Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/1f3949-40cc-400a-b411-e4ea208a9a2d/1/W2_YVtahS9AF_suIxs_GQQbdje4.roa
File:                     W2_YVtahS9AF_suIxs_GQQbdje4.roa (raw, json)
Hash identifier:          tnC0EkMLLcLXQXoDsLNC9jDbiWksa5OYi1IQus+om1E=
Subject key identifier:   5B:6F:D8:56:D6:A1:4B:D0:05:FE:CB:88:C6:CF:C6:41:06:DD:8D:EE
Certificate issuer:       /CN=3cd5619db8d7717379956d4ea75b76db26d1c1c9
Certificate serial:       019B783545B25BFD2ABF7DCB7A5BFDFB5E3E
Authority key identifier: 3C:D5:61:9D:B8:D7:71:73:79:95:6D:4E:A7:5B:76:DB:26:D1:C1:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PNVhnbjXcXN5lW1Op1t22ybRwck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/1f3949-40cc-400a-b411-e4ea208a9a2d/1/W2_YVtahS9AF_suIxs_GQQbdje4.roa
Signing time:             Thu 01 Jan 2026 06:18:35 +0000
ROA not before:           Thu 01 Jan 2026 06:18:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208479
IP address blocks:        45.92.196.0/22 maxlen: 24
                          2a0e:72c0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/1f3949-40cc-400a-b411-e4ea208a9a2d/1/PNVhnbjXcXN5lW1Op1t22ybRwck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/1f3949-40cc-400a-b411-e4ea208a9a2d/1/PNVhnbjXcXN5lW1Op1t22ybRwck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PNVhnbjXcXN5lW1Op1t22ybRwck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 21:16:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:45:b2:5b:fd:2a:bf:7d:cb:7a:5b:fd:fb:5e:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3cd5619db8d7717379956d4ea75b76db26d1c1c9
        Validity
            Not Before: Jan  1 06:18:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5b6fd856d6a14bd005fecb88c6cfc64106dd8dee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:88:9d:92:e9:bc:0d:54:ce:43:fa:4e:44:26:
                    c3:2e:4b:8e:58:dd:3f:7e:36:aa:89:2e:1f:a4:7f:
                    9d:44:c1:fa:ad:2e:ca:37:20:fd:4c:df:78:16:e4:
                    eb:84:fa:9c:c5:c6:0e:20:7a:92:15:58:68:f7:da:
                    23:e3:1c:0d:ec:d6:9c:65:91:94:58:63:1b:f7:aa:
                    17:8d:d9:30:04:ab:ad:3e:8f:b3:8f:78:ad:10:1f:
                    32:af:35:51:f6:d5:5b:67:4b:3a:61:01:21:6b:5a:
                    17:4c:07:3d:a5:18:b4:1f:46:8c:b3:52:16:02:f0:
                    47:57:da:51:83:82:25:b3:e7:10:2a:64:65:1b:3f:
                    bd:78:34:27:39:6d:df:f3:ba:5c:ad:bf:e2:77:83:
                    9a:80:92:68:ca:88:00:98:c3:f7:d4:3f:0a:bb:67:
                    96:64:97:af:42:ca:95:3f:ce:aa:4b:c1:93:b4:03:
                    2d:16:24:8f:bb:90:1c:82:af:51:fd:07:ce:9a:e8:
                    a1:9d:c9:78:22:80:96:4b:e7:68:b5:41:5b:aa:d3:
                    d0:fa:0a:ec:be:8f:78:15:03:16:d0:82:0d:7e:59:
                    cd:6e:8b:08:e6:d7:a9:fa:f6:f0:66:22:f7:72:ed:
                    08:92:ea:c7:15:95:7c:71:f8:9a:af:48:78:7e:62:
                    30:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:6F:D8:56:D6:A1:4B:D0:05:FE:CB:88:C6:CF:C6:41:06:DD:8D:EE
            X509v3 Authority Key Identifier:
                keyid:3C:D5:61:9D:B8:D7:71:73:79:95:6D:4E:A7:5B:76:DB:26:D1:C1:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PNVhnbjXcXN5lW1Op1t22ybRwck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/1f3949-40cc-400a-b411-e4ea208a9a2d/1/W2_YVtahS9AF_suIxs_GQQbdje4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/1f3949-40cc-400a-b411-e4ea208a9a2d/1/PNVhnbjXcXN5lW1Op1t22ybRwck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.196.0/22
                IPv6:
                  2a0e:72c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         8c:f5:6e:7a:9f:5e:67:8c:38:64:ef:83:e4:5e:4a:56:9e:98:
         28:d1:38:77:cc:6c:b8:8b:a6:be:4e:0a:d3:cc:05:e3:30:2a:
         3b:44:b4:8c:f7:2c:a0:5a:65:ef:c4:56:00:e9:4b:1e:05:dd:
         74:24:dd:b6:3f:ff:8b:3d:16:45:21:c9:48:85:89:23:de:30:
         71:1e:22:43:bb:20:64:65:e3:1d:16:64:da:ab:72:d4:77:1e:
         5f:8b:6b:5b:e5:ef:0b:45:ce:df:c6:27:a1:36:76:1c:8b:a8:
         ca:12:4c:33:36:be:93:64:29:8b:47:d4:48:ba:59:6b:a0:b7:
         ad:ef:24:71:c6:99:a9:4c:15:b0:0e:d6:04:1c:89:52:4d:6b:
         d0:66:bb:24:de:97:9e:a6:68:40:6f:0a:e2:d0:e2:4e:94:7b:
         f6:e2:39:04:61:6a:29:b8:e0:6b:f1:5e:92:c5:4d:e5:00:46:
         18:d7:a4:25:3a:63:a3:3e:d7:25:20:e6:fa:01:a0:74:0d:a1:
         74:c7:85:44:36:7a:be:f7:7a:f1:a6:99:33:cf:d6:99:d6:5b:
         76:e6:7f:f8:b0:51:09:18:77:30:3c:80:b1:6b:03:28:16:c6:
         ce:2e:c4:c4:fc:78:fa:7c:31:e3:97:0c:7a:39:f5:6d:40:f0:
         37:21:eb:cf
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt4NUWyW/0qv33Lelv9+14+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjZDU2MTlkYjhkNzcxNzM3OTk1NmQ0ZWE3NWI3NmRiMjZk
MWMxYzkwHhcNMjYwMTAxMDYxODM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjZmZDg1NmQ2YTE0YmQwMDVmZWNiODhjNmNmYzY0MTA2ZGQ4ZGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Yidkum8DVTOQ/pORCbDLkuOWN0/
fjaqiS4fpH+dRMH6rS7KNyD9TN94FuTrhPqcxcYOIHqSFVho99oj4xwN7NacZZGU
WGMb96oXjdkwBKutPo+zj3itEB8yrzVR9tVbZ0s6YQEha1oXTAc9pRi0H0aMs1IW
AvBHV9pRg4Ils+cQKmRlGz+9eDQnOW3f87pcrb/id4OagJJoyogAmMP31D8Ku2eW
ZJevQsqVP86qS8GTtAMtFiSPu5Acgq9R/QfOmuihncl4IoCWS+dotUFbqtPQ+grs
vo94FQMW0IINflnNbosI5tep+vbwZiL3cu0IkurHFZV8cfiar0h4fmIwrwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFtv2FbWoUvQBf7LiMbPxkEG3Y3uMB8GA1UdIwQY
MBaAFDzVYZ2413FzeZVtTqdbdtsm0cHJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUE5WaG5ialhjWE41bFcxT3AxdDIyeWJSd2NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC8xZjM5NDktNDBjYy00MDBhLWI0MTEt
ZTRlYTIwOGE5YTJkLzEvVzJfWVZ0YWhTOUFGX3N1SXhzX0dRUWJkamU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC8xZjM5NDktNDBjYy00MDBhLWI0MTEtZTRlYTIwOGE5YTJk
LzEvUE5WaG5ialhjWE41bFcxT3AxdDIyeWJSd2NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVzEMA0E
AgACMAcDBQMqDnLAMA0GCSqGSIb3DQEBCwUAA4IBAQCM9W56n15njDhk74PkXkpW
npgo0Th3zGy4i6a+TgrTzAXjMCo7RLSM9yygWmXvxFYA6UseBd10JN22P/+LPRZF
IclIhYkj3jBxHiJDuyBkZeMdFmTaq3LUdx5fi2tb5e8LRc7fxiehNnYci6jKEkwz
Nr6TZCmLR9RIullroLet7yRxxpmpTBWwDtYEHIlSTWvQZrsk3peepmhAbwri0OJO
lHv24jkEYWopuOBr8V6SxU3lAEYY16QlOmOjPtclIOb6AaB0DaF0x4VENnq+93rx
ppkzz9aZ1lt25n/4sFEJGHcwPICxawMoFsbOLsTE/Hj6fDHjlwx6OfVtQPA3IevP
-----END CERTIFICATE-----