Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/6eb85e-bbb0-4da7-a4e0-d2ea6004d553/1/WMPWbERH9P2n3niPjWrFvgxXnog.roa
File:                     WMPWbERH9P2n3niPjWrFvgxXnog.roa (raw, json)
Hash identifier:          wqaHkXlpMy/p6v+U45zXhhU2rWewv6uSFHA6UjESriQ=
Subject key identifier:   58:C3:D6:6C:44:47:F4:FD:A7:DE:78:8F:8D:6A:C5:BE:0C:57:9E:88
Certificate issuer:       /CN=0ca71ff956ab8f8f7e7f59d409ac7af7a2b0a864
Certificate serial:       019B7C7FFB714F96C915D3FD0E17B78A72C8
Authority key identifier: 0C:A7:1F:F9:56:AB:8F:8F:7E:7F:59:D4:09:AC:7A:F7:A2:B0:A8:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DKcf-Varj49-f1nUCax696KwqGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/6eb85e-bbb0-4da7-a4e0-d2ea6004d553/1/WMPWbERH9P2n3niPjWrFvgxXnog.roa
Signing time:             Fri 02 Jan 2026 02:18:40 +0000
ROA not before:           Fri 02 Jan 2026 02:18:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208207
IP address blocks:        193.151.229.0/24 maxlen: 24
                          2001:67c:27f4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/6eb85e-bbb0-4da7-a4e0-d2ea6004d553/1/DKcf-Varj49-f1nUCax696KwqGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/6eb85e-bbb0-4da7-a4e0-d2ea6004d553/1/DKcf-Varj49-f1nUCax696KwqGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DKcf-Varj49-f1nUCax696KwqGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 08:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:fb:71:4f:96:c9:15:d3:fd:0e:17:b7:8a:72:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ca71ff956ab8f8f7e7f59d409ac7af7a2b0a864
        Validity
            Not Before: Jan  2 02:18:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=58c3d66c4447f4fda7de788f8d6ac5be0c579e88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:da:62:65:b7:27:1a:46:9a:54:33:f0:c2:9a:
                    25:c4:f8:59:95:e4:b1:a6:12:a8:a2:b7:76:77:7d:
                    ce:0d:e1:bc:1a:66:e3:01:6b:f3:6f:ff:29:81:23:
                    f5:be:79:61:01:67:dd:cb:c2:1a:b7:10:4d:f0:cf:
                    70:5f:8e:64:77:b4:0a:86:74:95:93:b3:66:2d:4f:
                    a4:f9:a5:01:3b:8e:d8:a4:1b:05:0b:4d:d2:c2:66:
                    db:70:ec:f6:ea:a5:eb:84:ed:1d:c8:39:3b:79:6c:
                    5b:6e:0f:0b:e1:4a:82:33:e5:be:f6:3b:a1:0f:81:
                    bc:3e:7a:c4:93:98:dc:5a:ea:f4:af:d3:b6:57:ce:
                    5d:23:29:5b:37:ea:59:50:f9:69:00:d7:f6:d4:65:
                    81:c4:e0:83:e7:4f:fa:f7:21:c6:fe:52:7c:15:36:
                    88:c3:b0:6a:bc:11:f3:cf:ea:eb:2f:ac:38:26:eb:
                    bd:96:33:25:a9:fb:2b:65:a8:cd:ac:72:cd:4b:14:
                    71:4c:62:65:08:0a:94:de:7f:b9:75:73:fe:ac:00:
                    2c:fb:3c:33:4a:ef:3f:cb:8d:10:44:63:11:a8:d9:
                    48:27:75:82:5b:66:bf:cc:d9:9f:b5:84:ea:f5:4a:
                    06:51:12:b8:f9:3d:60:a0:e7:7f:f4:8e:2d:bd:b5:
                    e3:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:C3:D6:6C:44:47:F4:FD:A7:DE:78:8F:8D:6A:C5:BE:0C:57:9E:88
            X509v3 Authority Key Identifier:
                keyid:0C:A7:1F:F9:56:AB:8F:8F:7E:7F:59:D4:09:AC:7A:F7:A2:B0:A8:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DKcf-Varj49-f1nUCax696KwqGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/6eb85e-bbb0-4da7-a4e0-d2ea6004d553/1/WMPWbERH9P2n3niPjWrFvgxXnog.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/6eb85e-bbb0-4da7-a4e0-d2ea6004d553/1/DKcf-Varj49-f1nUCax696KwqGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.151.229.0/24
                IPv6:
                  2001:67c:27f4::/48

    Signature Algorithm: sha256WithRSAEncryption
         c6:57:cb:76:48:31:95:08:d9:26:5e:17:7e:ea:cc:6d:57:c1:
         65:a7:44:33:03:bd:00:73:f2:79:b0:d5:cd:4b:5c:ca:52:ad:
         4e:5a:5e:4f:12:83:46:6b:e3:6f:ca:3f:f1:76:0c:aa:a3:39:
         8c:21:36:df:68:f4:28:7e:51:74:8b:15:93:e6:1b:47:c1:27:
         70:15:6f:6f:91:27:d8:40:05:a1:aa:6b:27:4e:64:6e:cc:bc:
         d5:51:cc:a9:ec:8a:8f:bf:a6:36:45:5d:09:14:5c:6f:e7:6f:
         b6:38:1d:bd:8f:9b:9f:b7:8e:8e:5f:37:09:04:63:68:38:d5:
         98:05:f8:24:0c:7b:d9:d1:96:28:2b:5e:5d:a3:6c:72:05:81:
         7c:01:06:59:d3:30:fa:67:4d:f7:11:09:96:2d:10:bd:7b:b4:
         d1:aa:6d:1e:12:32:f5:ca:f2:f3:34:49:c2:17:9c:81:ba:43:
         c4:78:f0:83:98:80:a6:64:08:68:6d:a7:0d:54:ec:1b:88:b1:
         f9:f1:83:4c:08:f7:04:a5:4f:26:52:9e:db:53:a1:88:d8:93:
         fe:7d:e9:33:7d:83:10:a8:25:bb:df:ea:e9:72:52:7b:77:0b:
         0e:46:28:55:1a:9f:ab:04:3b:cf:af:63:01:1c:bd:69:39:4f:
         23:2f:cb:fb
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZt8f/txT5bJFdP9Dhe3inLIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjYTcxZmY5NTZhYjhmOGY3ZTdmNTlkNDA5YWM3YWY3YTJi
MGE4NjQwHhcNMjYwMTAyMDIxODQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGMzZDY2YzQ0NDdmNGZkYTdkZTc4OGY4ZDZhYzViZTBjNTc5ZTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtdpiZbcnGkaaVDPwwpolxPhZleSx
phKoord2d33ODeG8GmbjAWvzb/8pgSP1vnlhAWfdy8IatxBN8M9wX45kd7QKhnSV
k7NmLU+k+aUBO47YpBsFC03SwmbbcOz26qXrhO0dyDk7eWxbbg8L4UqCM+W+9juh
D4G8PnrEk5jcWur0r9O2V85dIylbN+pZUPlpANf21GWBxOCD50/69yHG/lJ8FTaI
w7BqvBHzz+rrL6w4Juu9ljMlqfsrZajNrHLNSxRxTGJlCAqU3n+5dXP+rAAs+zwz
Su8/y40QRGMRqNlIJ3WCW2a/zNmftYTq9UoGURK4+T1goOd/9I4tvbXj1QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFjD1mxER/T9p954j41qxb4MV56IMB8GA1UdIwQY
MBaAFAynH/lWq4+Pfn9Z1AmseveisKhkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREtjZi1WYXJqNDktZjFuVUNheDY5Nkt3cUdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC82ZWI4NWUtYmJiMC00ZGE3LWE0ZTAt
ZDJlYTYwMDRkNTUzLzEvV01QV2JFUkg5UDJuM25pUGpXckZ2Z3hYbm9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC82ZWI4NWUtYmJiMC00ZGE3LWE0ZTAtZDJlYTYwMDRkNTUz
LzEvREtjZi1WYXJqNDktZjFuVUNheDY5Nkt3cUdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwZflMA8E
AgACMAkDBwAgAQZ8J/QwDQYJKoZIhvcNAQELBQADggEBAMZXy3ZIMZUI2SZeF37q
zG1XwWWnRDMDvQBz8nmw1c1LXMpSrU5aXk8Sg0Zr42/KP/F2DKqjOYwhNt9o9Ch+
UXSLFZPmG0fBJ3AVb2+RJ9hABaGqaydOZG7MvNVRzKnsio+/pjZFXQkUXG/nb7Y4
Hb2Pm5+3jo5fNwkEY2g41ZgF+CQMe9nRligrXl2jbHIFgXwBBlnTMPpnTfcRCZYt
EL17tNGqbR4SMvXK8vM0ScIXnIG6Q8R48IOYgKZkCGhtpw1U7BuIsfnxg0wI9wSl
TyZSnttToYjYk/596TN9gxCoJbvf6ulyUnt3Cw5GKFUan6sEO8+vYwEcvWk5TyMv
y/s=
-----END CERTIFICATE-----