Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/d429b9-385e-430f-b2c4-81768c60ee08/1/WmlDEUeRJgEuT9FiOgoBRemRFYU.roa
File:                     WmlDEUeRJgEuT9FiOgoBRemRFYU.roa (raw, json)
Hash identifier:          X4+5Ojmd3HzQvP5UtGyFLElK9M6t4MEOrTqB6Wxff40=
Subject key identifier:   5A:69:43:11:47:91:26:01:2E:4F:D1:62:3A:0A:01:45:E9:91:15:85
Certificate issuer:       /CN=09a686e370d6d0608119eeb006c8aadaab078d22
Certificate serial:       019C8E8638F38746C20AE5EF7C3698DC564E
Authority key identifier: 09:A6:86:E3:70:D6:D0:60:81:19:EE:B0:06:C8:AA:DA:AB:07:8D:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CaaG43DW0GCBGe6wBsiq2qsHjSI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/d429b9-385e-430f-b2c4-81768c60ee08/1/WmlDEUeRJgEuT9FiOgoBRemRFYU.roa
Signing time:             Tue 24 Feb 2026 07:21:26 +0000
ROA not before:           Tue 24 Feb 2026 07:21:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        185.101.168.0/23 maxlen: 24
                          185.101.170.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/d429b9-385e-430f-b2c4-81768c60ee08/1/CaaG43DW0GCBGe6wBsiq2qsHjSI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/d429b9-385e-430f-b2c4-81768c60ee08/1/CaaG43DW0GCBGe6wBsiq2qsHjSI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CaaG43DW0GCBGe6wBsiq2qsHjSI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 07:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8e:86:38:f3:87:46:c2:0a:e5:ef:7c:36:98:dc:56:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09a686e370d6d0608119eeb006c8aadaab078d22
        Validity
            Not Before: Feb 24 07:21:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5a694311479126012e4fd1623a0a0145e9911585
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:70:0d:8b:c4:4d:a8:77:d7:0d:29:d7:38:2d:
                    ec:29:5f:1c:21:63:d6:00:ca:20:aa:0f:43:8b:47:
                    0b:10:2a:bc:be:df:50:2e:68:59:77:ad:28:00:a3:
                    a6:b8:2d:76:3b:c8:11:53:16:45:8f:65:28:0c:84:
                    55:b4:d8:5c:65:c2:db:1c:4a:0a:58:56:bc:6f:e8:
                    05:04:56:69:f2:7e:57:03:c4:53:82:dd:a0:ef:7c:
                    5e:0f:ed:9c:17:bd:4e:00:90:af:5b:e4:c2:5e:4b:
                    88:39:8c:e8:31:9f:45:50:87:11:7c:8a:b3:2a:e9:
                    c7:e8:88:e4:f6:e7:6f:47:a5:ca:a1:45:78:f9:34:
                    00:b3:20:a7:14:75:ab:fd:99:73:9e:1b:9c:89:26:
                    dc:27:af:e2:66:53:11:49:93:bd:d2:1e:cb:25:8f:
                    dd:44:4e:68:3d:46:04:13:f7:4c:1e:04:35:2b:76:
                    95:01:7f:39:51:42:91:c9:c1:6a:39:b8:40:5f:17:
                    af:d0:5a:47:5c:dc:55:de:e4:6b:60:07:88:90:75:
                    c1:d4:74:94:b7:c7:83:0c:7b:fb:86:7c:e8:d8:6a:
                    40:50:6e:91:8e:d5:a1:c4:36:96:7e:d5:73:92:ff:
                    69:1c:4c:b6:d8:cb:40:ce:ef:fe:4e:86:58:03:c8:
                    4c:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:69:43:11:47:91:26:01:2E:4F:D1:62:3A:0A:01:45:E9:91:15:85
            X509v3 Authority Key Identifier:
                keyid:09:A6:86:E3:70:D6:D0:60:81:19:EE:B0:06:C8:AA:DA:AB:07:8D:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CaaG43DW0GCBGe6wBsiq2qsHjSI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/d429b9-385e-430f-b2c4-81768c60ee08/1/WmlDEUeRJgEuT9FiOgoBRemRFYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/d429b9-385e-430f-b2c4-81768c60ee08/1/CaaG43DW0GCBGe6wBsiq2qsHjSI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.101.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         22:8b:b7:1d:ea:6e:56:e0:f9:2f:32:54:f4:90:39:98:d0:67:
         18:3b:2f:7a:f6:fb:3b:40:55:e6:6d:01:fc:be:26:d6:77:b6:
         0a:64:dc:01:f8:d0:50:d3:1e:13:f1:4a:3a:20:15:df:13:76:
         66:a1:07:16:3e:0c:3a:aa:2e:df:7f:16:a4:8a:44:72:db:61:
         ad:73:23:48:9b:02:f4:68:11:08:7c:dd:4f:07:70:cd:c1:6d:
         61:8e:7c:ed:9e:ab:9d:d5:cd:08:c5:81:93:f4:2b:41:8d:e9:
         43:9d:f5:5b:26:f7:3e:a9:91:a9:de:37:ef:63:26:d5:97:6b:
         8e:0a:60:14:9e:83:37:af:dc:61:4a:af:b4:19:19:24:33:1a:
         ec:8b:b0:8f:cc:f2:32:42:67:f5:ee:fa:5e:1d:a4:c7:75:8a:
         3f:ad:38:9f:4d:67:94:bf:02:d8:6b:70:40:06:d2:f2:ed:31:
         8d:e2:a9:32:f8:fd:2d:79:a7:0d:f0:d2:05:ee:9e:93:f7:7a:
         23:62:6f:ed:c4:1e:1a:c8:39:9a:fb:32:f3:eb:9f:36:1b:40:
         4d:2c:12:9e:03:35:d9:86:0e:bc:34:d9:8f:61:8e:35:f4:96:
         1e:77:e2:71:a5:37:50:14:8c:89:0b:04:72:b6:27:18:c1:81:
         26:0f:7c:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyOhjjzh0bCCuXvfDaY3FZOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5YTY4NmUzNzBkNmQwNjA4MTE5ZWViMDA2YzhhYWRhYWIw
NzhkMjIwHhcNMjYwMjI0MDcyMTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTY5NDMxMTQ3OTEyNjAxMmU0ZmQxNjIzYTBhMDE0NWU5OTExNTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3ANi8RNqHfXDSnXOC3sKV8cIWPW
AMogqg9Di0cLECq8vt9QLmhZd60oAKOmuC12O8gRUxZFj2UoDIRVtNhcZcLbHEoK
WFa8b+gFBFZp8n5XA8RTgt2g73xeD+2cF71OAJCvW+TCXkuIOYzoMZ9FUIcRfIqz
KunH6Ijk9udvR6XKoUV4+TQAsyCnFHWr/ZlznhuciSbcJ6/iZlMRSZO90h7LJY/d
RE5oPUYEE/dMHgQ1K3aVAX85UUKRycFqObhAXxev0FpHXNxV3uRrYAeIkHXB1HSU
t8eDDHv7hnzo2GpAUG6RjtWhxDaWftVzkv9pHEy22MtAzu/+ToZYA8hMLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFppQxFHkSYBLk/RYjoKAUXpkRWFMB8GA1UdIwQY
MBaAFAmmhuNw1tBggRnusAbIqtqrB40iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2FhRzQzRFcwR0NCR2U2d0JzaXEycXNIalNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My9kNDI5YjktMzg1ZS00MzBmLWIyYzQt
ODE3NjhjNjBlZTA4LzEvV21sREVVZVJKZ0V1VDlGaU9nb0JSZW1SRllVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My9kNDI5YjktMzg1ZS00MzBmLWIyYzQtODE3NjhjNjBlZTA4
LzEvQ2FhRzQzRFcwR0NCR2U2d0JzaXEycXNIalNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWWoMA0G
CSqGSIb3DQEBCwUAA4IBAQAii7cd6m5W4PkvMlT0kDmY0GcYOy969vs7QFXmbQH8
vibWd7YKZNwB+NBQ0x4T8Uo6IBXfE3ZmoQcWPgw6qi7ffxakikRy22GtcyNImwL0
aBEIfN1PB3DNwW1hjnztnqud1c0IxYGT9CtBjelDnfVbJvc+qZGp3jfvYybVl2uO
CmAUnoM3r9xhSq+0GRkkMxrsi7CPzPIyQmf17vpeHaTHdYo/rTifTWeUvwLYa3BA
BtLy7TGN4qky+P0teacN8NIF7p6T93ojYm/txB4ayDma+zLz6582G0BNLBKeAzXZ
hg68NNmPYY419JYed+JxpTdQFIyJCwRyticYwYEmD3w1
-----END CERTIFICATE-----