Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/107266-ab51-462b-9fc2-a7c9898eecbc/1/WlWWJjt9Bx1oCkJxTpZbHaU11Q8.roa
File:                     WlWWJjt9Bx1oCkJxTpZbHaU11Q8.roa (raw, json)
Hash identifier:          7iCn7aA9/98SqHuf3K5vlRI49Df9JrqkSps0IfUPR0c=
Subject key identifier:   5A:55:96:26:3B:7D:07:1D:68:0A:42:71:4E:96:5B:1D:A5:35:D5:0F
Certificate issuer:       /CN=1f46f57735a4e63dbef848ee0d9d199e215f8304
Certificate serial:       019B7DCA4DD318875F700193F20CE726FB9A
Authority key identifier: 1F:46:F5:77:35:A4:E6:3D:BE:F8:48:EE:0D:9D:19:9E:21:5F:83:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0b1dzWk5j2--EjuDZ0ZniFfgwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/107266-ab51-462b-9fc2-a7c9898eecbc/1/WlWWJjt9Bx1oCkJxTpZbHaU11Q8.roa
Signing time:             Fri 02 Jan 2026 08:19:28 +0000
ROA not before:           Fri 02 Jan 2026 08:19:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215859
IP address blocks:        5.223.0.0/16 maxlen: 24
                          2a01:4ff:200::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/107266-ab51-462b-9fc2-a7c9898eecbc/1/H0b1dzWk5j2--EjuDZ0ZniFfgwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/107266-ab51-462b-9fc2-a7c9898eecbc/1/H0b1dzWk5j2--EjuDZ0ZniFfgwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H0b1dzWk5j2--EjuDZ0ZniFfgwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:4d:d3:18:87:5f:70:01:93:f2:0c:e7:26:fb:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f46f57735a4e63dbef848ee0d9d199e215f8304
        Validity
            Not Before: Jan  2 08:19:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5a5596263b7d071d680a42714e965b1da535d50f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:39:75:d3:3e:fb:74:8a:ac:f7:c6:22:f9:dc:
                    72:e9:4b:5b:dd:bb:85:f2:19:d7:5c:4d:13:17:b5:
                    b3:03:75:03:68:64:16:b8:43:9b:f0:aa:59:92:ec:
                    a8:a8:f5:68:c3:41:a2:d1:19:e5:fd:be:dd:39:94:
                    29:85:46:1e:bd:7b:18:42:a5:b5:55:f6:f1:c8:ed:
                    0d:32:45:62:67:08:13:d4:78:80:b8:04:2a:98:b2:
                    db:fd:bc:49:2b:5f:e3:b6:27:fe:e2:3a:00:f2:17:
                    9d:af:7d:b4:38:e4:ba:57:c8:4e:a4:ec:f6:4b:08:
                    c8:cb:10:6f:4c:22:18:ec:e4:e9:91:02:68:19:71:
                    bc:c8:53:ca:94:c6:7f:6b:2a:2b:65:a4:83:f5:20:
                    ac:94:7c:d3:2f:4a:7d:a2:5a:54:f9:65:9f:a8:ab:
                    b6:d4:c3:6b:24:bf:93:19:f8:6d:a7:49:4d:d0:8f:
                    0e:9d:02:3e:20:9d:da:51:cd:fe:ca:01:00:bb:79:
                    72:26:40:01:d7:59:71:1a:a5:2b:e4:ac:82:2d:bb:
                    1f:12:e8:fc:10:00:73:a1:f0:fd:45:42:b4:80:d6:
                    58:76:b3:ad:9b:07:9e:3a:31:13:d1:c1:50:ab:ae:
                    87:97:ad:ae:52:d8:6c:31:aa:84:39:35:5f:ff:43:
                    19:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:55:96:26:3B:7D:07:1D:68:0A:42:71:4E:96:5B:1D:A5:35:D5:0F
            X509v3 Authority Key Identifier:
                keyid:1F:46:F5:77:35:A4:E6:3D:BE:F8:48:EE:0D:9D:19:9E:21:5F:83:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0b1dzWk5j2--EjuDZ0ZniFfgwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/107266-ab51-462b-9fc2-a7c9898eecbc/1/WlWWJjt9Bx1oCkJxTpZbHaU11Q8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/107266-ab51-462b-9fc2-a7c9898eecbc/1/H0b1dzWk5j2--EjuDZ0ZniFfgwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.223.0.0/16
                IPv6:
                  2a01:4ff:200::/40

    Signature Algorithm: sha256WithRSAEncryption
         c3:1a:f6:9d:b8:7a:bd:2a:c4:71:7a:ba:d1:74:72:8e:98:fb:
         a3:07:33:18:e2:4d:53:b2:13:91:2f:61:42:ba:fd:11:09:39:
         f4:e9:4f:8a:d3:0f:e7:ee:82:68:4b:9b:83:6e:cd:b7:65:da:
         91:5a:21:5e:ca:ca:53:a0:94:3b:5c:ee:92:18:eb:8e:c6:8e:
         01:ba:9d:05:c4:45:a9:53:59:d0:fa:05:6a:0f:db:34:93:d3:
         d5:3f:b7:b6:65:44:42:cb:fa:1e:51:d7:58:15:d0:5b:e2:de:
         bf:be:f7:1f:e8:c9:9a:14:0a:21:34:43:e7:b3:92:79:cd:a8:
         d7:e4:93:1d:f9:80:63:28:86:11:01:1d:e4:f6:ca:a3:8a:d3:
         32:ed:4c:5d:2e:c2:8d:95:11:f1:57:1e:c1:a1:9b:3e:52:43:
         3d:c7:28:4b:97:2f:ac:63:4a:a0:53:fd:fa:9f:1b:6a:d2:db:
         f4:9f:5e:94:43:9f:02:6b:bf:05:59:6b:53:68:59:b6:b8:5d:
         b6:f8:9b:71:c3:d6:63:00:8b:52:9a:bd:a0:28:fa:1e:0a:16:
         89:f6:b5:9d:22:0d:32:ae:8d:13:56:82:37:3b:ae:88:ca:6b:
         93:ac:cc:28:bf:a4:3a:09:df:f0:6c:d8:07:7e:9c:ab:1b:1c:
         2d:0d:29:79
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt9yk3TGIdfcAGT8gznJvuaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDZmNTc3MzVhNGU2M2RiZWY4NDhlZTBkOWQxOTllMjE1
ZjgzMDQwHhcNMjYwMTAyMDgxOTI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTU1OTYyNjNiN2QwNzFkNjgwYTQyNzE0ZTk2NWIxZGE1MzVkNTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1jl10z77dIqs98Yi+dxy6Utb3buF
8hnXXE0TF7WzA3UDaGQWuEOb8KpZkuyoqPVow0Gi0Rnl/b7dOZQphUYevXsYQqW1
VfbxyO0NMkViZwgT1HiAuAQqmLLb/bxJK1/jtif+4joA8hedr320OOS6V8hOpOz2
SwjIyxBvTCIY7OTpkQJoGXG8yFPKlMZ/ayorZaSD9SCslHzTL0p9olpU+WWfqKu2
1MNrJL+TGfhtp0lN0I8OnQI+IJ3aUc3+ygEAu3lyJkAB11lxGqUr5KyCLbsfEuj8
EABzofD9RUK0gNZYdrOtmweeOjET0cFQq66Hl62uUthsMaqEOTVf/0MZSwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFpVliY7fQcdaApCcU6WWx2lNdUPMB8GA1UdIwQY
MBaAFB9G9Xc1pOY9vvhI7g2dGZ4hX4MEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBiMWR6V2s1ajItLUVqdURaMFpuaUZmZ3dRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy8xMDcyNjYtYWI1MS00NjJiLTlmYzIt
YTdjOTg5OGVlY2JjLzEvV2xXV0pqdDlCeDFvQ2tKeFRwWmJIYVUxMVE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy8xMDcyNjYtYWI1MS00NjJiLTlmYzItYTdjOTg5OGVlY2Jj
LzEvSDBiMWR6V2s1ajItLUVqdURaMFpuaUZmZ3dRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTALBAIAATAFAwMABd8wDgQC
AAIwCAMGACoBBP8CMA0GCSqGSIb3DQEBCwUAA4IBAQDDGvaduHq9KsRxerrRdHKO
mPujBzMY4k1TshORL2FCuv0RCTn06U+K0w/n7oJoS5uDbs23ZdqRWiFeyspToJQ7
XO6SGOuOxo4Bup0FxEWpU1nQ+gVqD9s0k9PVP7e2ZURCy/oeUddYFdBb4t6/vvcf
6MmaFAohNEPns5J5zajX5JMd+YBjKIYRAR3k9sqjitMy7UxdLsKNlRHxVx7BoZs+
UkM9xyhLly+sY0qgU/36nxtq0tv0n16UQ58Ca78FWWtTaFm2uF22+Jtxw9ZjAItS
mr2gKPoeChaJ9rWdIg0yro0TVoI3O66IymuTrMwov6Q6Cd/wbNgHfpyrGxwtDSl5
-----END CERTIFICATE-----