Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/wHwU1xTovb9mknlbknQkboDR00w.roa
File:                     wHwU1xTovb9mknlbknQkboDR00w.roa (raw, json)
Hash identifier:          plQa7nl82b7CUkvyrY7LQBQWMVnB9jL08kEiO9r5lUc=
Subject key identifier:   C0:7C:14:D7:14:E8:BD:BF:66:92:79:5B:92:74:24:6E:80:D1:D3:4C
Certificate issuer:       /CN=641975583b250362c8150f63adb30a0f6a0c6fc3
Certificate serial:       019EAB002261F963C264DF7EAB3C9130B711
Authority key identifier: 64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/wHwU1xTovb9mknlbknQkboDR00w.roa
Signing time:             Tue 09 Jun 2026 06:09:33 +0000
ROA not before:           Tue 09 Jun 2026 06:09:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211484
IP address blocks:        194.152.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 17:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ab:00:22:61:f9:63:c2:64:df:7e:ab:3c:91:30:b7:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=641975583b250362c8150f63adb30a0f6a0c6fc3
        Validity
            Not Before: Jun  9 06:09:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c07c14d714e8bdbf6692795b9274246e80d1d34c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:58:4f:a0:bf:40:59:e6:5c:f3:f7:9d:a0:05:
                    5d:ad:f6:37:ff:35:0a:da:1a:30:5c:5b:c6:11:6b:
                    ea:69:e1:b6:07:01:a7:89:95:ab:83:9a:ad:e0:0c:
                    89:4b:98:80:91:e6:42:72:5f:9c:fb:5b:7d:55:bb:
                    16:4f:1d:a2:b1:54:cf:75:b6:9b:cc:ce:db:36:a8:
                    f4:33:59:cc:7d:34:5d:1c:f3:9e:25:fa:1c:0e:be:
                    5d:07:4c:39:68:7d:5f:ad:1b:69:3d:58:73:35:f9:
                    20:0d:ac:9f:50:ae:9d:79:bd:b9:b7:c6:fd:cd:2a:
                    ba:71:a5:85:36:41:06:e4:8e:62:eb:dc:d2:4a:c1:
                    eb:2a:3e:65:ad:65:7b:23:d8:eb:f2:55:c0:42:10:
                    78:8f:eb:56:6c:24:a3:3a:11:dc:87:b8:24:c5:8d:
                    a2:2e:c6:4c:cb:6d:98:1f:80:bd:0c:34:0e:4f:46:
                    ed:73:1b:8d:11:32:9c:84:56:82:e6:7d:b2:5c:07:
                    a2:9a:11:53:3d:40:7c:6d:6b:ca:79:15:39:9c:2b:
                    72:c8:04:44:73:e6:0b:d8:a9:57:bf:40:b2:ab:07:
                    f3:39:91:92:47:2e:a1:51:4e:5c:6d:b1:3c:57:8d:
                    eb:f9:63:f5:05:41:24:02:2b:9f:5e:25:f8:69:f2:
                    28:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:7C:14:D7:14:E8:BD:BF:66:92:79:5B:92:74:24:6E:80:D1:D3:4C
            X509v3 Authority Key Identifier:
                keyid:64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/wHwU1xTovb9mknlbknQkboDR00w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.152.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:df:f9:6f:a3:9f:b8:8f:f7:3c:e4:53:63:f4:76:57:5e:cc:
         5d:81:be:6d:e8:cd:d6:34:ca:2f:ac:19:23:d2:e9:90:5c:9a:
         d3:f5:a5:c1:7d:71:3f:48:93:71:ea:47:5e:f9:13:3d:8e:72:
         8b:36:4f:ee:6e:c2:90:f2:67:75:fe:18:8e:5a:ab:b3:90:17:
         e0:27:55:5b:73:84:e5:7e:56:9c:74:6e:4c:35:6c:49:e5:d5:
         87:15:65:4f:16:73:ae:de:85:cf:0c:7c:26:c4:6e:8a:89:86:
         18:0a:b4:3a:9c:8e:81:7c:87:57:f0:00:df:0f:57:3f:c4:91:
         28:50:e8:dc:10:18:e9:d8:dd:84:96:e4:b1:fb:45:3d:b3:3b:
         82:6e:73:3a:d4:08:da:2b:a0:7f:6c:1d:c2:19:26:67:4f:97:
         8b:69:a9:a8:1f:23:26:6a:01:e1:ce:ca:08:77:0a:95:c8:6c:
         4b:56:c9:d6:56:ec:11:6a:a1:fa:93:10:b5:2f:60:87:f3:47:
         f6:f7:3c:4e:27:68:fc:20:2b:f6:c8:28:cc:60:b8:a1:d5:6d:
         83:06:7c:7f:8e:36:3d:12:98:5f:51:75:42:c3:1b:84:3f:08:
         96:10:37:4f:98:ae:9b:fc:aa:af:d0:4a:2d:97:f1:ce:b8:b0:
         7f:bb:74:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6rACJh+WPCZN9+qzyRMLcRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0MTk3NTU4M2IyNTAzNjJjODE1MGY2M2FkYjMwYTBmNmEw
YzZmYzMwHhcNMjYwNjA5MDYwOTMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDdjMTRkNzE0ZThiZGJmNjY5Mjc5NWI5Mjc0MjQ2ZTgwZDFkMzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3VhPoL9AWeZc8/edoAVdrfY3/zUK
2howXFvGEWvqaeG2BwGniZWrg5qt4AyJS5iAkeZCcl+c+1t9VbsWTx2isVTPdbab
zM7bNqj0M1nMfTRdHPOeJfocDr5dB0w5aH1frRtpPVhzNfkgDayfUK6deb25t8b9
zSq6caWFNkEG5I5i69zSSsHrKj5lrWV7I9jr8lXAQhB4j+tWbCSjOhHch7gkxY2i
LsZMy22YH4C9DDQOT0btcxuNETKchFaC5n2yXAeimhFTPUB8bWvKeRU5nCtyyARE
c+YL2KlXv0CyqwfzOZGSRy6hUU5cbbE8V43r+WP1BUEkAiufXiX4afIo/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMB8FNcU6L2/ZpJ5W5J0JG6A0dNMMB8GA1UdIwQY
MBaAFGQZdVg7JQNiyBUPY62zCg9qDG/DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQt
ZjFjMzNhYTJmZDUwLzEvd0h3VTF4VG92Yjlta25sYmtuUWtib0RSMDB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQtZjFjMzNhYTJmZDUw
LzEvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpiPMA0G
CSqGSIb3DQEBCwUAA4IBAQAe3/lvo5+4j/c85FNj9HZXXsxdgb5t6M3WNMovrBkj
0umQXJrT9aXBfXE/SJNx6kde+RM9jnKLNk/ubsKQ8md1/hiOWquzkBfgJ1Vbc4Tl
flacdG5MNWxJ5dWHFWVPFnOu3oXPDHwmxG6KiYYYCrQ6nI6BfIdX8ADfD1c/xJEo
UOjcEBjp2N2EluSx+0U9szuCbnM61AjaK6B/bB3CGSZnT5eLaamoHyMmagHhzsoI
dwqVyGxLVsnWVuwRaqH6kxC1L2CH80f29zxOJ2j8ICv2yCjMYLih1W2DBnx/jjY9
EphfUXVCwxuEPwiWEDdPmK6b/Kqv0Eotl/HOuLB/u3TU
-----END CERTIFICATE-----