Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/d1bce2-f6d8-48aa-9632-43dc2dbcab77/1/WU3PqHe7IArJ57SO8_-72jZ4vgQ.roa
File:                     WU3PqHe7IArJ57SO8_-72jZ4vgQ.roa (raw, json)
Hash identifier:          kyYbbInYeN/I+hJfjzPW449FfnhjaOMYgCQZcySE4CI=
Subject key identifier:   59:4D:CF:A8:77:BB:20:0A:C9:E7:B4:8E:F3:FF:BB:DA:36:78:BE:04
Certificate issuer:       /CN=1f3bf23756c6e7d64d6822f597b1d58049bd48f1
Certificate serial:       019C25F3A4BF68E50134E1A2D2F6D57F3C2C
Authority key identifier: 1F:3B:F2:37:56:C6:E7:D6:4D:68:22:F5:97:B1:D5:80:49:BD:48:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HzvyN1bG59ZNaCL1l7HVgEm9SPE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/d1bce2-f6d8-48aa-9632-43dc2dbcab77/1/WU3PqHe7IArJ57SO8_-72jZ4vgQ.roa
Signing time:             Wed 04 Feb 2026 00:00:50 +0000
ROA not before:           Wed 04 Feb 2026 00:00:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213888
IP address blocks:        185.135.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/d1bce2-f6d8-48aa-9632-43dc2dbcab77/1/HzvyN1bG59ZNaCL1l7HVgEm9SPE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/d1bce2-f6d8-48aa-9632-43dc2dbcab77/1/HzvyN1bG59ZNaCL1l7HVgEm9SPE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HzvyN1bG59ZNaCL1l7HVgEm9SPE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:25:f3:a4:bf:68:e5:01:34:e1:a2:d2:f6:d5:7f:3c:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f3bf23756c6e7d64d6822f597b1d58049bd48f1
        Validity
            Not Before: Feb  4 00:00:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=594dcfa877bb200ac9e7b48ef3ffbbda3678be04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ee:65:26:48:07:f6:20:12:01:37:21:57:92:
                    c3:78:d0:37:2a:fb:f8:43:5e:bf:c9:18:9e:43:c2:
                    c9:e3:d7:a8:f1:72:1a:76:70:bf:f5:65:66:68:bc:
                    6e:87:48:72:d6:08:b8:05:22:f1:e8:35:60:0e:e2:
                    d2:9c:25:00:9a:23:cf:a5:8e:e6:8b:e2:d2:02:7e:
                    21:07:c3:80:43:69:fd:33:58:8c:89:41:fa:7c:72:
                    97:76:71:64:98:46:b9:b3:ae:f3:1e:36:c0:ec:50:
                    41:50:86:d4:0d:a2:a0:85:3a:e4:92:c6:80:3f:2b:
                    1e:da:79:35:25:09:18:49:a7:c3:8d:3a:03:24:08:
                    ac:80:81:27:ba:82:74:0f:05:63:a2:83:fe:d6:de:
                    fc:a5:a6:75:ee:9c:84:c2:97:b7:c4:20:6f:fe:03:
                    60:17:1e:21:be:fe:0a:a1:d3:0d:67:20:65:43:3b:
                    95:c5:04:f5:97:6d:d4:c3:20:50:3d:fd:6d:4c:49:
                    32:08:f7:0c:8c:31:9a:37:f1:4b:39:a4:9b:c4:06:
                    c1:8e:ea:73:e1:77:b8:a1:07:d4:87:cf:b9:d3:57:
                    fc:fc:4f:5f:4e:7c:44:99:cd:7c:00:48:8b:38:c6:
                    28:33:f1:7d:33:21:ef:a3:68:1d:37:23:fc:8e:f8:
                    60:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:4D:CF:A8:77:BB:20:0A:C9:E7:B4:8E:F3:FF:BB:DA:36:78:BE:04
            X509v3 Authority Key Identifier:
                keyid:1F:3B:F2:37:56:C6:E7:D6:4D:68:22:F5:97:B1:D5:80:49:BD:48:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HzvyN1bG59ZNaCL1l7HVgEm9SPE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/d1bce2-f6d8-48aa-9632-43dc2dbcab77/1/WU3PqHe7IArJ57SO8_-72jZ4vgQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/d1bce2-f6d8-48aa-9632-43dc2dbcab77/1/HzvyN1bG59ZNaCL1l7HVgEm9SPE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.135.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:56:c9:d7:e4:12:15:1b:0d:4a:b2:30:5f:89:33:01:e6:f8:
         41:d1:20:01:39:41:79:bf:ad:2f:82:00:4f:18:1f:7a:69:31:
         c6:34:cf:c5:5a:79:3d:dd:70:2a:7a:a6:07:19:fe:91:fb:b5:
         cb:c0:b8:87:39:21:88:5f:45:92:49:f8:28:18:9d:a9:35:78:
         19:e7:35:43:d0:03:2e:be:e0:16:d5:35:00:bc:10:50:78:7b:
         d1:ca:d9:38:89:a9:47:e1:3a:2d:74:43:e1:99:34:02:b4:6f:
         4c:e3:a7:db:df:a3:e6:8f:fc:05:11:ef:e8:7a:db:f0:ea:2f:
         3b:95:84:d3:63:ad:bf:6f:1f:d2:5a:f1:d0:f0:8f:09:fa:04:
         4a:5b:34:b8:8f:c7:0e:05:f3:6b:5f:17:a4:42:e7:07:8e:fd:
         4c:bc:0f:d4:c4:da:4d:e4:a8:35:1e:77:55:d0:c0:16:81:ca:
         f0:07:98:26:ff:a7:4f:75:2f:11:99:f9:35:06:1d:5a:f0:6b:
         e8:d4:46:7c:63:93:2e:6e:d7:48:e5:77:3b:f7:19:04:76:a7:
         6c:c9:23:15:db:fd:b0:37:f9:85:ba:58:13:2c:41:83:89:c8:
         4e:d3:08:d5:56:e7:ae:8d:48:50:31:29:63:7d:df:2d:34:ba:
         fa:00:ca:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwl86S/aOUBNOGi0vbVfzwsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmM2JmMjM3NTZjNmU3ZDY0ZDY4MjJmNTk3YjFkNTgwNDli
ZDQ4ZjEwHhcNMjYwMjA0MDAwMDUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTRkY2ZhODc3YmIyMDBhYzllN2I0OGVmM2ZmYmJkYTM2NzhiZTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtu5lJkgH9iASATchV5LDeNA3Kvv4
Q16/yRieQ8LJ49eo8XIadnC/9WVmaLxuh0hy1gi4BSLx6DVgDuLSnCUAmiPPpY7m
i+LSAn4hB8OAQ2n9M1iMiUH6fHKXdnFkmEa5s67zHjbA7FBBUIbUDaKghTrkksaA
Pyse2nk1JQkYSafDjToDJAisgIEnuoJ0DwVjooP+1t78paZ17pyEwpe3xCBv/gNg
Fx4hvv4KodMNZyBlQzuVxQT1l23UwyBQPf1tTEkyCPcMjDGaN/FLOaSbxAbBjupz
4Xe4oQfUh8+501f8/E9fTnxEmc18AEiLOMYoM/F9MyHvo2gdNyP8jvhgGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFlNz6h3uyAKyee0jvP/u9o2eL4EMB8GA1UdIwQY
MBaAFB878jdWxufWTWgi9Zex1YBJvUjxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHp2eU4xYkc1OVpOYUNMMWw3SFZnRW05U1BFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC9kMWJjZTItZjZkOC00OGFhLTk2MzIt
NDNkYzJkYmNhYjc3LzEvV1UzUHFIZTdJQXJKNTdTTzhfLTcyalo0dmdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC9kMWJjZTItZjZkOC00OGFhLTk2MzItNDNkYzJkYmNhYjc3
LzEvSHp2eU4xYkc1OVpOYUNMMWw3SFZnRW05U1BFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYfGMA0G
CSqGSIb3DQEBCwUAA4IBAQCrVsnX5BIVGw1KsjBfiTMB5vhB0SABOUF5v60vggBP
GB96aTHGNM/FWnk93XAqeqYHGf6R+7XLwLiHOSGIX0WSSfgoGJ2pNXgZ5zVD0AMu
vuAW1TUAvBBQeHvRytk4ialH4TotdEPhmTQCtG9M46fb36Pmj/wFEe/oetvw6i87
lYTTY62/bx/SWvHQ8I8J+gRKWzS4j8cOBfNrXxekQucHjv1MvA/UxNpN5Kg1HndV
0MAWgcrwB5gm/6dPdS8Rmfk1Bh1a8Gvo1EZ8Y5MubtdI5Xc79xkEdqdsySMV2/2w
N/mFulgTLEGDichO0wjVVueujUhQMSljfd8tNLr6AMqM
-----END CERTIFICATE-----