Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/WLSifeKe76im-tvDk8PcRAHDzJI.roa
File:                     WLSifeKe76im-tvDk8PcRAHDzJI.roa (raw, json)
Hash identifier:          3MxuLgBif1bsCBwTCgWRVZ5TrOdI2BQf8JiToB8vne4=
Subject key identifier:   58:B4:A2:7D:E2:9E:EF:A8:A6:FA:DB:C3:93:C3:DC:44:01:C3:CC:92
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       019C330E7BAB6BEB86FBD42A17B4DD616137
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/WLSifeKe76im-tvDk8PcRAHDzJI.roa
Signing time:             Fri 06 Feb 2026 13:05:13 +0000
ROA not before:           Fri 06 Feb 2026 13:05:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206604
IP address blocks:        2a0d:d940:500::/40 maxlen: 40
                          2a0d:d940:2005::/48 maxlen: 48
                          2a0d:d940:2007::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:33:0e:7b:ab:6b:eb:86:fb:d4:2a:17:b4:dd:61:61:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Feb  6 13:05:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=58b4a27de29eefa8a6fadbc393c3dc4401c3cc92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:bb:b3:6f:c6:9c:df:83:a5:9a:e9:6b:b2:c7:
                    c6:ed:91:75:e0:b4:a2:e0:49:ec:31:48:cd:d3:5a:
                    26:c7:c2:70:5f:7f:58:6d:cc:2d:fa:d3:0d:b6:cf:
                    f7:34:e2:35:7a:da:b0:ef:7b:8a:9f:0b:d5:59:62:
                    27:cf:1e:bd:4c:e5:4d:83:f3:a3:eb:92:0f:6d:2a:
                    67:2d:94:52:e1:c3:f4:a5:db:9e:be:33:f6:2e:4c:
                    d4:b6:30:a5:54:ec:40:ff:02:b3:8c:49:7e:66:5b:
                    35:a5:c9:ca:cf:b2:d3:da:31:75:44:3b:05:28:ff:
                    0f:25:2b:00:39:1c:0b:21:e4:e6:63:46:d2:0e:ce:
                    a9:d5:2e:f8:d2:a1:83:f7:09:cd:39:37:11:5d:ad:
                    d7:d4:d3:cb:34:ec:f4:ef:39:61:d5:ed:55:bf:b9:
                    be:de:a3:ce:7f:e8:be:b3:96:5d:69:12:6e:eb:95:
                    8d:36:e6:49:2a:2d:4e:11:da:df:88:9f:70:06:85:
                    bf:77:35:b2:c8:1e:8c:98:de:8f:1d:21:1d:e4:88:
                    33:4b:b4:28:90:83:ec:04:5a:96:c3:e4:b9:31:7d:
                    16:ca:8f:1f:4a:56:ee:e4:68:b0:d0:e3:08:f7:94:
                    35:13:b5:16:ae:38:c3:af:ac:96:5c:06:64:f7:f9:
                    bc:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:B4:A2:7D:E2:9E:EF:A8:A6:FA:DB:C3:93:C3:DC:44:01:C3:CC:92
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/WLSifeKe76im-tvDk8PcRAHDzJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:500::/40
                  2a0d:d940:2005::/48
                  2a0d:d940:2007::/48

    Signature Algorithm: sha256WithRSAEncryption
         a8:33:60:1e:d1:44:34:27:ed:2e:f3:e4:aa:53:67:af:64:bf:
         56:f3:a8:57:46:64:3a:04:47:27:46:6b:cb:71:72:09:c5:a2:
         3b:14:fd:e6:36:31:b5:ed:2e:ed:c4:ae:a7:8c:a0:3b:e8:d5:
         f7:74:98:94:42:6a:26:4b:a6:68:f2:0c:a8:3e:6d:46:7d:d3:
         af:84:b5:a3:04:8c:55:7c:46:d4:cb:dd:7d:9d:5e:1e:cb:d8:
         08:0e:d6:d1:9b:cb:60:69:e2:e5:dd:9d:26:df:a6:a6:36:ca:
         ef:32:e7:2f:d4:a4:25:42:05:77:ad:19:9a:2e:08:f4:fc:b8:
         dc:94:d4:bc:98:0e:43:78:27:7b:7a:69:8a:66:a0:f1:ea:b4:
         af:4b:d1:b0:e6:83:51:ca:cf:81:59:1c:4c:8a:5b:ab:88:73:
         c9:ba:8c:d5:36:be:85:fb:73:74:1e:84:df:af:d2:cc:b9:a5:
         f4:c1:5c:f4:d6:4b:b6:1a:fb:65:e3:15:3e:fe:a1:0d:df:17:
         04:79:eb:a4:6d:f8:af:42:8b:4e:85:66:2f:83:5c:a4:0a:d3:
         81:aa:74:35:c7:d4:0b:77:46:c7:03:52:1e:a9:c1:ea:ae:b8:
         de:62:e6:d0:35:cb:12:55:6e:78:0f:75:20:22:e0:3b:43:b2:
         de:e7:c3:52
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZwzDnura+uG+9QqF7TdYWE3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjYwMjA2MTMwNTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGI0YTI3ZGUyOWVlZmE4YTZmYWRiYzM5M2MzZGM0NDAxYzNjYzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApbuzb8ac34OlmulrssfG7ZF14LSi
4EnsMUjN01omx8JwX39Ybcwt+tMNts/3NOI1etqw73uKnwvVWWInzx69TOVNg/Oj
65IPbSpnLZRS4cP0pduevjP2LkzUtjClVOxA/wKzjEl+Zls1pcnKz7LT2jF1RDsF
KP8PJSsAORwLIeTmY0bSDs6p1S740qGD9wnNOTcRXa3X1NPLNOz07zlh1e1Vv7m+
3qPOf+i+s5ZdaRJu65WNNuZJKi1OEdrfiJ9wBoW/dzWyyB6MmN6PHSEd5IgzS7Qo
kIPsBFqWw+S5MX0Wyo8fSlbu5Giw0OMI95Q1E7UWrjjDr6yWXAZk9/m8HwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFFi0on3inu+opvrbw5PD3EQBw8ySMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvV0xTaWZlS2U3NmltLXR2RGs4UGNSQUhEekpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAAjAaAwYAKg3ZQAUD
BwAqDdlAIAUDBwAqDdlAIAcwDQYJKoZIhvcNAQELBQADggEBAKgzYB7RRDQn7S7z
5KpTZ69kv1bzqFdGZDoERydGa8txcgnFojsU/eY2MbXtLu3ErqeMoDvo1fd0mJRC
aiZLpmjyDKg+bUZ906+EtaMEjFV8RtTL3X2dXh7L2AgO1tGby2Bp4uXdnSbfpqY2
yu8y5y/UpCVCBXetGZouCPT8uNyU1LyYDkN4J3t6aYpmoPHqtK9L0bDmg1HKz4FZ
HEyKW6uIc8m6jNU2voX7c3QehN+v0sy5pfTBXPTWS7Ya+2XjFT7+oQ3fFwR566Rt
+K9Ci06FZi+DXKQK04GqdDXH1At3RscDUh6pwequuN5i5tA1yxJVbngPdSAi4DtD
st7nw1I=
-----END CERTIFICATE-----