Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/wBXz2nATpMPnPKuxhmOxQYcqOFE.roa
File:                     wBXz2nATpMPnPKuxhmOxQYcqOFE.roa (raw, json)
Hash identifier:          LPrXhSlkWWy6umfNQoh02Jq8Bwfs0KDadhR5ReAchvg=
Subject key identifier:   C0:15:F3:DA:70:13:A4:C3:E7:3C:AB:B1:86:63:B1:41:87:2A:38:51
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       019A1638F8B7F10F5087BBA2642EB33B03FE
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/wBXz2nATpMPnPKuxhmOxQYcqOFE.roa
Signing time:             Fri 24 Oct 2025 12:37:03 +0000
ROA not before:           Fri 24 Oct 2025 12:37:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202984
IP address blocks:        185.39.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Oct 2025 15:57:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:16:38:f8:b7:f1:0f:50:87:bb:a2:64:2e:b3:3b:03:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Oct 24 12:37:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c015f3da7013a4c3e73cabb18663b141872a3851
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:26:79:05:be:96:66:fc:a0:1a:32:98:c2:c9:
                    51:4f:81:e8:14:bc:ea:e7:5e:68:30:2b:de:c3:58:
                    7e:78:4d:2b:3d:13:ef:bb:d3:f9:86:4f:e0:a8:c1:
                    e6:06:17:ff:c4:ed:e9:48:50:9b:ae:3f:12:ff:91:
                    f9:83:59:39:00:b1:5f:fe:44:57:76:5e:51:84:66:
                    47:14:c6:9c:ad:c9:57:31:33:32:56:57:4c:6a:b9:
                    39:0e:2e:f3:04:59:4f:88:68:8a:6e:c6:32:4d:04:
                    92:0a:a4:3c:42:60:0a:69:3f:bb:6c:88:6f:57:21:
                    03:c8:07:dd:27:61:1d:9d:2e:c6:b5:91:0f:cc:d6:
                    18:d3:8e:25:e2:13:e9:b7:d8:5a:bb:43:a4:7c:5c:
                    54:9d:2e:7c:36:94:fa:aa:47:2b:d6:38:97:7a:a2:
                    1f:11:a3:8e:91:02:4e:a9:7c:cc:66:40:29:f5:11:
                    19:3c:da:f3:c9:d9:37:e7:a3:47:52:3e:d1:f6:d9:
                    6b:ef:5f:81:8f:1b:5e:e7:70:66:24:c7:f0:79:69:
                    d9:9a:41:74:e5:f3:26:2e:31:37:40:ee:e6:79:27:
                    80:3c:4b:67:ea:72:62:96:1c:8c:c4:a5:c8:de:1a:
                    19:d1:e0:2a:65:46:47:95:23:ad:c5:36:f4:47:ab:
                    8a:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:15:F3:DA:70:13:A4:C3:E7:3C:AB:B1:86:63:B1:41:87:2A:38:51
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/wBXz2nATpMPnPKuxhmOxQYcqOFE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.39.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:17:68:db:87:ba:76:41:67:67:b3:9e:4d:ff:16:2c:2d:62:
         ba:59:c6:9d:15:32:23:9b:84:0f:34:37:37:1f:41:60:e1:f8:
         e8:c6:11:e0:f2:52:bf:d6:60:51:3b:20:7e:2c:3b:62:76:cc:
         5d:73:5a:b4:c8:2f:17:88:27:fc:0b:0c:a7:94:bc:c1:61:a5:
         08:8d:3e:2d:0a:8e:ca:ea:02:0a:22:88:1b:62:82:1d:f7:26:
         cf:41:33:aa:06:14:e1:65:dc:74:66:40:73:6e:2c:19:8e:e2:
         74:53:8d:35:28:a6:e5:b9:ee:31:45:70:05:73:56:32:42:1f:
         46:41:41:6e:04:08:d3:35:f0:8b:03:c1:9b:1d:de:28:7e:91:
         13:87:63:e5:ea:70:b0:f5:35:24:cc:54:41:7b:03:b8:77:21:
         e7:a8:c0:c4:b8:35:ed:76:ae:83:95:6a:7d:1d:54:2c:6f:f3:
         01:8c:e9:97:89:ac:1d:35:18:a9:00:29:6f:d0:d2:35:8c:e8:
         a7:72:c5:2f:7f:27:9f:23:2e:3a:a9:e9:28:e8:d1:6e:bb:7c:
         df:5f:12:88:00:47:93:f1:50:49:f1:74:c6:1a:1e:2e:ba:1c:
         60:28:90:da:32:ff:57:95:31:61:ec:ff:3f:72:07:35:3c:df:
         24:8f:4c:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoWOPi38Q9Qh7uiZC6zOwP+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjUxMDI0MTIzNzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDE1ZjNkYTcwMTNhNGMzZTczY2FiYjE4NjYzYjE0MTg3MmEzODUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwCZ5Bb6WZvygGjKYwslRT4HoFLzq
515oMCvew1h+eE0rPRPvu9P5hk/gqMHmBhf/xO3pSFCbrj8S/5H5g1k5ALFf/kRX
dl5RhGZHFMacrclXMTMyVldMark5Di7zBFlPiGiKbsYyTQSSCqQ8QmAKaT+7bIhv
VyEDyAfdJ2EdnS7GtZEPzNYY044l4hPpt9hau0OkfFxUnS58NpT6qkcr1jiXeqIf
EaOOkQJOqXzMZkAp9REZPNrzydk356NHUj7R9tlr71+Bjxte53BmJMfweWnZmkF0
5fMmLjE3QO7meSeAPEtn6nJilhyMxKXI3hoZ0eAqZUZHlSOtxTb0R6uK6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMAV89pwE6TD5zyrsYZjsUGHKjhRMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvd0JYejJuQVRwTVBuUEt1eGhtT3hRWWNxT0ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSfNMA0G
CSqGSIb3DQEBCwUAA4IBAQAHF2jbh7p2QWdns55N/xYsLWK6WcadFTIjm4QPNDc3
H0Fg4fjoxhHg8lK/1mBROyB+LDtidsxdc1q0yC8XiCf8CwynlLzBYaUIjT4tCo7K
6gIKIogbYoId9ybPQTOqBhThZdx0ZkBzbiwZjuJ0U401KKblue4xRXAFc1YyQh9G
QUFuBAjTNfCLA8GbHd4ofpETh2Pl6nCw9TUkzFRBewO4dyHnqMDEuDXtdq6DlWp9
HVQsb/MBjOmXiawdNRipAClv0NI1jOincsUvfyefIy46qeko6NFuu3zfXxKIAEeT
8VBJ8XTGGh4uuhxgKJDaMv9XlTFh7P8/cgc1PN8kj0z1
-----END CERTIFICATE-----