Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/e7da9a-932a-467b-b2d2-97042891eb99/1/A3Wm_w660o-WOKx14Qzsk48w80w.roa
File:                     A3Wm_w660o-WOKx14Qzsk48w80w.roa (raw, json)
Hash identifier:          bbx1tQ0RBrPD7hgRhmK+PhPzre/duloLQugMlYybsho=
Subject key identifier:   03:75:A6:FF:0E:BA:D2:8F:96:38:AC:75:E1:0C:EC:93:8F:30:F3:4C
Certificate issuer:       /CN=f382cb13dde12658cdac18cacae91fbbf5c58090
Certificate serial:       019D76F1BF3E8E2B212199E3EFF412D58DEF
Authority key identifier: F3:82:CB:13:DD:E1:26:58:CD:AC:18:CA:CA:E9:1F:BB:F5:C5:80:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/84LLE93hJljNrBjKyukfu_XFgJA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/e7da9a-932a-467b-b2d2-97042891eb99/1/A3Wm_w660o-WOKx14Qzsk48w80w.roa
Signing time:             Fri 10 Apr 2026 10:30:47 +0000
ROA not before:           Fri 10 Apr 2026 10:30:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208628
IP address blocks:        178.236.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/e7da9a-932a-467b-b2d2-97042891eb99/1/84LLE93hJljNrBjKyukfu_XFgJA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/e7da9a-932a-467b-b2d2-97042891eb99/1/84LLE93hJljNrBjKyukfu_XFgJA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/84LLE93hJljNrBjKyukfu_XFgJA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 04:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:76:f1:bf:3e:8e:2b:21:21:99:e3:ef:f4:12:d5:8d:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f382cb13dde12658cdac18cacae91fbbf5c58090
        Validity
            Not Before: Apr 10 10:30:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0375a6ff0ebad28f9638ac75e10cec938f30f34c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:49:26:97:e0:b7:41:0c:6f:f8:26:b7:c1:50:
                    58:63:59:d7:0d:40:6e:8c:e5:7c:70:6f:31:e1:6b:
                    b0:c2:09:21:d6:49:fd:1c:1d:b1:75:e6:23:89:42:
                    de:a0:43:6c:0d:24:02:67:9d:15:b4:d4:c9:c1:68:
                    f5:b1:bc:f9:23:15:12:e0:0b:6b:2b:a7:54:ce:d8:
                    f7:33:e4:99:4d:a4:94:fa:69:11:dd:8c:73:bd:f4:
                    06:2d:75:f6:50:bd:14:3a:f6:4e:11:32:57:8d:61:
                    50:33:c8:ee:b9:2f:ca:5a:4b:eb:eb:35:2c:66:81:
                    59:07:5e:7b:63:13:56:ce:75:ad:be:53:35:d5:26:
                    6c:63:2d:fb:09:18:89:ac:54:1d:8f:9b:1a:e7:17:
                    d0:70:8b:6f:4c:d8:68:89:f1:f2:55:1c:c0:ad:1a:
                    9e:3b:ae:6a:fb:f1:e3:7d:b8:03:c8:7b:e2:55:f9:
                    66:9b:2f:14:5d:43:e6:1c:2c:3c:2c:9a:aa:51:be:
                    f7:9f:4a:4b:33:92:26:e8:09:74:2b:9b:ca:ce:45:
                    66:5c:7e:8d:2f:f6:4e:d9:6c:79:8f:63:70:13:c1:
                    a4:a3:73:76:3c:d0:2e:d8:6f:34:97:9d:e6:97:b8:
                    bd:24:ad:23:4e:d7:52:03:4d:09:2c:84:f7:eb:0b:
                    c3:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:75:A6:FF:0E:BA:D2:8F:96:38:AC:75:E1:0C:EC:93:8F:30:F3:4C
            X509v3 Authority Key Identifier:
                keyid:F3:82:CB:13:DD:E1:26:58:CD:AC:18:CA:CA:E9:1F:BB:F5:C5:80:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/84LLE93hJljNrBjKyukfu_XFgJA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/e7da9a-932a-467b-b2d2-97042891eb99/1/A3Wm_w660o-WOKx14Qzsk48w80w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/e7da9a-932a-467b-b2d2-97042891eb99/1/84LLE93hJljNrBjKyukfu_XFgJA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.236.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:0e:31:1d:f1:20:25:23:e9:4f:49:b3:34:df:9f:7e:3f:91:
         21:94:01:ff:10:b1:50:71:87:8a:6c:ac:64:73:12:e0:5d:0d:
         e1:cc:21:80:f1:16:3b:ef:2d:0a:0c:7e:45:8b:7f:2e:78:29:
         ae:0d:27:2d:0a:b3:b6:c1:21:46:39:55:a6:9d:ee:e6:0e:9f:
         c6:75:b1:55:9a:9a:70:ae:e5:05:5a:0f:fd:18:8e:96:ea:37:
         ed:76:b1:2e:fe:79:14:1d:90:3e:0b:13:5a:6a:54:f3:0c:2b:
         44:d5:0a:2b:cc:be:e8:9a:62:d7:85:b4:b4:07:17:7b:6d:cf:
         30:df:07:a5:6f:a6:62:4c:c9:35:19:18:bc:7b:a7:73:97:82:
         2b:26:b1:d4:e3:72:20:95:c4:74:d8:ce:01:fb:0f:81:91:41:
         15:58:f2:45:df:37:d8:bd:41:b0:95:39:ef:0d:a2:fd:31:d3:
         7c:2c:1d:5c:d5:7b:63:9d:3f:05:94:d1:84:c0:c8:30:be:f8:
         f5:58:ad:8c:f1:8a:3f:7c:25:2b:f3:1b:6e:a6:f7:55:3d:dd:
         ea:5c:51:e9:6c:7f:7b:60:e0:3a:56:39:46:70:57:e9:f4:0f:
         0f:07:75:ee:88:79:19:6b:e8:f6:b3:95:2e:64:f6:6b:9b:b5:
         99:53:d3:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ128b8+jishIZnj7/QS1Y3vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzODJjYjEzZGRlMTI2NThjZGFjMThjYWNhZTkxZmJiZjVj
NTgwOTAwHhcNMjYwNDEwMTAzMDQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzc1YTZmZjBlYmFkMjhmOTYzOGFjNzVlMTBjZWM5MzhmMzBmMzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0kml+C3QQxv+Ca3wVBYY1nXDUBu
jOV8cG8x4Wuwwgkh1kn9HB2xdeYjiULeoENsDSQCZ50VtNTJwWj1sbz5IxUS4Atr
K6dUztj3M+SZTaSU+mkR3YxzvfQGLXX2UL0UOvZOETJXjWFQM8juuS/KWkvr6zUs
ZoFZB157YxNWznWtvlM11SZsYy37CRiJrFQdj5sa5xfQcItvTNhoifHyVRzArRqe
O65q+/HjfbgDyHviVflmmy8UXUPmHCw8LJqqUb73n0pLM5Im6Al0K5vKzkVmXH6N
L/ZO2Wx5j2NwE8Gko3N2PNAu2G80l53ml7i9JK0jTtdSA00JLIT36wvDSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAN1pv8OutKPljisdeEM7JOPMPNMMB8GA1UdIwQY
MBaAFPOCyxPd4SZYzawYysrpH7v1xYCQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODRMTEU5M2hKbGpOckJqS3l1a2Z1X1hGZ0pBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9lN2RhOWEtOTMyYS00NjdiLWIyZDIt
OTcwNDI4OTFlYjk5LzEvQTNXbV93NjYwby1XT0t4MTRRenNrNDh3ODB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9lN2RhOWEtOTMyYS00NjdiLWIyZDItOTcwNDI4OTFlYjk5
LzEvODRMTEU5M2hKbGpOckJqS3l1a2Z1X1hGZ0pBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsuwuMA0G
CSqGSIb3DQEBCwUAA4IBAQCADjEd8SAlI+lPSbM0359+P5EhlAH/ELFQcYeKbKxk
cxLgXQ3hzCGA8RY77y0KDH5Fi38ueCmuDSctCrO2wSFGOVWmne7mDp/GdbFVmppw
ruUFWg/9GI6W6jftdrEu/nkUHZA+CxNaalTzDCtE1QorzL7ommLXhbS0Bxd7bc8w
3welb6ZiTMk1GRi8e6dzl4IrJrHU43IglcR02M4B+w+BkUEVWPJF3zfYvUGwlTnv
DaL9MdN8LB1c1XtjnT8FlNGEwMgwvvj1WK2M8Yo/fCUr8xtupvdVPd3qXFHpbH97
YOA6VjlGcFfp9A8PB3XuiHkZa+j2s5UuZPZrm7WZU9NJ
-----END CERTIFICATE-----