Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/_WVNvfXM_WmbIQ3ay4Lcmk4pizY.roa
File:                     _WVNvfXM_WmbIQ3ay4Lcmk4pizY.roa (raw, json)
Hash identifier:          MtzyyOIkCIQB72iHqyTrVDkrHZWIjw23QbOh9+6OxNs=
Subject key identifier:   FD:65:4D:BD:F5:CC:FD:69:9B:21:0D:DA:CB:82:DC:9A:4E:29:8B:36
Certificate issuer:       /CN=c089423af1be03027196d1f81df22992978cda6e
Certificate serial:       019D31B3C388C810D6AEA3C3601CA54569EF
Authority key identifier: C0:89:42:3A:F1:BE:03:02:71:96:D1:F8:1D:F2:29:92:97:8C:DA:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wIlCOvG-AwJxltH4HfIpkpeM2m4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/_WVNvfXM_WmbIQ3ay4Lcmk4pizY.roa
Signing time:             Fri 27 Mar 2026 23:49:17 +0000
ROA not before:           Fri 27 Mar 2026 23:49:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     134823
IP address blocks:        93.90.72.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/wIlCOvG-AwJxltH4HfIpkpeM2m4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/wIlCOvG-AwJxltH4HfIpkpeM2m4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wIlCOvG-AwJxltH4HfIpkpeM2m4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 02:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:31:b3:c3:88:c8:10:d6:ae:a3:c3:60:1c:a5:45:69:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c089423af1be03027196d1f81df22992978cda6e
        Validity
            Not Before: Mar 27 23:49:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fd654dbdf5ccfd699b210ddacb82dc9a4e298b36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:60:86:9c:8c:22:dc:d4:1e:1e:b2:9a:f4:93:
                    2b:aa:1d:a8:3c:f9:da:18:72:11:cb:8c:31:5a:2f:
                    55:9b:d6:34:7b:21:46:ba:9e:a3:59:2d:b6:cf:48:
                    91:09:27:d4:61:f9:27:a9:bf:42:2d:98:21:e5:37:
                    f6:3a:fa:7e:00:bf:2d:3c:84:61:5d:dc:0c:28:94:
                    cf:c0:fe:d3:51:fa:1c:6a:c0:ca:84:8f:49:39:86:
                    1b:1d:60:9f:f0:d8:b1:1b:a6:f8:da:d2:d3:9b:31:
                    1c:19:84:65:20:36:74:8a:b2:02:62:83:4b:4e:4a:
                    e2:16:9d:18:0b:f0:dd:c3:e8:9c:95:e9:9f:a3:37:
                    a9:bb:5b:ac:b9:10:f0:19:3c:cc:49:92:c3:86:80:
                    8e:bc:30:e3:20:7d:18:53:a9:53:97:4e:57:75:74:
                    96:09:c2:54:1d:a2:3e:ea:08:9e:54:e7:e8:b2:a0:
                    84:f3:71:ed:26:e7:b7:3e:f1:a1:2d:39:8e:b5:51:
                    01:f3:1e:f0:36:13:37:4b:bd:86:9a:b5:0e:39:11:
                    cc:14:0f:5e:35:c3:af:f7:b3:b2:dd:21:de:9e:09:
                    96:24:40:6a:2f:b2:28:34:51:cf:d5:cf:77:54:54:
                    70:c8:dc:24:04:df:ef:68:10:8e:54:3a:f1:ae:52:
                    df:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:65:4D:BD:F5:CC:FD:69:9B:21:0D:DA:CB:82:DC:9A:4E:29:8B:36
            X509v3 Authority Key Identifier:
                keyid:C0:89:42:3A:F1:BE:03:02:71:96:D1:F8:1D:F2:29:92:97:8C:DA:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wIlCOvG-AwJxltH4HfIpkpeM2m4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/_WVNvfXM_WmbIQ3ay4Lcmk4pizY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/wIlCOvG-AwJxltH4HfIpkpeM2m4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.90.72.0/23

    Signature Algorithm: sha256WithRSAEncryption
         18:81:e5:ee:21:35:7f:c5:10:8b:4c:85:97:8c:6c:dc:7b:42:
         c3:54:a6:8e:71:6b:38:d6:9f:61:0a:7c:f3:48:e4:a8:4e:54:
         ba:f4:70:f8:cf:23:28:65:80:45:0a:b0:47:7c:cb:54:a9:66:
         2a:6b:8a:f1:be:b8:e7:db:87:8e:c8:2c:6b:55:3a:0c:3a:4c:
         99:1a:99:cd:b8:5d:08:af:1f:8f:53:39:08:56:c6:8d:43:aa:
         3c:c1:c3:b0:d8:f3:f2:0e:8f:ed:29:58:5f:50:fe:ab:5b:6b:
         99:2a:73:54:6c:5a:8e:22:66:ea:ef:2b:46:f8:65:95:28:b7:
         97:5f:ec:44:3c:71:ed:ef:de:3f:da:05:21:80:c6:e0:71:44:
         b2:ee:b1:8d:a8:cd:38:38:54:04:b1:4a:db:4d:3b:33:7c:2f:
         12:28:38:f2:d4:92:2b:3d:0b:c2:88:04:23:cd:52:ed:df:99:
         53:67:c4:2c:ab:10:9b:74:a3:9e:8f:1b:b9:33:13:6a:44:16:
         34:39:37:ee:41:34:c0:ec:a3:a1:fa:25:eb:ac:bb:8d:3c:2b:
         cb:3f:07:94:37:ed:2a:73:8e:11:75:cd:76:de:31:93:da:bb:
         43:59:69:5a:3f:a2:ed:3d:90:1a:ca:cc:d8:82:5d:5c:c2:87:
         0f:d4:0d:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0xs8OIyBDWrqPDYBylRWnvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwODk0MjNhZjFiZTAzMDI3MTk2ZDFmODFkZjIyOTkyOTc4
Y2RhNmUwHhcNMjYwMzI3MjM0OTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDY1NGRiZGY1Y2NmZDY5OWIyMTBkZGFjYjgyZGM5YTRlMjk4YjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWCGnIwi3NQeHrKa9JMrqh2oPPna
GHIRy4wxWi9Vm9Y0eyFGup6jWS22z0iRCSfUYfknqb9CLZgh5Tf2Ovp+AL8tPIRh
XdwMKJTPwP7TUfocasDKhI9JOYYbHWCf8NixG6b42tLTmzEcGYRlIDZ0irICYoNL
TkriFp0YC/Ddw+iclemfozepu1usuRDwGTzMSZLDhoCOvDDjIH0YU6lTl05XdXSW
CcJUHaI+6gieVOfosqCE83HtJue3PvGhLTmOtVEB8x7wNhM3S72GmrUOORHMFA9e
NcOv97Oy3SHengmWJEBqL7IoNFHP1c93VFRwyNwkBN/vaBCOVDrxrlLfvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP1lTb31zP1pmyEN2suC3JpOKYs2MB8GA1UdIwQY
MBaAFMCJQjrxvgMCcZbR+B3yKZKXjNpuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0lsQ092Ry1Bd0p4bHRINEhmSXBrcGVNMm00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9kYzI5MTItYzdiMC00ZGY0LTlhYTgt
NjUzMzJiNDdmNWViLzEvX1dWTnZmWE1fV21iSVEzYXk0TGNtazRwaXpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9kYzI5MTItYzdiMC00ZGY0LTlhYTgtNjUzMzJiNDdmNWVi
LzEvd0lsQ092Ry1Bd0p4bHRINEhmSXBrcGVNMm00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXVpIMA0G
CSqGSIb3DQEBCwUAA4IBAQAYgeXuITV/xRCLTIWXjGzce0LDVKaOcWs41p9hCnzz
SOSoTlS69HD4zyMoZYBFCrBHfMtUqWYqa4rxvrjn24eOyCxrVToMOkyZGpnNuF0I
rx+PUzkIVsaNQ6o8wcOw2PPyDo/tKVhfUP6rW2uZKnNUbFqOImbq7ytG+GWVKLeX
X+xEPHHt794/2gUhgMbgcUSy7rGNqM04OFQEsUrbTTszfC8SKDjy1JIrPQvCiAQj
zVLt35lTZ8QsqxCbdKOejxu5MxNqRBY0OTfuQTTA7KOh+iXrrLuNPCvLPweUN+0q
c44Rdc123jGT2rtDWWlaP6LtPZAayszYgl1cwocP1A3o
-----END CERTIFICATE-----