Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/wnrT0lCYLHW2wtAS-UsPdzbCuE4.roa
File:                     wnrT0lCYLHW2wtAS-UsPdzbCuE4.roa (raw, json)
Hash identifier:          BRm89z/l+kKbdn26JzqMifrc7bDhOG/Y4poCpOQIQ3U=
Subject key identifier:   C2:7A:D3:D2:50:98:2C:75:B6:C2:D0:12:F9:4B:0F:77:36:C2:B8:4E
Certificate issuer:       /CN=2fa16ab06020067740a4c1fb47a912622f1d0722
Certificate serial:       019E475BC3E79D5D7B7ADB19219E0634E7B8
Authority key identifier: 2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/wnrT0lCYLHW2wtAS-UsPdzbCuE4.roa
Signing time:             Wed 20 May 2026 21:47:36 +0000
ROA not before:           Wed 20 May 2026 21:47:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3214
IP address blocks:        213.145.72.0/24 maxlen: 24
                          213.145.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 03:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:47:5b:c3:e7:9d:5d:7b:7a:db:19:21:9e:06:34:e7:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fa16ab06020067740a4c1fb47a912622f1d0722
        Validity
            Not Before: May 20 21:47:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c27ad3d250982c75b6c2d012f94b0f7736c2b84e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:03:f9:dc:77:44:9f:54:2b:e6:b9:32:48:53:
                    67:d0:a7:8e:bd:76:60:6e:08:f4:a6:ae:b2:93:e0:
                    f2:51:25:23:66:2d:41:68:07:37:74:48:fb:6b:35:
                    1c:bf:cf:f6:7c:0b:9a:e5:81:06:8f:12:ca:3d:e9:
                    7e:84:1e:90:dc:a2:6b:ce:f1:95:fb:73:9e:08:99:
                    7a:4f:40:31:5f:4b:cd:97:42:6d:d3:e4:de:82:fe:
                    0f:59:b3:62:1b:bf:5b:8b:f8:f8:90:10:03:d9:ff:
                    70:b6:3c:62:da:ae:70:43:2a:7e:05:b3:e1:cc:60:
                    95:eb:03:3f:e0:9e:bc:ee:af:16:fb:b3:c1:19:1d:
                    ce:57:31:35:a1:b0:ae:03:04:9f:aa:c3:53:8a:bd:
                    78:61:1a:56:2a:2c:94:15:f3:ab:16:55:05:08:29:
                    dc:3a:73:5d:81:05:a9:0b:9e:53:e2:3d:60:a7:f9:
                    4f:79:7a:e4:28:98:f9:9f:03:24:ae:a1:f0:95:53:
                    8c:bd:35:49:5e:74:ea:43:3a:4e:d8:30:be:0c:53:
                    6c:0b:20:ca:0b:6d:9c:46:4e:92:66:31:00:9b:b9:
                    10:00:e4:90:51:ae:72:60:6f:9e:7a:94:55:02:2f:
                    87:08:7a:4f:55:d7:6c:ad:0d:0e:e4:30:c0:be:1b:
                    03:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:7A:D3:D2:50:98:2C:75:B6:C2:D0:12:F9:4B:0F:77:36:C2:B8:4E
            X509v3 Authority Key Identifier:
                keyid:2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/wnrT0lCYLHW2wtAS-UsPdzbCuE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.145.72.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5c:ad:15:2b:ee:8d:ef:bb:bc:d5:5e:32:61:2e:39:96:f1:1e:
         ff:39:94:c1:18:58:a6:bd:02:09:b4:29:1a:0f:a0:24:6e:4e:
         0b:3f:a5:2a:de:0a:5c:47:f4:1a:04:14:56:6d:d8:6c:5e:15:
         87:4d:a8:8f:f9:25:26:b1:e6:e5:f8:23:90:95:b6:0f:9f:c0:
         39:03:18:54:7d:ff:ed:40:85:a6:bb:bb:8a:31:be:8c:0b:e9:
         26:8f:65:3a:39:9e:9b:92:7c:f4:67:fd:92:b9:85:61:ca:3f:
         c5:a4:6b:63:07:ff:5d:1f:01:92:65:8e:ac:58:f7:c1:b7:c1:
         b2:7a:53:85:a4:8e:3d:06:ef:30:d7:02:a7:94:07:7e:bb:a2:
         f9:09:7d:2e:b3:f3:cb:cc:b0:1a:c8:c2:64:f3:71:06:62:56:
         46:f9:fc:de:79:67:77:c0:6f:80:ab:33:f5:82:4e:f2:a9:80:
         16:6e:8c:39:3e:ec:ef:0b:68:b3:37:c6:df:20:da:a9:3e:bb:
         7f:ff:45:8a:44:3f:e0:47:fd:ff:c6:66:d5:de:0c:91:33:c2:
         fb:1d:17:f8:97:03:5b:b2:d8:19:6f:b1:58:fa:d0:20:68:0f:
         24:9b:fd:f7:ca:b0:04:70:13:75:c4:77:25:c8:89:f5:da:0e:
         7f:69:bc:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5HW8PnnV17etsZIZ4GNOe4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYTE2YWIwNjAyMDA2Nzc0MGE0YzFmYjQ3YTkxMjYyMmYx
ZDA3MjIwHhcNMjYwNTIwMjE0NzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjdhZDNkMjUwOTgyYzc1YjZjMmQwMTJmOTRiMGY3NzM2YzJiODRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwP53HdEn1Qr5rkySFNn0KeOvXZg
bgj0pq6yk+DyUSUjZi1BaAc3dEj7azUcv8/2fAua5YEGjxLKPel+hB6Q3KJrzvGV
+3OeCJl6T0AxX0vNl0Jt0+Tegv4PWbNiG79bi/j4kBAD2f9wtjxi2q5wQyp+BbPh
zGCV6wM/4J687q8W+7PBGR3OVzE1obCuAwSfqsNTir14YRpWKiyUFfOrFlUFCCnc
OnNdgQWpC55T4j1gp/lPeXrkKJj5nwMkrqHwlVOMvTVJXnTqQzpO2DC+DFNsCyDK
C22cRk6SZjEAm7kQAOSQUa5yYG+eepRVAi+HCHpPVddsrQ0O5DDAvhsD0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMJ609JQmCx1tsLQEvlLD3c2wrhOMB8GA1UdIwQY
MBaAFC+harBgIAZ3QKTB+0epEmIvHQciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUt
ZDI0MmI2ZjNhOGExLzEvd25yVDBsQ1lMSFcyd3RBUy1Vc1BkemJDdUU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUtZDI0MmI2ZjNhOGEx
LzEvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1ZFIMA0G
CSqGSIb3DQEBCwUAA4IBAQBcrRUr7o3vu7zVXjJhLjmW8R7/OZTBGFimvQIJtCka
D6Akbk4LP6Uq3gpcR/QaBBRWbdhsXhWHTaiP+SUmsebl+COQlbYPn8A5AxhUff/t
QIWmu7uKMb6MC+kmj2U6OZ6bknz0Z/2SuYVhyj/FpGtjB/9dHwGSZY6sWPfBt8Gy
elOFpI49Bu8w1wKnlAd+u6L5CX0us/PLzLAayMJk83EGYlZG+fzeeWd3wG+AqzP1
gk7yqYAWbow5PuzvC2izN8bfINqpPrt//0WKRD/gR/3/xmbV3gyRM8L7HRf4lwNb
stgZb7FY+tAgaA8km/33yrAEcBN1xHclyIn12g5/abzg
-----END CERTIFICATE-----