Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/WHZhAxEmdLc9kyaJnlKr3nK-zto.roa
File:                     WHZhAxEmdLc9kyaJnlKr3nK-zto.roa (raw, json)
Hash identifier:          rovI5JSEWeztZ3B9igifzA5R8/lO73yVDsfqDGZE7LU=
Subject key identifier:   58:76:61:03:11:26:74:B7:3D:93:26:89:9E:52:AB:DE:72:BE:CE:DA
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019D957D343D37373666C47D0DECCFF2E419
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/WHZhAxEmdLc9kyaJnlKr3nK-zto.roa
Signing time:             Thu 16 Apr 2026 08:51:43 +0000
ROA not before:           Thu 16 Apr 2026 08:51:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     263238
IP address blocks:        185.181.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:95:7d:34:3d:37:37:36:66:c4:7d:0d:ec:cf:f2:e4:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Apr 16 08:51:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=58766103112674b73d9326899e52abde72beceda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:9d:97:ee:2d:df:af:2b:74:2b:62:ed:8b:e1:
                    3c:eb:c4:c8:9b:5a:03:04:31:e7:c7:d6:ba:cf:45:
                    a8:0c:58:ab:cc:7f:1a:30:bb:f2:4f:2e:08:3a:8b:
                    7c:56:db:6b:4d:8d:a3:48:a6:fe:95:79:e3:11:13:
                    be:78:d4:5f:58:5c:dc:3b:ac:e5:8b:f7:c3:1b:22:
                    ea:2e:86:86:23:3b:a6:5b:48:fa:b3:e8:7e:f8:53:
                    08:44:e4:07:9f:f4:88:87:72:b0:30:f0:61:07:b0:
                    b6:ac:53:6e:b1:e1:80:9e:6e:9f:1d:bc:56:48:60:
                    b2:79:7b:6f:85:4b:64:ec:22:9a:b1:45:af:f9:86:
                    b0:14:f1:42:48:09:0b:2d:3a:7f:bc:81:72:ae:8f:
                    68:e6:2a:10:7e:f9:93:3f:5c:17:b9:6a:2d:e7:20:
                    fb:7b:07:e2:aa:c9:89:7a:09:7a:5d:57:ca:18:8c:
                    df:d1:f6:4c:5e:97:aa:bf:58:7f:96:35:17:2b:3b:
                    e3:65:1f:c4:34:5e:b3:1c:22:12:ad:3d:ae:6d:35:
                    77:4d:9d:22:78:88:77:c0:7d:1d:e5:20:c3:21:6f:
                    09:1e:f9:fa:6c:75:36:da:04:3a:38:7f:13:ae:28:
                    6b:b8:da:94:d4:fe:a8:02:e5:6f:f8:91:c1:e8:79:
                    9b:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:76:61:03:11:26:74:B7:3D:93:26:89:9E:52:AB:DE:72:BE:CE:DA
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/WHZhAxEmdLc9kyaJnlKr3nK-zto.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.181.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:f8:ba:fa:67:f4:fd:17:28:34:76:e2:3f:c8:6a:65:e9:85:
         87:21:98:a2:05:71:d1:47:f8:11:17:4f:65:08:65:db:b5:c7:
         f6:55:21:f8:f1:6c:c7:f0:7a:49:c7:a1:91:c5:74:79:77:ee:
         cb:36:b3:25:9d:f0:ed:ea:12:9a:8d:19:92:26:3b:ec:ae:b4:
         85:4c:30:ac:61:a9:55:45:03:a0:a6:1a:5c:fa:fd:8e:c8:1d:
         b1:93:af:8b:a8:31:57:38:bb:24:e1:a8:42:49:22:42:d5:cf:
         0b:54:d8:42:72:76:d9:20:c3:d9:a1:6f:ec:da:8b:f0:34:80:
         6f:67:ea:47:b6:25:40:e6:21:52:ec:9f:48:39:52:22:36:02:
         06:6f:b6:53:c5:4d:f8:d0:50:7b:b3:aa:58:88:7a:ab:48:c2:
         25:5a:af:2c:69:fe:45:05:c1:c0:5f:21:3e:73:f4:4e:8d:6b:
         0a:20:45:51:d8:7f:79:72:4d:fb:f4:ec:29:1b:b9:80:b0:fd:
         d6:ff:bf:77:fa:76:6e:db:99:02:0b:a1:7e:15:13:24:04:7b:
         c4:cf:0b:01:73:12:04:2f:6e:10:f4:2f:59:7d:f2:67:86:25:
         0c:38:02:fd:18:55:a5:a4:c0:20:32:8d:e1:09:51:91:51:32:
         3b:93:ff:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2VfTQ9Nzc2ZsR9DezP8uQZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjYwNDE2MDg1MTQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODc2NjEwMzExMjY3NGI3M2Q5MzI2ODk5ZTUyYWJkZTcyYmVjZWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4p2X7i3fryt0K2Lti+E868TIm1oD
BDHnx9a6z0WoDFirzH8aMLvyTy4IOot8VttrTY2jSKb+lXnjERO+eNRfWFzcO6zl
i/fDGyLqLoaGIzumW0j6s+h++FMIROQHn/SIh3KwMPBhB7C2rFNuseGAnm6fHbxW
SGCyeXtvhUtk7CKasUWv+YawFPFCSAkLLTp/vIFyro9o5ioQfvmTP1wXuWot5yD7
ewfiqsmJegl6XVfKGIzf0fZMXpeqv1h/ljUXKzvjZR/ENF6zHCISrT2ubTV3TZ0i
eIh3wH0d5SDDIW8JHvn6bHU22gQ6OH8TrihruNqU1P6oAuVv+JHB6Hmb8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFh2YQMRJnS3PZMmiZ5Sq95yvs7aMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvV0haaEF4RW1kTGM5a3lhSm5sS3IzbkstenRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubUiMA0G
CSqGSIb3DQEBCwUAA4IBAQCw+Lr6Z/T9Fyg0duI/yGpl6YWHIZiiBXHRR/gRF09l
CGXbtcf2VSH48WzH8HpJx6GRxXR5d+7LNrMlnfDt6hKajRmSJjvsrrSFTDCsYalV
RQOgphpc+v2OyB2xk6+LqDFXOLsk4ahCSSJC1c8LVNhCcnbZIMPZoW/s2ovwNIBv
Z+pHtiVA5iFS7J9IOVIiNgIGb7ZTxU340FB7s6pYiHqrSMIlWq8saf5FBcHAXyE+
c/ROjWsKIEVR2H95ck379OwpG7mAsP3W/793+nZu25kCC6F+FRMkBHvEzwsBcxIE
L24Q9C9ZffJnhiUMOAL9GFWlpMAgMo3hCVGRUTI7k/9l
-----END CERTIFICATE-----