Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/985efa-8bee-4f73-88b7-be3bb6cd2d51/1/wvUTboW8ZBUP6kKOMK2PMJNwHKA.roa
File:                     wvUTboW8ZBUP6kKOMK2PMJNwHKA.roa (raw, json)
Hash identifier:          qmo6aS/eJTUU20epsF5LshfZ02w0I+n/dRPdKj8OTLs=
Subject key identifier:   C2:F5:13:6E:85:BC:64:15:0F:EA:42:8E:30:AD:8F:30:93:70:1C:A0
Certificate issuer:       /CN=48a4693b1dccc49ee6605a7d339e1d847ef0ad8b
Certificate serial:       019EAC63F32ED37ADB18498A0BCC4FDE21F7
Authority key identifier: 48:A4:69:3B:1D:CC:C4:9E:E6:60:5A:7D:33:9E:1D:84:7E:F0:AD:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SKRpOx3MxJ7mYFp9M54dhH7wrYs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/985efa-8bee-4f73-88b7-be3bb6cd2d51/1/wvUTboW8ZBUP6kKOMK2PMJNwHKA.roa
Signing time:             Tue 09 Jun 2026 12:38:11 +0000
ROA not before:           Tue 09 Jun 2026 12:38:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219530
IP address blocks:        83.150.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/985efa-8bee-4f73-88b7-be3bb6cd2d51/1/SKRpOx3MxJ7mYFp9M54dhH7wrYs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/985efa-8bee-4f73-88b7-be3bb6cd2d51/1/SKRpOx3MxJ7mYFp9M54dhH7wrYs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SKRpOx3MxJ7mYFp9M54dhH7wrYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 15 Jun 2026 00:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ac:63:f3:2e:d3:7a:db:18:49:8a:0b:cc:4f:de:21:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=48a4693b1dccc49ee6605a7d339e1d847ef0ad8b
        Validity
            Not Before: Jun  9 12:38:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c2f5136e85bc64150fea428e30ad8f3093701ca0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:e2:11:86:c4:ef:75:14:ea:26:be:cb:c9:11:
                    0f:bd:72:85:fd:75:33:61:b4:e2:bf:bf:33:12:36:
                    88:6e:62:c1:10:ca:5c:1f:51:b5:53:7d:f7:93:bd:
                    db:71:6b:8f:72:00:af:0e:e0:ba:a7:7d:a6:b3:da:
                    48:a6:13:30:50:56:ff:8e:3f:03:3e:94:20:6f:6f:
                    fb:b8:d9:54:fb:60:e8:ac:65:d0:32:ca:4b:1c:8e:
                    80:45:f0:43:2a:87:8f:99:5c:81:7e:a0:aa:0f:cf:
                    06:d6:57:3b:70:48:83:37:a7:11:94:91:e0:3f:8e:
                    3d:4f:03:86:17:d5:b4:af:f3:64:9d:51:ee:51:9c:
                    8d:0b:f4:6f:5e:99:77:4d:1a:f3:f7:83:a7:ea:3a:
                    84:f1:d7:07:d6:fb:8e:1c:73:bc:1f:8f:d4:fb:4d:
                    cc:f1:85:2c:fa:93:9e:71:dc:8a:b2:ce:41:0c:12:
                    37:86:a9:bc:b7:a4:5a:03:0a:c9:e7:ec:59:f6:e6:
                    4b:a2:39:a2:ac:10:48:f4:89:0c:f7:70:5f:f3:cc:
                    2d:68:f0:f9:05:84:c5:a5:ca:dd:ce:3b:37:e2:cb:
                    f1:6e:3c:cc:94:95:84:91:f6:2c:0e:c3:15:16:04:
                    c3:a8:5d:c9:7c:e5:cf:af:38:92:bf:68:d2:b9:02:
                    2c:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:F5:13:6E:85:BC:64:15:0F:EA:42:8E:30:AD:8F:30:93:70:1C:A0
            X509v3 Authority Key Identifier:
                keyid:48:A4:69:3B:1D:CC:C4:9E:E6:60:5A:7D:33:9E:1D:84:7E:F0:AD:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SKRpOx3MxJ7mYFp9M54dhH7wrYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/985efa-8bee-4f73-88b7-be3bb6cd2d51/1/wvUTboW8ZBUP6kKOMK2PMJNwHKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/985efa-8bee-4f73-88b7-be3bb6cd2d51/1/SKRpOx3MxJ7mYFp9M54dhH7wrYs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.150.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:57:07:6b:78:40:2f:cb:c6:eb:34:bc:a6:fc:b2:d9:88:39:
         71:19:c9:f1:90:55:3d:ac:ff:df:20:f4:5f:a8:10:eb:ed:7e:
         ac:d0:41:f6:62:8a:4c:fa:67:e6:7e:ea:c2:ad:21:a9:13:75:
         24:36:29:a3:cf:30:91:57:ee:83:8e:08:94:6d:a0:39:a9:0e:
         0c:f3:51:5e:d1:1a:e4:21:1c:34:a1:c1:3f:50:d6:d2:72:98:
         18:4b:c5:e5:f6:47:23:b8:4e:dd:b4:02:79:07:14:8c:68:46:
         d3:07:d5:d3:5b:ec:e9:21:c9:25:85:e7:3a:75:5e:a9:3f:27:
         1c:ed:4c:46:26:1b:29:54:96:ba:af:1e:52:08:a5:7a:55:e1:
         89:20:42:5b:ed:b5:57:8f:31:fc:85:0d:cd:69:eb:dc:dc:c7:
         e8:e4:f2:a6:d0:33:49:fa:29:70:2c:2f:b8:0c:e7:30:ae:86:
         10:f1:3f:48:ce:f0:82:b0:97:dc:dc:f8:08:1d:60:0f:cf:36:
         71:da:e3:76:56:e5:80:c0:fb:44:c9:c4:05:54:45:b5:9d:21:
         50:d0:4e:02:99:7a:4e:5c:1e:f8:07:e9:c3:36:5d:4e:67:27:
         22:db:84:76:c8:88:d3:51:f9:4f:67:62:c4:d3:28:c5:95:b9:
         13:ea:25:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6sY/Mu03rbGEmKC8xP3iH3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4YTQ2OTNiMWRjY2M0OWVlNjYwNWE3ZDMzOWUxZDg0N2Vm
MGFkOGIwHhcNMjYwNjA5MTIzODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmY1MTM2ZTg1YmM2NDE1MGZlYTQyOGUzMGFkOGYzMDkzNzAxY2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjOIRhsTvdRTqJr7LyREPvXKF/XUz
YbTiv78zEjaIbmLBEMpcH1G1U333k73bcWuPcgCvDuC6p32ms9pIphMwUFb/jj8D
PpQgb2/7uNlU+2DorGXQMspLHI6ARfBDKoePmVyBfqCqD88G1lc7cEiDN6cRlJHg
P449TwOGF9W0r/NknVHuUZyNC/RvXpl3TRrz94On6jqE8dcH1vuOHHO8H4/U+03M
8YUs+pOecdyKss5BDBI3hqm8t6RaAwrJ5+xZ9uZLojmirBBI9IkM93Bf88wtaPD5
BYTFpcrdzjs34svxbjzMlJWEkfYsDsMVFgTDqF3JfOXPrziSv2jSuQIsfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFML1E26FvGQVD+pCjjCtjzCTcBygMB8GA1UdIwQY
MBaAFEikaTsdzMSe5mBafTOeHYR+8K2LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0tScE94M014SjdtWUZwOU01NGRoSDd3cllzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC85ODVlZmEtOGJlZS00ZjczLTg4Yjct
YmUzYmI2Y2QyZDUxLzEvd3ZVVGJvVzhaQlVQNmtLT01LMlBNSk53SEtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC85ODVlZmEtOGJlZS00ZjczLTg4YjctYmUzYmI2Y2QyZDUx
LzEvU0tScE94M014SjdtWUZwOU01NGRoSDd3cllzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU5bRMA0G
CSqGSIb3DQEBCwUAA4IBAQBFVwdreEAvy8brNLym/LLZiDlxGcnxkFU9rP/fIPRf
qBDr7X6s0EH2YopM+mfmfurCrSGpE3UkNimjzzCRV+6DjgiUbaA5qQ4M81Fe0Rrk
IRw0ocE/UNbScpgYS8Xl9kcjuE7dtAJ5BxSMaEbTB9XTW+zpIcklhec6dV6pPycc
7UxGJhspVJa6rx5SCKV6VeGJIEJb7bVXjzH8hQ3Naevc3Mfo5PKm0DNJ+ilwLC+4
DOcwroYQ8T9IzvCCsJfc3PgIHWAPzzZx2uN2VuWAwPtEycQFVEW1nSFQ0E4CmXpO
XB74B+nDNl1OZyci24R2yIjTUflPZ2LE0yjFlbkT6iWh
-----END CERTIFICATE-----