Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/WLD8giJwlV_VlnnPyLzzRGD0ZiI.roa
File:                     WLD8giJwlV_VlnnPyLzzRGD0ZiI.roa (raw, json)
Hash identifier:          lZpSSUF3j7oFZ9xvIx9PXEappD+S6NL4/bWk3CCPoR8=
Subject key identifier:   58:B0:FC:82:22:70:95:5F:D5:96:79:CF:C8:BC:F3:44:60:F4:66:22
Certificate issuer:       /CN=67499595a65aab0b53768def08091e31061e9e65
Certificate serial:       019ED11B219F2DA97BA34E4477769330C3DE
Authority key identifier: 67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/WLD8giJwlV_VlnnPyLzzRGD0ZiI.roa
Signing time:             Tue 16 Jun 2026 15:44:36 +0000
ROA not before:           Tue 16 Jun 2026 15:44:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219429
IP address blocks:        46.20.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jun 2026 08:33:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:d1:1b:21:9f:2d:a9:7b:a3:4e:44:77:76:93:30:c3:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67499595a65aab0b53768def08091e31061e9e65
        Validity
            Not Before: Jun 16 15:44:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=58b0fc822270955fd59679cfc8bcf34460f46622
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:cc:af:2a:39:7f:20:b7:be:f4:d2:23:6e:41:
                    eb:ce:7e:b9:2c:7d:7e:00:8f:5f:a6:21:65:72:25:
                    8d:4b:9e:6f:42:b5:18:f3:ae:75:58:1f:4f:01:67:
                    a7:f5:66:bb:af:bb:10:62:84:4b:07:bd:aa:2d:33:
                    10:26:a8:fc:fd:82:5e:f2:c0:b8:48:d1:7e:ae:ff:
                    1f:3d:66:e9:10:c4:ae:30:fe:e7:76:e8:02:ac:f8:
                    e7:6e:f7:24:a9:0a:15:80:2a:6e:34:28:ec:6e:74:
                    55:8a:64:0e:c1:9a:5e:36:02:fa:14:5d:7f:45:9b:
                    d5:9c:b3:5e:56:eb:16:1e:25:e7:10:73:8a:b5:0a:
                    4b:cb:69:a9:15:35:77:0c:a6:d5:21:93:2f:23:b9:
                    07:5a:de:c5:fd:c6:c9:c4:18:20:1a:4c:04:ad:45:
                    f4:12:22:45:5b:e0:87:02:15:1b:7b:9f:74:a7:df:
                    34:a3:0a:8b:58:1f:b1:c0:1d:81:66:d9:c6:90:cf:
                    b6:1f:0b:d6:16:5b:2c:3c:9e:3f:61:1e:05:57:f1:
                    3e:e3:89:9b:23:39:98:cd:c5:75:ce:53:97:5b:3e:
                    fe:be:cc:51:6e:2e:99:f9:54:f9:08:49:e4:a7:3b:
                    2c:6c:71:b9:b3:f7:5c:5e:66:ec:f0:a0:60:85:96:
                    84:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:B0:FC:82:22:70:95:5F:D5:96:79:CF:C8:BC:F3:44:60:F4:66:22
            X509v3 Authority Key Identifier:
                keyid:67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/WLD8giJwlV_VlnnPyLzzRGD0ZiI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.20.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:4b:75:25:57:09:19:63:56:ec:82:c0:d0:20:36:80:9b:b2:
         17:61:c8:12:a2:64:14:e1:ae:00:2e:8e:41:41:a2:d0:ec:a1:
         b7:b5:1e:ec:ff:a1:3e:73:09:a7:fe:63:f5:b8:7a:83:53:bf:
         7e:f2:db:ff:0f:2a:90:dc:58:52:b5:01:4f:d4:df:37:15:36:
         30:4b:31:10:26:67:13:00:2a:7d:6f:a1:b6:a2:0a:65:2a:0c:
         3f:92:14:40:11:86:38:1b:10:af:11:e2:ea:c6:6c:47:b2:a6:
         d2:47:9f:e7:df:fb:40:fa:13:4f:16:ab:37:b8:a3:7a:3d:30:
         a0:75:49:69:07:26:1f:d3:76:d4:b2:87:e6:ee:43:3e:93:6b:
         3d:57:32:8b:8f:de:ee:43:bb:d0:60:0a:f7:b7:9c:7d:43:c4:
         c3:63:8c:d3:8e:91:1c:e1:7d:0a:1a:af:f0:8d:be:22:73:4f:
         b1:d7:16:41:43:12:f3:ea:ba:c7:d7:f5:76:3f:5e:6e:2f:85:
         c0:02:f1:f2:49:fb:72:a2:4f:4e:da:31:5c:20:8b:63:2f:3a:
         71:f1:fd:7b:cd:69:d7:1b:56:9a:13:c0:a7:cc:c7:02:83:87:
         1b:22:5d:c9:df:17:b8:e4:b9:37:b7:d5:18:67:ad:08:db:a9:
         51:21:be:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7RGyGfLal7o05Ed3aTMMPeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NDk5NTk1YTY1YWFiMGI1Mzc2OGRlZjA4MDkxZTMxMDYx
ZTllNjUwHhcNMjYwNjE2MTU0NDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGIwZmM4MjIyNzA5NTVmZDU5Njc5Y2ZjOGJjZjM0NDYwZjQ2NjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj8yvKjl/ILe+9NIjbkHrzn65LH1+
AI9fpiFlciWNS55vQrUY8651WB9PAWen9Wa7r7sQYoRLB72qLTMQJqj8/YJe8sC4
SNF+rv8fPWbpEMSuMP7ndugCrPjnbvckqQoVgCpuNCjsbnRVimQOwZpeNgL6FF1/
RZvVnLNeVusWHiXnEHOKtQpLy2mpFTV3DKbVIZMvI7kHWt7F/cbJxBggGkwErUX0
EiJFW+CHAhUbe590p980owqLWB+xwB2BZtnGkM+2HwvWFlssPJ4/YR4FV/E+44mb
IzmYzcV1zlOXWz7+vsxRbi6Z+VT5CEnkpzssbHG5s/dcXmbs8KBghZaEdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFiw/IIicJVf1ZZ5z8i880Rg9GYiMB8GA1UdIwQY
MBaAFGdJlZWmWqsLU3aN7wgJHjEGHp5lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTct
MzU1MDgwNDE2NTJkLzEvV0xEOGdpSndsVl9WbG5uUHlMenpSR0QwWmlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTctMzU1MDgwNDE2NTJk
LzEvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhRsMA0G
CSqGSIb3DQEBCwUAA4IBAQAgS3UlVwkZY1bsgsDQIDaAm7IXYcgSomQU4a4ALo5B
QaLQ7KG3tR7s/6E+cwmn/mP1uHqDU79+8tv/DyqQ3FhStQFP1N83FTYwSzEQJmcT
ACp9b6G2ogplKgw/khRAEYY4GxCvEeLqxmxHsqbSR5/n3/tA+hNPFqs3uKN6PTCg
dUlpByYf03bUsofm7kM+k2s9VzKLj97uQ7vQYAr3t5x9Q8TDY4zTjpEc4X0KGq/w
jb4ic0+x1xZBQxLz6rrH1/V2P15uL4XAAvHySftyok9O2jFcIItjLzpx8f17zWnX
G1aaE8CnzMcCg4cbIl3J3xe45Lk3t9UYZ60I26lRIb41
-----END CERTIFICATE-----