Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/WmWtAx03u9_usOg5G2xV--oSdAs.roa
File:                     WmWtAx03u9_usOg5G2xV--oSdAs.roa (raw, json)
Hash identifier:          q5OolJ7Sg3ocWItrHSnilL8FAC/IzCpsE8WKKPuEKZA=
Subject key identifier:   5A:65:AD:03:1D:37:BB:DF:EE:B0:E8:39:1B:6C:55:FB:EA:12:74:0B
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019D8E97B5A6090E314F8BCF47441A969DD5
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/WmWtAx03u9_usOg5G2xV--oSdAs.roa
Signing time:             Wed 15 Apr 2026 00:43:20 +0000
ROA not before:           Wed 15 Apr 2026 00:43:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198979
IP address blocks:        2a06:9801:275::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8e:97:b5:a6:09:0e:31:4f:8b:cf:47:44:1a:96:9d:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Apr 15 00:43:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5a65ad031d37bbdfeeb0e8391b6c55fbea12740b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:8d:ae:25:ab:f5:4a:8a:e7:85:a3:ad:89:e6:
                    2f:40:55:5a:8d:52:37:d2:0c:8a:88:fc:85:ed:99:
                    68:ba:7d:01:78:d6:62:85:7d:4b:c5:3d:f6:e0:6c:
                    f7:04:db:99:11:2d:78:bf:0c:a3:04:cb:43:99:5b:
                    69:af:42:21:29:ac:0d:51:1c:25:0a:8c:2b:1b:dc:
                    1b:06:ec:e0:03:9d:e7:bc:a9:8c:a3:cc:9a:69:32:
                    58:22:f2:50:79:dd:b6:47:86:d1:5c:ef:37:c5:1b:
                    a3:e2:5e:5e:bd:78:ba:e7:c1:56:82:45:46:a7:32:
                    1e:3e:d3:ce:c2:94:0c:5a:ed:06:bb:64:bf:d3:2b:
                    26:b7:8c:26:80:1b:ec:46:59:df:67:e2:48:77:3b:
                    a9:b9:49:98:ea:47:42:55:ff:2d:c7:c6:b4:bb:08:
                    59:b1:6f:29:47:57:6f:5f:66:86:9c:de:6f:9a:07:
                    80:8c:51:7f:5b:6e:20:1c:a8:25:2d:59:55:80:7c:
                    b8:e0:ce:92:e2:ed:13:92:1d:33:fc:4e:06:28:93:
                    02:cf:88:71:59:d8:bb:c9:98:85:88:8e:e0:b9:a0:
                    18:86:62:13:1f:5e:16:2c:4d:a4:11:10:ff:bb:31:
                    5d:c5:66:06:41:7e:88:3b:0a:e7:45:c1:cc:46:e9:
                    be:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:65:AD:03:1D:37:BB:DF:EE:B0:E8:39:1B:6C:55:FB:EA:12:74:0B
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/WmWtAx03u9_usOg5G2xV--oSdAs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:275::/48

    Signature Algorithm: sha256WithRSAEncryption
         79:9a:c0:92:6f:a3:b6:cb:6f:32:02:5c:78:3f:d9:b5:3e:4c:
         83:1d:ea:ba:70:5d:1f:a2:da:d0:61:aa:68:40:c3:11:19:bf:
         63:e7:7b:c6:b7:f8:bf:7c:e5:ac:f2:3b:a2:aa:8e:dc:da:11:
         3f:af:8e:c1:1b:ec:25:9e:56:7e:20:64:4c:ef:66:07:3b:43:
         65:a2:96:a4:6a:1c:8a:0a:a9:54:5d:c4:4c:ae:16:a8:d6:96:
         f1:5a:03:22:4a:bc:51:7a:52:b4:13:8b:f7:c7:1e:a7:6a:29:
         50:1f:34:d9:7c:a2:5a:7f:41:3c:ef:3d:29:22:97:86:b0:34:
         67:1e:a9:91:fc:9b:38:b3:df:46:a8:8e:d2:3f:05:bd:f0:a0:
         8b:cc:f2:c9:51:1d:0b:42:d3:20:5d:40:c0:5c:3b:d6:66:03:
         e3:10:8b:3a:b0:ff:ac:03:fa:10:7b:45:ac:93:fb:1e:bb:a7:
         14:41:4a:31:68:96:b7:7f:99:4a:e4:0b:ef:47:ab:95:c5:0e:
         e7:92:8b:a3:57:00:a9:0a:f0:f5:2f:2b:5a:d7:bc:4d:2d:4a:
         00:c9:4f:13:d9:44:9f:f8:45:2f:cf:46:d8:6e:00:2c:22:c7:
         bc:01:a5:c1:2b:0b:e2:18:5a:f6:01:7c:98:0e:ce:44:ae:81:
         a3:34:3d:05
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ2Ol7WmCQ4xT4vPR0Qalp3VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNDE1MDA0MzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTY1YWQwMzFkMzdiYmRmZWViMGU4MzkxYjZjNTVmYmVhMTI3NDBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7I2uJav1SornhaOtieYvQFVajVI3
0gyKiPyF7Zloun0BeNZihX1LxT324Gz3BNuZES14vwyjBMtDmVtpr0IhKawNURwl
CowrG9wbBuzgA53nvKmMo8yaaTJYIvJQed22R4bRXO83xRuj4l5evXi658FWgkVG
pzIePtPOwpQMWu0Gu2S/0ysmt4wmgBvsRlnfZ+JIdzupuUmY6kdCVf8tx8a0uwhZ
sW8pR1dvX2aGnN5vmgeAjFF/W24gHKglLVlVgHy44M6S4u0Tkh0z/E4GKJMCz4hx
Wdi7yZiFiI7guaAYhmITH14WLE2kERD/uzFdxWYGQX6IOwrnRcHMRum+RwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFplrQMdN7vf7rDoORtsVfvqEnQLMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvV21XdEF4MDN1OV91c09nNUcyeFYtLW9TZEFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQJ1
MA0GCSqGSIb3DQEBCwUAA4IBAQB5msCSb6O2y28yAlx4P9m1PkyDHeq6cF0fotrQ
YapoQMMRGb9j53vGt/i/fOWs8juiqo7c2hE/r47BG+wlnlZ+IGRM72YHO0Nlopak
ahyKCqlUXcRMrhao1pbxWgMiSrxRelK0E4v3xx6nailQHzTZfKJaf0E87z0pIpeG
sDRnHqmR/Js4s99GqI7SPwW98KCLzPLJUR0LQtMgXUDAXDvWZgPjEIs6sP+sA/oQ
e0Wsk/seu6cUQUoxaJa3f5lK5AvvR6uVxQ7nkoujVwCpCvD1Lyta17xNLUoAyU8T
2USf+EUvz0bYbgAsIse8AaXBKwviGFr2AXyYDs5EroGjND0F
-----END CERTIFICATE-----