Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/c309ec-3254-4200-9a5e-ab42b4c93ed9/1/W-WGisgg-jdHv8TOeMHyK0ABKKM.roa
File:                     W-WGisgg-jdHv8TOeMHyK0ABKKM.roa (raw, json)
Hash identifier:          AOrzg/e6GHv0wl5jj9rXhlmu6Xrpu+wHeWmnEnYMw/s=
Subject key identifier:   5B:E5:86:8A:C8:20:FA:37:47:BF:C4:CE:78:C1:F2:2B:40:01:28:A3
Certificate issuer:       /CN=d20542a6135524142194caa708e7db2cca6b4e63
Certificate serial:       019B7D5CE95E489B80F78DF4C8B03C36221D
Authority key identifier: D2:05:42:A6:13:55:24:14:21:94:CA:A7:08:E7:DB:2C:CA:6B:4E:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0gVCphNVJBQhlMqnCOfbLMprTmM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/c309ec-3254-4200-9a5e-ab42b4c93ed9/1/W-WGisgg-jdHv8TOeMHyK0ABKKM.roa
Signing time:             Fri 02 Jan 2026 06:19:59 +0000
ROA not before:           Fri 02 Jan 2026 06:19:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204565
IP address blocks:        185.242.36.0/24 maxlen: 24
                          185.242.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/c309ec-3254-4200-9a5e-ab42b4c93ed9/1/0gVCphNVJBQhlMqnCOfbLMprTmM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/c309ec-3254-4200-9a5e-ab42b4c93ed9/1/0gVCphNVJBQhlMqnCOfbLMprTmM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0gVCphNVJBQhlMqnCOfbLMprTmM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 03:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:e9:5e:48:9b:80:f7:8d:f4:c8:b0:3c:36:22:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d20542a6135524142194caa708e7db2cca6b4e63
        Validity
            Not Before: Jan  2 06:19:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5be5868ac820fa3747bfc4ce78c1f22b400128a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:23:5d:fd:46:b0:1e:4c:2a:6f:21:93:09:2a:
                    26:bc:05:09:16:6c:8e:b6:ab:33:5a:48:80:f2:84:
                    c6:94:64:9d:e1:0d:48:f8:45:a6:16:a2:41:8e:e7:
                    03:51:d8:1c:52:90:60:d3:fb:89:f3:c5:6c:b9:2e:
                    02:85:49:6e:58:6c:17:5b:cf:d3:26:ec:f2:1f:95:
                    3d:e8:95:72:09:75:55:e3:29:1c:74:74:f6:79:72:
                    55:2d:ab:4c:04:76:84:cc:2b:46:4d:ba:0e:11:70:
                    8e:c9:c6:4e:13:55:8b:cd:a3:b0:61:3f:09:bd:84:
                    70:90:51:71:0a:ff:c7:00:37:3e:a3:49:a0:66:f8:
                    28:18:c9:8c:41:c6:c4:f4:1c:5a:2a:86:29:db:08:
                    62:5a:d3:cc:80:a7:2f:cd:ed:fc:e3:90:33:b3:cf:
                    b7:46:db:e5:ec:f9:08:e6:98:f9:3f:2a:c3:11:8c:
                    bd:ce:7a:1f:89:97:c3:2f:87:43:bc:b0:3d:66:3b:
                    45:11:64:2f:5f:e3:8f:7e:ca:c0:8d:31:0f:79:b4:
                    03:3d:a9:b0:0f:f6:4b:fa:ee:bb:5d:44:1b:0e:c9:
                    19:0e:14:36:93:46:f3:6a:00:07:bf:dc:4b:43:be:
                    e5:39:ed:5a:61:73:cb:fd:99:54:9c:ac:29:4f:fb:
                    9a:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:E5:86:8A:C8:20:FA:37:47:BF:C4:CE:78:C1:F2:2B:40:01:28:A3
            X509v3 Authority Key Identifier:
                keyid:D2:05:42:A6:13:55:24:14:21:94:CA:A7:08:E7:DB:2C:CA:6B:4E:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0gVCphNVJBQhlMqnCOfbLMprTmM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/c309ec-3254-4200-9a5e-ab42b4c93ed9/1/W-WGisgg-jdHv8TOeMHyK0ABKKM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/c309ec-3254-4200-9a5e-ab42b4c93ed9/1/0gVCphNVJBQhlMqnCOfbLMprTmM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.242.36.0/23

    Signature Algorithm: sha256WithRSAEncryption
         85:f3:b1:62:5c:28:e5:f0:8e:2b:e0:f5:98:c3:fe:63:3c:fa:
         d4:cc:ee:9c:aa:41:6b:d2:eb:fb:87:71:53:a8:87:ff:21:7d:
         c4:63:43:43:e5:6e:d7:56:b5:80:ed:12:39:3f:6e:c2:d0:82:
         48:d5:5e:b1:85:c0:9b:89:64:78:a9:97:2a:c2:43:fd:2a:46:
         e9:2e:a4:7f:d1:c0:23:ec:8e:8f:65:8a:c7:05:37:23:61:61:
         d3:e0:34:5b:8b:56:f4:1c:78:56:62:f2:6d:b1:b2:e3:3c:2d:
         3d:30:e7:9c:9b:74:93:9e:48:64:c2:60:7f:ea:69:23:4d:78:
         22:fd:57:d7:22:33:c5:be:2d:22:4f:d9:39:d7:70:92:8d:d3:
         aa:56:e4:9d:d4:cd:78:59:5b:71:aa:77:27:ca:7c:30:97:97:
         c2:19:6b:96:64:21:cb:95:3b:40:cf:12:40:1d:60:62:47:de:
         59:fe:98:c4:d1:4c:b9:db:85:87:0a:d8:fa:aa:ac:1b:a6:1d:
         34:ab:00:1b:e1:cd:63:e3:78:be:b1:23:34:89:5d:06:7f:51:
         58:2a:5e:ea:85:05:9b:70:2c:a2:05:db:a0:d5:01:84:35:aa:
         3e:1b:55:e6:92:14:93:89:61:1c:8b:58:e0:6e:ac:61:53:cc:
         8f:a9:89:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XOleSJuA9430yLA8NiIdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMDU0MmE2MTM1NTI0MTQyMTk0Y2FhNzA4ZTdkYjJjY2E2
YjRlNjMwHhcNMjYwMTAyMDYxOTU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmU1ODY4YWM4MjBmYTM3NDdiZmM0Y2U3OGMxZjIyYjQwMDEyOGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoyNd/UawHkwqbyGTCSomvAUJFmyO
tqszWkiA8oTGlGSd4Q1I+EWmFqJBjucDUdgcUpBg0/uJ88VsuS4ChUluWGwXW8/T
JuzyH5U96JVyCXVV4ykcdHT2eXJVLatMBHaEzCtGTboOEXCOycZOE1WLzaOwYT8J
vYRwkFFxCv/HADc+o0mgZvgoGMmMQcbE9BxaKoYp2whiWtPMgKcvze3845Azs8+3
Rtvl7PkI5pj5PyrDEYy9znofiZfDL4dDvLA9ZjtFEWQvX+OPfsrAjTEPebQDPamw
D/ZL+u67XUQbDskZDhQ2k0bzagAHv9xLQ77lOe1aYXPL/ZlUnKwpT/uaAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFvlhorIIPo3R7/EznjB8itAASijMB8GA1UdIwQY
MBaAFNIFQqYTVSQUIZTKpwjn2yzKa05jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGdWQ3BoTlZKQlFobE1xbkNPZmJMTXByVG1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9jMzA5ZWMtMzI1NC00MjAwLTlhNWUt
YWI0MmI0YzkzZWQ5LzEvVy1XR2lzZ2ctamRIdjhUT2VNSHlLMEFCS0tNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9jMzA5ZWMtMzI1NC00MjAwLTlhNWUtYWI0MmI0YzkzZWQ5
LzEvMGdWQ3BoTlZKQlFobE1xbkNPZmJMTXByVG1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBufIkMA0G
CSqGSIb3DQEBCwUAA4IBAQCF87FiXCjl8I4r4PWYw/5jPPrUzO6cqkFr0uv7h3FT
qIf/IX3EY0ND5W7XVrWA7RI5P27C0IJI1V6xhcCbiWR4qZcqwkP9KkbpLqR/0cAj
7I6PZYrHBTcjYWHT4DRbi1b0HHhWYvJtsbLjPC09MOecm3STnkhkwmB/6mkjTXgi
/VfXIjPFvi0iT9k513CSjdOqVuSd1M14WVtxqncnynwwl5fCGWuWZCHLlTtAzxJA
HWBiR95Z/pjE0Uy524WHCtj6qqwbph00qwAb4c1j43i+sSM0iV0Gf1FYKl7qhQWb
cCyiBdug1QGENao+G1XmkhSTiWEci1jgbqxhU8yPqYnU
-----END CERTIFICATE-----