Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/785224-a01b-42e0-ac92-574b909dd32b/1/5KONAqD1frCRl3iURxlCjgsNLOg.roa
File:                     5KONAqD1frCRl3iURxlCjgsNLOg.roa (raw, json)
Hash identifier:          tGnKJ+BSY1DMf6D9UEKBenHfaVs3CddfA0kG2ueymKY=
Subject key identifier:   E4:A3:8D:02:A0:F5:7E:B0:91:97:78:94:47:19:42:8E:0B:0D:2C:E8
Certificate issuer:       /CN=56522ff5fbca88544b87a342fef78d1c91fcfddb
Certificate serial:       019E0DF2CDD67028ED3013C8CD74EE802667
Authority key identifier: 56:52:2F:F5:FB:CA:88:54:4B:87:A3:42:FE:F7:8D:1C:91:FC:FD:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VlIv9fvKiFRLh6NC_veNHJH8_ds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/785224-a01b-42e0-ac92-574b909dd32b/1/5KONAqD1frCRl3iURxlCjgsNLOg.roa
Signing time:             Sat 09 May 2026 18:14:36 +0000
ROA not before:           Sat 09 May 2026 18:14:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201182
IP address blocks:        2001:678:b14::/48 maxlen: 48
                          2001:678:1204::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/785224-a01b-42e0-ac92-574b909dd32b/1/VlIv9fvKiFRLh6NC_veNHJH8_ds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/785224-a01b-42e0-ac92-574b909dd32b/1/VlIv9fvKiFRLh6NC_veNHJH8_ds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VlIv9fvKiFRLh6NC_veNHJH8_ds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:0d:f2:cd:d6:70:28:ed:30:13:c8:cd:74:ee:80:26:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56522ff5fbca88544b87a342fef78d1c91fcfddb
        Validity
            Not Before: May  9 18:14:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e4a38d02a0f57eb0919778944719428e0b0d2ce8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:44:9b:f7:c7:b7:8a:ed:2f:37:68:68:24:ca:
                    97:5b:e4:39:7d:88:8a:44:53:85:91:eb:3a:98:d1:
                    46:10:a0:c8:7a:47:a7:b5:85:b1:04:7d:df:37:fa:
                    31:c3:37:6e:be:f1:6a:43:a4:37:6d:05:7d:95:4a:
                    b0:e3:72:c2:a3:8e:eb:27:f6:73:91:77:7f:80:c0:
                    33:1f:cb:3d:7e:0f:cd:3f:d0:9e:04:c7:f5:88:05:
                    4b:94:b3:87:19:8a:1b:20:89:79:1a:02:6d:9f:a0:
                    98:89:79:5e:cb:86:ed:8d:63:0d:34:c8:a9:47:37:
                    17:c2:e6:f9:a9:9a:db:8d:27:62:6a:86:48:fc:67:
                    3d:9a:0e:2a:2e:cb:33:db:59:b6:08:bd:1f:70:91:
                    ed:ed:ba:b9:fe:b0:5c:6e:80:36:7e:c7:b7:c9:dc:
                    2a:a7:f6:cd:88:ed:05:fb:e9:e2:da:28:65:cf:9f:
                    34:4d:ea:39:f6:78:5c:e5:3c:1a:59:45:88:eb:ec:
                    a6:54:86:3e:e7:2d:b8:9e:ea:61:52:0e:30:bf:d4:
                    79:02:b9:c2:69:a5:17:a6:81:27:89:c2:da:8e:70:
                    a6:5f:37:49:07:5f:90:c9:b4:11:2b:97:fb:a7:46:
                    fb:cb:9d:15:94:3b:c6:19:f5:fc:70:c9:d1:73:27:
                    ac:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:A3:8D:02:A0:F5:7E:B0:91:97:78:94:47:19:42:8E:0B:0D:2C:E8
            X509v3 Authority Key Identifier:
                keyid:56:52:2F:F5:FB:CA:88:54:4B:87:A3:42:FE:F7:8D:1C:91:FC:FD:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VlIv9fvKiFRLh6NC_veNHJH8_ds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/785224-a01b-42e0-ac92-574b909dd32b/1/5KONAqD1frCRl3iURxlCjgsNLOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/785224-a01b-42e0-ac92-574b909dd32b/1/VlIv9fvKiFRLh6NC_veNHJH8_ds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:b14::/48
                  2001:678:1204::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:8a:7a:bc:e9:c9:c4:df:c0:a7:25:2a:e5:51:d8:24:bb:8c:
         26:1b:c8:a9:42:d1:e5:af:06:46:e7:32:de:ae:4f:35:6d:f6:
         8e:e0:d7:29:85:95:45:62:a2:d9:36:f4:10:b6:fa:f1:2d:cc:
         43:1e:25:1e:d9:77:20:2b:59:25:1d:89:6f:1f:4c:c8:cc:05:
         aa:08:37:98:91:6a:80:bc:39:49:f1:53:f0:de:e4:ad:63:3e:
         53:f7:ec:f4:ca:64:a6:08:3b:48:9a:75:30:46:a0:32:ed:64:
         78:24:e4:40:f5:0a:f0:a7:43:b5:46:6f:39:b5:17:45:d0:44:
         21:72:b7:ca:b4:0e:cd:2e:12:1f:bd:d6:42:3e:c9:6f:28:1d:
         59:0b:26:56:87:5e:37:60:fb:9b:5c:0c:73:76:20:02:e3:a7:
         14:68:f4:59:07:c9:a4:42:eb:97:53:7c:55:8d:36:44:44:7c:
         87:82:d9:3d:56:07:a3:14:77:94:76:0f:ba:1b:a0:2d:69:5c:
         95:32:92:b2:c6:43:e6:82:34:2e:19:10:f9:af:b8:2f:68:ff:
         21:4c:0b:6f:66:cf:5e:40:27:6e:2e:ce:1f:2b:c7:90:f3:a7:
         c1:ed:78:67:f6:9e:56:ff:f7:42:9b:de:71:45:7d:c1:d1:86:
         82:3a:e7:6b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ4N8s3WcCjtMBPIzXTugCZnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2NTIyZmY1ZmJjYTg4NTQ0Yjg3YTM0MmZlZjc4ZDFjOTFm
Y2ZkZGIwHhcNMjYwNTA5MTgxNDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGEzOGQwMmEwZjU3ZWIwOTE5Nzc4OTQ0NzE5NDI4ZTBiMGQyY2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAokSb98e3iu0vN2hoJMqXW+Q5fYiK
RFOFkes6mNFGEKDIekentYWxBH3fN/oxwzduvvFqQ6Q3bQV9lUqw43LCo47rJ/Zz
kXd/gMAzH8s9fg/NP9CeBMf1iAVLlLOHGYobIIl5GgJtn6CYiXley4btjWMNNMip
RzcXwub5qZrbjSdiaoZI/Gc9mg4qLssz21m2CL0fcJHt7bq5/rBcboA2fse3ydwq
p/bNiO0F++ni2ihlz580Teo59nhc5TwaWUWI6+ymVIY+5y24nuphUg4wv9R5ArnC
aaUXpoEnicLajnCmXzdJB1+QybQRK5f7p0b7y50VlDvGGfX8cMnRcyesFwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOSjjQKg9X6wkZd4lEcZQo4LDSzoMB8GA1UdIwQY
MBaAFFZSL/X7yohUS4ejQv73jRyR/P3bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmxJdjlmdktpRlJMaDZOQ192ZU5ISkg4X2RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi83ODUyMjQtYTAxYi00MmUwLWFjOTIt
NTc0YjkwOWRkMzJiLzEvNUtPTkFxRDFmckNSbDNpVVJ4bENqZ3NOTE9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi83ODUyMjQtYTAxYi00MmUwLWFjOTItNTc0YjkwOWRkMzJi
LzEvVmxJdjlmdktpRlJMaDZOQ192ZU5ISkg4X2RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAIAEGeAsU
AwcAIAEGeBIEMA0GCSqGSIb3DQEBCwUAA4IBAQAuinq86cnE38CnJSrlUdgku4wm
G8ipQtHlrwZG5zLerk81bfaO4NcphZVFYqLZNvQQtvrxLcxDHiUe2XcgK1klHYlv
H0zIzAWqCDeYkWqAvDlJ8VPw3uStYz5T9+z0ymSmCDtImnUwRqAy7WR4JORA9Qrw
p0O1Rm85tRdF0EQhcrfKtA7NLhIfvdZCPslvKB1ZCyZWh143YPubXAxzdiAC46cU
aPRZB8mkQuuXU3xVjTZERHyHgtk9VgejFHeUdg+6G6AtaVyVMpKyxkPmgjQuGRD5
r7gvaP8hTAtvZs9eQCduLs4fK8eQ86fB7Xhn9p5W//dCm95xRX3B0YaCOudr
-----END CERTIFICATE-----