Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/2a727b-a745-4339-925a-4d00d6032afe/1/1WFKhbvTJWB93p6BRF4MIhxyrE0.roa
File:                     1WFKhbvTJWB93p6BRF4MIhxyrE0.roa (raw, json)
Hash identifier:          vbxgmYXayRhnSkSppEwHN/q5tKy6yDwafh4xyBQ3/1M=
Subject key identifier:   D5:61:4A:85:BB:D3:25:60:7D:DE:9E:81:44:5E:0C:22:1C:72:AC:4D
Certificate issuer:       /CN=b244d27188fe526bd72636738195d1eb7f606335
Certificate serial:       019B79ED3310C25402F426C05868233AFB57
Authority key identifier: B2:44:D2:71:88:FE:52:6B:D7:26:36:73:81:95:D1:EB:7F:60:63:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/skTScYj-UmvXJjZzgZXR639gYzU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/2a727b-a745-4339-925a-4d00d6032afe/1/1WFKhbvTJWB93p6BRF4MIhxyrE0.roa
Signing time:             Thu 01 Jan 2026 14:19:06 +0000
ROA not before:           Thu 01 Jan 2026 14:19:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25522
IP address blocks:        194.153.120.0/22 maxlen: 22
                          194.153.124.0/22 maxlen: 22
                          2001:67c:704::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/2a727b-a745-4339-925a-4d00d6032afe/1/skTScYj-UmvXJjZzgZXR639gYzU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/2a727b-a745-4339-925a-4d00d6032afe/1/skTScYj-UmvXJjZzgZXR639gYzU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/skTScYj-UmvXJjZzgZXR639gYzU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 14:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:33:10:c2:54:02:f4:26:c0:58:68:23:3a:fb:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b244d27188fe526bd72636738195d1eb7f606335
        Validity
            Not Before: Jan  1 14:19:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d5614a85bbd325607dde9e81445e0c221c72ac4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:b5:3b:1d:d1:95:09:93:83:f9:15:12:48:94:
                    d0:3d:e4:4b:f2:a6:65:c3:48:46:04:20:70:89:9b:
                    65:cb:cd:53:17:67:45:6d:b5:13:4a:56:70:79:81:
                    e6:29:64:1b:e3:4a:da:8b:5d:67:8a:7b:e8:83:a9:
                    3e:27:d7:5e:42:3d:2d:d4:2a:65:3c:ee:26:fc:72:
                    a0:e4:56:d4:e1:09:85:ab:2e:8f:9a:da:1d:3f:6a:
                    6b:c8:e5:45:e8:24:be:c8:a4:6a:8f:2b:6f:c8:6d:
                    e1:76:b2:42:1e:a2:b1:e3:94:ab:4a:66:d4:cb:fc:
                    97:b6:a6:74:14:2b:e0:48:63:20:84:2c:81:96:25:
                    51:6d:7a:dc:27:4f:03:ec:b1:95:26:15:79:cb:e0:
                    90:cf:79:e2:21:6a:cf:3a:d9:6e:bd:2f:28:87:c9:
                    f0:12:a4:43:00:38:9e:44:f5:a2:28:c9:2d:0e:73:
                    21:ad:b1:81:5b:51:65:7f:d5:36:f4:a5:eb:5f:15:
                    d0:fc:d7:14:28:20:ec:a8:1d:f9:bd:e3:7c:e5:cb:
                    2b:0d:8e:4b:f5:3d:96:83:2a:7a:64:56:e5:e0:66:
                    62:96:52:33:48:b5:21:17:3a:69:f8:91:3a:44:bb:
                    80:1a:ae:82:c4:fa:33:08:d5:43:27:59:69:59:b4:
                    8e:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:61:4A:85:BB:D3:25:60:7D:DE:9E:81:44:5E:0C:22:1C:72:AC:4D
            X509v3 Authority Key Identifier:
                keyid:B2:44:D2:71:88:FE:52:6B:D7:26:36:73:81:95:D1:EB:7F:60:63:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/skTScYj-UmvXJjZzgZXR639gYzU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/2a727b-a745-4339-925a-4d00d6032afe/1/1WFKhbvTJWB93p6BRF4MIhxyrE0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/2a727b-a745-4339-925a-4d00d6032afe/1/skTScYj-UmvXJjZzgZXR639gYzU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.153.120.0/21
                IPv6:
                  2001:67c:704::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:83:2a:71:a1:c6:b8:9c:59:ea:ea:c1:a1:a9:31:cb:29:66:
         aa:aa:73:25:34:56:cf:2e:34:17:ee:6b:4d:bd:fa:e1:ee:fd:
         f1:8e:e6:a4:2a:08:18:d9:67:b9:90:e4:0f:2e:08:7f:ab:c0:
         2b:3d:e1:b4:5c:62:d3:5c:15:c9:20:98:07:75:53:6b:64:6a:
         4b:3a:5a:e8:78:91:83:99:28:de:45:f4:2a:4a:d0:ad:0c:3c:
         6d:13:a1:40:de:65:59:b7:f3:e6:e2:31:98:dd:7a:29:c6:66:
         cb:38:4c:ee:23:2a:b1:1c:0c:69:35:8f:f7:64:a5:73:78:26:
         a5:d2:e0:bc:6c:4b:5e:1d:90:74:8a:15:92:77:27:28:ae:b4:
         16:83:bb:fb:97:75:2f:8e:d6:b5:ef:a2:7a:37:4a:ad:a2:99:
         db:2d:f0:3f:03:dc:af:b5:f0:a7:61:3f:69:19:11:2a:ee:9d:
         ac:f1:34:83:6d:d7:54:d7:e2:d7:6c:9b:e9:67:fb:78:b4:aa:
         03:91:fc:89:21:7c:46:4a:ff:85:c5:d5:a3:e9:d8:e6:e6:9a:
         d6:f1:bf:62:be:ae:14:71:e9:1e:99:76:47:f1:04:e0:69:38:
         20:6a:13:19:1c:30:f4:5f:c3:02:6c:52:36:e9:ce:fa:93:98:
         32:f9:a8:f8
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZt57TMQwlQC9CbAWGgjOvtXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyNDRkMjcxODhmZTUyNmJkNzI2MzY3MzgxOTVkMWViN2Y2
MDYzMzUwHhcNMjYwMTAxMTQxOTA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTYxNGE4NWJiZDMyNTYwN2RkZTllODE0NDVlMGMyMjFjNzJhYzRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7U7HdGVCZOD+RUSSJTQPeRL8qZl
w0hGBCBwiZtly81TF2dFbbUTSlZweYHmKWQb40rai11ninvog6k+J9deQj0t1Cpl
PO4m/HKg5FbU4QmFqy6PmtodP2pryOVF6CS+yKRqjytvyG3hdrJCHqKx45SrSmbU
y/yXtqZ0FCvgSGMghCyBliVRbXrcJ08D7LGVJhV5y+CQz3niIWrPOtluvS8oh8nw
EqRDADieRPWiKMktDnMhrbGBW1Flf9U29KXrXxXQ/NcUKCDsqB35veN85csrDY5L
9T2Wgyp6ZFbl4GZillIzSLUhFzpp+JE6RLuAGq6CxPozCNVDJ1lpWbSOSwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNVhSoW70yVgfd6egUReDCIccqxNMB8GA1UdIwQY
MBaAFLJE0nGI/lJr1yY2c4GV0et/YGM1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2tUU2NZai1VbXZYSmpaemdaWFI2MzlnWXpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy8yYTcyN2ItYTc0NS00MzM5LTkyNWEt
NGQwMGQ2MDMyYWZlLzEvMVdGS2hidlRKV0I5M3A2QlJGNE1JaHh5ckUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy8yYTcyN2ItYTc0NS00MzM5LTkyNWEtNGQwMGQ2MDMyYWZl
LzEvc2tUU2NZai1VbXZYSmpaemdaWFI2MzlnWXpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwpl4MA8E
AgACMAkDBwAgAQZ8BwQwDQYJKoZIhvcNAQELBQADggEBAHCDKnGhxricWerqwaGp
McspZqqqcyU0Vs8uNBfua029+uHu/fGO5qQqCBjZZ7mQ5A8uCH+rwCs94bRcYtNc
FckgmAd1U2tkaks6Wuh4kYOZKN5F9CpK0K0MPG0ToUDeZVm38+biMZjdeinGZss4
TO4jKrEcDGk1j/dkpXN4JqXS4LxsS14dkHSKFZJ3JyiutBaDu/uXdS+O1rXvono3
Sq2imdst8D8D3K+18KdhP2kZESrunazxNINt11TX4tdsm+ln+3i0qgOR/IkhfEZK
/4XF1aPp2Obmmtbxv2K+rhRx6R6ZdkfxBOBpOCBqExkcMPRfwwJsUjbpzvqTmDL5
qPg=
-----END CERTIFICATE-----