Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/6c4021-0b67-4485-b823-0bddc80711ae/1/wivMN35KuEgnCPJ_N1vF1kAwlHQ.roa
File:                     wivMN35KuEgnCPJ_N1vF1kAwlHQ.roa (raw, json)
Hash identifier:          TSOrmsI98t/QypJ+zbHvGanluRz5oq6NnUNRBbmcaMw=
Subject key identifier:   C2:2B:CC:37:7E:4A:B8:48:27:08:F2:7F:37:5B:C5:D6:40:30:94:74
Certificate issuer:       /CN=d15a1098c5c8535c9758f128d8a082df7cf8510b
Certificate serial:       019B783472C597EB9DA66EF767614EFFE71D
Authority key identifier: D1:5A:10:98:C5:C8:53:5C:97:58:F1:28:D8:A0:82:DF:7C:F8:51:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0VoQmMXIU1yXWPEo2KCC33z4UQs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/6c4021-0b67-4485-b823-0bddc80711ae/1/wivMN35KuEgnCPJ_N1vF1kAwlHQ.roa
Signing time:             Thu 01 Jan 2026 06:17:41 +0000
ROA not before:           Thu 01 Jan 2026 06:17:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200186
IP address blocks:        185.144.97.0/24 maxlen: 24
                          194.50.183.0/24 maxlen: 24
                          194.164.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/6c4021-0b67-4485-b823-0bddc80711ae/1/0VoQmMXIU1yXWPEo2KCC33z4UQs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/6c4021-0b67-4485-b823-0bddc80711ae/1/0VoQmMXIU1yXWPEo2KCC33z4UQs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0VoQmMXIU1yXWPEo2KCC33z4UQs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 06:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:72:c5:97:eb:9d:a6:6e:f7:67:61:4e:ff:e7:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d15a1098c5c8535c9758f128d8a082df7cf8510b
        Validity
            Not Before: Jan  1 06:17:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c22bcc377e4ab8482708f27f375bc5d640309474
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:79:c6:6b:f9:9e:57:b6:07:51:0b:59:09:b2:
                    4e:44:ed:06:53:45:c6:b8:a0:07:bd:20:71:cd:55:
                    6c:47:55:c0:8a:4a:1e:78:06:ff:87:4e:6a:71:fd:
                    9d:c1:fe:7d:4b:db:4e:7f:ea:f3:49:0d:b2:87:11:
                    ae:05:dc:64:65:79:73:83:ed:f2:38:96:eb:f6:e7:
                    d8:c6:1d:f4:ab:fe:27:68:63:cf:7e:7e:32:b4:28:
                    20:2c:fa:70:ae:7f:dc:f3:eb:73:c3:32:ff:31:9f:
                    c8:20:e5:2f:3a:8f:1e:1d:f0:40:67:6e:1c:04:51:
                    06:9e:70:30:34:2a:1f:25:17:61:8d:0f:ed:11:e8:
                    a3:b3:82:8a:c7:09:d3:2a:1b:6d:14:7d:df:31:f3:
                    3e:e8:43:31:68:36:3c:05:a2:5e:62:e8:25:47:a9:
                    cf:c2:26:66:bf:be:ef:6c:36:2f:59:46:9b:b0:23:
                    02:89:eb:6e:5a:a7:1c:a3:c3:ca:06:94:ce:c5:ba:
                    34:0c:fb:5e:0a:f8:4f:a1:b3:49:20:3e:f4:2c:49:
                    15:a7:27:06:b2:39:71:f8:58:51:89:e1:be:f5:aa:
                    3a:98:c1:79:fd:7e:e0:84:6d:03:04:19:5b:7b:c5:
                    49:8f:72:55:8a:5f:cb:a1:a4:cf:e1:5d:dd:fa:77:
                    9d:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:2B:CC:37:7E:4A:B8:48:27:08:F2:7F:37:5B:C5:D6:40:30:94:74
            X509v3 Authority Key Identifier:
                keyid:D1:5A:10:98:C5:C8:53:5C:97:58:F1:28:D8:A0:82:DF:7C:F8:51:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0VoQmMXIU1yXWPEo2KCC33z4UQs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/6c4021-0b67-4485-b823-0bddc80711ae/1/wivMN35KuEgnCPJ_N1vF1kAwlHQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/6c4021-0b67-4485-b823-0bddc80711ae/1/0VoQmMXIU1yXWPEo2KCC33z4UQs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.144.97.0/24
                  194.50.183.0/24
                  194.164.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:10:21:6a:9e:ba:77:92:e8:29:61:b5:5c:dc:5b:5b:12:ce:
         2e:b3:d3:88:fe:a5:69:67:98:17:da:40:ae:2d:19:89:88:8d:
         4a:7c:fd:4a:c2:b1:2b:26:1d:22:0c:21:47:65:c4:3e:15:81:
         23:c4:7f:66:d5:bd:0f:2b:eb:4b:93:17:d0:c3:7e:c1:e3:d5:
         40:51:e3:c5:98:f6:ab:c3:19:4e:89:dc:9d:95:4d:8f:97:fe:
         44:4b:72:1d:fd:89:0f:48:91:3f:44:e6:ea:1a:d6:bf:04:ed:
         0e:e4:e0:b8:e2:5b:e0:99:b5:15:6b:1b:a6:1e:81:71:ae:11:
         aa:4f:20:7f:3a:46:72:c7:6f:9a:74:84:20:2a:de:c4:23:3f:
         2c:b1:6b:69:00:9f:7c:92:ee:5d:7f:20:35:ab:04:c0:d4:1c:
         ab:ab:c0:12:a9:32:65:e9:55:eb:29:87:ea:a1:7e:f6:80:02:
         2e:ca:8d:1d:b5:30:34:2e:43:97:5a:1e:2e:d7:e5:bb:3c:89:
         a4:07:59:ac:f1:f2:9f:81:7d:99:f4:b8:00:7f:2b:56:d7:fd:
         75:14:fb:ce:c5:f3:c5:31:8f:9e:4a:6b:e6:b8:8d:25:45:1d:
         7b:0e:6e:a9:b2:5e:43:0c:cf:9e:a9:6a:f0:45:f9:aa:a9:5a:
         c4:7e:09:37
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZt4NHLFl+udpm73Z2FO/+cdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxNWExMDk4YzVjODUzNWM5NzU4ZjEyOGQ4YTA4MmRmN2Nm
ODUxMGIwHhcNMjYwMTAxMDYxNzQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjJiY2MzNzdlNGFiODQ4MjcwOGYyN2YzNzViYzVkNjQwMzA5NDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXnGa/meV7YHUQtZCbJORO0GU0XG
uKAHvSBxzVVsR1XAikoeeAb/h05qcf2dwf59S9tOf+rzSQ2yhxGuBdxkZXlzg+3y
OJbr9ufYxh30q/4naGPPfn4ytCggLPpwrn/c8+tzwzL/MZ/IIOUvOo8eHfBAZ24c
BFEGnnAwNCofJRdhjQ/tEeijs4KKxwnTKhttFH3fMfM+6EMxaDY8BaJeYuglR6nP
wiZmv77vbDYvWUabsCMCietuWqcco8PKBpTOxbo0DPteCvhPobNJID70LEkVpycG
sjlx+FhRieG+9ao6mMF5/X7ghG0DBBlbe8VJj3JVil/LoaTP4V3d+nedeQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMIrzDd+SrhIJwjyfzdbxdZAMJR0MB8GA1UdIwQY
MBaAFNFaEJjFyFNcl1jxKNiggt98+FELMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFZvUW1NWElVMXlYV1BFbzJLQ0MzM3o0VVFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC82YzQwMjEtMGI2Ny00NDg1LWI4MjMt
MGJkZGM4MDcxMWFlLzEvd2l2TU4zNUt1RWduQ1BKX04xdkYxa0F3bEhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC82YzQwMjEtMGI2Ny00NDg1LWI4MjMtMGJkZGM4MDcxMWFl
LzEvMFZvUW1NWElVMXlYV1BFbzJLQ0MzM3o0VVFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAuZBhAwQA
wjK3AwQAwqRlMA0GCSqGSIb3DQEBCwUAA4IBAQCjECFqnrp3kugpYbVc3FtbEs4u
s9OI/qVpZ5gX2kCuLRmJiI1KfP1KwrErJh0iDCFHZcQ+FYEjxH9m1b0PK+tLkxfQ
w37B49VAUePFmParwxlOidydlU2Pl/5ES3Id/YkPSJE/RObqGta/BO0O5OC44lvg
mbUVaxumHoFxrhGqTyB/OkZyx2+adIQgKt7EIz8ssWtpAJ98ku5dfyA1qwTA1Byr
q8ASqTJl6VXrKYfqoX72gAIuyo0dtTA0LkOXWh4u1+W7PImkB1ms8fKfgX2Z9LgA
fytW1/11FPvOxfPFMY+eSmvmuI0lRR17Dm6psl5DDM+eqWrwRfmqqVrEfgk3
-----END CERTIFICATE-----