Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/wLYTFgarc0-ql_9yDw0jet-6cdU.roa
File:                     wLYTFgarc0-ql_9yDw0jet-6cdU.roa (raw, json)
Hash identifier:          p6vpMWbNqzC01Ai5TEGReU7vIhGcrJ1tvziK4csCWpE=
Subject key identifier:   C0:B6:13:16:06:AB:73:4F:AA:97:FF:72:0F:0D:23:7A:DF:BA:71:D5
Certificate issuer:       /CN=17067977efd14bc89fb0daba03bb0f600fbb0184
Certificate serial:       019C94457A66BE33438A7668168824DA92C5
Authority key identifier: 17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/wLYTFgarc0-ql_9yDw0jet-6cdU.roa
Signing time:             Wed 25 Feb 2026 10:08:27 +0000
ROA not before:           Wed 25 Feb 2026 10:08:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        86.110.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:94:45:7a:66:be:33:43:8a:76:68:16:88:24:da:92:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17067977efd14bc89fb0daba03bb0f600fbb0184
        Validity
            Not Before: Feb 25 10:08:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c0b6131606ab734faa97ff720f0d237adfba71d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:3f:30:2e:a8:83:62:77:4c:e7:d7:13:31:58:
                    a0:8a:47:27:49:4d:31:75:5b:5c:1b:19:91:a3:1c:
                    b0:59:90:f8:04:c9:e5:b2:87:f6:71:d6:d6:f8:b5:
                    59:f6:fb:28:2e:51:b5:5d:10:f8:3c:f4:b1:fa:2a:
                    5b:a1:78:d4:55:ae:41:bb:3d:0d:2c:cc:92:3b:81:
                    09:74:c9:c5:ef:c8:e2:ab:c4:a5:be:64:7a:d1:0e:
                    0e:12:96:ad:46:c4:72:9a:50:59:e8:51:d7:50:9a:
                    e3:33:5e:3b:0f:9e:28:cd:e3:6e:7d:e7:9f:9f:2b:
                    1a:28:eb:04:56:9c:3c:1b:c7:95:10:7c:21:70:7d:
                    a6:67:d2:57:92:87:00:fa:b1:37:b8:b5:d0:5d:6f:
                    41:ec:2c:2f:20:85:bd:02:38:0a:93:b4:5a:b0:ea:
                    f4:96:9f:31:7f:0b:ac:e4:98:09:54:90:96:27:23:
                    d0:de:a9:9a:c2:9d:3e:84:f4:79:65:90:21:a5:33:
                    c6:cf:d6:4a:e4:8c:09:26:42:2e:81:54:de:89:4d:
                    26:79:fd:06:5d:8d:62:cb:a3:6f:08:5b:6d:67:25:
                    bc:1c:ed:ed:1c:f1:16:df:40:6e:35:bc:f8:f3:9c:
                    5c:c2:31:45:99:e0:a2:ed:4f:eb:06:cd:a3:40:f7:
                    51:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:B6:13:16:06:AB:73:4F:AA:97:FF:72:0F:0D:23:7A:DF:BA:71:D5
            X509v3 Authority Key Identifier:
                keyid:17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/wLYTFgarc0-ql_9yDw0jet-6cdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.110.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:c7:9c:2c:a5:de:a7:e3:5f:c5:45:00:84:11:dc:1b:32:68:
         de:d4:5a:76:e7:07:49:1a:e3:29:ee:80:57:4a:42:10:57:03:
         8d:04:59:00:55:5e:f5:c5:8d:89:53:3d:53:d0:a4:0f:95:8d:
         5d:b1:7a:ad:24:ab:30:cd:bc:eb:17:da:f9:46:d0:7d:e9:46:
         f4:6d:3f:c6:76:f3:b8:ff:dc:d7:4c:a1:a1:35:fa:99:29:f2:
         63:b2:81:95:22:d8:58:21:3a:15:04:f7:e3:db:fd:ef:99:e4:
         da:53:24:47:18:a2:49:24:ae:ae:b9:d7:24:b3:34:ed:2f:cf:
         b6:78:e2:4f:e3:bf:d1:f2:3e:73:fc:4b:cc:45:2f:ee:f1:3c:
         51:44:be:28:4a:8c:02:00:5c:6b:e8:2d:9f:f9:ad:18:a9:02:
         65:22:e6:ca:e7:3b:72:59:09:22:ae:34:c6:24:91:87:d3:93:
         50:57:ee:1e:47:5e:a6:ef:4d:e6:39:69:8b:a8:26:38:fa:a7:
         df:06:52:11:64:8c:34:9a:c8:00:6a:7a:20:d6:88:68:6e:b0:
         d3:42:64:40:f4:bc:28:57:a6:ca:58:6c:47:7e:d5:ea:36:00:
         cc:0f:2e:7f:e9:30:93:bc:50:83:71:4c:38:be:8e:58:93:07:
         42:21:d8:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyURXpmvjNDinZoFogk2pLFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MDY3OTc3ZWZkMTRiYzg5ZmIwZGFiYTAzYmIwZjYwMGZi
YjAxODQwHhcNMjYwMjI1MTAwODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGI2MTMxNjA2YWI3MzRmYWE5N2ZmNzIwZjBkMjM3YWRmYmE3MWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwj8wLqiDYndM59cTMVigikcnSU0x
dVtcGxmRoxywWZD4BMnlsof2cdbW+LVZ9vsoLlG1XRD4PPSx+ipboXjUVa5Buz0N
LMySO4EJdMnF78jiq8SlvmR60Q4OEpatRsRymlBZ6FHXUJrjM147D54ozeNufeef
nysaKOsEVpw8G8eVEHwhcH2mZ9JXkocA+rE3uLXQXW9B7CwvIIW9AjgKk7RasOr0
lp8xfwus5JgJVJCWJyPQ3qmawp0+hPR5ZZAhpTPGz9ZK5IwJJkIugVTeiU0mef0G
XY1iy6NvCFttZyW8HO3tHPEW30BuNbz485xcwjFFmeCi7U/rBs2jQPdR+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMC2ExYGq3NPqpf/cg8NI3rfunHVMB8GA1UdIwQY
MBaAFBcGeXfv0UvIn7DaugO7D2APuwGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUt
ZDFhNzc3MmRiMDc2LzEvd0xZVEZnYXJjMC1xbF85eUR3MGpldC02Y2RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUtZDFhNzc3MmRiMDc2
LzEvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVm40MA0G
CSqGSIb3DQEBCwUAA4IBAQAPx5wspd6n41/FRQCEEdwbMmje1Fp25wdJGuMp7oBX
SkIQVwONBFkAVV71xY2JUz1T0KQPlY1dsXqtJKswzbzrF9r5RtB96Ub0bT/GdvO4
/9zXTKGhNfqZKfJjsoGVIthYIToVBPfj2/3vmeTaUyRHGKJJJK6uudckszTtL8+2
eOJP47/R8j5z/EvMRS/u8TxRRL4oSowCAFxr6C2f+a0YqQJlIubK5ztyWQkirjTG
JJGH05NQV+4eR16m703mOWmLqCY4+qffBlIRZIw0msgAanog1ohobrDTQmRA9Lwo
V6bKWGxHftXqNgDMDy5/6TCTvFCDcUw4vo5YkwdCIdjm
-----END CERTIFICATE-----