Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/WIe_yXnGz2qxmkA-Jl4unhtVXd8.roa
File:                     WIe_yXnGz2qxmkA-Jl4unhtVXd8.roa (raw, json)
Hash identifier:          JDWlYllOoFXRzwvexL0+Z+xQJXmvy5W2gSffNKHemAA=
Subject key identifier:   58:87:BF:C9:79:C6:CF:6A:B1:9A:40:3E:26:5E:2E:9E:1B:55:5D:DF
Certificate issuer:       /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial:       019BF60A057A2A72F01D487E359E7A7E6032
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/WIe_yXnGz2qxmkA-Jl4unhtVXd8.roa
Signing time:             Sun 25 Jan 2026 16:43:30 +0000
ROA not before:           Sun 25 Jan 2026 16:43:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209207
IP address blocks:        94.103.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:f6:0a:05:7a:2a:72:f0:1d:48:7e:35:9e:7a:7e:60:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
        Validity
            Not Before: Jan 25 16:43:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5887bfc979c6cf6ab19a403e265e2e9e1b555ddf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:08:69:5d:6c:ef:e1:2f:f7:ba:b0:85:a9:42:
                    ab:90:4f:1b:2c:1e:a3:d0:1a:98:43:d5:64:6c:73:
                    06:bb:05:b3:18:4b:4e:9d:b6:35:39:2b:43:68:05:
                    cc:a6:78:fe:9a:59:ca:09:84:4a:6b:13:8d:14:5b:
                    18:13:31:a6:ed:71:b7:38:59:eb:9a:bd:4e:77:0e:
                    8c:ca:e7:ec:8b:74:d7:79:b8:ee:7c:31:06:a4:ab:
                    84:5f:6b:6a:87:9e:97:40:1b:03:8f:63:63:f3:98:
                    db:d0:bf:5c:16:85:bd:d2:72:f8:b2:51:af:d2:33:
                    4f:af:0a:05:52:fe:92:5e:f7:10:08:ae:42:a5:f8:
                    ce:9f:31:ed:66:ad:0a:61:af:22:82:b3:73:ee:75:
                    38:d4:e0:49:d0:0e:50:89:0c:fd:da:81:94:13:4b:
                    1e:89:a2:f7:1c:11:28:e9:be:21:4f:9f:91:18:34:
                    d3:c4:60:97:bd:d2:8a:1a:bd:5b:e3:aa:d4:0d:47:
                    68:70:a9:cf:75:b5:71:d7:17:65:f9:b6:d7:6e:f4:
                    66:a8:57:d5:c6:82:ac:35:96:39:e5:c0:2b:9b:65:
                    74:a5:5f:37:0d:a0:7c:bd:ce:18:ea:f1:1f:6c:ef:
                    73:0c:ee:4c:3d:c6:2f:75:b3:8d:d1:9f:7c:44:aa:
                    40:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:87:BF:C9:79:C6:CF:6A:B1:9A:40:3E:26:5E:2E:9E:1B:55:5D:DF
            X509v3 Authority Key Identifier:
                keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/WIe_yXnGz2qxmkA-Jl4unhtVXd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.103.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:57:32:b9:d9:d7:c5:8b:1b:ae:94:96:12:1e:c5:fc:74:28:
         13:aa:07:d9:60:dc:2f:ae:a0:84:6f:8e:27:f0:1a:2c:ae:4b:
         bf:e7:4d:7e:e4:a8:9b:32:9d:4c:3a:77:29:94:cd:13:2c:88:
         d1:70:f3:9f:16:2c:46:ef:26:d0:10:50:8f:21:50:bc:f2:b6:
         de:dd:90:b1:c9:00:33:e7:0d:10:96:a8:cf:85:8c:75:4f:9a:
         bc:57:25:8f:9d:5f:d8:dd:6a:ed:4a:8b:0c:9b:0f:ac:6e:de:
         8c:6b:04:c5:d7:16:17:84:4e:7b:74:d2:d9:98:4d:ec:c1:b9:
         f5:78:cf:99:52:d8:a5:88:26:bf:d4:a2:ca:63:47:70:1c:8e:
         5b:02:e5:e6:20:f0:7d:08:88:a0:a7:ab:f8:91:e1:ba:87:21:
         59:a2:29:78:5a:45:8f:fa:dc:54:95:e0:75:51:bc:b0:93:63:
         9e:c1:f9:b0:3b:23:68:cf:32:7f:e5:08:b3:59:24:6b:ef:85:
         95:d3:d8:7d:28:02:83:8a:1b:00:5f:50:02:ce:fa:ce:1b:cc:
         c1:51:63:44:2a:49:2b:a0:76:b2:e7:58:53:6c:8c:0c:78:a6:
         af:16:47:8e:ed:f5:7a:9d:30:c1:c0:18:ba:f1:89:4b:ac:d1:
         1b:a8:3e:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZv2CgV6KnLwHUh+NZ56fmAyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjYwMTI1MTY0MzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODg3YmZjOTc5YzZjZjZhYjE5YTQwM2UyNjVlMmU5ZTFiNTU1ZGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqwhpXWzv4S/3urCFqUKrkE8bLB6j
0BqYQ9VkbHMGuwWzGEtOnbY1OStDaAXMpnj+mlnKCYRKaxONFFsYEzGm7XG3OFnr
mr1Odw6Myufsi3TXebjufDEGpKuEX2tqh56XQBsDj2Nj85jb0L9cFoW90nL4slGv
0jNPrwoFUv6SXvcQCK5CpfjOnzHtZq0KYa8igrNz7nU41OBJ0A5QiQz92oGUE0se
iaL3HBEo6b4hT5+RGDTTxGCXvdKKGr1b46rUDUdocKnPdbVx1xdl+bbXbvRmqFfV
xoKsNZY55cArm2V0pV83DaB8vc4Y6vEfbO9zDO5MPcYvdbON0Z98RKpAXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFiHv8l5xs9qsZpAPiZeLp4bVV3fMB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvV0llX3lYbkd6MnF4bWtBLUpsNHVuaHRWWGQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXmcBMA0G
CSqGSIb3DQEBCwUAA4IBAQBqVzK52dfFixuulJYSHsX8dCgTqgfZYNwvrqCEb44n
8Bosrku/501+5KibMp1MOncplM0TLIjRcPOfFixG7ybQEFCPIVC88rbe3ZCxyQAz
5w0QlqjPhYx1T5q8VyWPnV/Y3WrtSosMmw+sbt6MawTF1xYXhE57dNLZmE3swbn1
eM+ZUtiliCa/1KLKY0dwHI5bAuXmIPB9CIigp6v4keG6hyFZoil4WkWP+txUleB1
Ubywk2OewfmwOyNozzJ/5QizWSRr74WV09h9KAKDihsAX1ACzvrOG8zBUWNEKkkr
oHay51hTbIwMeKavFkeO7fV6nTDBwBi68YlLrNEbqD69
-----END CERTIFICATE-----