Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CW_HvDbYBYbAWofKdwrPvNngefc.roa
File:                     CW_HvDbYBYbAWofKdwrPvNngefc.roa (raw, json)
Hash identifier:          K/4MSIpNMGgHpqP6TSqdislusd1GbJIGCOT0ARGA4SE=
Subject key identifier:   09:6F:C7:BC:36:D8:05:86:C0:5A:87:CA:77:0A:CF:BC:D9:E0:79:F7
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       019EA1935DD69C29D558E1D194D5D01FAC51
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CW_HvDbYBYbAWofKdwrPvNngefc.roa
Signing time:             Sun 07 Jun 2026 10:14:10 +0000
ROA not before:           Sun 07 Jun 2026 10:14:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        193.108.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a1:93:5d:d6:9c:29:d5:58:e1:d1:94:d5:d0:1f:ac:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Jun  7 10:14:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=096fc7bc36d80586c05a87ca770acfbcd9e079f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:ac:39:83:ce:e3:d6:b1:97:28:84:8d:61:4a:
                    2e:c6:ca:39:70:cf:83:b2:c2:e9:29:27:a0:7e:3f:
                    28:93:69:ef:0f:a4:3d:14:89:46:41:19:70:60:89:
                    5a:a2:62:7c:bf:d2:75:c4:9b:3e:c5:d9:a9:c7:fd:
                    05:bf:51:98:af:77:76:b8:6b:b8:6f:3f:a7:47:bd:
                    bb:3d:91:2e:b0:fe:af:20:74:69:e4:7a:32:33:b1:
                    93:5c:c2:e5:d9:15:82:9e:12:06:a4:80:79:33:be:
                    a2:cb:78:14:24:f0:cc:0d:59:c0:8b:37:8a:a4:68:
                    4d:0e:bb:8c:db:73:ae:98:76:bd:02:06:95:97:e5:
                    94:85:3e:1e:4e:6c:35:a8:03:53:55:f9:bb:58:bf:
                    aa:85:d1:3a:64:d6:9f:f0:c2:f7:21:28:fd:61:4d:
                    6c:5b:7a:6a:c2:18:0a:87:ec:01:75:c2:8c:25:54:
                    c9:70:28:16:51:21:7d:9c:bb:93:42:f8:bf:fd:c6:
                    59:a9:12:e1:8a:93:c3:bb:98:5f:bc:56:ad:74:70:
                    56:df:72:3f:75:26:95:68:cd:61:82:93:d7:fe:46:
                    86:06:3a:c5:5d:df:f3:31:b7:5c:94:08:0e:bf:92:
                    ab:4c:ae:1c:96:1d:ad:c9:d3:d4:7a:ce:0e:e1:74:
                    5f:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:6F:C7:BC:36:D8:05:86:C0:5A:87:CA:77:0A:CF:BC:D9:E0:79:F7
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CW_HvDbYBYbAWofKdwrPvNngefc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:f6:9b:59:0d:c7:f9:a1:57:1d:47:0b:85:bb:3a:29:d8:bf:
         46:4e:82:b5:08:93:f1:8a:fa:ad:7e:a3:04:e3:8e:61:f3:91:
         03:34:33:c0:0a:75:22:bb:05:ed:44:74:1b:26:c5:3e:7f:64:
         56:b2:7c:ea:be:ce:f1:ce:7e:c7:03:a0:3b:b9:db:f0:a9:86:
         dc:75:fa:cd:e0:53:f9:02:a5:68:81:8f:f6:a8:04:78:f2:82:
         88:d5:f8:c3:42:52:4e:3c:dc:c8:95:2f:48:1a:9c:c3:ee:ef:
         c7:c6:26:23:ee:23:a3:c8:f5:8e:03:40:10:fe:61:68:9f:1e:
         27:91:fb:d7:f6:2c:a4:0a:07:19:f7:1c:e0:42:1f:38:83:5d:
         0a:79:79:74:53:62:49:65:a7:45:40:db:12:d5:57:f5:11:b7:
         aa:c2:f4:64:f7:84:1c:9b:44:03:07:ba:14:c4:0b:74:dd:5d:
         26:be:c8:4a:e9:be:25:3a:19:ef:d6:45:65:47:ed:bf:52:f2:
         7b:16:a3:f4:12:a2:a0:ce:3a:3a:53:c8:d1:94:ad:dd:0a:88:
         f2:08:d3:c9:8c:52:89:8a:e7:52:ba:23:be:69:0d:e6:cb:82:
         a5:14:43:19:df:03:8f:cf:6f:fd:9f:99:f0:b5:e6:e2:45:15:
         36:e1:bd:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6hk13WnCnVWOHRlNXQH6xRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjYwNjA3MTAxNDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTZmYzdiYzM2ZDgwNTg2YzA1YTg3Y2E3NzBhY2ZiY2Q5ZTA3OWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA36w5g87j1rGXKISNYUouxso5cM+D
ssLpKSegfj8ok2nvD6Q9FIlGQRlwYIlaomJ8v9J1xJs+xdmpx/0Fv1GYr3d2uGu4
bz+nR727PZEusP6vIHRp5HoyM7GTXMLl2RWCnhIGpIB5M76iy3gUJPDMDVnAizeK
pGhNDruM23OumHa9AgaVl+WUhT4eTmw1qANTVfm7WL+qhdE6ZNaf8ML3ISj9YU1s
W3pqwhgKh+wBdcKMJVTJcCgWUSF9nLuTQvi//cZZqRLhipPDu5hfvFatdHBW33I/
dSaVaM1hgpPX/kaGBjrFXd/zMbdclAgOv5KrTK4clh2tydPUes4O4XRfCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAlvx7w22AWGwFqHyncKz7zZ4Hn3MB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvQ1dfSHZEYllCWWJBV29mS2R3clB2Tm5nZWZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWxpMA0G
CSqGSIb3DQEBCwUAA4IBAQCM9ptZDcf5oVcdRwuFuzop2L9GToK1CJPxivqtfqME
445h85EDNDPACnUiuwXtRHQbJsU+f2RWsnzqvs7xzn7HA6A7udvwqYbcdfrN4FP5
AqVogY/2qAR48oKI1fjDQlJOPNzIlS9IGpzD7u/HxiYj7iOjyPWOA0AQ/mFonx4n
kfvX9iykCgcZ9xzgQh84g10KeXl0U2JJZadFQNsS1Vf1EbeqwvRk94Qcm0QDB7oU
xAt03V0mvshK6b4lOhnv1kVlR+2/UvJ7FqP0EqKgzjo6U8jRlK3dCojyCNPJjFKJ
iudSuiO+aQ3my4KlFEMZ3wOPz2/9n5nwtebiRRU24b1W
-----END CERTIFICATE-----