Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/03a70b-3bc6-4339-9e49-a83f914035b3/1/wbhecKf5tElmU6pJxZeFEX-8B14.roa
File:                     wbhecKf5tElmU6pJxZeFEX-8B14.roa (raw, json)
Hash identifier:          uWdSPOkD9foXKCetNGuI0zZsAl+SBEmOCVyqN6tkOzY=
Subject key identifier:   C1:B8:5E:70:A7:F9:B4:49:66:53:AA:49:C5:97:85:11:7F:BC:07:5E
Certificate issuer:       /CN=58bb8ee3a747ed8b578657cdd4737586f5fdb931
Certificate serial:       019C389F0AF5EF656084602AD895C940672F
Authority key identifier: 58:BB:8E:E3:A7:47:ED:8B:57:86:57:CD:D4:73:75:86:F5:FD:B9:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WLuO46dH7YtXhlfN1HN1hvX9uTE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/03a70b-3bc6-4339-9e49-a83f914035b3/1/wbhecKf5tElmU6pJxZeFEX-8B14.roa
Signing time:             Sat 07 Feb 2026 15:01:12 +0000
ROA not before:           Sat 07 Feb 2026 15:01:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57483
IP address blocks:        185.109.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/03a70b-3bc6-4339-9e49-a83f914035b3/1/WLuO46dH7YtXhlfN1HN1hvX9uTE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/03a70b-3bc6-4339-9e49-a83f914035b3/1/WLuO46dH7YtXhlfN1HN1hvX9uTE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WLuO46dH7YtXhlfN1HN1hvX9uTE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:38:9f:0a:f5:ef:65:60:84:60:2a:d8:95:c9:40:67:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58bb8ee3a747ed8b578657cdd4737586f5fdb931
        Validity
            Not Before: Feb  7 15:01:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c1b85e70a7f9b4496653aa49c59785117fbc075e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:58:6e:50:7f:42:4d:9f:25:98:c2:d0:c2:e6:
                    8e:f3:bf:0b:4f:77:49:ae:1a:ba:5e:0e:ec:b9:8f:
                    62:e7:02:aa:dd:02:7e:ab:90:87:4e:25:db:9d:ac:
                    21:e8:ee:d1:e5:bb:32:b1:e3:dd:c7:12:6d:ac:fd:
                    88:59:c7:cf:4d:6d:4a:b5:6f:d3:69:17:bb:33:22:
                    c3:e0:f3:8f:c8:c9:9f:81:04:93:9e:97:da:6f:81:
                    8a:cd:25:2a:15:20:6c:75:43:29:ee:14:72:e2:c1:
                    80:c2:9b:c0:42:5d:65:7d:4b:c5:26:75:f4:c7:5c:
                    a3:97:e8:95:a6:49:24:6d:89:88:11:79:fb:83:61:
                    7a:3c:c5:d0:8f:69:d3:22:71:93:20:7a:df:30:a0:
                    4e:75:b9:5e:5f:0b:cf:8e:c7:1e:f7:27:10:59:26:
                    3e:e4:c0:41:9c:77:13:28:10:8a:e6:30:52:32:a0:
                    dc:d1:f9:81:83:eb:5a:de:a0:46:9e:22:c5:15:6f:
                    0d:68:ce:30:92:ce:ff:6e:ed:fa:58:38:dd:ef:7c:
                    af:f0:8d:0b:70:40:e6:f0:67:8f:2b:b6:5a:d0:1c:
                    4e:67:ff:b3:70:7d:db:a2:ec:9a:bd:af:5a:5f:c1:
                    84:23:31:c4:8a:79:24:2b:17:33:98:c0:c2:76:d3:
                    79:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:B8:5E:70:A7:F9:B4:49:66:53:AA:49:C5:97:85:11:7F:BC:07:5E
            X509v3 Authority Key Identifier:
                keyid:58:BB:8E:E3:A7:47:ED:8B:57:86:57:CD:D4:73:75:86:F5:FD:B9:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WLuO46dH7YtXhlfN1HN1hvX9uTE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/03a70b-3bc6-4339-9e49-a83f914035b3/1/wbhecKf5tElmU6pJxZeFEX-8B14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/03a70b-3bc6-4339-9e49-a83f914035b3/1/WLuO46dH7YtXhlfN1HN1hvX9uTE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.109.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:79:19:34:b6:cf:59:18:d2:c5:14:5f:8e:15:0d:30:2b:a8:
         d3:18:4e:18:35:e2:3d:65:a5:47:ba:e6:9c:f7:96:c1:1a:9b:
         19:55:b7:05:4b:92:ae:c7:f3:9b:c6:6b:8c:66:5f:28:78:97:
         49:e9:83:9d:9f:e8:44:9a:d8:10:e3:84:96:2e:05:28:42:09:
         58:c8:60:b2:44:87:18:5c:45:e7:a9:e9:0d:33:fa:ae:78:df:
         40:3b:04:08:e7:ed:d6:9e:32:07:4b:4b:db:7e:2f:a8:31:03:
         f2:9f:38:97:44:57:83:65:9f:99:b0:e6:58:39:41:10:b9:15:
         ce:b6:86:69:89:aa:3f:8c:1a:7b:1c:81:78:5b:15:17:a2:64:
         50:e6:3e:e5:ac:c9:db:12:78:f2:ca:94:9a:69:7b:09:f3:15:
         82:c1:e1:a1:71:6d:59:b5:b8:6a:6b:80:39:82:bc:9c:de:a4:
         ed:8c:4c:1b:db:55:e6:79:12:d9:41:2d:07:db:7d:cc:2d:31:
         77:34:f9:2d:66:ef:ba:33:bf:77:19:5a:f4:24:7a:91:a9:68:
         40:95:6b:15:c4:a5:eb:50:31:ff:85:53:bb:4c:77:ca:91:0d:
         a3:ba:85:4b:52:08:31:68:26:30:d8:55:e9:de:d8:7e:4d:bd:
         38:24:46:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZw4nwr172VghGAq2JXJQGcvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YmI4ZWUzYTc0N2VkOGI1Nzg2NTdjZGQ0NzM3NTg2ZjVm
ZGI5MzEwHhcNMjYwMjA3MTUwMTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWI4NWU3MGE3ZjliNDQ5NjY1M2FhNDljNTk3ODUxMTdmYmMwNzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzFhuUH9CTZ8lmMLQwuaO878LT3dJ
rhq6Xg7suY9i5wKq3QJ+q5CHTiXbnawh6O7R5bsysePdxxJtrP2IWcfPTW1KtW/T
aRe7MyLD4POPyMmfgQSTnpfab4GKzSUqFSBsdUMp7hRy4sGAwpvAQl1lfUvFJnX0
x1yjl+iVpkkkbYmIEXn7g2F6PMXQj2nTInGTIHrfMKBOdbleXwvPjsce9ycQWSY+
5MBBnHcTKBCK5jBSMqDc0fmBg+ta3qBGniLFFW8NaM4wks7/bu36WDjd73yv8I0L
cEDm8GePK7Za0BxOZ/+zcH3bouyava9aX8GEIzHEinkkKxczmMDCdtN5CwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMG4XnCn+bRJZlOqScWXhRF/vAdeMB8GA1UdIwQY
MBaAFFi7juOnR+2LV4ZXzdRzdYb1/bkxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0x1TzQ2ZEg3WXRYaGxmTjFITjFodlg5dVRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi8wM2E3MGItM2JjNi00MzM5LTllNDkt
YTgzZjkxNDAzNWIzLzEvd2JoZWNLZjV0RWxtVTZwSnhaZUZFWC04QjE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi8wM2E3MGItM2JjNi00MzM5LTllNDktYTgzZjkxNDAzNWIz
LzEvV0x1TzQ2ZEg3WXRYaGxmTjFITjFodlg5dVRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuW2KMA0G
CSqGSIb3DQEBCwUAA4IBAQC0eRk0ts9ZGNLFFF+OFQ0wK6jTGE4YNeI9ZaVHuuac
95bBGpsZVbcFS5Kux/ObxmuMZl8oeJdJ6YOdn+hEmtgQ44SWLgUoQglYyGCyRIcY
XEXnqekNM/queN9AOwQI5+3WnjIHS0vbfi+oMQPynziXRFeDZZ+ZsOZYOUEQuRXO
toZpiao/jBp7HIF4WxUXomRQ5j7lrMnbEnjyypSaaXsJ8xWCweGhcW1Ztbhqa4A5
gryc3qTtjEwb21XmeRLZQS0H233MLTF3NPktZu+6M793GVr0JHqRqWhAlWsVxKXr
UDH/hVO7THfKkQ2juoVLUggxaCYw2FXp3th+Tb04JEZ+
-----END CERTIFICATE-----