Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/wTUTEHFq8P8Z2-EjSoFCaCdxr2k.roa
File:                     wTUTEHFq8P8Z2-EjSoFCaCdxr2k.roa (raw, json)
Hash identifier:          pGzzlGQ5JMcpGrgZ0v6y6dhSjSHQ57ERl8VkHdr/pSI=
Subject key identifier:   C1:35:13:10:71:6A:F0:FF:19:DB:E1:23:4A:81:42:68:27:71:AF:69
Certificate issuer:       /CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
Certificate serial:       019C2DE81F853851239A7354BF94385DE0AA
Authority key identifier: 2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/wTUTEHFq8P8Z2-EjSoFCaCdxr2k.roa
Signing time:             Thu 05 Feb 2026 13:05:13 +0000
ROA not before:           Thu 05 Feb 2026 13:05:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215728
IP address blocks:        91.92.35.0/24 maxlen: 24
                          91.92.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Feb 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:2d:e8:1f:85:38:51:23:9a:73:54:bf:94:38:5d:e0:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
        Validity
            Not Before: Feb  5 13:05:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c1351310716af0ff19dbe1234a8142682771af69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:b4:10:62:ce:a5:6c:c7:60:21:68:dc:71:dd:
                    40:df:e8:df:73:52:46:dc:e1:2c:82:b0:e9:37:b9:
                    77:ca:a6:bf:c6:82:a6:d2:1a:38:02:e0:ef:dc:8d:
                    d6:7c:45:37:5f:ab:78:82:e7:86:66:f4:a2:08:a1:
                    f2:dd:82:ea:bd:4b:41:f3:e0:79:01:36:7a:fe:b7:
                    f2:08:10:cd:36:1d:ad:dd:c3:ba:93:05:5a:6c:be:
                    e1:73:11:6b:d4:2f:4d:a1:12:ac:ff:ae:1e:8e:85:
                    af:80:22:0b:02:be:02:3c:0c:94:54:35:b8:48:26:
                    bc:74:27:e2:f4:90:f8:c7:fa:09:3e:ac:a0:6b:1b:
                    02:74:d5:e9:30:31:84:3e:22:07:69:d3:67:4c:83:
                    24:e6:6f:49:14:20:2e:5b:49:14:1f:7b:8a:d2:b7:
                    f6:a3:c7:e4:7b:50:fb:58:39:14:76:5c:99:d6:e6:
                    17:11:b4:e1:15:e4:99:3b:07:36:00:f3:b8:f2:25:
                    a1:10:7e:a4:3b:ae:57:16:1f:0e:72:a6:e1:ba:7b:
                    e9:58:bd:4b:eb:18:e1:50:18:10:02:a9:db:31:3a:
                    17:20:55:f0:8d:c9:be:5b:dd:e8:37:21:e6:18:c1:
                    70:7b:b6:e4:2f:f0:a5:85:54:b4:23:a9:35:5e:0d:
                    45:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:35:13:10:71:6A:F0:FF:19:DB:E1:23:4A:81:42:68:27:71:AF:69
            X509v3 Authority Key Identifier:
                keyid:2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/wTUTEHFq8P8Z2-EjSoFCaCdxr2k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.92.35.0/24
                  91.92.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:aa:5c:db:63:5e:8d:d3:95:36:7e:c1:ba:80:1f:f3:3e:12:
         62:44:ff:4c:2b:58:63:b8:19:da:57:56:c8:cd:bb:aa:3a:09:
         03:b0:f9:e1:27:e2:dc:7c:5e:94:56:90:66:0b:cf:d3:15:7b:
         98:02:da:38:b6:b8:d0:ad:2a:5c:3a:2c:58:09:8a:07:6e:c7:
         43:1e:0b:08:33:8c:67:13:79:c4:44:3b:a2:2b:6e:53:67:16:
         9a:2b:24:91:5d:15:51:16:66:34:8c:7d:b3:38:ca:f3:b4:cc:
         63:52:ea:1b:eb:51:3a:62:0f:5a:ad:47:0f:a5:1b:c4:72:db:
         1a:47:f5:b4:9b:cd:44:7f:7c:1f:55:2c:84:0e:49:42:25:b2:
         2b:f4:df:16:47:b1:e6:05:20:43:c8:90:c4:6a:44:27:c2:17:
         b1:18:bc:52:d8:8d:e4:ab:03:f1:fb:5b:9f:ef:54:d9:e0:b8:
         d5:d7:e2:43:40:52:ef:e3:ac:93:69:16:e3:b1:6e:98:2e:6e:
         dd:3e:0f:e3:8a:4b:8b:df:02:25:a4:a0:9d:92:a4:ea:18:14:
         04:27:81:fb:5b:c1:1a:58:1e:e0:34:ed:c5:87:f3:26:9b:88:
         dc:94:e0:7d:7f:b4:ee:36:47:17:11:02:44:96:5b:f5:5b:67:
         17:50:56:3e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZwt6B+FOFEjmnNUv5Q4XeCqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMWNhYTY5MzU4ZjhjOThmN2E3MTlmMjU5N2Q1ZGFkZGJk
MDAxOGMwHhcNMjYwMjA1MTMwNTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTM1MTMxMDcxNmFmMGZmMTlkYmUxMjM0YTgxNDI2ODI3NzFhZjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmbQQYs6lbMdgIWjccd1A3+jfc1JG
3OEsgrDpN7l3yqa/xoKm0ho4AuDv3I3WfEU3X6t4gueGZvSiCKHy3YLqvUtB8+B5
ATZ6/rfyCBDNNh2t3cO6kwVabL7hcxFr1C9NoRKs/64ejoWvgCILAr4CPAyUVDW4
SCa8dCfi9JD4x/oJPqygaxsCdNXpMDGEPiIHadNnTIMk5m9JFCAuW0kUH3uK0rf2
o8fke1D7WDkUdlyZ1uYXEbThFeSZOwc2APO48iWhEH6kO65XFh8OcqbhunvpWL1L
6xjhUBgQAqnbMToXIFXwjcm+W93oNyHmGMFwe7bkL/ClhVS0I6k1Xg1FCwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFME1ExBxavD/GdvhI0qBQmgnca9pMB8GA1UdIwQY
MBaAFC0cqmk1j4yY96cZ8ll9Xa3b0AGMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2Yjct
MjliMDg1ZGQyM2FkLzEvd1RVVEVIRnE4UDhaMi1FalNvRkNhQ2R4cjJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2YjctMjliMDg1ZGQyM2Fk
LzEvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW1wjAwQA
W1wqMA0GCSqGSIb3DQEBCwUAA4IBAQBRqlzbY16N05U2fsG6gB/zPhJiRP9MK1hj
uBnaV1bIzbuqOgkDsPnhJ+LcfF6UVpBmC8/TFXuYAto4trjQrSpcOixYCYoHbsdD
HgsIM4xnE3nERDuiK25TZxaaKySRXRVRFmY0jH2zOMrztMxjUuob61E6Yg9arUcP
pRvEctsaR/W0m81Ef3wfVSyEDklCJbIr9N8WR7HmBSBDyJDEakQnwhexGLxS2I3k
qwPx+1uf71TZ4LjV1+JDQFLv46yTaRbjsW6YLm7dPg/jikuL3wIlpKCdkqTqGBQE
J4H7W8EaWB7gNO3Fh/Mmm4jclOB9f7TuNkcXEQJEllv1W2cXUFY+
-----END CERTIFICATE-----