Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/Wvbb_a2COrZy8u2YHT4IAcPCo7A.roa
File:                     Wvbb_a2COrZy8u2YHT4IAcPCo7A.roa (raw, json)
Hash identifier:          JCvZpNcLMyYDQVI9nqJFb7h8bZSYYqo2EDX3T4my9ww=
Subject key identifier:   5A:F6:DB:FD:AD:82:3A:B6:72:F2:ED:98:1D:3E:08:01:C3:C2:A3:B0
Certificate issuer:       /CN=a6785773df313b91711bf6bc5b149ecc246b9e89
Certificate serial:       019D68837C6456045FE7EABC750EA79444B9
Authority key identifier: A6:78:57:73:DF:31:3B:91:71:1B:F6:BC:5B:14:9E:CC:24:6B:9E:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pnhXc98xO5FxG_a8WxSezCRrnok.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/Wvbb_a2COrZy8u2YHT4IAcPCo7A.roa
Signing time:             Tue 07 Apr 2026 15:15:40 +0000
ROA not before:           Tue 07 Apr 2026 15:15:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197421
IP address blocks:        185.239.178.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/pnhXc98xO5FxG_a8WxSezCRrnok.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/pnhXc98xO5FxG_a8WxSezCRrnok.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pnhXc98xO5FxG_a8WxSezCRrnok.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:68:83:7c:64:56:04:5f:e7:ea:bc:75:0e:a7:94:44:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a6785773df313b91711bf6bc5b149ecc246b9e89
        Validity
            Not Before: Apr  7 15:15:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5af6dbfdad823ab672f2ed981d3e0801c3c2a3b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:6f:ea:d1:69:50:d3:dd:12:fb:2b:13:45:8e:
                    c2:93:de:a8:56:fc:ee:1c:53:55:8e:68:99:55:3d:
                    2b:d6:19:0b:1b:e7:e4:d9:7f:7a:10:8b:f4:09:aa:
                    28:17:13:af:e7:75:21:5e:4e:89:27:a1:09:2e:0f:
                    cc:d3:cd:5e:33:cf:2f:26:30:e0:e3:63:a3:99:48:
                    3e:b8:20:37:b7:59:cb:13:d4:28:0e:38:d1:40:51:
                    02:8f:bd:37:63:6b:b3:92:91:6d:08:f9:71:99:da:
                    45:52:d1:d4:27:a5:df:3f:a8:fc:92:49:ea:ea:eb:
                    64:5d:a6:7a:5e:c8:10:c0:0f:d0:2c:bb:7a:d3:b9:
                    60:e4:87:5c:49:ed:e1:44:32:19:5c:ed:61:2f:66:
                    c6:b5:80:47:c9:30:9e:f4:a9:ea:6d:3c:f4:3c:67:
                    af:df:95:7f:92:71:87:f6:cf:95:1c:1b:3e:55:d5:
                    f1:d6:e8:01:cb:b3:2d:c6:3e:d3:23:51:fd:1d:9e:
                    06:a0:9f:a1:9b:b4:76:45:5e:b9:65:47:dc:f9:4b:
                    39:88:50:86:c3:88:a3:5a:2f:49:df:5f:ca:93:97:
                    e1:93:20:b9:08:eb:8d:85:01:3a:cc:f4:ce:d5:d2:
                    83:a2:ab:4e:cb:32:ee:bc:61:6b:e4:98:51:eb:49:
                    84:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:F6:DB:FD:AD:82:3A:B6:72:F2:ED:98:1D:3E:08:01:C3:C2:A3:B0
            X509v3 Authority Key Identifier:
                keyid:A6:78:57:73:DF:31:3B:91:71:1B:F6:BC:5B:14:9E:CC:24:6B:9E:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pnhXc98xO5FxG_a8WxSezCRrnok.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/Wvbb_a2COrZy8u2YHT4IAcPCo7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/pnhXc98xO5FxG_a8WxSezCRrnok.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:24:f1:a3:17:d7:f5:17:c1:b1:0c:0c:f4:36:7e:d0:6b:92:
         46:ea:b6:de:aa:76:ac:ea:23:c7:fd:53:ee:26:e6:40:37:d1:
         a6:17:51:c4:22:44:e6:7c:15:42:ed:6b:41:d6:8e:af:86:16:
         d2:5f:4f:94:a9:b1:93:c7:54:48:f4:ac:cf:18:79:9d:56:46:
         85:2e:f0:6c:9d:ac:82:87:e2:79:59:e4:23:59:c9:cf:93:75:
         cd:23:05:a7:53:d0:05:05:d2:be:ff:9a:a2:42:9a:09:44:8e:
         57:d9:d1:7c:66:a7:89:7c:82:f6:6c:dc:90:15:23:b3:d3:3f:
         3c:6b:2c:ed:eb:83:0b:6c:7a:38:79:12:40:28:9c:e1:73:72:
         06:18:19:4c:1b:ce:b0:2a:19:58:fd:7c:d3:cf:29:fc:13:70:
         49:53:f4:f5:7d:e8:45:d4:31:88:89:a2:94:37:9a:0e:ca:a3:
         aa:78:39:f2:f0:3d:04:a1:a4:4e:d8:12:ab:35:e4:98:f8:d9:
         ca:75:f2:e1:46:6e:bf:53:d1:c7:33:a0:c3:84:8a:1c:83:e9:
         9c:d1:b8:36:34:94:e2:4e:3e:df:a8:19:0e:ad:84:1c:98:ce:
         da:bb:71:f6:e6:bd:bd:c6:32:a7:10:e6:08:cc:28:5c:86:81:
         46:33:d1:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1og3xkVgRf5+q8dQ6nlES5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2Nzg1NzczZGYzMTNiOTE3MTFiZjZiYzViMTQ5ZWNjMjQ2
YjllODkwHhcNMjYwNDA3MTUxNTQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWY2ZGJmZGFkODIzYWI2NzJmMmVkOTgxZDNlMDgwMWMzYzJhM2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnW/q0WlQ090S+ysTRY7Ck96oVvzu
HFNVjmiZVT0r1hkLG+fk2X96EIv0CaooFxOv53UhXk6JJ6EJLg/M081eM88vJjDg
42OjmUg+uCA3t1nLE9QoDjjRQFECj703Y2uzkpFtCPlxmdpFUtHUJ6XfP6j8kknq
6utkXaZ6XsgQwA/QLLt607lg5IdcSe3hRDIZXO1hL2bGtYBHyTCe9KnqbTz0PGev
35V/knGH9s+VHBs+VdXx1ugBy7Mtxj7TI1H9HZ4GoJ+hm7R2RV65ZUfc+Us5iFCG
w4ijWi9J31/Kk5fhkyC5COuNhQE6zPTO1dKDoqtOyzLuvGFr5JhR60mEhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFr22/2tgjq2cvLtmB0+CAHDwqOwMB8GA1UdIwQY
MBaAFKZ4V3PfMTuRcRv2vFsUnswka56JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcG5oWGM5OHhPNUZ4R19hOFd4U2V6Q1Jybm9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9hZTkyMTEtYzUyZC00ODBkLWE1OTEt
ZDc1ODY5YzBjNzFlLzEvV3ZiYl9hMkNPclp5OHUyWUhUNElBY1BDbzdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9hZTkyMTEtYzUyZC00ODBkLWE1OTEtZDc1ODY5YzBjNzFl
LzEvcG5oWGM5OHhPNUZ4R19hOFd4U2V6Q1Jybm9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue+yMA0G
CSqGSIb3DQEBCwUAA4IBAQBuJPGjF9f1F8GxDAz0Nn7Qa5JG6rbeqnas6iPH/VPu
JuZAN9GmF1HEIkTmfBVC7WtB1o6vhhbSX0+UqbGTx1RI9KzPGHmdVkaFLvBsnayC
h+J5WeQjWcnPk3XNIwWnU9AFBdK+/5qiQpoJRI5X2dF8ZqeJfIL2bNyQFSOz0z88
ayzt64MLbHo4eRJAKJzhc3IGGBlMG86wKhlY/XzTzyn8E3BJU/T1fehF1DGIiaKU
N5oOyqOqeDny8D0EoaRO2BKrNeSY+NnKdfLhRm6/U9HHM6DDhIocg+mc0bg2NJTi
Tj7fqBkOrYQcmM7au3H25r29xjKnEOYIzChchoFGM9Ef
-----END CERTIFICATE-----