Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/9479ca-3db5-4f62-8e23-730b17f069ab/1/W8EXtY-krtG948bMW6fNLmFvObQ.roa
File:                     W8EXtY-krtG948bMW6fNLmFvObQ.roa (raw, json)
Hash identifier:          /Mw8ZZAkQ7Cam52nmslN8jl5Gh3RIhYdhuibTCP4pNc=
Subject key identifier:   5B:C1:17:B5:8F:A4:AE:D1:BD:E3:C6:CC:5B:A7:CD:2E:61:6F:39:B4
Certificate issuer:       /CN=3246795ad68a6badd5afcb6ba4653e9c090fc85a
Certificate serial:       019B76EAD646F13F40DD1463F74232B7DFEC
Authority key identifier: 32:46:79:5A:D6:8A:6B:AD:D5:AF:CB:6B:A4:65:3E:9C:09:0F:C8:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MkZ5WtaKa63Vr8trpGU-nAkPyFo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/9479ca-3db5-4f62-8e23-730b17f069ab/1/W8EXtY-krtG948bMW6fNLmFvObQ.roa
Signing time:             Thu 01 Jan 2026 00:17:40 +0000
ROA not before:           Thu 01 Jan 2026 00:17:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49388
IP address blocks:        188.94.8.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/9479ca-3db5-4f62-8e23-730b17f069ab/1/MkZ5WtaKa63Vr8trpGU-nAkPyFo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/9479ca-3db5-4f62-8e23-730b17f069ab/1/MkZ5WtaKa63Vr8trpGU-nAkPyFo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MkZ5WtaKa63Vr8trpGU-nAkPyFo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:d6:46:f1:3f:40:dd:14:63:f7:42:32:b7:df:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3246795ad68a6badd5afcb6ba4653e9c090fc85a
        Validity
            Not Before: Jan  1 00:17:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5bc117b58fa4aed1bde3c6cc5ba7cd2e616f39b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:6c:8d:5d:56:fd:76:3f:17:ae:f5:7d:3f:f2:
                    c2:ce:b4:1b:9a:9b:3d:f0:db:c6:c9:cf:1a:63:cc:
                    8e:6a:c7:57:d9:b2:a4:60:48:0a:9f:3d:26:af:58:
                    84:fb:96:6b:66:4c:e2:be:33:01:21:99:a2:5d:b6:
                    e9:d4:0f:0d:c7:c5:21:43:9a:3e:c2:66:df:fe:e9:
                    c4:36:ec:5a:c4:3b:15:01:d9:5f:f8:8b:1a:bb:20:
                    35:e9:c3:0a:c7:12:08:60:21:70:7d:27:6d:5f:8d:
                    63:4e:e2:af:5f:7f:12:cd:cc:28:5c:1c:ba:30:66:
                    0d:09:04:66:14:28:2b:d9:0a:3e:7b:e6:37:7e:0b:
                    4c:92:e0:3a:fe:25:b0:93:39:52:b6:34:f8:ed:72:
                    56:12:3b:6c:99:ac:9e:06:82:4c:bd:c4:3a:aa:21:
                    e2:24:7f:53:7a:79:b2:c0:d9:b4:2a:47:6e:44:55:
                    78:60:b4:b5:2f:5a:3d:10:37:d9:a8:ef:23:88:62:
                    60:0c:f6:2d:fb:92:b8:11:90:fd:ff:cd:6d:de:51:
                    6e:dd:92:1c:6d:aa:46:84:90:5f:99:ae:99:c4:2e:
                    32:6a:0d:0a:a4:4b:09:50:7a:c2:57:a5:0b:36:e9:
                    4a:bb:0c:79:76:06:d3:e5:d2:7c:75:7d:c2:8b:f9:
                    aa:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:C1:17:B5:8F:A4:AE:D1:BD:E3:C6:CC:5B:A7:CD:2E:61:6F:39:B4
            X509v3 Authority Key Identifier:
                keyid:32:46:79:5A:D6:8A:6B:AD:D5:AF:CB:6B:A4:65:3E:9C:09:0F:C8:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MkZ5WtaKa63Vr8trpGU-nAkPyFo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/9479ca-3db5-4f62-8e23-730b17f069ab/1/W8EXtY-krtG948bMW6fNLmFvObQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/9479ca-3db5-4f62-8e23-730b17f069ab/1/MkZ5WtaKa63Vr8trpGU-nAkPyFo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.94.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         04:6a:ce:15:f8:3b:1f:ad:c2:ed:96:d9:70:de:42:56:ab:59:
         38:8c:da:1b:c5:4e:14:44:b6:06:1e:aa:05:58:12:b7:4d:50:
         47:25:43:fc:33:73:51:48:2e:f9:b8:c0:4b:99:77:c1:3e:cc:
         dd:a5:cb:2d:77:c6:ca:9f:35:1a:0d:4e:81:92:70:3c:fd:54:
         86:92:ce:c9:e3:04:84:9f:d9:7e:e9:91:40:f6:c3:ca:97:4c:
         92:6c:9e:19:01:52:6c:b1:77:fc:a6:02:76:a9:a6:3c:0a:d4:
         fb:27:47:8f:95:7c:3c:ad:0e:2b:58:b0:dc:bb:2b:23:77:7c:
         06:8d:24:d5:a8:0c:40:9e:83:07:d4:91:72:73:44:1e:7e:ad:
         5c:cb:9b:5f:15:a9:12:92:6a:2a:bf:e1:07:b6:39:39:f1:7f:
         87:06:3b:93:73:72:9d:6f:0d:2e:6a:0e:f2:8f:1b:46:36:51:
         63:74:83:ec:27:d7:cf:73:6d:66:e0:5b:b3:23:00:0e:53:59:
         15:ea:ee:f9:43:af:9a:2c:7e:ae:07:fa:49:bb:08:2d:9d:3b:
         4a:47:cd:d6:51:b5:43:84:84:f7:fd:d6:b9:07:f4:0b:9d:2d:
         64:5a:cf:b5:74:49:0e:6c:37:c4:98:65:aa:7c:c8:51:12:54:
         dd:09:a0:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26tZG8T9A3RRj90Iyt9/sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNDY3OTVhZDY4YTZiYWRkNWFmY2I2YmE0NjUzZTljMDkw
ZmM4NWEwHhcNMjYwMTAxMDAxNzQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmMxMTdiNThmYTRhZWQxYmRlM2M2Y2M1YmE3Y2QyZTYxNmYzOWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2yNXVb9dj8XrvV9P/LCzrQbmps9
8NvGyc8aY8yOasdX2bKkYEgKnz0mr1iE+5ZrZkzivjMBIZmiXbbp1A8Nx8UhQ5o+
wmbf/unENuxaxDsVAdlf+IsauyA16cMKxxIIYCFwfSdtX41jTuKvX38SzcwoXBy6
MGYNCQRmFCgr2Qo+e+Y3fgtMkuA6/iWwkzlStjT47XJWEjtsmayeBoJMvcQ6qiHi
JH9TenmywNm0KkduRFV4YLS1L1o9EDfZqO8jiGJgDPYt+5K4EZD9/81t3lFu3ZIc
bapGhJBfma6ZxC4yag0KpEsJUHrCV6ULNulKuwx5dgbT5dJ8dX3Ci/mqpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFvBF7WPpK7RvePGzFunzS5hbzm0MB8GA1UdIwQY
MBaAFDJGeVrWimut1a/La6RlPpwJD8haMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWtaNVd0YUthNjNWcjh0cnBHVS1uQWtQeUZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC85NDc5Y2EtM2RiNS00ZjYyLThlMjMt
NzMwYjE3ZjA2OWFiLzEvVzhFWHRZLWtydEc5NDhiTVc2Zk5MbUZ2T2JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC85NDc5Y2EtM2RiNS00ZjYyLThlMjMtNzMwYjE3ZjA2OWFi
LzEvTWtaNVd0YUthNjNWcjh0cnBHVS1uQWtQeUZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDvF4IMA0G
CSqGSIb3DQEBCwUAA4IBAQAEas4V+DsfrcLtltlw3kJWq1k4jNobxU4URLYGHqoF
WBK3TVBHJUP8M3NRSC75uMBLmXfBPszdpcstd8bKnzUaDU6BknA8/VSGks7J4wSE
n9l+6ZFA9sPKl0ySbJ4ZAVJssXf8pgJ2qaY8CtT7J0ePlXw8rQ4rWLDcuysjd3wG
jSTVqAxAnoMH1JFyc0Qefq1cy5tfFakSkmoqv+EHtjk58X+HBjuTc3Kdbw0uag7y
jxtGNlFjdIPsJ9fPc21m4FuzIwAOU1kV6u75Q6+aLH6uB/pJuwgtnTtKR83WUbVD
hIT3/da5B/QLnS1kWs+1dEkObDfEmGWqfMhRElTdCaDe
-----END CERTIFICATE-----