Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/8e58db-3989-47e7-be04-7aa6ade1af07/1/w-zL9cm1eAuLHEkbGACu_Uty4Ws.roa
File:                     w-zL9cm1eAuLHEkbGACu_Uty4Ws.roa (raw, json)
Hash identifier:          4C8sJjkhX9FkHPcP/da4C31h5T/IA24CkXSEegBHM68=
Subject key identifier:   C3:EC:CB:F5:C9:B5:78:0B:8B:1C:49:1B:18:00:AE:FD:4B:72:E1:6B
Certificate issuer:       /CN=61f5fb83da455846ea641aa72111c5fc2c7c4683
Certificate serial:       019E8D8E3E4C64C5EFE6776D4E8612CF5675
Authority key identifier: 61:F5:FB:83:DA:45:58:46:EA:64:1A:A7:21:11:C5:FC:2C:7C:46:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YfX7g9pFWEbqZBqnIRHF_Cx8RoM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/8e58db-3989-47e7-be04-7aa6ade1af07/1/w-zL9cm1eAuLHEkbGACu_Uty4Ws.roa
Signing time:             Wed 03 Jun 2026 12:56:09 +0000
ROA not before:           Wed 03 Jun 2026 12:56:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6848
IP address blocks:        185.158.184.0/23 maxlen: 23
                          185.158.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/8e58db-3989-47e7-be04-7aa6ade1af07/1/YfX7g9pFWEbqZBqnIRHF_Cx8RoM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/8e58db-3989-47e7-be04-7aa6ade1af07/1/YfX7g9pFWEbqZBqnIRHF_Cx8RoM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YfX7g9pFWEbqZBqnIRHF_Cx8RoM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 10:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8d:8e:3e:4c:64:c5:ef:e6:77:6d:4e:86:12:cf:56:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61f5fb83da455846ea641aa72111c5fc2c7c4683
        Validity
            Not Before: Jun  3 12:56:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c3eccbf5c9b5780b8b1c491b1800aefd4b72e16b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:f7:32:db:df:4c:ea:42:56:cc:6c:6b:4b:1c:
                    50:ac:5e:ea:ae:5d:71:c8:65:0e:a4:06:4d:ae:84:
                    d9:b4:f2:70:5f:fe:23:a1:29:40:54:ab:1c:2d:2a:
                    0e:e9:97:bf:77:9a:e1:45:ce:b8:04:41:22:2c:17:
                    a9:5a:8b:da:b7:98:6b:cf:fc:b4:c2:d5:4f:63:2f:
                    59:2d:b0:fd:d4:fe:3b:1a:ee:33:d0:4a:07:ad:e3:
                    24:d5:52:50:4b:dc:c7:d4:8c:bb:95:a8:61:ae:6e:
                    bc:1b:c5:00:32:c4:01:d5:6d:60:1b:db:73:e9:c9:
                    f6:68:eb:11:fc:c0:4d:40:02:91:37:aa:3e:e7:31:
                    80:5e:60:54:89:1d:c9:e7:dc:2e:91:f2:aa:56:af:
                    f5:39:32:49:a1:55:ad:82:ca:aa:a9:13:39:76:b7:
                    e4:be:68:1f:f9:11:79:ba:ab:17:57:a6:7d:b3:ed:
                    ca:08:19:71:a5:1c:37:47:4b:10:e4:a1:dd:12:db:
                    ba:38:95:d4:be:1b:b6:66:4a:bf:43:fd:ea:13:26:
                    b6:cc:4a:4a:2a:64:ce:9c:4c:a3:5f:3d:21:46:e7:
                    eb:88:2f:3d:04:8d:c3:40:11:12:e3:20:f3:c6:a3:
                    37:2e:e0:80:59:c1:9f:93:c9:f4:1a:4d:97:b8:c5:
                    7e:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:EC:CB:F5:C9:B5:78:0B:8B:1C:49:1B:18:00:AE:FD:4B:72:E1:6B
            X509v3 Authority Key Identifier:
                keyid:61:F5:FB:83:DA:45:58:46:EA:64:1A:A7:21:11:C5:FC:2C:7C:46:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YfX7g9pFWEbqZBqnIRHF_Cx8RoM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/8e58db-3989-47e7-be04-7aa6ade1af07/1/w-zL9cm1eAuLHEkbGACu_Uty4Ws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/8e58db-3989-47e7-be04-7aa6ade1af07/1/YfX7g9pFWEbqZBqnIRHF_Cx8RoM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.158.184.0/23
                  185.158.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:b0:36:e8:2a:00:73:77:42:57:b7:3b:23:5a:61:cd:1d:8d:
         a2:40:a0:25:3e:d4:44:a7:0a:b5:4b:00:3c:86:77:ec:a9:97:
         9b:58:d2:9f:7e:85:79:c6:55:e7:53:05:ee:94:14:bc:dc:42:
         c8:21:30:5d:c3:34:a3:6d:03:c4:17:3c:d7:f1:2c:99:20:a7:
         a1:a1:24:a9:c5:93:8e:ea:3d:71:ce:78:b6:b0:89:67:52:4f:
         48:5f:1e:9c:b6:f6:24:0d:18:62:9c:1b:05:f1:ac:38:d9:b0:
         79:fb:33:9c:22:39:be:77:41:32:82:98:8b:65:b7:c8:ac:f7:
         6a:07:7b:ce:82:d3:b0:38:b8:b5:02:16:9c:9e:35:8e:7d:05:
         40:63:ff:95:b0:31:8a:73:7d:f6:d9:7d:bc:14:2b:47:3f:0b:
         af:88:b5:83:e6:4c:70:65:95:32:fa:0a:21:70:da:5b:a9:a4:
         a7:84:65:3a:e4:09:69:45:96:c0:41:62:81:9f:d0:c2:a0:f8:
         13:12:1d:32:2a:9a:c8:d9:14:77:41:c2:91:30:78:0a:5a:18:
         86:a6:c8:28:50:3e:7d:14:cc:65:e6:ff:81:fb:fb:10:21:00:
         d2:ab:78:63:30:e2:8a:94:99:85:14:23:26:b6:00:dd:f2:9e:
         a4:06:7f:c4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6Njj5MZMXv5ndtToYSz1Z1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxZjVmYjgzZGE0NTU4NDZlYTY0MWFhNzIxMTFjNWZjMmM3
YzQ2ODMwHhcNMjYwNjAzMTI1NjA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2VjY2JmNWM5YjU3ODBiOGIxYzQ5MWIxODAwYWVmZDRiNzJlMTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkfcy299M6kJWzGxrSxxQrF7qrl1x
yGUOpAZNroTZtPJwX/4joSlAVKscLSoO6Ze/d5rhRc64BEEiLBepWovat5hrz/y0
wtVPYy9ZLbD91P47Gu4z0EoHreMk1VJQS9zH1Iy7lahhrm68G8UAMsQB1W1gG9tz
6cn2aOsR/MBNQAKRN6o+5zGAXmBUiR3J59wukfKqVq/1OTJJoVWtgsqqqRM5drfk
vmgf+RF5uqsXV6Z9s+3KCBlxpRw3R0sQ5KHdEtu6OJXUvhu2Zkq/Q/3qEya2zEpK
KmTOnEyjXz0hRufriC89BI3DQBES4yDzxqM3LuCAWcGfk8n0Gk2XuMV+iwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMPsy/XJtXgLixxJGxgArv1LcuFrMB8GA1UdIwQY
MBaAFGH1+4PaRVhG6mQapyERxfwsfEaDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWZYN2c5cEZXRWJxWkJxbklSSEZfQ3g4Um9NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi84ZTU4ZGItMzk4OS00N2U3LWJlMDQt
N2FhNmFkZTFhZjA3LzEvdy16TDljbTFlQXVMSEVrYkdBQ3VfVXR5NFdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi84ZTU4ZGItMzk4OS00N2U3LWJlMDQtN2FhNmFkZTFhZjA3
LzEvWWZYN2c5cEZXRWJxWkJxbklSSEZfQ3g4Um9NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuZ64AwQA
uZ67MA0GCSqGSIb3DQEBCwUAA4IBAQAjsDboKgBzd0JXtzsjWmHNHY2iQKAlPtRE
pwq1SwA8hnfsqZebWNKffoV5xlXnUwXulBS83ELIITBdwzSjbQPEFzzX8SyZIKeh
oSSpxZOO6j1xzni2sIlnUk9IXx6ctvYkDRhinBsF8aw42bB5+zOcIjm+d0EygpiL
ZbfIrPdqB3vOgtOwOLi1AhacnjWOfQVAY/+VsDGKc3322X28FCtHPwuviLWD5kxw
ZZUy+gohcNpbqaSnhGU65AlpRZbAQWKBn9DCoPgTEh0yKprI2RR3QcKRMHgKWhiG
psgoUD59FMxl5v+B+/sQIQDSq3hjMOKKlJmFFCMmtgDd8p6kBn/E
-----END CERTIFICATE-----