Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/_Sly13-HuvtxqXbnt_kDhp9UbnI.roa
File:                     _Sly13-HuvtxqXbnt_kDhp9UbnI.roa (raw, json)
Hash identifier:          +BpvE+xl5hwaOpxCcN6RDnqk/x78/wgsUcmkOANjO1Q=
Subject key identifier:   FD:29:72:D7:7F:87:BA:FB:71:A9:76:E7:B7:F9:03:86:9F:54:6E:72
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019D125F9F6524CF63749687D87961EE3F5E
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/_Sly13-HuvtxqXbnt_kDhp9UbnI.roa
Signing time:             Sat 21 Mar 2026 21:49:09 +0000
ROA not before:           Sat 21 Mar 2026 21:49:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200912
IP address blocks:        5.83.143.0/24 maxlen: 24
                          94.249.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:51:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:12:5f:9f:65:24:cf:63:74:96:87:d8:79:61:ee:3f:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Mar 21 21:49:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fd2972d77f87bafb71a976e7b7f903869f546e72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:83:b0:12:24:8d:64:64:17:8a:7a:a9:e7:76:
                    db:1f:61:65:bc:3f:92:02:83:3d:2a:19:31:5f:8e:
                    45:b9:30:77:20:73:f9:c2:1d:bf:0d:c7:ce:df:75:
                    5d:db:33:79:0e:8c:ce:66:79:57:4d:f0:b7:c0:45:
                    a4:6f:c8:26:ff:27:47:53:5f:ab:2b:4c:df:51:26:
                    bc:be:e8:ee:e1:4c:4c:4d:6d:39:74:6f:d1:fe:4e:
                    4a:5e:de:ad:2d:45:c7:34:8c:2c:38:93:b1:ba:8d:
                    98:3b:60:f4:82:5a:2e:0e:cb:50:fd:b0:d9:83:5d:
                    14:aa:ad:7c:18:3d:52:e4:00:fa:25:c6:f7:5a:0e:
                    a8:0b:0c:cb:15:00:90:05:4f:41:a3:18:03:20:8f:
                    99:e1:ad:6e:2a:c3:ac:ec:66:50:17:ae:4b:fb:ee:
                    31:f6:75:45:42:7a:c2:2f:77:14:28:96:df:08:71:
                    16:e1:dd:a5:5a:be:ea:f9:95:09:2d:69:b2:06:11:
                    aa:0a:14:73:d7:16:5c:af:9f:9f:4c:4c:26:de:7a:
                    d2:bd:7f:2e:7a:40:11:9d:01:b6:83:81:7a:45:e3:
                    fa:46:2c:b2:cd:d6:b4:08:d8:4b:2e:c9:d3:5a:fd:
                    f9:60:41:fa:1f:2c:03:1c:39:ee:84:8f:30:b4:56:
                    ff:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:29:72:D7:7F:87:BA:FB:71:A9:76:E7:B7:F9:03:86:9F:54:6E:72
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/_Sly13-HuvtxqXbnt_kDhp9UbnI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.83.143.0/24
                  94.249.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:14:44:ca:f6:4b:b8:16:6b:76:1f:a5:21:35:9e:64:d9:e0:
         b0:3c:7a:59:fc:fa:72:18:ec:9a:fe:a8:ad:98:a4:f6:4f:ad:
         d0:fd:ff:12:c0:23:5e:96:16:da:24:3b:3f:34:3c:22:ac:02:
         70:99:a3:86:87:d9:bd:6c:33:80:5f:38:4d:19:e2:5f:1d:f7:
         3d:78:f5:7d:2f:70:82:27:68:3e:66:4e:7d:e4:94:f8:46:7d:
         fe:7a:ca:f4:68:57:f2:da:05:90:76:39:94:d5:42:f2:d2:0f:
         80:1b:d0:6d:48:32:4a:f6:35:57:72:15:01:a7:c7:c8:56:9b:
         27:20:44:fa:5f:7a:6f:3c:bc:0b:e3:b0:0d:50:9a:27:13:62:
         9a:77:60:0f:98:14:7d:8d:b0:7f:21:bf:c7:f2:ac:c2:45:94:
         fe:5c:fa:20:0c:f1:18:59:ab:a6:2b:76:28:b0:cb:c5:c3:fe:
         b0:89:7c:b0:d9:42:48:13:de:e2:c0:fd:15:d6:77:34:fe:10:
         58:ed:f0:58:1e:83:10:9c:07:03:86:20:db:11:40:30:d5:99:
         d5:44:9b:e9:50:be:2c:26:e3:cb:b7:30:27:4f:06:1e:d3:0a:
         68:20:bc:14:ac:65:b0:5c:68:a4:40:44:15:1a:5e:bf:7f:5b:
         9c:e5:9c:5b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0SX59lJM9jdJaH2Hlh7j9eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwMzIxMjE0OTA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDI5NzJkNzdmODdiYWZiNzFhOTc2ZTdiN2Y5MDM4NjlmNTQ2ZTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsIOwEiSNZGQXinqp53bbH2FlvD+S
AoM9KhkxX45FuTB3IHP5wh2/DcfO33Vd2zN5DozOZnlXTfC3wEWkb8gm/ydHU1+r
K0zfUSa8vuju4UxMTW05dG/R/k5KXt6tLUXHNIwsOJOxuo2YO2D0glouDstQ/bDZ
g10Uqq18GD1S5AD6Jcb3Wg6oCwzLFQCQBU9BoxgDII+Z4a1uKsOs7GZQF65L++4x
9nVFQnrCL3cUKJbfCHEW4d2lWr7q+ZUJLWmyBhGqChRz1xZcr5+fTEwm3nrSvX8u
ekARnQG2g4F6ReP6Riyyzda0CNhLLsnTWv35YEH6HywDHDnuhI8wtFb/BwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP0pctd/h7r7cal257f5A4afVG5yMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvX1NseTEzLUh1dnR4cVhibnRfa0RocDlVYm5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABVOPAwQA
XvmvMA0GCSqGSIb3DQEBCwUAA4IBAQA0FETK9ku4Fmt2H6UhNZ5k2eCwPHpZ/Ppy
GOya/qitmKT2T63Q/f8SwCNelhbaJDs/NDwirAJwmaOGh9m9bDOAXzhNGeJfHfc9
ePV9L3CCJ2g+Zk595JT4Rn3+esr0aFfy2gWQdjmU1ULy0g+AG9BtSDJK9jVXchUB
p8fIVpsnIET6X3pvPLwL47ANUJonE2Kad2APmBR9jbB/Ib/H8qzCRZT+XPogDPEY
WaumK3YosMvFw/6wiXyw2UJIE97iwP0V1nc0/hBY7fBYHoMQnAcDhiDbEUAw1ZnV
RJvpUL4sJuPLtzAnTwYe0wpoILwUrGWwXGikQEQVGl6/f1uc5Zxb
-----END CERTIFICATE-----