Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/500fa9-6fb8-4768-80de-1340cc5b3d57/1/1wC70OGBB84YZ8LzzI7GRE1FXLw.roa
File:                     1wC70OGBB84YZ8LzzI7GRE1FXLw.roa (raw, json)
Hash identifier:          61O42HPTbjFtxU4oF7cNiKUH0sHQufjgX2XI1LEtyCM=
Subject key identifier:   D7:00:BB:D0:E1:81:07:CE:18:67:C2:F3:CC:8E:C6:44:4D:45:5C:BC
Certificate issuer:       /CN=f1b15e77af4edde11192c6fecd50b21cd379d421
Certificate serial:       019B7D5C715D500ABC37C8B7AC1FBF0DE9D5
Authority key identifier: F1:B1:5E:77:AF:4E:DD:E1:11:92:C6:FE:CD:50:B2:1C:D3:79:D4:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8bFed69O3eERksb-zVCyHNN51CE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/500fa9-6fb8-4768-80de-1340cc5b3d57/1/1wC70OGBB84YZ8LzzI7GRE1FXLw.roa
Signing time:             Fri 02 Jan 2026 06:19:28 +0000
ROA not before:           Fri 02 Jan 2026 06:19:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59576
IP address blocks:        176.241.252.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/500fa9-6fb8-4768-80de-1340cc5b3d57/1/8bFed69O3eERksb-zVCyHNN51CE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/500fa9-6fb8-4768-80de-1340cc5b3d57/1/8bFed69O3eERksb-zVCyHNN51CE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8bFed69O3eERksb-zVCyHNN51CE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Feb 2026 18:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:71:5d:50:0a:bc:37:c8:b7:ac:1f:bf:0d:e9:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1b15e77af4edde11192c6fecd50b21cd379d421
        Validity
            Not Before: Jan  2 06:19:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d700bbd0e18107ce1867c2f3cc8ec6444d455cbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:e2:31:8c:26:6d:5b:12:9b:9b:a5:e6:f6:26:
                    31:c8:65:01:01:c8:d4:f1:ed:8f:b4:64:c1:71:47:
                    07:97:bc:a3:33:8c:c7:8e:d1:22:69:af:1c:87:33:
                    5c:3e:5c:38:6e:71:21:40:1b:09:5a:0d:57:3c:0b:
                    8f:dc:40:b8:55:13:5e:40:ba:97:cb:f0:21:aa:1e:
                    76:83:b8:3d:e7:dc:e5:60:3c:ea:73:b6:7a:41:06:
                    ef:41:61:ce:85:70:b3:21:0a:bd:ee:48:76:9b:a3:
                    9d:21:20:57:91:c0:39:e9:fc:2f:72:00:0e:1c:7a:
                    80:3b:25:f2:15:69:10:f1:a5:3b:a9:32:56:0f:c1:
                    8b:0e:8b:d2:f0:4f:83:b4:5d:35:ee:6b:c2:92:c6:
                    94:74:c4:2c:fd:4c:8f:7a:97:03:aa:e6:df:23:9e:
                    62:4e:db:7c:b8:04:19:4b:6c:c6:90:25:a1:5f:14:
                    08:c1:74:9f:dc:da:90:59:85:9f:6e:e0:40:5b:bf:
                    12:a9:f2:3c:29:e1:00:c0:6f:0b:bb:47:12:9d:87:
                    2f:f5:bd:e1:55:41:47:51:77:90:9e:c1:36:67:dc:
                    8b:43:e2:ef:42:b0:2a:4c:81:e6:1c:40:2e:e5:38:
                    44:02:65:46:9a:f9:36:aa:9a:3e:a2:16:11:d6:97:
                    e3:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:00:BB:D0:E1:81:07:CE:18:67:C2:F3:CC:8E:C6:44:4D:45:5C:BC
            X509v3 Authority Key Identifier:
                keyid:F1:B1:5E:77:AF:4E:DD:E1:11:92:C6:FE:CD:50:B2:1C:D3:79:D4:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8bFed69O3eERksb-zVCyHNN51CE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/500fa9-6fb8-4768-80de-1340cc5b3d57/1/1wC70OGBB84YZ8LzzI7GRE1FXLw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/500fa9-6fb8-4768-80de-1340cc5b3d57/1/8bFed69O3eERksb-zVCyHNN51CE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.241.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         19:74:dd:c7:7f:3b:d0:ee:bf:2c:ef:24:00:04:5b:93:da:a1:
         ca:bb:93:f5:b0:c9:83:21:c9:da:bd:4f:7b:68:29:72:a0:62:
         12:52:b3:90:17:c2:70:b1:78:2e:89:ef:45:ba:26:da:9c:4b:
         b9:4c:1b:c5:ac:d6:c8:03:a5:31:2b:4b:2f:4b:99:24:f9:b3:
         6a:6c:29:91:c9:a5:f1:6a:35:e4:ed:2d:39:a8:07:d4:2f:b6:
         98:ad:be:a8:ab:06:68:4c:76:4e:73:a6:60:fc:cd:6d:8d:1c:
         7e:59:46:44:7c:e6:bd:f1:d5:22:2e:c8:ae:83:e5:c0:16:78:
         92:c6:6e:a6:71:d9:79:97:ae:cd:14:fd:87:a1:fe:b2:9e:09:
         16:a4:dc:13:e7:66:f7:3a:ed:24:d2:2c:77:1f:dd:cb:3c:c5:
         b8:25:4d:c2:4c:be:2f:41:c6:80:f2:30:88:5d:09:62:a1:99:
         d1:03:48:68:da:a7:a6:cc:43:78:d4:51:68:ee:aa:29:cb:a1:
         3c:2a:e1:c0:9b:70:bf:c5:4c:10:15:d9:06:b1:49:91:e3:32:
         11:6d:d7:99:e7:97:c4:3d:74:c5:bb:b1:48:ec:69:c6:20:10:
         ac:98:26:c5:cd:6d:d0:69:98:9c:fc:dc:4a:7b:2f:b2:b1:94:
         54:8c:a3:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XHFdUAq8N8i3rB+/DenVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxYjE1ZTc3YWY0ZWRkZTExMTkyYzZmZWNkNTBiMjFjZDM3
OWQ0MjEwHhcNMjYwMTAyMDYxOTI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzAwYmJkMGUxODEwN2NlMTg2N2MyZjNjYzhlYzY0NDRkNDU1Y2JjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxeIxjCZtWxKbm6Xm9iYxyGUBAcjU
8e2PtGTBcUcHl7yjM4zHjtEiaa8chzNcPlw4bnEhQBsJWg1XPAuP3EC4VRNeQLqX
y/Ahqh52g7g959zlYDzqc7Z6QQbvQWHOhXCzIQq97kh2m6OdISBXkcA56fwvcgAO
HHqAOyXyFWkQ8aU7qTJWD8GLDovS8E+DtF017mvCksaUdMQs/UyPepcDqubfI55i
Ttt8uAQZS2zGkCWhXxQIwXSf3NqQWYWfbuBAW78SqfI8KeEAwG8Lu0cSnYcv9b3h
VUFHUXeQnsE2Z9yLQ+LvQrAqTIHmHEAu5ThEAmVGmvk2qpo+ohYR1pfjuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNcAu9DhgQfOGGfC88yOxkRNRVy8MB8GA1UdIwQY
MBaAFPGxXnevTt3hEZLG/s1QshzTedQhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGJGZWQ2OU8zZUVSa3NiLXpWQ3lITk41MUNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy81MDBmYTktNmZiOC00NzY4LTgwZGUt
MTM0MGNjNWIzZDU3LzEvMXdDNzBPR0JCODRZWjhMenpJN0dSRTFGWEx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy81MDBmYTktNmZiOC00NzY4LTgwZGUtMTM0MGNjNWIzZDU3
LzEvOGJGZWQ2OU8zZUVSa3NiLXpWQ3lITk41MUNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsPH8MA0G
CSqGSIb3DQEBCwUAA4IBAQAZdN3HfzvQ7r8s7yQABFuT2qHKu5P1sMmDIcnavU97
aClyoGISUrOQF8JwsXguie9FuibanEu5TBvFrNbIA6UxK0svS5kk+bNqbCmRyaXx
ajXk7S05qAfUL7aYrb6oqwZoTHZOc6Zg/M1tjRx+WUZEfOa98dUiLsiug+XAFniS
xm6mcdl5l67NFP2Hof6yngkWpNwT52b3Ou0k0ix3H93LPMW4JU3CTL4vQcaA8jCI
XQlioZnRA0ho2qemzEN41FFo7qopy6E8KuHAm3C/xUwQFdkGsUmR4zIRbdeZ55fE
PXTFu7FI7GnGIBCsmCbFzW3QaZic/NxKey+ysZRUjKMH
-----END CERTIFICATE-----