Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/20e162-2cbc-4be3-a50c-a286d02532d3/1/0wgf23tvdSjDuy36oum4E_5sBcQ.roa
File:                     0wgf23tvdSjDuy36oum4E_5sBcQ.roa (raw, json)
Hash identifier:          DMJE3y5rVfgLLy+PLJs0X0RhRoSjVQhQBLKFeetfmGY=
Subject key identifier:   D3:08:1F:DB:7B:6F:75:28:C3:BB:2D:FA:A2:E9:B8:13:FE:6C:05:C4
Certificate issuer:       /CN=896aa1f0ed4596e733f8b62d39e37b8de5085ed7
Certificate serial:       019B78A2EB6941E8C1BD47254FBB5D4D4D7A
Authority key identifier: 89:6A:A1:F0:ED:45:96:E7:33:F8:B6:2D:39:E3:7B:8D:E5:08:5E:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iWqh8O1Flucz-LYtOeN7jeUIXtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/20e162-2cbc-4be3-a50c-a286d02532d3/1/0wgf23tvdSjDuy36oum4E_5sBcQ.roa
Signing time:             Thu 01 Jan 2026 08:18:21 +0000
ROA not before:           Thu 01 Jan 2026 08:18:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203400
IP address blocks:        185.72.88.0/24 maxlen: 24
                          185.72.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/20e162-2cbc-4be3-a50c-a286d02532d3/1/iWqh8O1Flucz-LYtOeN7jeUIXtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/20e162-2cbc-4be3-a50c-a286d02532d3/1/iWqh8O1Flucz-LYtOeN7jeUIXtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iWqh8O1Flucz-LYtOeN7jeUIXtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 08:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:eb:69:41:e8:c1:bd:47:25:4f:bb:5d:4d:4d:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=896aa1f0ed4596e733f8b62d39e37b8de5085ed7
        Validity
            Not Before: Jan  1 08:18:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d3081fdb7b6f7528c3bb2dfaa2e9b813fe6c05c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:12:a6:f5:ed:62:06:b9:82:b6:de:d5:68:ed:
                    e0:73:e8:38:e9:19:0e:63:9f:9e:ff:d3:6f:fc:ff:
                    af:4e:e9:50:3b:7b:8c:b2:07:46:fa:f2:a0:fa:c7:
                    f9:bd:be:c7:bf:1c:4e:3e:97:53:86:25:a1:c4:28:
                    60:fe:a0:28:90:ac:fa:60:89:41:bb:6e:94:3b:6b:
                    01:ba:4e:9e:59:6c:40:d6:09:d0:0a:df:af:14:5c:
                    d5:ba:39:61:6e:c8:aa:50:52:91:bc:01:c5:ce:40:
                    51:ca:5f:17:8a:ee:0e:4a:39:8a:51:36:69:cc:fe:
                    1d:74:69:15:8d:2b:9b:3b:d2:51:66:6a:1e:89:84:
                    ef:8c:a3:7f:c6:44:cd:7f:8c:80:4d:da:73:df:1c:
                    be:b6:8a:77:2e:0d:c0:b9:75:62:27:5d:f7:4f:dd:
                    78:ba:8b:c4:82:ca:3f:44:79:d9:3f:61:03:b5:7c:
                    db:b3:1a:d2:64:41:79:e7:fb:90:87:b8:88:c8:84:
                    8b:48:8e:dc:a0:98:62:36:28:82:bf:12:28:9c:e5:
                    f7:0a:f3:24:c0:c2:d4:b6:1e:fa:ac:51:a2:51:19:
                    7f:67:03:df:dc:57:0a:05:d8:d2:dd:e0:fb:84:e9:
                    8c:da:97:71:d8:0c:ae:0f:6b:df:4f:ce:5c:d0:4b:
                    27:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:08:1F:DB:7B:6F:75:28:C3:BB:2D:FA:A2:E9:B8:13:FE:6C:05:C4
            X509v3 Authority Key Identifier:
                keyid:89:6A:A1:F0:ED:45:96:E7:33:F8:B6:2D:39:E3:7B:8D:E5:08:5E:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iWqh8O1Flucz-LYtOeN7jeUIXtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/20e162-2cbc-4be3-a50c-a286d02532d3/1/0wgf23tvdSjDuy36oum4E_5sBcQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/20e162-2cbc-4be3-a50c-a286d02532d3/1/iWqh8O1Flucz-LYtOeN7jeUIXtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.72.88.0/23

    Signature Algorithm: sha256WithRSAEncryption
         24:2b:20:77:b4:5e:76:09:02:c9:5a:a3:4d:4a:a2:9c:e9:de:
         9c:df:d6:8e:46:38:5f:28:0c:be:5f:d0:99:f8:67:28:ea:a1:
         4d:1d:86:c5:99:c5:78:80:8b:73:48:df:8c:bc:89:f3:e7:14:
         e1:b6:d6:39:c0:29:c9:e8:90:71:31:a5:07:9a:a8:9f:37:ab:
         8b:ae:bb:77:d1:62:4d:99:2e:ad:b8:d6:37:c7:ae:70:7f:fd:
         96:26:9a:98:5e:5d:7a:03:cb:ad:e9:96:3b:12:f6:b6:84:62:
         4c:f7:1f:ff:5a:b2:fe:00:0c:dc:68:cd:81:c4:6c:ba:5a:4d:
         bd:8c:c3:36:e6:c5:2b:d2:80:98:2f:0d:83:6d:39:cc:13:7b:
         f3:c3:a3:d2:ee:1d:02:b9:51:d7:18:8b:62:ed:f9:34:6d:2b:
         e4:3d:f2:40:e8:4b:e2:23:17:96:71:1e:1d:b9:07:b0:f5:2c:
         84:ab:45:f4:29:20:52:e9:84:b5:64:fa:cf:a4:b2:8c:ca:eb:
         f6:12:9f:8f:c5:fd:0d:1e:85:5f:c0:85:e4:32:5d:db:0b:65:
         a7:2e:fa:c5:5d:33:10:3e:6a:0c:51:45:f5:22:0b:da:9c:17:
         9c:7b:21:63:f5:81:63:a8:07:bf:9a:87:7b:58:15:9c:20:55:
         10:24:34:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4outpQejBvUclT7tdTU16MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NmFhMWYwZWQ0NTk2ZTczM2Y4YjYyZDM5ZTM3YjhkZTUw
ODVlZDcwHhcNMjYwMTAxMDgxODIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzA4MWZkYjdiNmY3NTI4YzNiYjJkZmFhMmU5YjgxM2ZlNmMwNWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsBKm9e1iBrmCtt7VaO3gc+g46RkO
Y5+e/9Nv/P+vTulQO3uMsgdG+vKg+sf5vb7HvxxOPpdThiWhxChg/qAokKz6YIlB
u26UO2sBuk6eWWxA1gnQCt+vFFzVujlhbsiqUFKRvAHFzkBRyl8Xiu4OSjmKUTZp
zP4ddGkVjSubO9JRZmoeiYTvjKN/xkTNf4yATdpz3xy+top3Lg3AuXViJ133T914
uovEgso/RHnZP2EDtXzbsxrSZEF55/uQh7iIyISLSI7coJhiNiiCvxIonOX3CvMk
wMLUth76rFGiURl/ZwPf3FcKBdjS3eD7hOmM2pdx2AyuD2vfT85c0Esn1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNMIH9t7b3Uow7st+qLpuBP+bAXEMB8GA1UdIwQY
MBaAFIlqofDtRZbnM/i2LTnje43lCF7XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVdxaDhPMUZsdWN6LUxZdE9lTjdqZVVJWHRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8yMGUxNjItMmNiYy00YmUzLWE1MGMt
YTI4NmQwMjUzMmQzLzEvMHdnZjIzdHZkU2pEdXkzNm91bTRFXzVzQmNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8yMGUxNjItMmNiYy00YmUzLWE1MGMtYTI4NmQwMjUzMmQz
LzEvaVdxaDhPMUZsdWN6LUxZdE9lTjdqZVVJWHRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuUhYMA0G
CSqGSIb3DQEBCwUAA4IBAQAkKyB3tF52CQLJWqNNSqKc6d6c39aORjhfKAy+X9CZ
+Gco6qFNHYbFmcV4gItzSN+MvInz5xThttY5wCnJ6JBxMaUHmqifN6uLrrt30WJN
mS6tuNY3x65wf/2WJpqYXl16A8ut6ZY7Eva2hGJM9x//WrL+AAzcaM2BxGy6Wk29
jMM25sUr0oCYLw2DbTnME3vzw6PS7h0CuVHXGIti7fk0bSvkPfJA6EviIxeWcR4d
uQew9SyEq0X0KSBS6YS1ZPrPpLKMyuv2Ep+Pxf0NHoVfwIXkMl3bC2WnLvrFXTMQ
PmoMUUX1IgvanBeceyFj9YFjqAe/mod7WBWcIFUQJDQu
-----END CERTIFICATE-----