Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/ba4ad2-f40e-4f4b-a60d-753ab19687d8/1/wnLAy32iYG4i-ODs-rBRdtaa9Ss.roa
File:                     wnLAy32iYG4i-ODs-rBRdtaa9Ss.roa (raw, json)
Hash identifier:          zyR18oxh6Lhv0Acyg819Q0tTDooFJ+wpThACkE37g/8=
Subject key identifier:   C2:72:C0:CB:7D:A2:60:6E:22:F8:E0:EC:FA:B0:51:76:D6:9A:F5:2B
Certificate issuer:       /CN=dda5a222acb99ab2398439eded7770a65ee66de6
Certificate serial:       019B7D5D01C754A5BD5C3810791543B3D01F
Authority key identifier: DD:A5:A2:22:AC:B9:9A:B2:39:84:39:ED:ED:77:70:A6:5E:E6:6D:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3aWiIqy5mrI5hDnt7Xdwpl7mbeY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/ba4ad2-f40e-4f4b-a60d-753ab19687d8/1/wnLAy32iYG4i-ODs-rBRdtaa9Ss.roa
Signing time:             Fri 02 Jan 2026 06:20:05 +0000
ROA not before:           Fri 02 Jan 2026 06:20:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198298
IP address blocks:        194.33.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/ba4ad2-f40e-4f4b-a60d-753ab19687d8/1/3aWiIqy5mrI5hDnt7Xdwpl7mbeY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/ba4ad2-f40e-4f4b-a60d-753ab19687d8/1/3aWiIqy5mrI5hDnt7Xdwpl7mbeY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3aWiIqy5mrI5hDnt7Xdwpl7mbeY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 03:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5d:01:c7:54:a5:bd:5c:38:10:79:15:43:b3:d0:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dda5a222acb99ab2398439eded7770a65ee66de6
        Validity
            Not Before: Jan  2 06:20:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c272c0cb7da2606e22f8e0ecfab05176d69af52b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c8:7c:45:9c:56:e6:57:a4:d0:46:46:ff:07:
                    c9:34:9a:79:b8:bb:47:49:13:36:66:95:88:95:af:
                    30:3f:99:b6:62:23:b0:62:fe:bb:ca:24:d5:f6:06:
                    94:a5:54:d5:b1:e9:04:76:16:c9:20:3b:2b:ee:19:
                    7f:18:f9:c7:ab:ea:8e:8c:73:bb:37:00:ce:e1:0e:
                    59:a8:a0:df:ce:7b:7d:b9:c0:62:9a:7d:0f:53:5b:
                    99:71:3d:4e:88:fc:af:f9:8b:7b:b8:af:bd:7c:38:
                    a4:0b:99:4b:89:4b:2d:6b:7c:ef:9c:db:9e:b5:75:
                    5f:60:f6:ae:8c:a0:3c:0b:ed:d6:59:72:6c:91:50:
                    ca:11:9a:af:74:19:0a:e1:ce:f2:53:41:7a:2a:69:
                    ff:ea:25:dc:a6:ae:21:67:07:10:89:3d:cb:86:0d:
                    35:29:f9:40:48:3d:21:7c:b0:c8:f5:a8:92:55:b0:
                    ae:6b:b0:3e:29:30:6e:fc:e4:3f:27:2a:4b:da:c8:
                    90:7d:2b:91:f5:ba:86:b7:2f:bb:ed:7d:6c:2b:5c:
                    b4:00:d1:10:ae:96:7c:26:13:7d:3f:c6:d7:ae:28:
                    25:ad:a3:3d:00:ff:f5:55:ff:8c:14:70:20:09:f4:
                    34:13:eb:89:45:55:72:a0:c6:8c:bb:35:60:a1:ee:
                    0c:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:72:C0:CB:7D:A2:60:6E:22:F8:E0:EC:FA:B0:51:76:D6:9A:F5:2B
            X509v3 Authority Key Identifier:
                keyid:DD:A5:A2:22:AC:B9:9A:B2:39:84:39:ED:ED:77:70:A6:5E:E6:6D:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3aWiIqy5mrI5hDnt7Xdwpl7mbeY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ba4ad2-f40e-4f4b-a60d-753ab19687d8/1/wnLAy32iYG4i-ODs-rBRdtaa9Ss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ba4ad2-f40e-4f4b-a60d-753ab19687d8/1/3aWiIqy5mrI5hDnt7Xdwpl7mbeY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.33.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:7e:49:ed:3a:39:3f:f5:e1:64:df:01:6b:3e:46:49:0a:02:
         05:51:b9:a8:cf:8c:de:ec:cb:c4:3b:c9:be:73:3c:cd:40:0a:
         25:8f:d0:05:0a:49:25:8e:f5:05:87:70:d3:19:03:1a:9f:7b:
         a5:79:ee:36:3f:11:3d:85:32:cd:59:07:85:95:46:b9:3b:48:
         c7:96:c8:ad:5a:f1:76:65:19:c1:ef:1e:49:8b:1b:61:ee:bd:
         eb:05:37:7e:af:78:a3:75:a7:e1:11:63:6b:af:6e:87:75:8a:
         a3:da:cc:37:17:54:0b:7a:5e:9b:fa:e4:1d:7f:0f:8a:b8:fd:
         a9:5f:dd:36:ba:16:98:31:aa:59:fe:49:8d:e5:4f:5c:ba:99:
         1a:a8:aa:97:46:d5:d7:1f:b6:d3:c9:eb:17:7f:0f:bc:80:e0:
         84:05:42:5a:f2:f1:21:bd:7a:e3:52:17:a9:19:92:49:77:f5:
         df:60:a7:52:79:09:28:41:49:d0:1b:57:8d:17:08:54:79:03:
         f1:1f:1b:8f:3a:62:50:33:df:c9:32:6d:4e:e1:b0:d2:8b:ef:
         1e:e8:f7:f1:d0:25:cc:77:6a:f0:42:9b:75:25:21:48:72:d4:
         96:9b:36:b6:85:4a:6b:e6:62:b1:97:d5:94:c7:c9:a2:de:55:
         fa:1d:a4:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XQHHVKW9XDgQeRVDs9AfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkYTVhMjIyYWNiOTlhYjIzOTg0MzllZGVkNzc3MGE2NWVl
NjZkZTYwHhcNMjYwMTAyMDYyMDA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjcyYzBjYjdkYTI2MDZlMjJmOGUwZWNmYWIwNTE3NmQ2OWFmNTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8h8RZxW5lek0EZG/wfJNJp5uLtH
SRM2ZpWIla8wP5m2YiOwYv67yiTV9gaUpVTVsekEdhbJIDsr7hl/GPnHq+qOjHO7
NwDO4Q5ZqKDfznt9ucBimn0PU1uZcT1OiPyv+Yt7uK+9fDikC5lLiUsta3zvnNue
tXVfYPaujKA8C+3WWXJskVDKEZqvdBkK4c7yU0F6Kmn/6iXcpq4hZwcQiT3Lhg01
KflASD0hfLDI9aiSVbCua7A+KTBu/OQ/JypL2siQfSuR9bqGty+77X1sK1y0ANEQ
rpZ8JhN9P8bXriglraM9AP/1Vf+MFHAgCfQ0E+uJRVVyoMaMuzVgoe4MGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMJywMt9omBuIvjg7PqwUXbWmvUrMB8GA1UdIwQY
MBaAFN2loiKsuZqyOYQ57e13cKZe5m3mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2FXaUlxeTVtckk1aERudDdYZHdwbDdtYmVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9iYTRhZDItZjQwZS00ZjRiLWE2MGQt
NzUzYWIxOTY4N2Q4LzEvd25MQXkzMmlZRzRpLU9Ecy1yQlJkdGFhOVNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9iYTRhZDItZjQwZS00ZjRiLWE2MGQtNzUzYWIxOTY4N2Q4
LzEvM2FXaUlxeTVtckk1aERudDdYZHdwbDdtYmVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiEMMA0G
CSqGSIb3DQEBCwUAA4IBAQB3fkntOjk/9eFk3wFrPkZJCgIFUbmoz4ze7MvEO8m+
czzNQAolj9AFCkkljvUFh3DTGQMan3ulee42PxE9hTLNWQeFlUa5O0jHlsitWvF2
ZRnB7x5Jixth7r3rBTd+r3ijdafhEWNrr26HdYqj2sw3F1QLel6b+uQdfw+KuP2p
X902uhaYMapZ/kmN5U9cupkaqKqXRtXXH7bTyesXfw+8gOCEBUJa8vEhvXrjUhep
GZJJd/XfYKdSeQkoQUnQG1eNFwhUeQPxHxuPOmJQM9/JMm1O4bDSi+8e6Pfx0CXM
d2rwQpt1JSFIctSWmza2hUpr5mKxl9WUx8mi3lX6HaTQ
-----END CERTIFICATE-----