Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/WnbZZnjRXFHiwkJ7AQuNJnrAiRo.roa
File:                     WnbZZnjRXFHiwkJ7AQuNJnrAiRo.roa (raw, json)
Hash identifier:          GkbhcKsqL/QECgrT0ae5dyM8eF/71EYoKhLw60/jZkw=
Subject key identifier:   5A:76:D9:66:78:D1:5C:51:E2:C2:42:7B:01:0B:8D:26:7A:C0:89:1A
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       019D766540313EEDF894CEE39B00E2786DBB
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/WnbZZnjRXFHiwkJ7AQuNJnrAiRo.roa
Signing time:             Fri 10 Apr 2026 07:57:20 +0000
ROA not before:           Fri 10 Apr 2026 07:57:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203172
IP address blocks:        185.167.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 02:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:76:65:40:31:3e:ed:f8:94:ce:e3:9b:00:e2:78:6d:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: Apr 10 07:57:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5a76d96678d15c51e2c2427b010b8d267ac0891a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:7a:a2:23:6c:2d:05:8b:ed:84:94:fa:5b:79:
                    90:f3:22:c2:c7:1e:ed:40:9c:66:77:7b:e5:9c:37:
                    d5:77:4d:6e:1f:80:d8:a2:bc:0b:e3:6d:df:db:bb:
                    de:16:fa:ac:81:27:8c:b2:16:f9:d9:a3:08:01:f4:
                    7b:49:11:ef:66:6f:d7:3d:29:ac:45:db:39:ae:82:
                    37:35:20:a8:5d:07:6b:7b:52:ec:b8:76:1a:8f:8b:
                    7a:f4:56:6d:c4:54:33:0b:b2:3d:fb:a2:78:5a:1a:
                    9c:64:88:d7:d3:e3:52:bd:64:04:05:90:b1:0c:06:
                    73:63:2c:77:00:ec:72:c9:66:9f:14:03:90:9d:a0:
                    d3:e0:17:1b:40:e6:d1:8f:be:8f:ab:d3:0d:b5:1b:
                    1e:cd:f1:1d:b4:bc:58:9c:65:a9:10:33:56:d4:17:
                    95:29:62:48:40:4e:04:ed:39:d7:8b:74:f2:06:2a:
                    24:6f:a2:f3:e0:e2:11:13:bb:8c:51:b0:1f:75:b5:
                    90:9f:b1:b5:ca:87:ca:2d:63:10:77:e2:dd:26:c2:
                    f9:dc:36:8e:8f:39:e6:c9:6d:2f:24:f9:23:5e:99:
                    1b:ca:20:de:22:e7:d8:a8:0b:76:87:d9:04:61:f9:
                    36:a1:a8:63:71:7c:25:1f:f2:44:f3:5c:24:75:90:
                    ce:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:76:D9:66:78:D1:5C:51:E2:C2:42:7B:01:0B:8D:26:7A:C0:89:1A
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/WnbZZnjRXFHiwkJ7AQuNJnrAiRo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.167.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:08:4a:ab:66:b2:49:9e:5d:67:b6:f4:f8:05:20:23:39:12:
         66:ef:73:a8:9f:f9:01:91:9e:f9:d9:61:62:67:a9:44:51:94:
         cf:96:ab:83:0d:2e:ef:45:f4:61:f7:68:76:8c:9e:1d:d8:6e:
         ce:86:05:9d:2b:81:04:a1:98:d0:18:26:f6:ab:61:b8:46:e1:
         0f:bc:f1:01:72:5a:3a:18:27:2a:6d:ea:08:c2:ee:50:ec:f4:
         82:48:44:4b:1c:b3:62:36:de:2e:7c:aa:42:c5:46:1e:83:20:
         77:ef:d7:43:39:cd:77:e6:ca:bd:61:ab:95:eb:06:e2:fe:4f:
         21:29:0e:2c:d9:a5:ae:8d:48:0f:b9:e1:be:8d:45:d1:ae:d6:
         eb:0e:dd:9d:d3:b2:fc:d4:b8:64:2d:6d:5a:cf:e0:16:6e:dc:
         cd:4c:1d:40:b1:af:d3:92:75:49:19:f3:50:e9:fc:12:92:ab:
         0c:44:80:a9:af:02:56:fe:f4:23:1b:18:1c:9a:f0:31:2d:35:
         9d:0d:c1:3c:94:42:3d:e4:71:a8:67:2d:1b:14:65:fb:a9:79:
         69:be:7c:10:6a:e2:3e:a2:1c:5f:60:26:f2:72:d6:7f:ef:04:
         e3:98:d2:69:80:6a:ca:79:f7:cf:49:79:c0:46:a1:a6:0b:13:
         b1:a5:41:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ12ZUAxPu34lM7jmwDieG27MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjYwNDEwMDc1NzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTc2ZDk2Njc4ZDE1YzUxZTJjMjQyN2IwMTBiOGQyNjdhYzA4OTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAznqiI2wtBYvthJT6W3mQ8yLCxx7t
QJxmd3vlnDfVd01uH4DYorwL423f27veFvqsgSeMshb52aMIAfR7SRHvZm/XPSms
Rds5roI3NSCoXQdre1LsuHYaj4t69FZtxFQzC7I9+6J4WhqcZIjX0+NSvWQEBZCx
DAZzYyx3AOxyyWafFAOQnaDT4BcbQObRj76Pq9MNtRsezfEdtLxYnGWpEDNW1BeV
KWJIQE4E7TnXi3TyBiokb6Lz4OIRE7uMUbAfdbWQn7G1yofKLWMQd+LdJsL53DaO
jznmyW0vJPkjXpkbyiDeIufYqAt2h9kEYfk2oahjcXwlH/JE81wkdZDOkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFp22WZ40VxR4sJCewELjSZ6wIkaMB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvV25iWlpualJYRkhpd2tKN0FRdU5KbnJBaVJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaf9MA0G
CSqGSIb3DQEBCwUAA4IBAQB6CEqrZrJJnl1ntvT4BSAjORJm73Oon/kBkZ752WFi
Z6lEUZTPlquDDS7vRfRh92h2jJ4d2G7OhgWdK4EEoZjQGCb2q2G4RuEPvPEBclo6
GCcqbeoIwu5Q7PSCSERLHLNiNt4ufKpCxUYegyB379dDOc135sq9YauV6wbi/k8h
KQ4s2aWujUgPueG+jUXRrtbrDt2d07L81LhkLW1az+AWbtzNTB1Asa/TknVJGfNQ
6fwSkqsMRICprwJW/vQjGxgcmvAxLTWdDcE8lEI95HGoZy0bFGX7qXlpvnwQauI+
ohxfYCbyctZ/7wTjmNJpgGrKeffPSXnARqGmCxOxpUF2
-----END CERTIFICATE-----