:ca:e6:f9:35:9a:33:8d:e7:b3:cb:a8:1e:
                    d9:93:3d:29:92:ad:54:95:7f:19:5b:bb:d0:32:a2:
                    5a:3c:9e:27:6b:56:a1:3d:3d:6e:5f:64:9e:82:af:
                    55:21:60:a6:8c:50:8d:a5:87:10:fc:3a:65:d8:50:
                    9a:55:d0:fc:4e:e9:59:5a:d8:1c:df:c7:b2:23:91:
                    47:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:68:E2:BA:32:CE:BA:E3:8C:CD:EA:B9:A9:92:02:96:CC:CF:5B:53
            X509v3 Authority Key Identifier:
                keyid:EF:57:C2:D9:D9:3A:C7:CF:9B:2F:17:CA:A7:85:9B:69:85:B3:9B:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/WGjiujLOuuOMzeq5qZIClszPW1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.185.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d3:0c:8c:07:a1:e2:2c:d2:e6:16:98:fa:34:fe:fd:aa:73:2e:
         dd:ef:aa:4b:de:69:7e:04:d3:42:b3:ef:2c:ad:48:43:cd:a7:
         13:46:f9:94:3d:b2:d0:fd:b7:48:e9:b1:c1:55:0c:64:ba:36:
         8b:5c:f4:90:af:df:8c:6d:6c:40:4a:29:72:7b:dc:b2:c4:4b:
         31:55:99:31:3a:96:7b:65:47:90:bc:6f:ca:a4:e3:3a:de:cf:
         69:f3:7b:2b:6a:45:89:de:10:27:c7:cd:c8:2c:63:c1:88:88:
         65:35:7f:ec:f9:c5:1a:45:fd:00:48:bb:2e:d1:98:ab:7a:5f:
         0c:d3:0e:3c:72:6e:bd:d6:5b:63:3b:4b:db:05:50:ce:13:65:
         ff:f5:bc:3e:4b:3f:b5:ae:ab:a1:38:f5:77:6b:bf:f2:48:cd:
         87:fc:48:a7:23:6e:01:5c:35:00:75:22:f7:05:55:8d:f4:10:
         33:b9:e3:46:e3:8c:0d:d5:86:bb:cd:99:c1:20:9a:a2:7a:cf:
         7d:1a:7d:fe:be:fa:50:8b:84:85:46:c6:a2:0e:81:9c:b6:33:
         4c:43:b2:50:f3:fc:48:7b:70:aa:15:1e:d8:b0:3a:70:01:fb:
         5a:73:5f:fc:ae:75:a9:0f:51:43:2e:4f:57:3c:00:c7:68:0f:
         cd:f0:ca:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyx1w48XVzMM8ObawfWP+HkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNTdjMmQ5ZDkzYWM3Y2Y5YjJmMTdjYWE3ODU5YjY5ODVi
MzliOWQwHhcNMjYwMzAzMDM1NjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODY4ZTJiYTMyY2ViYWUzOGNjZGVhYjlhOTkyMDI5NmNjY2Y1YjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArG/uwjl/N0+3BdGQFkw6J1qd+RDx
xeyxRdYvCkHs5IK1+CYlNKxxt5kY1U3SypcqoXpLXnTV6+LBCNeyUhReoFWrTFmr
CQD/QEsaRJVR9KoOV0LkSUSJvnzbiePJEnJXJF/ZeY7t2gbWC/fK/6DIdt8LsHay
J0ZHpurKkQX+Jn8c1ogYCi5LUl3T/qMRtsTNqVT1TPa8BH758wVZ9Yl17X4gpHe5
a0OWT32ot7SWeb7w57ZODY3K5vk1mjON57PLqB7Zkz0pkq1UlX8ZW7vQMqJaPJ4n
a1ahPT1uX2Segq9VIWCmjFCNpYcQ/Dpl2FCaVdD8TulZWtgc38eyI5FHCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFho4royzrrjjM3quamSApbMz1tTMB8GA1UdIwQY
MBaAFO9XwtnZOsfPmy8XyqeFm2mFs5udMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8xZTA0YjgtMTAzMS00M2Y5LTk2Njct
OGU2Zjg3OGRiNWY0LzEvV0dqaXVqTE91dU9NemVxNXFaSUNsc3pQVzFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8xZTA0YjgtMTAzMS00M2Y5LTk2NjctOGU2Zjg3OGRiNWY0
LzEvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWblTMA0G
CSqGSIb3DQEBCwUAA4IBAQDTDIwHoeIs0uYWmPo0/v2qcy7d76pL3ml+BNNCs+8s
rUhDzacTRvmUPbLQ/bdI6bHBVQxkujaLXPSQr9+MbWxASilye9yyxEsxVZkxOpZ7
ZUeQvG/KpOM63s9p83srakWJ3hAnx83ILGPBiIhlNX/s+cUaRf0ASLsu0Zirel8M
0w48cm691ltjO0vbBVDOE2X/9bw+Sz+1rquhOPV3a7/ySM2H/EinI24BXDUAdSL3
BVWN9BAzueNG44wN1Ya7zZnBIJqies99Gn3+vvpQi4SFRsaiDoGctjNMQ7JQ8/xI
e3CqFR7YsDpwAftac1/8rnWpD1FDLk9XPADHaA/N8MoX
-----END CERTIFICATE-----