Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/c666bf-c8d6-48ad-8076-c3fd9ae81012/1/W0Nemhp4tNTnXPX1F7AWpLPz30I.roa
File:                     W0Nemhp4tNTnXPX1F7AWpLPz30I.roa (raw, json)
Hash identifier:          q0w1RLWAwP0/SOoIQT2u4GQdyaJkPP+XShI2e/oMlPc=
Subject key identifier:   5B:43:5E:9A:1A:78:B4:D4:E7:5C:F5:F5:17:B0:16:A4:B3:F3:DF:42
Certificate issuer:       /CN=78b1dbe2faf2a6e7dfa574ce55190963015f1c53
Certificate serial:       019B77C7325F831ABB4CC526CDBD0B4F1068
Authority key identifier: 78:B1:DB:E2:FA:F2:A6:E7:DF:A5:74:CE:55:19:09:63:01:5F:1C:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eLHb4vrypuffpXTOVRkJYwFfHFM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/c666bf-c8d6-48ad-8076-c3fd9ae81012/1/W0Nemhp4tNTnXPX1F7AWpLPz30I.roa
Signing time:             Thu 01 Jan 2026 04:18:21 +0000
ROA not before:           Thu 01 Jan 2026 04:18:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197972
IP address blocks:        82.144.95.0/24 maxlen: 29
                          82.144.95.16/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/c666bf-c8d6-48ad-8076-c3fd9ae81012/1/eLHb4vrypuffpXTOVRkJYwFfHFM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/c666bf-c8d6-48ad-8076-c3fd9ae81012/1/eLHb4vrypuffpXTOVRkJYwFfHFM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eLHb4vrypuffpXTOVRkJYwFfHFM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:32:5f:83:1a:bb:4c:c5:26:cd:bd:0b:4f:10:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78b1dbe2faf2a6e7dfa574ce55190963015f1c53
        Validity
            Not Before: Jan  1 04:18:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5b435e9a1a78b4d4e75cf5f517b016a4b3f3df42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:91:70:66:31:1a:f7:b3:22:03:9d:62:cc:19:
                    d0:4a:88:36:64:a2:d7:38:20:73:07:1f:08:bd:36:
                    f0:40:3c:24:55:5e:f0:75:1e:f0:ec:4a:ba:b7:7b:
                    ac:2b:5b:e5:d4:76:1c:8d:9e:44:be:50:81:30:da:
                    b7:c8:f9:0a:63:df:7b:1b:23:72:a3:bd:b1:a9:97:
                    d5:96:6c:b5:eb:31:f5:7d:df:2c:ce:66:6a:e0:9c:
                    0e:f8:7c:b9:8d:f8:dd:18:59:05:17:36:49:54:9a:
                    c4:fd:b6:e6:72:a6:93:a0:ae:41:d6:d5:02:cb:dc:
                    14:ff:98:0d:1e:a0:53:06:99:89:34:cf:25:9e:4b:
                    92:96:ca:c2:00:9d:57:f1:52:dc:5f:a3:67:72:6d:
                    c8:8c:ac:fe:af:ac:ff:b1:95:8a:b9:60:83:55:18:
                    8d:6a:1b:3e:43:46:fb:74:82:29:5f:6c:ba:08:15:
                    0d:b3:f0:5c:c5:18:ab:2b:2b:7e:d9:3c:3d:c9:6a:
                    c8:d2:a8:36:3c:24:1d:f1:ac:a6:0d:1f:ca:95:c4:
                    af:3e:10:34:a0:26:c3:8a:a1:0f:18:0b:3e:f7:c4:
                    7d:9d:bf:4e:b6:20:0f:47:c2:3a:85:fd:24:4c:1e:
                    9c:aa:07:0f:bb:70:68:c1:3a:53:f6:9e:7e:91:b0:
                    5d:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:43:5E:9A:1A:78:B4:D4:E7:5C:F5:F5:17:B0:16:A4:B3:F3:DF:42
            X509v3 Authority Key Identifier:
                keyid:78:B1:DB:E2:FA:F2:A6:E7:DF:A5:74:CE:55:19:09:63:01:5F:1C:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eLHb4vrypuffpXTOVRkJYwFfHFM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/c666bf-c8d6-48ad-8076-c3fd9ae81012/1/W0Nemhp4tNTnXPX1F7AWpLPz30I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/c666bf-c8d6-48ad-8076-c3fd9ae81012/1/eLHb4vrypuffpXTOVRkJYwFfHFM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.144.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:81:77:bd:01:82:cb:9b:ad:be:9b:d4:84:e5:e0:ea:97:3d:
         1e:d6:77:1f:99:21:b8:ea:14:4a:46:39:46:2c:e7:b7:4e:09:
         3e:97:cc:86:60:c4:6b:bd:62:e0:c7:3b:eb:5b:f6:e3:b2:f7:
         fb:19:4b:40:12:3f:71:0b:01:fc:9e:98:cd:e6:8d:75:d1:2f:
         74:cc:9e:ab:8d:0b:30:35:63:a4:6e:cf:a3:8e:b1:13:da:2a:
         0e:bb:c9:9b:3f:83:23:96:b1:ae:c9:c8:9e:f9:22:a6:7b:04:
         db:a4:65:20:71:a8:21:9c:9a:f1:d6:79:89:5b:a0:a0:4b:9c:
         52:67:f8:ce:3b:a1:e5:28:f2:e1:b9:19:a8:93:aa:ff:52:f5:
         0b:06:df:a0:0b:51:e1:c2:79:d0:ba:b5:f3:b4:f5:76:17:93:
         fb:b9:d4:4a:57:7c:44:05:e2:cb:fe:c8:a1:c6:aa:99:b4:e6:
         dd:30:c4:78:b5:74:af:5b:2b:d1:9d:f6:15:17:d0:71:f7:a7:
         bb:4f:79:f3:2f:29:8d:cf:4e:b1:4e:94:35:d7:d6:4d:f0:2d:
         6b:e6:74:74:f7:19:36:6e:ff:9f:f2:5c:b6:7d:a3:28:8b:68:
         73:ae:e0:2e:93:64:fa:26:9d:6b:c6:c8:82:fd:41:c5:29:50:
         2e:72:61:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xzJfgxq7TMUmzb0LTxBoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4YjFkYmUyZmFmMmE2ZTdkZmE1NzRjZTU1MTkwOTYzMDE1
ZjFjNTMwHhcNMjYwMTAxMDQxODIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjQzNWU5YTFhNzhiNGQ0ZTc1Y2Y1ZjUxN2IwMTZhNGIzZjNkZjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp5FwZjEa97MiA51izBnQSog2ZKLX
OCBzBx8IvTbwQDwkVV7wdR7w7Eq6t3usK1vl1HYcjZ5EvlCBMNq3yPkKY997GyNy
o72xqZfVlmy16zH1fd8szmZq4JwO+Hy5jfjdGFkFFzZJVJrE/bbmcqaToK5B1tUC
y9wU/5gNHqBTBpmJNM8lnkuSlsrCAJ1X8VLcX6Nncm3IjKz+r6z/sZWKuWCDVRiN
ahs+Q0b7dIIpX2y6CBUNs/BcxRirKyt+2Tw9yWrI0qg2PCQd8aymDR/KlcSvPhA0
oCbDiqEPGAs+98R9nb9OtiAPR8I6hf0kTB6cqgcPu3BowTpT9p5+kbBdLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFtDXpoaeLTU51z19RewFqSz899CMB8GA1UdIwQY
MBaAFHix2+L68qbn36V0zlUZCWMBXxxTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUxIYjR2cnlwdWZmcFhUT1ZSa0pZd0ZmSEZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9jNjY2YmYtYzhkNi00OGFkLTgwNzYt
YzNmZDlhZTgxMDEyLzEvVzBOZW1ocDR0TlRuWFBYMUY3QVdwTFB6MzBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9jNjY2YmYtYzhkNi00OGFkLTgwNzYtYzNmZDlhZTgxMDEy
LzEvZUxIYjR2cnlwdWZmcFhUT1ZSa0pZd0ZmSEZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpBfMA0G
CSqGSIb3DQEBCwUAA4IBAQA1gXe9AYLLm62+m9SE5eDqlz0e1ncfmSG46hRKRjlG
LOe3Tgk+l8yGYMRrvWLgxzvrW/bjsvf7GUtAEj9xCwH8npjN5o110S90zJ6rjQsw
NWOkbs+jjrET2ioOu8mbP4MjlrGuycie+SKmewTbpGUgcaghnJrx1nmJW6CgS5xS
Z/jOO6HlKPLhuRmok6r/UvULBt+gC1HhwnnQurXztPV2F5P7udRKV3xEBeLL/sih
xqqZtObdMMR4tXSvWyvRnfYVF9Bx96e7T3nzLymNz06xTpQ119ZN8C1r5nR09xk2
bv+f8ly2faMoi2hzruAuk2T6Jp1rxsiC/UHFKVAucmEv
-----END CERTIFICATE-----