Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/wAh3byrbG5qTFH-wreezSyYJxYQ.roa
File:                     wAh3byrbG5qTFH-wreezSyYJxYQ.roa (raw, json)
Hash identifier:          lqNfCfyCdVnJd9aovIdmRjPOWg96LGGcKzYcw43Q9nw=
Subject key identifier:   C0:08:77:6F:2A:DB:1B:9A:93:14:7F:B0:AD:E7:B3:4B:26:09:C5:84
Certificate issuer:       /CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
Certificate serial:       019EBC652EDF50CA1B9976358F027D34593C
Authority key identifier: D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/wAh3byrbG5qTFH-wreezSyYJxYQ.roa
Signing time:             Fri 12 Jun 2026 15:13:28 +0000
ROA not before:           Fri 12 Jun 2026 15:13:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200566
IP address blocks:        132.243.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:bc:65:2e:df:50:ca:1b:99:76:35:8f:02:7d:34:59:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
        Validity
            Not Before: Jun 12 15:13:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c008776f2adb1b9a93147fb0ade7b34b2609c584
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:29:ac:99:76:f8:25:06:2e:d7:b0:4e:ed:60:
                    28:73:7b:56:c5:d3:87:40:7f:15:f1:51:71:4f:f1:
                    17:97:79:94:3c:a6:03:79:85:53:6e:7f:36:ef:16:
                    20:76:cc:b1:a0:d7:55:6c:be:8d:6f:ac:1a:74:e1:
                    0f:ca:07:ca:a3:fb:04:df:e5:bb:6d:35:aa:1e:e0:
                    38:12:c5:cf:aa:79:8b:60:a0:18:dd:a2:cc:b9:6f:
                    dc:7c:0e:7e:a0:50:b3:a0:4c:51:5a:d6:dd:6d:d7:
                    27:a9:32:81:22:01:97:54:47:53:f2:ee:82:bf:8d:
                    75:c4:cc:f4:76:8b:75:4f:69:61:af:87:0f:68:90:
                    6d:c8:15:79:21:ba:a5:e7:56:b3:23:f0:dd:63:f2:
                    75:47:18:81:25:3c:d6:d9:3d:f9:ba:91:17:23:10:
                    67:b8:6b:ed:da:7e:d6:ed:95:22:af:bd:67:ad:20:
                    32:76:c0:34:5b:53:2b:fa:07:02:ed:73:91:9a:ff:
                    07:02:fa:fd:35:23:54:bf:b9:78:c9:53:9d:5f:a8:
                    1c:a1:69:4d:31:b9:2f:56:1b:ab:bf:20:8a:a6:47:
                    86:9d:4d:10:8e:66:35:f1:77:14:fc:39:d6:60:8d:
                    cd:3a:c2:02:55:cd:2e:34:7d:0e:11:69:a1:8d:06:
                    37:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:08:77:6F:2A:DB:1B:9A:93:14:7F:B0:AD:E7:B3:4B:26:09:C5:84
            X509v3 Authority Key Identifier:
                keyid:D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/wAh3byrbG5qTFH-wreezSyYJxYQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.243.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:f4:77:73:75:7a:32:42:1e:1e:4b:d6:fb:84:12:a1:c5:3a:
         55:ac:0d:5e:7c:92:9d:1a:08:09:72:f0:fd:a6:5f:79:7c:9f:
         cd:91:e0:83:26:62:12:99:1c:05:63:9f:05:73:ec:ec:5c:df:
         6d:91:e0:2d:ba:e0:1d:a1:8b:5f:7d:9e:0d:5c:bc:36:6f:22:
         19:a2:7c:3a:9d:bc:b5:43:25:29:b1:8c:8a:2e:49:da:90:89:
         8a:58:5d:a9:fc:f4:30:d6:8b:bd:e3:e1:96:c7:8d:af:24:e7:
         30:7b:88:0f:50:db:87:24:53:24:f7:e3:17:12:21:10:e6:f7:
         8d:55:e7:b6:6c:d1:50:c5:81:42:09:93:4d:b0:b9:93:b7:d8:
         2e:9b:e9:19:29:0e:de:b9:e9:13:11:3e:f8:74:35:70:77:5c:
         24:43:15:93:74:e3:e3:b1:89:ea:11:9b:50:bb:00:55:35:1e:
         ca:de:1b:bc:0b:5c:f3:4d:f7:31:ca:52:43:4e:5c:56:9a:13:
         b1:60:8b:ab:01:ed:e2:85:22:94:01:aa:ae:23:4e:2b:0b:53:
         c4:a1:32:20:34:5d:c0:cc:8f:90:a2:9d:01:09:fd:0b:ac:9e:
         a9:8b:b9:ca:47:d2:bc:6a:c3:43:4c:32:80:ad:e9:a2:57:78:
         9d:81:5d:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ68ZS7fUMobmXY1jwJ9NFk8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Yjk1MzMwNzM0YzlhYWY2NmQxMWJjZDJiZWRkMzgwZjQx
MGY5M2YwHhcNMjYwNjEyMTUxMzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDA4Nzc2ZjJhZGIxYjlhOTMxNDdmYjBhZGU3YjM0YjI2MDljNTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiCmsmXb4JQYu17BO7WAoc3tWxdOH
QH8V8VFxT/EXl3mUPKYDeYVTbn827xYgdsyxoNdVbL6Nb6wadOEPygfKo/sE3+W7
bTWqHuA4EsXPqnmLYKAY3aLMuW/cfA5+oFCzoExRWtbdbdcnqTKBIgGXVEdT8u6C
v411xMz0dot1T2lhr4cPaJBtyBV5Ibql51azI/DdY/J1RxiBJTzW2T35upEXIxBn
uGvt2n7W7ZUir71nrSAydsA0W1Mr+gcC7XORmv8HAvr9NSNUv7l4yVOdX6gcoWlN
MbkvVhurvyCKpkeGnU0QjmY18XcU/DnWYI3NOsICVc0uNH0OEWmhjQY38QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMAId28q2xuakxR/sK3ns0smCcWEMB8GA1UdIwQY
MBaAFNS5UzBzTJqvZtEbzSvt04D0EPk/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYt
NDMwMTNiMjhkOWQ2LzEvd0FoM2J5cmJHNXFURkgtd3JlZXpTeVlKeFlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYtNDMwMTNiMjhkOWQ2
LzEvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAhPPNMA0G
CSqGSIb3DQEBCwUAA4IBAQBV9HdzdXoyQh4eS9b7hBKhxTpVrA1efJKdGggJcvD9
pl95fJ/NkeCDJmISmRwFY58Fc+zsXN9tkeAtuuAdoYtffZ4NXLw2byIZonw6nby1
QyUpsYyKLknakImKWF2p/PQw1ou94+GWx42vJOcwe4gPUNuHJFMk9+MXEiEQ5veN
Vee2bNFQxYFCCZNNsLmTt9gum+kZKQ7euekTET74dDVwd1wkQxWTdOPjsYnqEZtQ
uwBVNR7K3hu8C1zzTfcxylJDTlxWmhOxYIurAe3ihSKUAaquI04rC1PEoTIgNF3A
zI+Qop0BCf0LrJ6pi7nKR9K8asNDTDKAremiV3idgV0o
-----END CERTIFICATE-----