Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/b61a1c-ba6f-4327-bacd-89718ebc3847/1/wd-oYNXbGl3iBZHEfglW7P_Xdoo.roa
File:                     wd-oYNXbGl3iBZHEfglW7P_Xdoo.roa (raw, json)
Hash identifier:          y4wg+I7p29l8Do6A3p1FTIrG+j7k3dKo1xpUB8J2zSU=
Subject key identifier:   C1:DF:A8:60:D5:DB:1A:5D:E2:05:91:C4:7E:09:56:EC:FF:D7:76:8A
Certificate issuer:       /CN=39ae828573f39413f806b51ee040cd34bc5f63ae
Certificate serial:       019B7CEDAA7255C16DC784A43EBA3E82A4AC
Authority key identifier: 39:AE:82:85:73:F3:94:13:F8:06:B5:1E:E0:40:CD:34:BC:5F:63:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Oa6ChXPzlBP4BrUe4EDNNLxfY64.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/b61a1c-ba6f-4327-bacd-89718ebc3847/1/wd-oYNXbGl3iBZHEfglW7P_Xdoo.roa
Signing time:             Fri 02 Jan 2026 04:18:28 +0000
ROA not before:           Fri 02 Jan 2026 04:18:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197669
IP address blocks:        91.228.242.0/24 maxlen: 24
                          185.28.212.0/22 maxlen: 24
                          2a04:3fc0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/b61a1c-ba6f-4327-bacd-89718ebc3847/1/Oa6ChXPzlBP4BrUe4EDNNLxfY64.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/b61a1c-ba6f-4327-bacd-89718ebc3847/1/Oa6ChXPzlBP4BrUe4EDNNLxfY64.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Oa6ChXPzlBP4BrUe4EDNNLxfY64.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:aa:72:55:c1:6d:c7:84:a4:3e:ba:3e:82:a4:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39ae828573f39413f806b51ee040cd34bc5f63ae
        Validity
            Not Before: Jan  2 04:18:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c1dfa860d5db1a5de20591c47e0956ecffd7768a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:f2:f9:05:ac:ad:c6:97:17:39:67:4c:5e:ae:
                    df:c1:af:9c:21:5e:7f:c4:aa:54:51:04:a1:8a:e9:
                    e4:e6:a7:6a:dc:21:7c:0e:b5:d2:f3:6a:b2:7a:19:
                    6d:67:70:00:69:d2:0b:ad:30:74:0d:44:73:50:3a:
                    f4:53:b6:5e:13:fe:53:c5:dc:6a:75:4d:f2:1c:77:
                    a9:c1:bc:86:5b:01:fe:58:16:66:b7:9b:24:ae:a5:
                    31:cf:49:5b:c1:6c:d6:7f:eb:70:d8:fa:3b:6a:a2:
                    89:90:5c:c1:af:13:2e:fa:5b:42:e0:e2:48:78:b2:
                    84:05:4a:d2:6a:3e:52:f4:5e:6a:d5:71:1c:ae:22:
                    aa:69:ef:db:f4:56:07:57:ed:2c:17:b3:aa:12:19:
                    eb:3f:8f:20:9a:ec:3f:36:ec:50:2f:b1:59:70:6d:
                    b7:33:aa:76:24:be:dd:96:db:24:8f:ac:86:5d:8e:
                    7f:ef:77:49:32:14:18:42:f9:b9:ec:6a:e3:96:d4:
                    30:51:fc:6c:e9:1e:1e:45:23:51:74:78:00:16:e2:
                    8e:35:1c:c9:bc:26:84:7a:bd:5a:50:4a:3c:57:2b:
                    14:66:1a:41:05:c5:35:7c:04:b1:d8:13:21:53:a3:
                    11:00:cb:42:fd:d0:69:44:3f:ac:ed:99:ae:ec:e1:
                    ee:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:DF:A8:60:D5:DB:1A:5D:E2:05:91:C4:7E:09:56:EC:FF:D7:76:8A
            X509v3 Authority Key Identifier:
                keyid:39:AE:82:85:73:F3:94:13:F8:06:B5:1E:E0:40:CD:34:BC:5F:63:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Oa6ChXPzlBP4BrUe4EDNNLxfY64.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/b61a1c-ba6f-4327-bacd-89718ebc3847/1/wd-oYNXbGl3iBZHEfglW7P_Xdoo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/b61a1c-ba6f-4327-bacd-89718ebc3847/1/Oa6ChXPzlBP4BrUe4EDNNLxfY64.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.242.0/24
                  185.28.212.0/22
                IPv6:
                  2a04:3fc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         2a:d9:4d:f0:2f:77:e4:b5:2d:e6:2f:b2:9f:ec:3f:76:39:d4:
         52:fe:31:13:d8:54:f3:31:00:57:34:5f:b6:6d:1e:99:09:53:
         a4:00:12:be:b2:36:1f:59:8a:29:62:fe:6f:ac:ee:d7:e8:71:
         18:3c:67:3b:21:17:aa:87:b6:be:5c:d3:1c:66:33:ab:09:19:
         b0:f5:02:0d:4e:3e:50:0b:26:bf:e8:da:72:7a:38:f3:f4:d8:
         7c:ea:57:0e:9d:9e:84:d6:74:85:f0:3d:fb:68:56:dc:83:65:
         7f:7b:d9:bf:ee:88:25:ea:f3:38:a8:1c:de:2a:88:73:14:72:
         6b:cc:2e:7a:3f:cc:26:d5:7c:e9:03:6f:c1:e8:7a:0b:28:39:
         d6:87:39:2c:ac:86:70:39:d9:4a:da:fa:23:59:bc:14:8b:56:
         5f:cd:6a:e6:eb:19:37:ae:ae:61:b7:88:7f:a4:f5:8e:2d:10:
         4a:71:1e:54:a3:1c:6f:30:32:d9:38:33:8f:80:db:c7:4f:ac:
         53:7c:d3:26:52:38:0f:e1:6c:10:43:d1:75:3a:44:db:a6:99:
         37:5f:32:9d:79:08:bf:66:0e:b6:b1:fd:5e:12:9f:36:81:f4:
         8c:a7:ca:2d:c0:48:62:08:be:cc:4f:21:fd:3e:6d:fe:d8:d6:
         9a:59:c3:98
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZt87apyVcFtx4SkPro+gqSsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5YWU4Mjg1NzNmMzk0MTNmODA2YjUxZWUwNDBjZDM0YmM1
ZjYzYWUwHhcNMjYwMTAyMDQxODI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWRmYTg2MGQ1ZGIxYTVkZTIwNTkxYzQ3ZTA5NTZlY2ZmZDc3NjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtfL5BaytxpcXOWdMXq7fwa+cIV5/
xKpUUQShiunk5qdq3CF8DrXS82qyehltZ3AAadILrTB0DURzUDr0U7ZeE/5Txdxq
dU3yHHepwbyGWwH+WBZmt5skrqUxz0lbwWzWf+tw2Po7aqKJkFzBrxMu+ltC4OJI
eLKEBUrSaj5S9F5q1XEcriKqae/b9FYHV+0sF7OqEhnrP48gmuw/NuxQL7FZcG23
M6p2JL7dltskj6yGXY5/73dJMhQYQvm57GrjltQwUfxs6R4eRSNRdHgAFuKONRzJ
vCaEer1aUEo8VysUZhpBBcU1fASx2BMhU6MRAMtC/dBpRD+s7Zmu7OHumQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMHfqGDV2xpd4gWRxH4JVuz/13aKMB8GA1UdIwQY
MBaAFDmugoVz85QT+Aa1HuBAzTS8X2OuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2E2Q2hYUHpsQlA0QnJVZTRFRE5OTHhmWTY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9iNjFhMWMtYmE2Zi00MzI3LWJhY2Qt
ODk3MThlYmMzODQ3LzEvd2Qtb1lOWGJHbDNpQlpIRWZnbFc3UF9YZG9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9iNjFhMWMtYmE2Zi00MzI3LWJhY2QtODk3MThlYmMzODQ3
LzEvT2E2Q2hYUHpsQlA0QnJVZTRFRE5OTHhmWTY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAW+TyAwQC
uRzUMA0EAgACMAcDBQMqBD/AMA0GCSqGSIb3DQEBCwUAA4IBAQAq2U3wL3fktS3m
L7Kf7D92OdRS/jET2FTzMQBXNF+2bR6ZCVOkABK+sjYfWYopYv5vrO7X6HEYPGc7
IReqh7a+XNMcZjOrCRmw9QINTj5QCya/6Npyejjz9Nh86lcOnZ6E1nSF8D37aFbc
g2V/e9m/7ogl6vM4qBzeKohzFHJrzC56P8wm1XzpA2/B6HoLKDnWhzksrIZwOdlK
2vojWbwUi1ZfzWrm6xk3rq5ht4h/pPWOLRBKcR5UoxxvMDLZODOPgNvHT6xTfNMm
UjgP4WwQQ9F1OkTbppk3XzKdeQi/Zg62sf1eEp82gfSMp8otwEhiCL7MTyH9Pm3+
2NaaWcOY
-----END CERTIFICATE-----