Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/Wj2VLmy9IpygU3v3xdTGrPrQXDc.roa
File:                     Wj2VLmy9IpygU3v3xdTGrPrQXDc.roa (raw, json)
Hash identifier:          DPfskDs5HYjdCFzEpqrdu5luOfJbNO2uk4oD1xtezvY=
Subject key identifier:   5A:3D:95:2E:6C:BD:22:9C:A0:53:7B:F7:C5:D4:C6:AC:FA:D0:5C:37
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019C60E20D441C0560BB98C4C5FFB78AB792
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/Wj2VLmy9IpygU3v3xdTGrPrQXDc.roa
Signing time:             Sun 15 Feb 2026 10:39:13 +0000
ROA not before:           Sun 15 Feb 2026 10:39:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214025
IP address blocks:        178.253.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 17:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:60:e2:0d:44:1c:05:60:bb:98:c4:c5:ff:b7:8a:b7:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Feb 15 10:39:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5a3d952e6cbd229ca0537bf7c5d4c6acfad05c37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:e9:51:f6:e5:f4:bb:01:01:83:7b:89:f6:3a:
                    a9:59:d9:0d:e5:2e:17:64:6d:21:36:66:b4:0d:30:
                    2a:fb:9d:e0:5a:69:0c:02:3b:e2:45:11:2d:0b:56:
                    2d:7d:7f:43:ae:ab:51:af:a8:91:90:29:30:89:e0:
                    0f:db:09:2c:71:59:06:71:08:bb:bb:7f:6d:f7:ac:
                    28:d3:bb:71:5e:51:82:ca:86:73:1e:ba:91:12:a3:
                    6c:f5:c0:98:1c:65:81:19:e5:40:35:63:13:89:ac:
                    01:12:e8:9b:ab:dd:31:22:d1:75:f7:17:cb:fc:e6:
                    a1:85:a1:47:70:a3:aa:42:fd:3f:a1:b6:1e:da:e9:
                    1c:0d:dc:ec:3d:a4:19:80:dd:81:f6:2a:f1:c2:dc:
                    93:76:de:e1:25:5e:93:26:18:08:1c:2e:c7:d8:98:
                    0b:7c:37:1e:9c:bd:f8:f8:da:59:f5:d2:74:ba:5c:
                    89:d0:fa:06:5d:c4:6b:30:56:ef:0d:3d:1b:db:c1:
                    cc:79:97:cd:e3:4c:18:52:b9:ea:f9:7c:91:72:49:
                    44:2d:83:22:89:78:1a:30:20:48:a3:c8:02:74:e1:
                    f3:94:9a:37:c6:c2:30:a9:3d:b2:20:c4:4c:77:03:
                    27:58:6b:a3:c4:f4:60:ad:00:e5:b2:4f:ba:a8:1a:
                    2f:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:3D:95:2E:6C:BD:22:9C:A0:53:7B:F7:C5:D4:C6:AC:FA:D0:5C:37
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/Wj2VLmy9IpygU3v3xdTGrPrQXDc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.253.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:09:37:75:92:11:19:8e:eb:75:ad:c4:d0:10:fb:aa:35:f5:
         df:1b:ef:7c:8e:1a:d4:e0:b0:41:2e:99:58:c0:eb:64:6c:b7:
         be:aa:e8:53:4a:53:4d:fa:c8:1f:a7:e7:1d:44:98:86:71:60:
         0c:0b:27:ff:49:80:50:70:6f:04:90:16:6c:ac:7c:8d:fd:36:
         6b:76:db:19:db:28:3c:b1:81:04:ef:bb:48:5c:ab:07:7a:0b:
         51:8c:43:b3:bf:0e:b5:57:c1:bb:a9:87:93:66:9c:20:8c:fe:
         63:22:89:e6:cd:f5:96:c5:25:6b:43:26:4c:9d:fb:1a:22:3d:
         91:dd:e2:f6:b0:7d:86:54:2b:c5:c2:46:85:e2:f3:5b:18:4f:
         87:63:2e:ed:25:13:80:dd:8d:ec:ab:77:64:e3:10:2f:4c:2d:
         df:06:b0:b9:22:64:d8:e0:d3:0f:f1:c5:c2:c5:44:59:fb:22:
         39:dd:9f:23:30:f3:e2:a7:6e:b2:ee:f8:35:d6:61:18:ce:68:
         b5:ff:2f:6c:98:f6:70:f2:79:3f:71:87:4e:a8:97:cb:af:e5:
         22:5f:2b:30:9b:a9:79:98:ea:f8:16:98:07:fa:05:02:d0:96:
         e0:9a:9a:bb:7b:29:44:55:0d:bf:b3:8b:43:6c:8c:81:29:24:
         b6:4b:b8:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxg4g1EHAVgu5jExf+3ireSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwMjE1MTAzOTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTNkOTUyZTZjYmQyMjljYTA1MzdiZjdjNWQ0YzZhY2ZhZDA1YzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyulR9uX0uwEBg3uJ9jqpWdkN5S4X
ZG0hNma0DTAq+53gWmkMAjviRREtC1YtfX9DrqtRr6iRkCkwieAP2wkscVkGcQi7
u39t96wo07txXlGCyoZzHrqREqNs9cCYHGWBGeVANWMTiawBEuibq90xItF19xfL
/OahhaFHcKOqQv0/obYe2ukcDdzsPaQZgN2B9irxwtyTdt7hJV6TJhgIHC7H2JgL
fDcenL34+NpZ9dJ0ulyJ0PoGXcRrMFbvDT0b28HMeZfN40wYUrnq+XyRcklELYMi
iXgaMCBIo8gCdOHzlJo3xsIwqT2yIMRMdwMnWGujxPRgrQDlsk+6qBov6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFo9lS5svSKcoFN798XUxqz60Fw3MB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvV2oyVkxteTlJcHlnVTN2M3hkVEdyUHJRWERjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv3lMA0G
CSqGSIb3DQEBCwUAA4IBAQBGCTd1khEZjut1rcTQEPuqNfXfG+98jhrU4LBBLplY
wOtkbLe+quhTSlNN+sgfp+cdRJiGcWAMCyf/SYBQcG8EkBZsrHyN/TZrdtsZ2yg8
sYEE77tIXKsHegtRjEOzvw61V8G7qYeTZpwgjP5jIonmzfWWxSVrQyZMnfsaIj2R
3eL2sH2GVCvFwkaF4vNbGE+HYy7tJROA3Y3sq3dk4xAvTC3fBrC5ImTY4NMP8cXC
xURZ+yI53Z8jMPPip26y7vg11mEYzmi1/y9smPZw8nk/cYdOqJfLr+UiXyswm6l5
mOr4FpgH+gUC0Jbgmpq7eylEVQ2/s4tDbIyBKSS2S7gh
-----END CERTIFICATE-----