Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/WFW_WIwBdI0SNLuZbC80uLnywXU.roa
File:                     WFW_WIwBdI0SNLuZbC80uLnywXU.roa (raw, json)
Hash identifier:          ECYS+U6BY2zt31zzKoFkN8wTRgzyvrgdtvRAK5RIgxM=
Subject key identifier:   58:55:BF:58:8C:01:74:8D:12:34:BB:99:6C:2F:34:B8:B9:F2:C1:75
Certificate issuer:       /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial:       019D785920949ECFA9BC79A88A6F5232BD06
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/WFW_WIwBdI0SNLuZbC80uLnywXU.roa
Signing time:             Fri 10 Apr 2026 17:03:20 +0000
ROA not before:           Fri 10 Apr 2026 17:03:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200202
IP address blocks:        195.216.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:78:59:20:94:9e:cf:a9:bc:79:a8:8a:6f:52:32:bd:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
        Validity
            Not Before: Apr 10 17:03:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5855bf588c01748d1234bb996c2f34b8b9f2c175
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:39:29:67:3b:4c:6e:3b:38:ac:90:af:28:c4:
                    81:f6:ae:65:42:76:45:55:99:f5:82:ac:5f:6e:d6:
                    27:f0:c5:64:09:3e:e2:b3:8f:42:d0:39:8a:89:20:
                    63:1a:1b:7e:a3:17:2d:3d:02:dd:19:8a:8a:9c:45:
                    f0:4b:9f:65:85:8d:ab:65:1f:6e:46:b6:46:57:9a:
                    fc:29:45:35:2e:52:af:01:f8:af:0d:67:6b:b8:df:
                    cc:4f:d1:81:74:49:83:ae:0c:b9:bd:43:3b:a7:79:
                    6a:af:cb:4e:c4:7e:93:8d:cf:61:8d:70:6c:34:9c:
                    e8:94:37:10:81:aa:f1:04:04:30:8a:7e:c7:4d:1a:
                    01:60:a0:be:e8:2c:ea:d3:bd:23:14:f0:b0:e7:d8:
                    44:66:a8:b4:c8:d7:b0:01:43:2c:01:6f:53:b4:40:
                    b9:e4:86:6e:89:e9:a5:bd:0d:a9:db:f0:3d:1c:ae:
                    c5:9b:7f:e5:e9:6b:45:c2:d3:cc:0c:7c:e7:dc:7f:
                    53:54:2e:c1:f0:9f:b0:3b:f8:d7:ac:33:1b:52:27:
                    f4:98:26:ea:6f:53:27:7e:8f:ac:52:1c:84:2b:5e:
                    3f:18:8e:36:6b:ca:1e:d2:30:be:ee:9c:fa:6b:85:
                    27:06:2c:12:6d:92:d5:92:cd:e4:61:b3:d9:05:4b:
                    f6:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:55:BF:58:8C:01:74:8D:12:34:BB:99:6C:2F:34:B8:B9:F2:C1:75
            X509v3 Authority Key Identifier:
                keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/WFW_WIwBdI0SNLuZbC80uLnywXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.216.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:65:89:d4:1c:fd:7b:0b:b5:2b:36:7f:46:34:d3:01:55:0d:
         59:7a:af:ff:c8:da:b7:46:51:1e:50:75:89:83:e6:e1:6e:f9:
         1e:7f:ee:09:4e:cf:bc:05:f7:dc:85:d1:46:2d:ac:df:e7:7b:
         a6:55:41:8e:a6:00:34:7e:18:8f:9a:4f:28:1b:c2:0a:da:bc:
         32:f5:b0:96:9f:d2:bd:7f:8b:c6:b1:5a:33:9f:7d:38:14:2e:
         98:39:8e:9a:fa:48:c4:b4:31:82:d7:82:54:c6:62:9e:d6:4e:
         0c:02:b1:1f:d6:03:7c:41:a1:9d:5c:54:2b:2b:c8:b2:67:3d:
         30:5e:57:9c:7e:ef:2c:77:e6:f1:85:80:72:9b:11:61:0a:47:
         cc:f5:e6:11:08:00:d0:75:2f:0d:b6:41:2e:7f:21:7b:48:3d:
         bd:a7:a7:8d:3b:63:54:0e:ae:01:76:02:55:b4:b5:5f:af:8b:
         20:4d:f6:d5:cb:8f:a0:49:4e:5c:63:a1:e2:9f:92:73:66:c7:
         c2:37:43:dc:fa:79:57:36:b2:f9:65:d5:9b:60:9a:73:5d:02:
         0f:65:1b:8b:a0:af:1d:cb:ab:b1:8e:29:53:2e:3b:6c:1b:40:
         da:c3:4c:15:e9:d3:93:03:ed:de:04:95:bc:8d:68:34:51:0b:
         01:c5:ec:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ14WSCUns+pvHmoim9SMr0GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjYwNDEwMTcwMzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODU1YmY1ODhjMDE3NDhkMTIzNGJiOTk2YzJmMzRiOGI5ZjJjMTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1zkpZztMbjs4rJCvKMSB9q5lQnZF
VZn1gqxfbtYn8MVkCT7is49C0DmKiSBjGht+oxctPQLdGYqKnEXwS59lhY2rZR9u
RrZGV5r8KUU1LlKvAfivDWdruN/MT9GBdEmDrgy5vUM7p3lqr8tOxH6Tjc9hjXBs
NJzolDcQgarxBAQwin7HTRoBYKC+6Czq070jFPCw59hEZqi0yNewAUMsAW9TtEC5
5IZuiemlvQ2p2/A9HK7Fm3/l6WtFwtPMDHzn3H9TVC7B8J+wO/jXrDMbUif0mCbq
b1Mnfo+sUhyEK14/GI42a8oe0jC+7pz6a4UnBiwSbZLVks3kYbPZBUv28wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFhVv1iMAXSNEjS7mWwvNLi58sF1MB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEvV0ZXX1dJd0JkSTBTTkx1WmJDODB1TG55d1hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9irMA0G
CSqGSIb3DQEBCwUAA4IBAQBHZYnUHP17C7UrNn9GNNMBVQ1Zeq//yNq3RlEeUHWJ
g+bhbvkef+4JTs+8BffchdFGLazf53umVUGOpgA0fhiPmk8oG8IK2rwy9bCWn9K9
f4vGsVozn304FC6YOY6a+kjEtDGC14JUxmKe1k4MArEf1gN8QaGdXFQrK8iyZz0w
Xlecfu8sd+bxhYBymxFhCkfM9eYRCADQdS8NtkEufyF7SD29p6eNO2NUDq4BdgJV
tLVfr4sgTfbVy4+gSU5cY6Hin5JzZsfCN0Pc+nlXNrL5ZdWbYJpzXQIPZRuLoK8d
y6uxjilTLjtsG0Daw0wV6dOTA+3eBJW8jWg0UQsBxeyv
-----END CERTIFICATE-----