Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/WgBBESiMNBhg0ejLbo4ygFVFK_g.roa
File:                     WgBBESiMNBhg0ejLbo4ygFVFK_g.roa (raw, json)
Hash identifier:          fOGX3A1MJMqw5iFjseRV1GnR/NKzbA2c83gmI0QyUAc=
Subject key identifier:   5A:00:41:11:28:8C:34:18:60:D1:E8:CB:6E:8E:32:80:55:45:2B:F8
Certificate issuer:       /CN=49216f5c165b827a7fd73d8107aebd2f63c63e24
Certificate serial:       019E96B7D2F488C0D9D4DC7CDC9BD0CE0388
Authority key identifier: 49:21:6F:5C:16:5B:82:7A:7F:D7:3D:81:07:AE:BD:2F:63:C6:3E:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SSFvXBZbgnp_1z2BB669L2PGPiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/WgBBESiMNBhg0ejLbo4ygFVFK_g.roa
Signing time:             Fri 05 Jun 2026 07:38:09 +0000
ROA not before:           Fri 05 Jun 2026 07:38:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206208
IP address blocks:        178.17.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/SSFvXBZbgnp_1z2BB669L2PGPiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/SSFvXBZbgnp_1z2BB669L2PGPiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SSFvXBZbgnp_1z2BB669L2PGPiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 01:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:96:b7:d2:f4:88:c0:d9:d4:dc:7c:dc:9b:d0:ce:03:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49216f5c165b827a7fd73d8107aebd2f63c63e24
        Validity
            Not Before: Jun  5 07:38:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5a004111288c341860d1e8cb6e8e328055452bf8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:0b:8c:b0:a5:51:79:f4:e2:cf:08:f7:a0:b1:
                    64:6c:67:bc:69:ce:52:ac:d2:9a:3a:4c:ce:28:81:
                    c5:07:34:36:b5:3f:78:6d:0f:d2:0e:66:87:6b:15:
                    39:55:21:36:30:90:73:89:ac:f1:49:2d:82:7d:d3:
                    6f:6f:3b:7e:c3:8c:1d:e8:e9:82:7c:e9:c5:f4:30:
                    33:29:6b:53:c7:f5:51:5f:4a:02:a9:50:a8:52:71:
                    e4:c2:a8:d2:db:c7:02:ec:7f:87:49:aa:a7:83:18:
                    a6:63:09:1f:9d:63:91:c0:90:ce:b8:2a:c9:0c:73:
                    55:ff:9e:67:e7:3f:2c:e6:2e:f0:14:ad:e4:7a:c5:
                    ee:e5:77:07:10:41:1d:32:4f:b0:7c:7c:ee:58:8e:
                    56:35:74:35:68:e0:9d:2c:24:4c:80:25:82:3c:fa:
                    29:e7:40:25:b8:6c:75:86:fa:43:28:e0:22:e4:00:
                    72:04:0e:ba:2a:74:2a:25:fe:fa:95:c7:8c:47:5c:
                    74:96:dc:a2:ec:6f:60:bc:06:b3:aa:1c:1a:85:ef:
                    e5:e8:4d:6d:55:c4:84:6c:c9:22:86:c2:ab:c6:cb:
                    4a:4b:18:51:af:bd:58:d9:8f:80:09:11:41:4e:43:
                    18:18:be:df:b9:70:48:5f:0e:9d:eb:f4:25:c8:a3:
                    43:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:00:41:11:28:8C:34:18:60:D1:E8:CB:6E:8E:32:80:55:45:2B:F8
            X509v3 Authority Key Identifier:
                keyid:49:21:6F:5C:16:5B:82:7A:7F:D7:3D:81:07:AE:BD:2F:63:C6:3E:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SSFvXBZbgnp_1z2BB669L2PGPiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/WgBBESiMNBhg0ejLbo4ygFVFK_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/SSFvXBZbgnp_1z2BB669L2PGPiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.17.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:06:32:4e:31:6d:1e:07:b8:fb:66:b2:2f:9d:ec:d8:e9:ea:
         88:95:be:e4:0f:12:0c:fd:c3:95:79:0b:0c:93:28:fe:bb:62:
         f7:f1:6f:e5:98:15:3c:ff:c7:b2:c8:ca:cd:d6:02:a1:e8:dd:
         89:22:e7:0a:7d:fc:74:37:fe:0f:15:ca:a0:e6:e8:78:a9:9b:
         af:98:23:03:bf:8a:a2:c0:c6:b8:5d:b1:dd:00:dc:b5:b1:d9:
         64:f2:40:ba:cd:49:52:d4:74:ba:a6:12:c0:41:28:52:53:7a:
         8e:98:35:7b:c9:4a:25:0b:dd:4c:bb:84:50:ac:37:44:0e:2f:
         b5:de:11:77:ff:d4:07:f1:18:c7:28:d4:f8:b4:e6:7d:bf:bd:
         76:12:1e:fe:4d:b2:58:83:47:2a:35:e5:86:29:2b:46:a6:3c:
         b0:04:01:21:c5:d9:49:eb:ff:28:37:1d:37:c3:c5:12:a4:76:
         5d:e0:93:f8:79:31:58:00:f0:6e:0d:43:8d:f9:a2:4e:7d:ca:
         b8:7e:32:63:c5:1e:d4:23:cb:7d:4f:99:d7:99:57:ee:8d:80:
         9b:81:6c:5f:87:a8:df:9f:81:d5:50:70:ca:3e:7c:64:28:cc:
         09:f1:79:6a:45:38:11:e6:59:ee:de:ee:80:be:f8:91:c7:a7:
         f8:3a:de:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6Wt9L0iMDZ1Nx83JvQzgOIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5MjE2ZjVjMTY1YjgyN2E3ZmQ3M2Q4MTA3YWViZDJmNjNj
NjNlMjQwHhcNMjYwNjA1MDczODA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTAwNDExMTI4OGMzNDE4NjBkMWU4Y2I2ZThlMzI4MDU1NDUyYmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzQuMsKVRefTizwj3oLFkbGe8ac5S
rNKaOkzOKIHFBzQ2tT94bQ/SDmaHaxU5VSE2MJBziazxSS2CfdNvbzt+w4wd6OmC
fOnF9DAzKWtTx/VRX0oCqVCoUnHkwqjS28cC7H+HSaqngximYwkfnWORwJDOuCrJ
DHNV/55n5z8s5i7wFK3kesXu5XcHEEEdMk+wfHzuWI5WNXQ1aOCdLCRMgCWCPPop
50AluGx1hvpDKOAi5AByBA66KnQqJf76lceMR1x0ltyi7G9gvAazqhwahe/l6E1t
VcSEbMkihsKrxstKSxhRr71Y2Y+ACRFBTkMYGL7fuXBIXw6d6/QlyKNDywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFoAQREojDQYYNHoy26OMoBVRSv4MB8GA1UdIwQY
MBaAFEkhb1wWW4J6f9c9gQeuvS9jxj4kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1NGdlhCWmJnbnBfMXoyQkI2NjlMMlBHUGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi80ODQyYTktOWZjZC00YmI2LWJiMDQt
MGRiYmMyNDllNjU3LzEvV2dCQkVTaU1OQmhnMGVqTGJvNHlnRlZGS19nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi80ODQyYTktOWZjZC00YmI2LWJiMDQtMGRiYmMyNDllNjU3
LzEvU1NGdlhCWmJnbnBfMXoyQkI2NjlMMlBHUGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAshE/MA0G
CSqGSIb3DQEBCwUAA4IBAQA/BjJOMW0eB7j7ZrIvnezY6eqIlb7kDxIM/cOVeQsM
kyj+u2L38W/lmBU8/8eyyMrN1gKh6N2JIucKffx0N/4PFcqg5uh4qZuvmCMDv4qi
wMa4XbHdANy1sdlk8kC6zUlS1HS6phLAQShSU3qOmDV7yUolC91Mu4RQrDdEDi+1
3hF3/9QH8RjHKNT4tOZ9v712Eh7+TbJYg0cqNeWGKStGpjywBAEhxdlJ6/8oNx03
w8USpHZd4JP4eTFYAPBuDUON+aJOfcq4fjJjxR7UI8t9T5nXmVfujYCbgWxfh6jf
n4HVUHDKPnxkKMwJ8XlqRTgR5lnu3u6AvviRx6f4Ot6h
-----END CERTIFICATE-----