Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/bd6f18-ea7d-43c4-9c85-87a3f3b31150/1/WrNQoDwnfoyel6qkeQLmIfknMe4.roa
File:                     WrNQoDwnfoyel6qkeQLmIfknMe4.roa (raw, json)
Hash identifier:          Zl9GWfOo6FfCVlawFyOWUS5iFXY5ABm6XsSvvOB7V1M=
Subject key identifier:   5A:B3:50:A0:3C:27:7E:8C:9E:97:AA:A4:79:02:E6:21:F9:27:31:EE
Certificate issuer:       /CN=51326fabb1256fa02277e5ee034b7991ff3185a5
Certificate serial:       019EDA154780EE36029A8259215D4DE2AE78
Authority key identifier: 51:32:6F:AB:B1:25:6F:A0:22:77:E5:EE:03:4B:79:91:FF:31:85:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UTJvq7Elb6Aid-XuA0t5kf8xhaU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/bd6f18-ea7d-43c4-9c85-87a3f3b31150/1/WrNQoDwnfoyel6qkeQLmIfknMe4.roa
Signing time:             Thu 18 Jun 2026 09:34:48 +0000
ROA not before:           Thu 18 Jun 2026 09:34:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31034
IP address blocks:        185.213.218.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/bd6f18-ea7d-43c4-9c85-87a3f3b31150/1/UTJvq7Elb6Aid-XuA0t5kf8xhaU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/bd6f18-ea7d-43c4-9c85-87a3f3b31150/1/UTJvq7Elb6Aid-XuA0t5kf8xhaU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UTJvq7Elb6Aid-XuA0t5kf8xhaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:da:15:47:80:ee:36:02:9a:82:59:21:5d:4d:e2:ae:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51326fabb1256fa02277e5ee034b7991ff3185a5
        Validity
            Not Before: Jun 18 09:34:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5ab350a03c277e8c9e97aaa47902e621f92731ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:de:76:9a:ef:3f:3e:d3:67:51:2a:5a:b2:1d:
                    e3:e4:8a:b3:cd:b5:b2:f6:67:81:4e:70:37:85:d1:
                    d3:d7:4a:c2:05:3f:b8:89:03:50:85:3d:1e:a5:44:
                    61:fb:c0:80:8a:de:33:c6:e2:8d:02:69:b5:25:bc:
                    e4:29:8d:8f:7f:74:9b:27:c3:17:2b:14:c9:32:9c:
                    37:b9:0f:73:e0:8a:e3:9c:0c:0d:12:e8:80:ae:88:
                    56:b2:7c:bf:b1:9e:6e:ac:81:66:98:6b:63:2a:45:
                    12:f1:f1:58:67:51:b0:8d:c5:d4:1d:85:ec:d4:82:
                    67:f8:c0:b8:e5:f8:28:4e:8f:cf:7e:be:5c:18:af:
                    c4:eb:52:a8:90:5f:c0:da:09:e7:31:33:25:2d:a1:
                    01:f8:d0:2e:84:5f:5b:c2:d8:dc:c9:07:83:2e:eb:
                    49:a7:65:f8:60:c3:58:2f:f1:b1:6d:0c:7a:39:c8:
                    a4:67:0e:9e:af:e8:77:8a:5c:32:ac:bd:22:6d:41:
                    55:95:d0:6e:0e:25:e2:c9:00:66:7b:d9:6b:22:69:
                    83:62:ce:42:a5:18:2b:b9:af:0f:bf:6d:73:c1:b9:
                    b6:c0:2f:12:85:dd:e8:45:0e:54:26:16:03:ae:9d:
                    32:22:dc:57:f8:56:11:5f:84:d4:fd:4f:4a:0e:df:
                    23:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:B3:50:A0:3C:27:7E:8C:9E:97:AA:A4:79:02:E6:21:F9:27:31:EE
            X509v3 Authority Key Identifier:
                keyid:51:32:6F:AB:B1:25:6F:A0:22:77:E5:EE:03:4B:79:91:FF:31:85:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UTJvq7Elb6Aid-XuA0t5kf8xhaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/bd6f18-ea7d-43c4-9c85-87a3f3b31150/1/WrNQoDwnfoyel6qkeQLmIfknMe4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/bd6f18-ea7d-43c4-9c85-87a3f3b31150/1/UTJvq7Elb6Aid-XuA0t5kf8xhaU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.213.218.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b9:38:a2:77:9e:10:e9:15:5c:03:17:08:b5:5e:be:c7:d6:ad:
         c7:e6:4f:2e:05:03:00:df:54:64:42:28:fb:33:47:3c:37:40:
         dc:c4:02:40:8d:cc:64:36:b0:d1:15:1c:89:9d:e2:9f:bc:54:
         05:0e:ff:36:2f:3b:e0:49:64:f7:e0:59:2b:51:f0:db:ca:80:
         b2:84:c4:14:f9:1f:fd:2f:26:33:cb:37:5f:cf:f6:92:a1:db:
         a9:84:98:42:92:c3:a3:79:b9:72:11:fd:d4:d5:f6:b9:a1:29:
         68:b5:17:f5:1a:c0:26:1f:1a:ec:64:b4:7b:9e:eb:52:41:bb:
         a8:50:04:f7:ca:70:67:79:33:ef:a2:17:e3:67:3a:fc:8d:1d:
         b4:2c:f4:b4:e3:32:92:01:1e:eb:89:10:04:53:48:ce:42:f3:
         7d:5f:4e:25:dd:b9:b7:94:86:ba:10:f7:34:6a:2e:fa:ff:c5:
         36:8d:d4:8c:ec:02:74:85:36:a2:c2:d5:ff:91:5e:7c:78:8f:
         37:8a:7b:60:80:83:c5:a8:09:3c:d6:e9:86:bf:7f:04:80:c9:
         91:7e:be:03:20:b5:73:01:ca:fc:df:15:bb:18:11:bc:4a:98:
         b9:8f:00:fd:24:5c:e9:4d:03:03:0c:4b:b3:ab:ab:41:19:db:
         f2:72:3e:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7aFUeA7jYCmoJZIV1N4q54MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMzI2ZmFiYjEyNTZmYTAyMjc3ZTVlZTAzNGI3OTkxZmYz
MTg1YTUwHhcNMjYwNjE4MDkzNDQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWIzNTBhMDNjMjc3ZThjOWU5N2FhYTQ3OTAyZTYyMWY5MjczMWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2N52mu8/PtNnUSpash3j5IqzzbWy
9meBTnA3hdHT10rCBT+4iQNQhT0epURh+8CAit4zxuKNAmm1JbzkKY2Pf3SbJ8MX
KxTJMpw3uQ9z4IrjnAwNEuiArohWsny/sZ5urIFmmGtjKkUS8fFYZ1GwjcXUHYXs
1IJn+MC45fgoTo/Pfr5cGK/E61KokF/A2gnnMTMlLaEB+NAuhF9bwtjcyQeDLutJ
p2X4YMNYL/GxbQx6OcikZw6er+h3ilwyrL0ibUFVldBuDiXiyQBme9lrImmDYs5C
pRgrua8Pv21zwbm2wC8Shd3oRQ5UJhYDrp0yItxX+FYRX4TU/U9KDt8jMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFqzUKA8J36MnpeqpHkC5iH5JzHuMB8GA1UdIwQY
MBaAFFEyb6uxJW+gInfl7gNLeZH/MYWlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVRKdnE3RWxiNkFpZC1YdUEwdDVrZjh4aGFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi9iZDZmMTgtZWE3ZC00M2M0LTljODUt
ODdhM2YzYjMxMTUwLzEvV3JOUW9Ed25mb3llbDZxa2VRTG1JZmtuTWU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi9iZDZmMTgtZWE3ZC00M2M0LTljODUtODdhM2YzYjMxMTUw
LzEvVVRKdnE3RWxiNkFpZC1YdUEwdDVrZjh4aGFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBudXaMA0G
CSqGSIb3DQEBCwUAA4IBAQC5OKJ3nhDpFVwDFwi1Xr7H1q3H5k8uBQMA31RkQij7
M0c8N0DcxAJAjcxkNrDRFRyJneKfvFQFDv82LzvgSWT34FkrUfDbyoCyhMQU+R/9
LyYzyzdfz/aSoduphJhCksOjeblyEf3U1fa5oSlotRf1GsAmHxrsZLR7nutSQbuo
UAT3ynBneTPvohfjZzr8jR20LPS04zKSAR7riRAEU0jOQvN9X04l3bm3lIa6EPc0
ai76/8U2jdSM7AJ0hTaiwtX/kV58eI83intggIPFqAk81umGv38EgMmRfr4DILVz
Acr83xW7GBG8Spi5jwD9JFzpTQMDDEuzq6tBGdvycj4h
-----END CERTIFICATE-----