Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/2WGl8G8pi8oMegi8RKRiyyTcfBY.roa
File:                     2WGl8G8pi8oMegi8RKRiyyTcfBY.roa (raw, json)
Hash identifier:          eFPA6RWwauuX6BAg0wBN5keK8VZL6vRlLkve+VSJ0ZE=
Subject key identifier:   D9:61:A5:F0:6F:29:8B:CA:0C:7A:08:BC:44:A4:62:CB:24:DC:7C:16
Certificate issuer:       /CN=dee623e2aff7b03afeb94260348c1633b54d9056
Certificate serial:       019D71AA018ABFCEC792DEB862E363BA7D4A
Authority key identifier: DE:E6:23:E2:AF:F7:B0:3A:FE:B9:42:60:34:8C:16:33:B5:4D:90:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/2WGl8G8pi8oMegi8RKRiyyTcfBY.roa
Signing time:             Thu 09 Apr 2026 09:54:20 +0000
ROA not before:           Thu 09 Apr 2026 09:54:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210021
IP address blocks:        194.127.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 15:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:71:aa:01:8a:bf:ce:c7:92:de:b8:62:e3:63:ba:7d:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dee623e2aff7b03afeb94260348c1633b54d9056
        Validity
            Not Before: Apr  9 09:54:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d961a5f06f298bca0c7a08bc44a462cb24dc7c16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:c9:3b:ba:07:48:8b:85:71:01:c0:eb:01:0e:
                    c1:59:d4:00:4b:4a:20:63:b9:e2:1a:c9:51:f3:4b:
                    d9:cd:1a:04:c8:93:d0:87:16:d1:5b:f2:c7:6a:a8:
                    5e:1b:5c:32:57:1e:7f:34:44:e5:09:33:fb:e0:e3:
                    97:10:3e:79:c9:77:9c:d9:a5:9a:42:40:17:7f:a7:
                    27:9c:ac:0b:33:35:5d:f3:19:67:33:bb:ac:17:1d:
                    3e:1d:a9:40:27:b0:e2:ab:31:56:13:be:d0:62:36:
                    53:fb:eb:3a:e2:89:02:aa:6e:ef:38:71:38:d6:60:
                    26:ee:28:f8:e2:49:99:57:72:01:67:be:5a:1f:29:
                    71:84:6f:4b:65:96:41:fb:10:9d:3d:6a:f1:05:26:
                    cc:7c:e9:44:e0:bc:09:b2:4b:4b:a3:3c:09:cf:74:
                    d8:c8:45:13:fb:e7:73:d8:97:4a:0b:4e:44:db:78:
                    75:17:d7:a0:23:c7:af:13:97:5d:85:0c:76:3d:9b:
                    be:eb:94:c1:28:d6:56:d1:1b:eb:97:5c:bc:59:24:
                    f3:81:47:85:b2:c9:6d:06:cc:99:f5:3d:af:bf:df:
                    d9:95:f1:a1:85:8c:c9:ba:cf:7b:9a:fb:da:fa:ab:
                    be:f6:4c:dc:95:a2:8a:58:79:12:bc:e5:97:35:8d:
                    68:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:61:A5:F0:6F:29:8B:CA:0C:7A:08:BC:44:A4:62:CB:24:DC:7C:16
            X509v3 Authority Key Identifier:
                keyid:DE:E6:23:E2:AF:F7:B0:3A:FE:B9:42:60:34:8C:16:33:B5:4D:90:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3uYj4q_3sDr-uUJgNIwWM7VNkFY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/2WGl8G8pi8oMegi8RKRiyyTcfBY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9871ff-3f26-4b94-a464-6cc1d3ea832e/1/3uYj4q_3sDr-uUJgNIwWM7VNkFY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:1c:2a:d5:74:c0:a6:87:c6:18:ae:71:f7:dc:83:43:d8:d4:
         47:99:51:ef:0e:26:ce:6c:d5:4d:33:b8:43:c8:6f:ec:c1:ca:
         74:4d:08:c3:82:26:fa:ab:84:a0:23:21:0e:67:6e:bd:c8:da:
         25:b4:10:47:e8:85:73:04:11:13:c8:fe:38:8d:ff:07:98:41:
         5a:ff:ef:c2:25:9a:30:e4:b7:fa:a2:8c:6c:d3:80:07:68:31:
         9b:a7:01:e8:2f:c8:80:2b:1a:75:55:08:69:bf:c2:3f:98:19:
         af:91:42:1a:6f:21:af:49:10:64:44:e8:d0:68:4f:b1:48:d9:
         b8:81:7d:f8:f2:26:01:9e:d2:4b:f6:f3:fd:50:a2:bf:7c:0c:
         e7:11:d7:15:d6:0d:4c:4e:43:2e:7d:78:c2:17:6c:aa:47:b9:
         e2:ae:17:f5:b0:0e:62:52:1b:75:1c:1c:94:fd:2d:e3:e7:c3:
         48:15:85:82:48:d0:a2:29:4e:bb:c1:87:19:20:30:91:93:ec:
         80:ef:1f:87:12:e0:97:f2:5a:0c:14:88:02:8c:60:38:ef:4a:
         a8:28:8f:30:9b:04:22:1e:c0:7f:c3:e4:9b:c6:b0:9d:98:bb:
         0e:7d:05:da:21:fe:ab:78:70:d4:0f:6b:f7:89:76:e8:df:73:
         79:5a:9f:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1xqgGKv87Hkt64YuNjun1KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlZTYyM2UyYWZmN2IwM2FmZWI5NDI2MDM0OGMxNjMzYjU0
ZDkwNTYwHhcNMjYwNDA5MDk1NDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTYxYTVmMDZmMjk4YmNhMGM3YTA4YmM0NGE0NjJjYjI0ZGM3YzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9ck7ugdIi4VxAcDrAQ7BWdQAS0og
Y7niGslR80vZzRoEyJPQhxbRW/LHaqheG1wyVx5/NETlCTP74OOXED55yXec2aWa
QkAXf6cnnKwLMzVd8xlnM7usFx0+HalAJ7DiqzFWE77QYjZT++s64okCqm7vOHE4
1mAm7ij44kmZV3IBZ75aHylxhG9LZZZB+xCdPWrxBSbMfOlE4LwJsktLozwJz3TY
yEUT++dz2JdKC05E23h1F9egI8evE5ddhQx2PZu+65TBKNZW0Rvrl1y8WSTzgUeF
ssltBsyZ9T2vv9/ZlfGhhYzJus97mvva+qu+9kzclaKKWHkSvOWXNY1oEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNlhpfBvKYvKDHoIvESkYssk3HwWMB8GA1UdIwQY
MBaAFN7mI+Kv97A6/rlCYDSMFjO1TZBWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3VZajRxXzNzRHItdVVKZ05Jd1dNN1ZOa0ZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85ODcxZmYtM2YyNi00Yjk0LWE0NjQt
NmNjMWQzZWE4MzJlLzEvMldHbDhHOHBpOG9NZWdpOFJLUml5eVRjZkJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85ODcxZmYtM2YyNi00Yjk0LWE0NjQtNmNjMWQzZWE4MzJl
LzEvM3VZajRxXzNzRHItdVVKZ05Jd1dNN1ZOa0ZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn9vMA0G
CSqGSIb3DQEBCwUAA4IBAQAjHCrVdMCmh8YYrnH33IND2NRHmVHvDibObNVNM7hD
yG/swcp0TQjDgib6q4SgIyEOZ269yNoltBBH6IVzBBETyP44jf8HmEFa/+/CJZow
5Lf6ooxs04AHaDGbpwHoL8iAKxp1VQhpv8I/mBmvkUIabyGvSRBkROjQaE+xSNm4
gX348iYBntJL9vP9UKK/fAznEdcV1g1MTkMufXjCF2yqR7nirhf1sA5iUht1HByU
/S3j58NIFYWCSNCiKU67wYcZIDCRk+yA7x+HEuCX8loMFIgCjGA470qoKI8wmwQi
HsB/w+SbxrCdmLsOfQXaIf6reHDUD2v3iXbo33N5Wp+K
-----END CERTIFICATE-----