Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/fe0306-af84-4e8e-8885-b84a9819ead6/1/W2opD1nzA1Qy1dphbskdPw_zQDA.roa
File:                     W2opD1nzA1Qy1dphbskdPw_zQDA.roa (raw, json)
Hash identifier:          BuoBawIPnpe+VBGwQ7nX1QTlwHW5Gq29DxhylXzCD38=
Subject key identifier:   5B:6A:29:0F:59:F3:03:54:32:D5:DA:61:6E:C9:1D:3F:0F:F3:40:30
Certificate issuer:       /CN=da4a3ec07b97858e6834a5a1f88eb8fe31bf7b20
Certificate serial:       019D612A7B72A185DF1028F34C9C704F01F0
Authority key identifier: DA:4A:3E:C0:7B:97:85:8E:68:34:A5:A1:F8:8E:B8:FE:31:BF:7B:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2ko-wHuXhY5oNKWh-I64_jG_eyA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/fe0306-af84-4e8e-8885-b84a9819ead6/1/W2opD1nzA1Qy1dphbskdPw_zQDA.roa
Signing time:             Mon 06 Apr 2026 05:01:07 +0000
ROA not before:           Mon 06 Apr 2026 05:01:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42838
IP address blocks:        77.87.16.0/21 maxlen: 21
                          212.47.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/fe0306-af84-4e8e-8885-b84a9819ead6/1/2ko-wHuXhY5oNKWh-I64_jG_eyA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/fe0306-af84-4e8e-8885-b84a9819ead6/1/2ko-wHuXhY5oNKWh-I64_jG_eyA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2ko-wHuXhY5oNKWh-I64_jG_eyA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:61:2a:7b:72:a1:85:df:10:28:f3:4c:9c:70:4f:01:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da4a3ec07b97858e6834a5a1f88eb8fe31bf7b20
        Validity
            Not Before: Apr  6 05:01:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5b6a290f59f3035432d5da616ec91d3f0ff34030
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:88:26:49:bf:87:13:6b:96:5b:c7:8a:08:05:
                    4b:38:5c:18:b4:b8:c4:89:b7:5b:54:de:42:cb:9b:
                    5b:db:83:4e:0c:35:c2:76:40:dc:ae:fc:98:62:9e:
                    78:67:1b:b6:09:5b:22:83:a7:27:f4:c0:36:0c:a2:
                    4d:e2:73:95:a8:3a:d3:8a:63:dc:56:04:f6:14:0b:
                    3e:4f:4f:ad:64:75:b1:c5:02:3c:5f:15:7e:9a:b3:
                    83:0a:1f:9c:14:eb:88:1b:f1:7c:1b:6b:15:a2:f1:
                    2c:7f:31:01:27:c2:bc:d3:41:bb:b9:7a:c7:1e:3a:
                    d9:79:67:95:7f:86:d4:bc:e1:d1:1e:bc:52:83:3c:
                    8c:84:d2:1b:d7:d0:31:74:59:f2:19:8e:31:9d:1f:
                    0d:a6:1f:7f:42:fc:86:8a:60:04:d5:6b:af:fe:69:
                    55:fe:67:8a:ce:c8:55:08:92:a8:09:25:b1:af:47:
                    80:fb:0a:e7:95:fd:d9:9f:20:c4:3e:72:bc:8c:10:
                    ed:c4:11:7e:82:fe:0a:7d:36:35:a4:d6:6b:1f:bf:
                    39:b4:da:41:14:2f:0e:e1:04:bb:da:e1:ab:0b:ac:
                    12:35:00:a2:40:46:28:63:9e:b1:5b:ac:fa:76:5f:
                    b2:11:05:69:16:6e:44:94:5a:61:f5:e4:76:3f:8d:
                    9a:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:6A:29:0F:59:F3:03:54:32:D5:DA:61:6E:C9:1D:3F:0F:F3:40:30
            X509v3 Authority Key Identifier:
                keyid:DA:4A:3E:C0:7B:97:85:8E:68:34:A5:A1:F8:8E:B8:FE:31:BF:7B:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2ko-wHuXhY5oNKWh-I64_jG_eyA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/fe0306-af84-4e8e-8885-b84a9819ead6/1/W2opD1nzA1Qy1dphbskdPw_zQDA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/fe0306-af84-4e8e-8885-b84a9819ead6/1/2ko-wHuXhY5oNKWh-I64_jG_eyA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.87.16.0/21
                  212.47.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:79:1f:cd:a8:74:6b:bc:55:dc:9d:11:01:b8:e8:2c:c2:eb:
         b5:bb:14:3f:a8:ab:b9:79:d9:c0:6e:4b:0d:9d:0c:d5:2c:a0:
         ed:22:dd:f8:8c:20:5f:2f:9c:f1:00:75:25:58:79:dd:d8:3e:
         73:2b:fc:4f:df:87:3b:54:a7:76:93:ab:f6:20:30:bc:1b:22:
         4a:c3:2d:00:c7:6d:93:a2:b9:63:69:b0:39:22:5c:f6:77:54:
         fb:b0:7d:94:bb:48:17:18:e4:23:9c:e6:44:ff:72:40:88:a9:
         c7:d7:2a:fe:f4:c9:d6:46:58:e5:8d:ba:15:2e:c6:48:4d:53:
         de:89:15:94:df:eb:85:bf:86:03:12:be:cb:52:c1:18:42:6a:
         4f:bc:6e:3f:fe:a3:57:ce:1e:f9:36:27:60:90:e3:35:69:5c:
         a4:5b:17:ad:13:c4:eb:5c:7b:cd:b0:fa:15:f5:07:b9:ab:e0:
         4c:d3:f1:fd:f6:67:eb:30:67:ce:85:2d:21:1a:46:70:bb:55:
         97:01:c5:c6:7a:ea:f2:37:99:82:9f:55:7d:86:7b:77:03:6e:
         39:d5:39:c9:86:e7:f6:81:00:fd:f4:9a:a3:c5:97:1e:92:64:
         5a:0a:6d:66:77:3e:f6:87:0a:36:15:4f:e0:9f:a0:f4:71:bc:
         ab:a1:31:f0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1hKntyoYXfECjzTJxwTwHwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhNGEzZWMwN2I5Nzg1OGU2ODM0YTVhMWY4OGViOGZlMzFi
ZjdiMjAwHhcNMjYwNDA2MDUwMTA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjZhMjkwZjU5ZjMwMzU0MzJkNWRhNjE2ZWM5MWQzZjBmZjM0MDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApogmSb+HE2uWW8eKCAVLOFwYtLjE
ibdbVN5Cy5tb24NODDXCdkDcrvyYYp54Zxu2CVsig6cn9MA2DKJN4nOVqDrTimPc
VgT2FAs+T0+tZHWxxQI8XxV+mrODCh+cFOuIG/F8G2sVovEsfzEBJ8K800G7uXrH
HjrZeWeVf4bUvOHRHrxSgzyMhNIb19AxdFnyGY4xnR8Nph9/QvyGimAE1Wuv/mlV
/meKzshVCJKoCSWxr0eA+wrnlf3ZnyDEPnK8jBDtxBF+gv4KfTY1pNZrH785tNpB
FC8O4QS72uGrC6wSNQCiQEYoY56xW6z6dl+yEQVpFm5ElFph9eR2P42a/QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFtqKQ9Z8wNUMtXaYW7JHT8P80AwMB8GA1UdIwQY
MBaAFNpKPsB7l4WOaDSlofiOuP4xv3sgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmtvLXdIdVhoWTVvTktXaC1JNjRfakdfZXlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9mZTAzMDYtYWY4NC00ZThlLTg4ODUt
Yjg0YTk4MTllYWQ2LzEvVzJvcEQxbnpBMVF5MWRwaGJza2RQd196UURBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9mZTAzMDYtYWY4NC00ZThlLTg4ODUtYjg0YTk4MTllYWQ2
LzEvMmtvLXdIdVhoWTVvTktXaC1JNjRfakdfZXlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDTVcQAwQA
1C8vMA0GCSqGSIb3DQEBCwUAA4IBAQCNeR/NqHRrvFXcnREBuOgswuu1uxQ/qKu5
ednAbksNnQzVLKDtIt34jCBfL5zxAHUlWHnd2D5zK/xP34c7VKd2k6v2IDC8GyJK
wy0Ax22TorljabA5Ilz2d1T7sH2Uu0gXGOQjnOZE/3JAiKnH1yr+9MnWRljljboV
LsZITVPeiRWU3+uFv4YDEr7LUsEYQmpPvG4//qNXzh75NidgkOM1aVykWxetE8Tr
XHvNsPoV9Qe5q+BM0/H99mfrMGfOhS0hGkZwu1WXAcXGeuryN5mCn1V9hnt3A245
1TnJhuf2gQD99JqjxZcekmRaCm1mdz72hwo2FU/gn6D0cbyroTHw
-----END CERTIFICATE-----