Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/wHR1rjW-GyeAykDPRv2evn14daQ.roa
File:                     wHR1rjW-GyeAykDPRv2evn14daQ.roa (raw, json)
Hash identifier:          8uSH9PuLMUirtdt/ZPVP4wYc8PpyHx7s2sPU4VXGS4U=
Subject key identifier:   C0:74:75:AE:35:BE:1B:27:80:CA:40:CF:46:FD:9E:BE:7D:78:75:A4
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       019D94AA913976A048FC2F302C2EF7A96EFB
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/wHR1rjW-GyeAykDPRv2evn14daQ.roa
Signing time:             Thu 16 Apr 2026 05:01:39 +0000
ROA not before:           Thu 16 Apr 2026 05:01:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49556
IP address blocks:        89.46.217.0/24 maxlen: 24
                          188.212.99.0/24 maxlen: 24
                          188.240.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:94:aa:91:39:76:a0:48:fc:2f:30:2c:2e:f7:a9:6e:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Apr 16 05:01:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c07475ae35be1b2780ca40cf46fd9ebe7d7875a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:ea:a7:2d:1d:74:b9:52:b5:12:3a:72:95:b4:
                    f2:33:5c:fe:aa:86:2b:da:66:7b:88:d8:81:aa:bd:
                    dd:40:5e:03:be:cb:1c:12:93:e4:d1:a5:b1:08:de:
                    3b:bc:b4:d9:19:b1:eb:a2:de:35:b2:c4:c8:ff:23:
                    cf:0a:f7:dc:63:5b:9d:75:89:e4:5e:29:15:64:a5:
                    a7:5e:71:7b:e2:ee:b7:a7:ac:fa:d6:1e:17:db:0d:
                    89:62:8c:fa:70:f0:a9:e2:5c:6c:e5:0e:01:cf:e0:
                    b0:8a:62:31:7b:4f:ff:32:6d:c2:c7:de:e2:5d:35:
                    45:33:b7:ea:ee:19:81:89:95:0a:d6:09:40:5b:1d:
                    84:4c:81:81:5f:25:f3:84:c7:d1:67:51:e9:d1:32:
                    02:50:85:ee:eb:a5:1b:e1:9e:2c:c4:b3:df:00:59:
                    98:fa:43:86:4b:07:04:3d:4d:49:07:a4:16:70:f4:
                    c5:5d:76:4a:9f:c8:8e:a2:16:42:a4:59:41:ac:d3:
                    1a:23:fd:3a:62:0f:e5:80:85:ce:cc:dc:90:78:5a:
                    f1:0a:49:05:6f:a9:74:72:3a:08:c1:f5:bb:47:5c:
                    93:87:63:90:ea:40:dc:b4:f8:78:ee:ce:81:3a:c6:
                    fd:bc:3c:91:1f:bf:20:f1:23:76:cb:f3:33:dd:f6:
                    9b:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:74:75:AE:35:BE:1B:27:80:CA:40:CF:46:FD:9E:BE:7D:78:75:A4
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/wHR1rjW-GyeAykDPRv2evn14daQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.46.217.0/24
                  188.212.99.0/24
                  188.240.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:29:19:7d:cf:1f:e3:c2:56:5b:d0:37:33:f0:c8:5c:f8:a9:
         77:04:9d:ca:8d:cc:ef:e7:80:e3:ee:3c:56:43:8a:67:85:c8:
         2a:23:b4:94:03:10:bd:e6:25:35:9d:96:4b:6d:42:84:b9:cb:
         ba:ea:b1:f7:d7:f7:aa:7a:18:0b:e7:80:c6:9a:44:c0:a6:61:
         75:8c:81:3c:4b:21:98:21:73:11:6a:8d:54:51:f3:9f:25:3a:
         02:88:52:9a:fa:a1:70:1d:3e:06:3a:49:21:95:f9:65:2d:c8:
         34:5e:e1:0a:a0:19:3e:54:a4:e8:7f:50:1e:f1:13:17:5b:2a:
         8a:c8:3b:b3:da:30:a3:89:5d:30:a5:89:6d:ba:fa:6e:d6:24:
         83:97:bd:de:67:25:fe:45:03:00:1d:e8:8c:6f:0a:e9:66:b9:
         06:85:7c:7e:3b:51:50:38:bd:e7:9e:ff:1a:58:2e:73:b3:d0:
         0e:cd:bc:4b:c9:f0:a3:7b:8b:49:26:9a:e2:df:a4:64:08:9f:
         51:2e:8a:2f:6f:c5:18:cf:2e:5e:f3:03:29:d6:b6:24:77:0c:
         1d:38:4f:c1:d0:5a:cc:fd:80:96:28:e4:3a:05:b9:be:e1:71:
         a4:5f:d2:cd:34:58:49:6e:87:39:22:e1:61:ee:8c:ba:d2:48:
         81:c7:66:b7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ2UqpE5dqBI/C8wLC73qW77MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjYwNDE2MDUwMTM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDc0NzVhZTM1YmUxYjI3ODBjYTQwY2Y0NmZkOWViZTdkNzg3NWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+qnLR10uVK1EjpylbTyM1z+qoYr
2mZ7iNiBqr3dQF4DvsscEpPk0aWxCN47vLTZGbHrot41ssTI/yPPCvfcY1uddYnk
XikVZKWnXnF74u63p6z61h4X2w2JYoz6cPCp4lxs5Q4Bz+CwimIxe0//Mm3Cx97i
XTVFM7fq7hmBiZUK1glAWx2ETIGBXyXzhMfRZ1Hp0TICUIXu66Ub4Z4sxLPfAFmY
+kOGSwcEPU1JB6QWcPTFXXZKn8iOohZCpFlBrNMaI/06Yg/lgIXOzNyQeFrxCkkF
b6l0cjoIwfW7R1yTh2OQ6kDctPh47s6BOsb9vDyRH78g8SN2y/Mz3fabhQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMB0da41vhsngMpAz0b9nr59eHWkMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvd0hSMXJqVy1HeWVBeWtEUFJ2MmV2bjE0ZGFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWS7ZAwQA
vNRjAwQAvPDEMA0GCSqGSIb3DQEBCwUAA4IBAQBGKRl9zx/jwlZb0Dcz8Mhc+Kl3
BJ3Kjczv54Dj7jxWQ4pnhcgqI7SUAxC95iU1nZZLbUKEucu66rH31/eqehgL54DG
mkTApmF1jIE8SyGYIXMRao1UUfOfJToCiFKa+qFwHT4GOkkhlfllLcg0XuEKoBk+
VKTof1Ae8RMXWyqKyDuz2jCjiV0wpYltuvpu1iSDl73eZyX+RQMAHeiMbwrpZrkG
hXx+O1FQOL3nnv8aWC5zs9AOzbxLyfCje4tJJpri36RkCJ9RLoovb8UYzy5e8wMp
1rYkdwwdOE/B0FrM/YCWKOQ6Bbm+4XGkX9LNNFhJboc5IuFh7oy60kiBx2a3
-----END CERTIFICATE-----