Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/15cb51-4cea-45e3-a760-0371d4b4547a/1/WJpRhcAh1CAtYyAM_DLd9bpr2Js.roa
File:                     WJpRhcAh1CAtYyAM_DLd9bpr2Js.roa (raw, json)
Hash identifier:          /W0CGNihCPhIf7S2HH4RB+ml0KPuTVy+3/SiD+h8lEg=
Subject key identifier:   58:9A:51:85:C0:21:D4:20:2D:63:20:0C:FC:32:DD:F5:BA:6B:D8:9B
Certificate issuer:       /CN=e40b16d369ad27ced85499465328f095b155f431
Certificate serial:       019DFA315C070FEB26D4F723E0F31C7D58FB
Authority key identifier: E4:0B:16:D3:69:AD:27:CE:D8:54:99:46:53:28:F0:95:B1:55:F4:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5AsW02mtJ87YVJlGUyjwlbFV9DE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/15cb51-4cea-45e3-a760-0371d4b4547a/1/WJpRhcAh1CAtYyAM_DLd9bpr2Js.roa
Signing time:             Tue 05 May 2026 22:10:31 +0000
ROA not before:           Tue 05 May 2026 22:10:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206246
IP address blocks:        192.189.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/15cb51-4cea-45e3-a760-0371d4b4547a/1/5AsW02mtJ87YVJlGUyjwlbFV9DE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/15cb51-4cea-45e3-a760-0371d4b4547a/1/5AsW02mtJ87YVJlGUyjwlbFV9DE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5AsW02mtJ87YVJlGUyjwlbFV9DE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 May 2026 21:44:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fa:31:5c:07:0f:eb:26:d4:f7:23:e0:f3:1c:7d:58:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e40b16d369ad27ced85499465328f095b155f431
        Validity
            Not Before: May  5 22:10:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=589a5185c021d4202d63200cfc32ddf5ba6bd89b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:6a:0d:31:65:10:7c:7a:ba:5a:a4:3e:12:96:
                    12:e6:ac:2f:8c:ab:43:f6:67:0e:50:cf:01:b1:d8:
                    e2:22:bc:1c:5f:ce:4d:89:a9:12:98:79:37:84:4a:
                    86:a7:ae:be:0f:c3:02:1e:0f:10:f0:a6:70:15:75:
                    e5:58:1e:82:fe:d9:98:5d:e1:08:5f:12:6d:13:aa:
                    29:e3:ae:40:c2:e6:68:e5:c3:2b:55:a9:30:07:24:
                    a2:0e:fc:b8:a8:71:62:52:0a:ed:15:f6:a2:af:df:
                    a0:b0:1a:6f:b8:59:52:b0:c6:22:0e:f2:8d:e3:7f:
                    45:b3:bc:16:c2:3a:d6:03:32:fa:48:7b:d9:2d:6e:
                    88:92:83:8f:1d:84:fc:65:73:b7:c9:eb:13:70:7f:
                    06:5a:c4:40:dd:7d:6c:bb:c4:d8:6d:1a:8d:3c:1f:
                    49:8a:e0:92:cd:4f:4d:c2:4b:6c:d1:e2:fd:ef:2c:
                    cc:82:df:e8:9a:ed:9d:7e:a0:d8:1f:fe:a0:7f:72:
                    9c:84:71:2f:e1:cb:7b:6b:06:6f:8b:0c:c1:73:2f:
                    93:0b:03:de:6c:37:9b:70:45:74:ba:ef:83:f5:20:
                    e8:0d:8b:c3:ba:ba:56:99:9b:df:34:dd:ea:7a:0e:
                    65:f2:04:e9:d2:d0:3b:04:ba:3c:29:ef:c2:9f:8a:
                    9a:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:9A:51:85:C0:21:D4:20:2D:63:20:0C:FC:32:DD:F5:BA:6B:D8:9B
            X509v3 Authority Key Identifier:
                keyid:E4:0B:16:D3:69:AD:27:CE:D8:54:99:46:53:28:F0:95:B1:55:F4:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5AsW02mtJ87YVJlGUyjwlbFV9DE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/15cb51-4cea-45e3-a760-0371d4b4547a/1/WJpRhcAh1CAtYyAM_DLd9bpr2Js.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/15cb51-4cea-45e3-a760-0371d4b4547a/1/5AsW02mtJ87YVJlGUyjwlbFV9DE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.189.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:1e:e6:2f:61:29:bc:8f:8f:e9:1d:61:9d:aa:a5:2e:2a:34:
         f0:38:f5:8e:fe:76:25:ef:d6:9e:ef:b5:ab:9b:49:5d:16:3f:
         a7:bb:38:c8:70:05:26:ba:06:93:d5:18:91:c8:2c:be:9b:04:
         01:05:2f:52:49:17:dd:84:ea:af:f0:ec:80:ce:3f:9e:76:44:
         8f:27:0f:06:02:4f:69:57:bc:1d:04:81:47:68:06:59:28:e8:
         74:cb:8f:a0:fa:15:9e:83:8a:02:78:88:01:af:96:a3:23:e4:
         a5:0c:20:f1:4a:2f:bd:01:f5:e3:a4:a5:7f:d0:26:88:98:be:
         88:4b:82:df:11:39:74:5c:89:a9:57:e8:ed:6f:6b:f1:45:13:
         b8:da:86:3c:57:42:99:36:24:35:84:67:5c:b8:93:d8:24:f2:
         6b:63:a8:cf:5c:47:7a:20:e5:b1:34:f9:ba:d8:4b:ff:55:a2:
         a3:21:c6:51:01:9a:8f:25:c3:8f:99:b3:10:21:19:26:3c:fe:
         70:ad:13:e9:0e:4e:e9:d4:c1:0e:9c:a2:55:7b:6d:66:bd:fe:
         22:f1:3f:2d:73:e0:32:d9:97:8a:99:8e:52:05:b2:ad:51:33:
         04:0b:87:2e:45:6f:43:f9:bb:27:a1:c1:7c:ae:16:1f:f7:a3:
         0b:03:80:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ36MVwHD+sm1Pcj4PMcfVj7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0MGIxNmQzNjlhZDI3Y2VkODU0OTk0NjUzMjhmMDk1YjE1
NWY0MzEwHhcNMjYwNTA1MjIxMDMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODlhNTE4NWMwMjFkNDIwMmQ2MzIwMGNmYzMyZGRmNWJhNmJkODliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWoNMWUQfHq6WqQ+EpYS5qwvjKtD
9mcOUM8BsdjiIrwcX85NiakSmHk3hEqGp66+D8MCHg8Q8KZwFXXlWB6C/tmYXeEI
XxJtE6op465AwuZo5cMrVakwBySiDvy4qHFiUgrtFfair9+gsBpvuFlSsMYiDvKN
439Fs7wWwjrWAzL6SHvZLW6IkoOPHYT8ZXO3yesTcH8GWsRA3X1su8TYbRqNPB9J
iuCSzU9Nwkts0eL97yzMgt/omu2dfqDYH/6gf3KchHEv4ct7awZviwzBcy+TCwPe
bDebcEV0uu+D9SDoDYvDurpWmZvfNN3qeg5l8gTp0tA7BLo8Ke/Cn4qayQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFiaUYXAIdQgLWMgDPwy3fW6a9ibMB8GA1UdIwQY
MBaAFOQLFtNprSfO2FSZRlMo8JWxVfQxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUFzVzAybXRKODdZVkpsR1V5andsYkZWOURFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8xNWNiNTEtNGNlYS00NWUzLWE3NjAt
MDM3MWQ0YjQ1NDdhLzEvV0pwUmhjQWgxQ0F0WXlBTV9ETGQ5YnByMkpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8xNWNiNTEtNGNlYS00NWUzLWE3NjAtMDM3MWQ0YjQ1NDdh
LzEvNUFzVzAybXRKODdZVkpsR1V5andsYkZWOURFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwL2dMA0G
CSqGSIb3DQEBCwUAA4IBAQBPHuYvYSm8j4/pHWGdqqUuKjTwOPWO/nYl79ae77Wr
m0ldFj+nuzjIcAUmugaT1RiRyCy+mwQBBS9SSRfdhOqv8OyAzj+edkSPJw8GAk9p
V7wdBIFHaAZZKOh0y4+g+hWeg4oCeIgBr5ajI+SlDCDxSi+9AfXjpKV/0CaImL6I
S4LfETl0XImpV+jtb2vxRRO42oY8V0KZNiQ1hGdcuJPYJPJrY6jPXEd6IOWxNPm6
2Ev/VaKjIcZRAZqPJcOPmbMQIRkmPP5wrRPpDk7p1MEOnKJVe21mvf4i8T8tc+Ay
2ZeKmY5SBbKtUTMEC4cuRW9D+bsnocF8rhYf96MLA4DN
-----END CERTIFICATE-----