Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/1ca47c-b087-46ef-a051-ab0bc52a1883/1/WkT4KgurkGkiK6buDbp8jQwN9_M.roa
File:                     WkT4KgurkGkiK6buDbp8jQwN9_M.roa (raw, json)
Hash identifier:          LR/+wKI0XgbxooBg1c5uhj6z6Vhw1IQPk19X/TJb42Y=
Subject key identifier:   5A:44:F8:2A:0B:AB:90:69:22:2B:A6:EE:0D:BA:7C:8D:0C:0D:F7:F3
Certificate issuer:       /CN=8f38f859e5e67662ae09990f384fa86c932710ab
Certificate serial:       019B7F15AF9CD6BAAF7347FDA8427030F724
Authority key identifier: 8F:38:F8:59:E5:E6:76:62:AE:09:99:0F:38:4F:A8:6C:93:27:10:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jzj4WeXmdmKuCZkPOE-obJMnEKs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/1ca47c-b087-46ef-a051-ab0bc52a1883/1/WkT4KgurkGkiK6buDbp8jQwN9_M.roa
Signing time:             Fri 02 Jan 2026 14:21:26 +0000
ROA not before:           Fri 02 Jan 2026 14:21:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204907
IP address blocks:        185.33.156.0/24 maxlen: 24
                          185.33.158.0/24 maxlen: 24
                          194.246.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/1ca47c-b087-46ef-a051-ab0bc52a1883/1/jzj4WeXmdmKuCZkPOE-obJMnEKs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/1ca47c-b087-46ef-a051-ab0bc52a1883/1/jzj4WeXmdmKuCZkPOE-obJMnEKs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jzj4WeXmdmKuCZkPOE-obJMnEKs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 02:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:af:9c:d6:ba:af:73:47:fd:a8:42:70:30:f7:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f38f859e5e67662ae09990f384fa86c932710ab
        Validity
            Not Before: Jan  2 14:21:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5a44f82a0bab9069222ba6ee0dba7c8d0c0df7f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:82:37:f8:4f:87:0b:5c:a5:a3:f5:6a:3d:33:
                    fe:af:bf:25:ae:57:50:24:6a:56:28:f9:05:c9:50:
                    49:91:1e:d9:c1:0c:4b:94:18:28:69:b9:66:f8:ec:
                    21:5f:75:f0:0e:30:e5:41:63:6c:15:1c:a8:7e:91:
                    d6:47:97:17:8b:4c:11:1b:44:28:90:d9:22:7f:10:
                    5c:31:bc:13:b8:2b:09:67:9b:f2:f5:1f:07:25:3a:
                    82:4b:36:da:e0:e4:fe:2b:84:43:0a:ad:79:e6:b5:
                    f2:66:cf:55:ed:cf:4e:db:12:42:73:1f:70:2f:92:
                    b6:07:59:5b:af:1e:7f:93:20:67:a0:17:61:5b:44:
                    30:b2:c6:2b:51:c2:20:6e:e2:d5:e4:72:79:63:19:
                    dc:ac:77:56:64:ad:26:01:e1:5c:b5:e8:3f:18:af:
                    8f:bf:a7:99:2d:ce:15:f1:ca:35:1e:20:c9:9f:e2:
                    9f:01:79:da:25:f4:16:6b:e1:b9:e9:6f:e2:47:b2:
                    a7:74:20:75:19:44:91:8a:97:81:0a:d6:49:06:a8:
                    ea:f3:f6:84:05:7c:4f:c8:bb:1d:6a:9f:53:07:2e:
                    9b:60:73:fa:2f:0c:84:43:27:1a:54:d1:f2:f9:6b:
                    83:eb:a5:45:72:df:9c:90:92:8c:9f:48:be:4e:2e:
                    78:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:44:F8:2A:0B:AB:90:69:22:2B:A6:EE:0D:BA:7C:8D:0C:0D:F7:F3
            X509v3 Authority Key Identifier:
                keyid:8F:38:F8:59:E5:E6:76:62:AE:09:99:0F:38:4F:A8:6C:93:27:10:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jzj4WeXmdmKuCZkPOE-obJMnEKs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/1ca47c-b087-46ef-a051-ab0bc52a1883/1/WkT4KgurkGkiK6buDbp8jQwN9_M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/1ca47c-b087-46ef-a051-ab0bc52a1883/1/jzj4WeXmdmKuCZkPOE-obJMnEKs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.33.156.0/24
                  185.33.158.0/24
                  194.246.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:7a:a5:af:de:05:6d:28:d0:40:51:d4:c2:b2:f0:b5:21:4d:
         c9:2f:33:c9:20:3b:86:c4:a4:29:05:2b:01:89:c6:92:d9:2e:
         26:24:4d:2d:bd:a0:03:10:6b:7e:e5:6d:94:df:aa:9f:e5:3a:
         fe:6f:5d:66:1e:08:f1:84:bb:dc:e1:9d:02:2d:5f:5c:d4:f5:
         8d:da:ca:3f:1e:c0:32:2b:7f:a4:f4:27:52:07:cf:66:30:5b:
         5e:1a:d4:74:11:ed:3b:e2:82:3f:5c:8c:ca:a5:ee:5b:05:30:
         20:52:c7:b2:11:6b:21:54:82:47:1c:8f:a8:0c:8d:0e:fb:77:
         a2:36:c9:0e:2c:ab:f6:d0:08:80:73:f4:db:bb:d0:31:ad:cc:
         6c:00:91:9b:3c:d1:71:9f:51:19:41:96:45:46:d5:e8:f8:28:
         68:12:06:89:b2:dd:f5:d8:8d:1d:46:97:36:91:77:14:be:4e:
         58:c9:50:83:27:7a:cd:11:0b:1b:26:1c:a7:e7:0d:e7:44:e2:
         f5:50:6e:31:ad:a0:89:6c:8d:0f:f2:e3:cd:77:75:de:f8:a8:
         1f:81:a7:d4:b1:07:4c:7e:1e:47:9e:96:20:30:47:4d:fa:7f:
         09:10:2b:4d:9e:fb:ce:9d:c9:28:71:16:0d:f0:06:f1:da:e6:
         dd:66:16:4b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZt/Fa+c1rqvc0f9qEJwMPckMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMzhmODU5ZTVlNjc2NjJhZTA5OTkwZjM4NGZhODZjOTMy
NzEwYWIwHhcNMjYwMTAyMTQyMTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTQ0ZjgyYTBiYWI5MDY5MjIyYmE2ZWUwZGJhN2M4ZDBjMGRmN2YzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmII3+E+HC1ylo/VqPTP+r78lrldQ
JGpWKPkFyVBJkR7ZwQxLlBgoablm+OwhX3XwDjDlQWNsFRyofpHWR5cXi0wRG0Qo
kNkifxBcMbwTuCsJZ5vy9R8HJTqCSzba4OT+K4RDCq155rXyZs9V7c9O2xJCcx9w
L5K2B1lbrx5/kyBnoBdhW0QwssYrUcIgbuLV5HJ5YxncrHdWZK0mAeFcteg/GK+P
v6eZLc4V8co1HiDJn+KfAXnaJfQWa+G56W/iR7KndCB1GUSRipeBCtZJBqjq8/aE
BXxPyLsdap9TBy6bYHP6LwyEQycaVNHy+WuD66VFct+ckJKMn0i+Ti54cQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFpE+CoLq5BpIium7g26fI0MDffzMB8GA1UdIwQY
MBaAFI84+Fnl5nZirgmZDzhPqGyTJxCrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanpqNFdlWG1kbUt1Q1prUE9FLW9iSk1uRUtzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8xY2E0N2MtYjA4Ny00NmVmLWEwNTEt
YWIwYmM1MmExODgzLzEvV2tUNEtndXJrR2tpSzZidURicDhqUXdOOV9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8xY2E0N2MtYjA4Ny00NmVmLWEwNTEtYWIwYmM1MmExODgz
LzEvanpqNFdlWG1kbUt1Q1prUE9FLW9iSk1uRUtzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAuSGcAwQA
uSGeAwQAwvYhMA0GCSqGSIb3DQEBCwUAA4IBAQCCeqWv3gVtKNBAUdTCsvC1IU3J
LzPJIDuGxKQpBSsBicaS2S4mJE0tvaADEGt+5W2U36qf5Tr+b11mHgjxhLvc4Z0C
LV9c1PWN2so/HsAyK3+k9CdSB89mMFteGtR0Ee074oI/XIzKpe5bBTAgUseyEWsh
VIJHHI+oDI0O+3eiNskOLKv20AiAc/Tbu9AxrcxsAJGbPNFxn1EZQZZFRtXo+Cho
EgaJst312I0dRpc2kXcUvk5YyVCDJ3rNEQsbJhyn5w3nROL1UG4xraCJbI0P8uPN
d3Xe+KgfgafUsQdMfh5HnpYgMEdN+n8JECtNnvvOnckocRYN8Abx2ubdZhZL
-----END CERTIFICATE-----