Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/7494bf-8acd-4e43-86ce-e7c8cf3af5de/1/5sTdJeQvv6vdlppaT-0bRjKtxg8.roa
File:                     5sTdJeQvv6vdlppaT-0bRjKtxg8.roa (raw, json)
Hash identifier:          b/QRqgkGgU7MnJZfBiHqIddmWZWJFgjkkxrAF3+M/Ns=
Subject key identifier:   E6:C4:DD:25:E4:2F:BF:AB:DD:96:9A:5A:4F:ED:1B:46:32:AD:C6:0F
Certificate issuer:       /CN=e1477072b91af5c3f3bfe69743243e7cda3ae879
Certificate serial:       019D0499507BF4224B72EEA12DC45BA017DD
Authority key identifier: E1:47:70:72:B9:1A:F5:C3:F3:BF:E6:97:43:24:3E:7C:DA:3A:E8:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4Udwcrka9cPzv-aXQyQ-fNo66Hk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/7494bf-8acd-4e43-86ce-e7c8cf3af5de/1/5sTdJeQvv6vdlppaT-0bRjKtxg8.roa
Signing time:             Thu 19 Mar 2026 05:37:29 +0000
ROA not before:           Thu 19 Mar 2026 05:37:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     137517
IP address blocks:        185.145.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/7494bf-8acd-4e43-86ce-e7c8cf3af5de/1/4Udwcrka9cPzv-aXQyQ-fNo66Hk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/7494bf-8acd-4e43-86ce-e7c8cf3af5de/1/4Udwcrka9cPzv-aXQyQ-fNo66Hk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4Udwcrka9cPzv-aXQyQ-fNo66Hk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:04:99:50:7b:f4:22:4b:72:ee:a1:2d:c4:5b:a0:17:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1477072b91af5c3f3bfe69743243e7cda3ae879
        Validity
            Not Before: Mar 19 05:37:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e6c4dd25e42fbfabdd969a5a4fed1b4632adc60f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:0c:f7:80:4f:68:d6:f2:62:89:22:fe:b7:9f:
                    d7:73:6a:05:d9:72:31:9a:ec:79:78:61:ff:e8:78:
                    6e:1d:7f:ea:87:d2:fa:83:ad:3c:d1:42:4f:31:89:
                    35:0a:4d:0a:dc:43:d6:89:6d:0a:ee:fe:6d:79:6d:
                    7b:c0:2c:83:7f:27:fb:fd:fa:f9:21:e8:ca:a5:74:
                    96:d4:3f:a2:71:ac:2b:ea:bf:e8:c8:00:e2:f9:95:
                    54:e8:39:99:5a:39:6a:11:ce:be:db:30:5c:00:db:
                    1f:95:dc:a8:97:99:6e:2b:b9:63:6c:d9:bb:be:d7:
                    23:da:d3:af:5a:be:2d:6e:03:f8:da:69:88:91:8f:
                    76:9d:0c:c6:be:54:3c:d4:08:aa:b3:d9:81:cb:38:
                    cb:ed:01:36:67:32:be:21:51:40:4e:bb:ee:e7:65:
                    7b:13:c3:0c:39:fe:ed:f3:3c:a6:a3:f1:25:e4:c2:
                    dd:a5:a9:eb:44:b7:8f:c5:32:23:27:c7:f1:bc:05:
                    b8:fb:a6:36:16:2c:55:57:73:b4:f3:4d:1d:3a:8b:
                    2a:1b:ff:c5:dc:79:fe:3f:f9:8f:6d:22:79:b2:e2:
                    9b:a7:bb:f9:89:f5:1e:65:93:b7:d7:43:1f:4a:64:
                    d6:17:f9:c0:66:ef:69:1c:c4:fe:99:a3:d4:ff:fa:
                    e4:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:C4:DD:25:E4:2F:BF:AB:DD:96:9A:5A:4F:ED:1B:46:32:AD:C6:0F
            X509v3 Authority Key Identifier:
                keyid:E1:47:70:72:B9:1A:F5:C3:F3:BF:E6:97:43:24:3E:7C:DA:3A:E8:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4Udwcrka9cPzv-aXQyQ-fNo66Hk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/7494bf-8acd-4e43-86ce-e7c8cf3af5de/1/5sTdJeQvv6vdlppaT-0bRjKtxg8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/7494bf-8acd-4e43-86ce-e7c8cf3af5de/1/4Udwcrka9cPzv-aXQyQ-fNo66Hk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.145.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:44:b3:92:75:64:84:af:e9:b0:fd:39:a9:c0:c5:c0:60:1b:
         d2:8b:ed:60:43:30:94:b6:93:b7:c1:2c:72:08:13:be:44:08:
         82:f0:47:d8:ca:79:b2:43:62:41:92:86:8d:f7:46:2f:07:f0:
         e9:96:9e:cc:d1:88:1c:ea:82:0d:f0:c7:be:30:92:7d:fc:cb:
         59:51:e3:c2:43:e3:bd:82:b1:68:dc:11:68:37:8a:b8:38:9a:
         ea:01:79:cd:97:5f:e8:30:b0:e1:eb:55:99:d7:c0:7f:0d:e6:
         4f:f3:12:57:2a:58:dd:ae:09:28:5c:0d:34:4a:d4:b7:d1:5c:
         d6:0d:f5:d4:9a:3f:58:c9:ea:ab:86:07:80:04:9c:3a:52:51:
         23:09:da:1c:b2:1b:d4:95:7c:b4:5a:56:67:d1:60:c4:ee:28:
         5a:2a:2e:5d:0c:65:94:d7:fc:82:78:53:3a:06:c3:f4:71:0d:
         fe:c2:6b:cd:d7:09:72:9b:af:4a:61:10:40:68:d8:06:f8:a9:
         ec:19:18:16:dd:7c:4f:2d:19:b5:bb:dd:86:b3:c3:00:a7:0e:
         67:2b:74:05:49:8b:b0:50:96:78:a5:83:a3:39:32:6f:c7:a1:
         71:2b:38:1b:0d:ea:d4:ca:80:24:d9:b2:91:af:46:06:18:ec:
         2b:90:2a:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0EmVB79CJLcu6hLcRboBfdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNDc3MDcyYjkxYWY1YzNmM2JmZTY5NzQzMjQzZTdjZGEz
YWU4NzkwHhcNMjYwMzE5MDUzNzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmM0ZGQyNWU0MmZiZmFiZGQ5NjlhNWE0ZmVkMWI0NjMyYWRjNjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuQz3gE9o1vJiiSL+t5/Xc2oF2XIx
mux5eGH/6HhuHX/qh9L6g6080UJPMYk1Ck0K3EPWiW0K7v5teW17wCyDfyf7/fr5
IejKpXSW1D+icawr6r/oyADi+ZVU6DmZWjlqEc6+2zBcANsfldyol5luK7ljbNm7
vtcj2tOvWr4tbgP42mmIkY92nQzGvlQ81Aiqs9mByzjL7QE2ZzK+IVFATrvu52V7
E8MMOf7t8zymo/El5MLdpanrRLePxTIjJ8fxvAW4+6Y2FixVV3O0800dOosqG//F
3Hn+P/mPbSJ5suKbp7v5ifUeZZO310MfSmTWF/nAZu9pHMT+maPU//rkFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFObE3SXkL7+r3ZaaWk/tG0YyrcYPMB8GA1UdIwQY
MBaAFOFHcHK5GvXD87/ml0MkPnzaOuh5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFVkd2Nya2E5Y1B6di1hWFF5US1mTm82NkhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy83NDk0YmYtOGFjZC00ZTQzLTg2Y2Ut
ZTdjOGNmM2FmNWRlLzEvNXNUZEplUXZ2NnZkbHBwYVQtMGJSakt0eGc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy83NDk0YmYtOGFjZC00ZTQzLTg2Y2UtZTdjOGNmM2FmNWRl
LzEvNFVkd2Nya2E5Y1B6di1hWFF5US1mTm82NkhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZHrMA0G
CSqGSIb3DQEBCwUAA4IBAQAYRLOSdWSEr+mw/TmpwMXAYBvSi+1gQzCUtpO3wSxy
CBO+RAiC8EfYynmyQ2JBkoaN90YvB/Dplp7M0Ygc6oIN8Me+MJJ9/MtZUePCQ+O9
grFo3BFoN4q4OJrqAXnNl1/oMLDh61WZ18B/DeZP8xJXKljdrgkoXA00StS30VzW
DfXUmj9YyeqrhgeABJw6UlEjCdocshvUlXy0WlZn0WDE7ihaKi5dDGWU1/yCeFM6
BsP0cQ3+wmvN1wlym69KYRBAaNgG+KnsGRgW3XxPLRm1u92Gs8MApw5nK3QFSYuw
UJZ4pYOjOTJvx6FxKzgbDerUyoAk2bKRr0YGGOwrkCov
-----END CERTIFICATE-----