Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/7rJ_2UEFPNEKLKXjkfxYLq7lvjg.roa
File:                     7rJ_2UEFPNEKLKXjkfxYLq7lvjg.roa (raw, json)
Hash identifier:          Q9F+vOKFvumQ7d2OEIrGcbaoUiZA+g1zpPjfCmTMtnQ=
Subject key identifier:   EE:B2:7F:D9:41:05:3C:D1:0A:2C:A5:E3:91:FC:58:2E:AE:E5:BE:38
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       019DBF5933574E7D23F4B8D3A84CE4845C56
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/7rJ_2UEFPNEKLKXjkfxYLq7lvjg.roa
Signing time:             Fri 24 Apr 2026 11:56:26 +0000
ROA not before:           Fri 24 Apr 2026 11:56:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56694
IP address blocks:        5.188.60.0/24 maxlen: 24
                          5.188.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:bf:59:33:57:4e:7d:23:f4:b8:d3:a8:4c:e4:84:5c:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Apr 24 11:56:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=eeb27fd941053cd10a2ca5e391fc582eaee5be38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:05:e8:60:b8:a7:b1:b2:fc:d8:92:27:70:d8:
                    3c:a0:c7:7b:2d:08:54:05:bd:1d:00:33:18:89:c9:
                    e6:8c:41:b6:fa:52:9f:a0:62:1b:3c:4a:64:9d:90:
                    de:d5:e6:71:dd:cc:0b:9a:8e:b5:cc:7d:10:75:e6:
                    7f:23:f8:23:75:4e:c8:bc:60:c9:42:a6:1f:8f:8b:
                    df:42:1b:98:ba:70:d4:67:c8:8e:f1:de:d9:0b:7d:
                    89:0b:ed:6d:8f:6c:88:61:bd:ba:38:16:ff:52:74:
                    89:6f:54:39:f5:30:0c:53:b2:72:ca:87:0c:b7:7f:
                    3c:ee:9b:2c:1d:75:c2:21:20:99:c1:95:3c:bd:ef:
                    77:9d:b7:ff:5f:2e:65:dc:85:db:ef:56:d4:ac:ad:
                    6c:1c:4c:4d:03:af:38:a2:8b:99:7f:f5:db:be:ec:
                    ed:54:63:7c:ce:62:85:4a:e2:b0:b1:d0:bb:f8:18:
                    d5:f2:8e:74:eb:94:79:c5:60:ed:ef:a4:3d:51:47:
                    d7:0a:19:5a:e6:0c:db:59:cb:01:8f:98:26:d6:68:
                    79:00:51:a9:d0:3b:b5:bc:f9:fd:ed:e6:4d:18:55:
                    73:a6:e9:e4:a5:17:33:1b:c1:d5:34:9e:9d:54:55:
                    e3:69:3e:1a:b7:9c:47:5b:7d:03:bf:b4:4c:eb:dd:
                    f0:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:B2:7F:D9:41:05:3C:D1:0A:2C:A5:E3:91:FC:58:2E:AE:E5:BE:38
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/7rJ_2UEFPNEKLKXjkfxYLq7lvjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.188.60.0/24
                  5.188.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:d4:aa:c5:ef:dd:6e:f5:9a:33:05:d0:55:40:b4:3a:3d:32:
         46:4f:77:50:e2:c8:b9:ac:e7:65:39:2e:5b:f5:76:a2:d6:3f:
         50:41:8c:ca:16:eb:16:2c:58:c2:0e:0a:b4:fb:a5:85:98:1b:
         42:16:26:0c:33:31:38:85:3b:4e:75:6f:3c:9e:9f:76:2c:9c:
         0e:98:cd:78:e9:31:0b:3e:94:f3:69:52:50:cc:39:f0:c7:fc:
         c3:ed:19:7e:34:03:6b:55:0a:66:ef:e9:3f:2a:1a:e1:ea:59:
         94:4c:f5:32:7b:45:bb:3c:fb:59:aa:1a:3c:1f:01:5e:d9:b4:
         b4:6d:a4:04:5b:45:82:63:85:04:91:8a:1a:81:07:28:cb:a6:
         3c:4b:bd:c1:70:be:26:9b:66:42:2b:d1:05:40:13:ea:3c:27:
         05:d0:fa:c6:bb:80:f3:51:94:8c:bb:b1:fe:cd:32:15:47:7f:
         f3:ff:bc:6d:2a:60:a0:f7:e5:aa:16:6e:53:b4:98:3e:9c:0c:
         02:4a:1f:f3:3d:eb:e0:49:7f:42:d6:62:cf:11:02:98:f1:2d:
         30:ac:f1:cf:7d:f4:f5:f7:8f:fa:6e:8d:ae:d5:81:a2:e7:50:
         f0:74:77:bc:52:79:5a:37:b9:bf:d2:89:84:b6:71:bd:63:c5:
         8f:11:51:12
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2/WTNXTn0j9LjTqEzkhFxWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjYwNDI0MTE1NjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWIyN2ZkOTQxMDUzY2QxMGEyY2E1ZTM5MWZjNTgyZWFlZTViZTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuQXoYLinsbL82JIncNg8oMd7LQhU
Bb0dADMYicnmjEG2+lKfoGIbPEpknZDe1eZx3cwLmo61zH0QdeZ/I/gjdU7IvGDJ
QqYfj4vfQhuYunDUZ8iO8d7ZC32JC+1tj2yIYb26OBb/UnSJb1Q59TAMU7JyyocM
t3887pssHXXCISCZwZU8ve93nbf/Xy5l3IXb71bUrK1sHExNA684oouZf/Xbvuzt
VGN8zmKFSuKwsdC7+BjV8o5065R5xWDt76Q9UUfXChla5gzbWcsBj5gm1mh5AFGp
0Du1vPn97eZNGFVzpunkpRczG8HVNJ6dVFXjaT4at5xHW30Dv7RM693wdwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO6yf9lBBTzRCiyl45H8WC6u5b44MB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvN3JKXzJVRUZQTkVLTEtYamtmeFlMcTdsdmpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABbw8AwQA
BbymMA0GCSqGSIb3DQEBCwUAA4IBAQBV1KrF791u9ZozBdBVQLQ6PTJGT3dQ4si5
rOdlOS5b9Xai1j9QQYzKFusWLFjCDgq0+6WFmBtCFiYMMzE4hTtOdW88np92LJwO
mM146TELPpTzaVJQzDnwx/zD7Rl+NANrVQpm7+k/Khrh6lmUTPUye0W7PPtZqho8
HwFe2bS0baQEW0WCY4UEkYoagQcoy6Y8S73BcL4mm2ZCK9EFQBPqPCcF0PrGu4Dz
UZSMu7H+zTIVR3/z/7xtKmCg9+WqFm5TtJg+nAwCSh/zPevgSX9C1mLPEQKY8S0w
rPHPffT194/6bo2u1YGi51DwdHe8UnlaN7m/0omEtnG9Y8WPEVES
-----END CERTIFICATE-----