Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/bb19ae-edbb-46fa-86c6-7edb758cadcf/1/wd-GsSjA11cGHqEt72xSa1ygzuQ.roa
File:                     wd-GsSjA11cGHqEt72xSa1ygzuQ.roa (raw, json)
Hash identifier:          WJGZJAHF4Jb+ZVAsXjgsRqPOhUgESLsq9HtVoR+KgWU=
Subject key identifier:   C1:DF:86:B1:28:C0:D7:57:06:1E:A1:2D:EF:6C:52:6B:5C:A0:CE:E4
Certificate issuer:       /CN=bcd10044fcb81e5ae60f3ecd5bdcdfe6d9343c92
Certificate serial:       019D7683DB8D8C5F2C0B0BBE8DAFAE284DDA
Authority key identifier: BC:D1:00:44:FC:B8:1E:5A:E6:0F:3E:CD:5B:DC:DF:E6:D9:34:3C:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vNEARPy4HlrmDz7NW9zf5tk0PJI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/bb19ae-edbb-46fa-86c6-7edb758cadcf/1/wd-GsSjA11cGHqEt72xSa1ygzuQ.roa
Signing time:             Fri 10 Apr 2026 08:30:46 +0000
ROA not before:           Fri 10 Apr 2026 08:30:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     28686
IP address blocks:        193.135.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/bb19ae-edbb-46fa-86c6-7edb758cadcf/1/vNEARPy4HlrmDz7NW9zf5tk0PJI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/bb19ae-edbb-46fa-86c6-7edb758cadcf/1/vNEARPy4HlrmDz7NW9zf5tk0PJI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vNEARPy4HlrmDz7NW9zf5tk0PJI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:76:83:db:8d:8c:5f:2c:0b:0b:be:8d:af:ae:28:4d:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcd10044fcb81e5ae60f3ecd5bdcdfe6d9343c92
        Validity
            Not Before: Apr 10 08:30:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c1df86b128c0d757061ea12def6c526b5ca0cee4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:ba:08:c2:65:c4:da:23:d9:78:2e:c2:5d:f3:
                    91:ad:9f:c5:e0:05:6b:89:80:46:3d:e8:ab:05:52:
                    74:37:b2:11:c9:8b:cd:6d:f6:54:29:73:1b:7b:75:
                    15:72:9d:32:a2:f5:31:42:5c:e7:cb:b8:ee:16:78:
                    70:1f:06:34:0c:3a:ff:4b:2c:12:c9:6f:b9:ae:1b:
                    05:f4:0b:87:4e:4f:be:b3:59:5b:40:50:ae:f9:b7:
                    1f:77:21:22:73:29:66:18:eb:69:45:71:b2:92:1c:
                    95:b4:16:24:1f:75:eb:42:3e:0a:1d:32:d5:8d:63:
                    f3:21:ab:1a:e9:9c:4c:14:77:5e:d2:ec:0e:d3:60:
                    00:ed:bf:93:46:58:32:d6:66:4c:8c:48:c9:fc:41:
                    22:44:9e:cf:b8:3e:76:6d:f1:a5:31:28:d6:7b:40:
                    6f:fb:df:b8:ce:20:70:ee:52:48:df:c9:36:61:52:
                    7d:82:ad:df:30:05:2f:f7:aa:d1:37:74:73:c4:f4:
                    d9:1c:2e:f1:00:26:b5:b9:28:d9:fa:73:61:58:93:
                    25:08:7d:d8:a9:01:d9:88:da:76:ac:53:9c:d5:b0:
                    2d:3f:f6:54:98:62:c5:85:5c:8b:0e:8c:b0:20:c8:
                    55:82:dd:31:63:ed:46:5f:a6:95:8f:26:c4:2a:16:
                    63:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:DF:86:B1:28:C0:D7:57:06:1E:A1:2D:EF:6C:52:6B:5C:A0:CE:E4
            X509v3 Authority Key Identifier:
                keyid:BC:D1:00:44:FC:B8:1E:5A:E6:0F:3E:CD:5B:DC:DF:E6:D9:34:3C:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vNEARPy4HlrmDz7NW9zf5tk0PJI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/bb19ae-edbb-46fa-86c6-7edb758cadcf/1/wd-GsSjA11cGHqEt72xSa1ygzuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/bb19ae-edbb-46fa-86c6-7edb758cadcf/1/vNEARPy4HlrmDz7NW9zf5tk0PJI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.135.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:2d:64:85:88:6c:25:e0:77:a5:f7:a2:ca:ec:ac:cd:6c:02:
         0c:cf:43:b9:08:7c:77:5e:2b:3a:32:f0:40:c3:31:c1:75:04:
         a9:b1:8f:2a:27:f5:79:9d:18:79:e5:19:97:35:62:bc:7d:47:
         85:48:21:ff:7d:08:74:07:3c:4f:8b:ec:60:d6:5b:d7:df:bc:
         f1:4a:0f:31:98:3d:b5:9f:47:1e:1f:21:62:f8:09:a2:6a:4d:
         8d:1b:5d:13:20:ea:30:5a:2b:6e:c5:da:44:1e:4a:26:71:59:
         f8:52:aa:0c:05:c6:f2:ef:be:4d:82:d4:2d:dc:e2:78:be:c8:
         b6:00:72:0f:68:62:b6:55:a6:39:e0:c9:1e:ec:c9:47:9c:f5:
         db:d9:f0:5d:ac:aa:b6:6f:40:8f:99:77:5f:a7:6d:e2:f3:04:
         1c:80:a0:11:a0:c7:02:04:d6:e2:11:a4:67:d4:20:75:fc:22:
         6d:06:6f:96:40:20:28:af:c9:30:96:67:23:67:b5:c0:b7:08:
         96:3f:dd:69:5d:20:3e:8e:b0:37:06:d8:7c:d4:52:24:17:0a:
         37:98:7f:29:ff:8b:1e:cd:14:29:ac:51:f8:a2:3a:e4:a7:8e:
         e3:84:8c:5e:12:18:b3:5d:8a:a2:cf:bd:ee:a2:50:8a:11:57:
         f2:33:cb:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ12g9uNjF8sCwu+ja+uKE3aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjZDEwMDQ0ZmNiODFlNWFlNjBmM2VjZDViZGNkZmU2ZDkz
NDNjOTIwHhcNMjYwNDEwMDgzMDQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWRmODZiMTI4YzBkNzU3MDYxZWExMmRlZjZjNTI2YjVjYTBjZWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwboIwmXE2iPZeC7CXfORrZ/F4AVr
iYBGPeirBVJ0N7IRyYvNbfZUKXMbe3UVcp0yovUxQlzny7juFnhwHwY0DDr/SywS
yW+5rhsF9AuHTk++s1lbQFCu+bcfdyEicylmGOtpRXGykhyVtBYkH3XrQj4KHTLV
jWPzIasa6ZxMFHde0uwO02AA7b+TRlgy1mZMjEjJ/EEiRJ7PuD52bfGlMSjWe0Bv
+9+4ziBw7lJI38k2YVJ9gq3fMAUv96rRN3RzxPTZHC7xACa1uSjZ+nNhWJMlCH3Y
qQHZiNp2rFOc1bAtP/ZUmGLFhVyLDoywIMhVgt0xY+1GX6aVjybEKhZjAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMHfhrEowNdXBh6hLe9sUmtcoM7kMB8GA1UdIwQY
MBaAFLzRAET8uB5a5g8+zVvc3+bZNDySMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdk5FQVJQeTRIbHJtRHo3Tlc5emY1dGswUEpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iYjE5YWUtZWRiYi00NmZhLTg2YzYt
N2VkYjc1OGNhZGNmLzEvd2QtR3NTakExMWNHSHFFdDcyeFNhMXlnenVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iYjE5YWUtZWRiYi00NmZhLTg2YzYtN2VkYjc1OGNhZGNm
LzEvdk5FQVJQeTRIbHJtRHo3Tlc5emY1dGswUEpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwYdtMA0G
CSqGSIb3DQEBCwUAA4IBAQAhLWSFiGwl4Hel96LK7KzNbAIMz0O5CHx3Xis6MvBA
wzHBdQSpsY8qJ/V5nRh55RmXNWK8fUeFSCH/fQh0BzxPi+xg1lvX37zxSg8xmD21
n0ceHyFi+Amiak2NG10TIOowWituxdpEHkomcVn4UqoMBcby775NgtQt3OJ4vsi2
AHIPaGK2VaY54Mke7MlHnPXb2fBdrKq2b0CPmXdfp23i8wQcgKARoMcCBNbiEaRn
1CB1/CJtBm+WQCAor8kwlmcjZ7XAtwiWP91pXSA+jrA3Bth81FIkFwo3mH8p/4se
zRQprFH4ojrkp47jhIxeEhizXYqiz73uolCKEVfyM8vO
-----END CERTIFICATE-----