Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/23c57c-b8a7-49a5-9c05-eef70aab035e/1/CiAnwNJagjVfieLOx1c1Vix6IOA.roa
File:                     CiAnwNJagjVfieLOx1c1Vix6IOA.roa (raw, json)
Hash identifier:          zHiUWsj/p9vTBDZQMmYEbPI7k87FTHgR5XEAk1UUQRU=
Subject key identifier:   0A:20:27:C0:D2:5A:82:35:5F:89:E2:CE:C7:57:35:56:2C:7A:20:E0
Certificate issuer:       /CN=da6dc4192645c842a4fa2f88234f2e5a184c7664
Certificate serial:       019DD2CED26D0B3805F22830C30117BE1FDC
Authority key identifier: DA:6D:C4:19:26:45:C8:42:A4:FA:2F:88:23:4F:2E:5A:18:4C:76:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2m3EGSZFyEKk-i-II08uWhhMdmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/23c57c-b8a7-49a5-9c05-eef70aab035e/1/CiAnwNJagjVfieLOx1c1Vix6IOA.roa
Signing time:             Tue 28 Apr 2026 06:37:42 +0000
ROA not before:           Tue 28 Apr 2026 06:37:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49065
IP address blocks:        5.252.128.0/24 maxlen: 24
                          5.252.129.0/24 maxlen: 24
                          5.252.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/23c57c-b8a7-49a5-9c05-eef70aab035e/1/2m3EGSZFyEKk-i-II08uWhhMdmQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/23c57c-b8a7-49a5-9c05-eef70aab035e/1/2m3EGSZFyEKk-i-II08uWhhMdmQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2m3EGSZFyEKk-i-II08uWhhMdmQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d2:ce:d2:6d:0b:38:05:f2:28:30:c3:01:17:be:1f:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da6dc4192645c842a4fa2f88234f2e5a184c7664
        Validity
            Not Before: Apr 28 06:37:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0a2027c0d25a82355f89e2cec75735562c7a20e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:40:93:9f:65:4a:e5:b2:0a:bd:57:3f:bf:87:
                    e9:b8:01:31:f5:97:ab:f9:2e:f9:2c:d8:82:9f:27:
                    40:f2:29:7e:dc:27:8a:a0:87:08:96:8b:8e:7c:24:
                    7e:b3:3e:f5:b6:52:a3:01:6c:0a:aa:74:17:95:54:
                    28:79:1b:97:bc:fd:6b:60:4c:c7:be:3f:75:05:13:
                    15:51:92:c4:a5:b9:2c:73:fa:1d:98:8a:b0:51:bb:
                    ff:2a:40:32:c8:27:31:97:63:d1:99:18:a0:de:9e:
                    71:f5:4a:59:d5:11:cc:d2:0f:d2:dc:0a:8b:8d:fa:
                    c1:d1:96:e1:e5:33:0b:27:d8:68:59:ae:66:cf:aa:
                    4a:61:12:28:67:14:24:26:f0:51:11:ab:03:e7:94:
                    e5:bf:5a:7b:28:82:ea:e0:8b:32:26:0a:63:16:eb:
                    3e:04:85:7c:ca:45:1b:75:eb:d0:d7:07:67:dc:7d:
                    28:45:73:8d:83:80:1e:71:81:fa:7e:b8:01:e1:ea:
                    47:a3:a4:0a:19:61:ce:96:dc:6d:e5:4b:e2:a3:51:
                    8d:0a:67:f3:93:86:70:e9:d2:ff:9c:0e:76:0e:29:
                    a4:ea:95:0d:e1:95:0c:0e:6d:d0:0b:64:08:4f:96:
                    84:35:6c:66:d6:be:d5:67:14:b7:7d:e0:94:a3:78:
                    0b:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:20:27:C0:D2:5A:82:35:5F:89:E2:CE:C7:57:35:56:2C:7A:20:E0
            X509v3 Authority Key Identifier:
                keyid:DA:6D:C4:19:26:45:C8:42:A4:FA:2F:88:23:4F:2E:5A:18:4C:76:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2m3EGSZFyEKk-i-II08uWhhMdmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/23c57c-b8a7-49a5-9c05-eef70aab035e/1/CiAnwNJagjVfieLOx1c1Vix6IOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/23c57c-b8a7-49a5-9c05-eef70aab035e/1/2m3EGSZFyEKk-i-II08uWhhMdmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.128.0-5.252.130.255

    Signature Algorithm: sha256WithRSAEncryption
         51:9c:c5:b8:78:53:83:19:8a:f2:64:0e:0d:0e:e0:32:94:74:
         ad:19:3f:77:bc:6a:2f:85:fc:e2:1e:f7:74:07:cb:15:b2:51:
         c0:e4:7f:78:90:ff:1d:1a:3b:d7:05:2c:d0:ce:62:4a:cf:09:
         c2:3a:77:a2:27:95:a7:ee:9a:65:9c:67:17:ac:97:fe:23:0b:
         df:e3:5d:a9:c1:d1:9b:d2:ec:54:a5:58:06:2c:b3:8d:e7:40:
         6f:55:89:93:e6:ed:ee:92:16:ec:c7:cd:0d:13:ae:fd:af:4a:
         99:3b:bb:3c:7e:94:c2:fa:4e:dd:e7:59:73:47:c1:83:22:55:
         cd:f4:a5:6f:fd:80:a9:81:05:ce:f6:50:72:be:be:b2:6a:87:
         4e:04:79:80:d8:7c:13:77:3e:48:97:fb:25:a1:5f:b5:2b:00:
         33:a1:67:f6:b6:13:e3:25:03:c9:d0:f2:3a:c0:a1:96:ed:82:
         60:6f:d2:90:71:cc:35:f2:ce:28:70:bd:5e:5b:ca:62:86:f5:
         d2:0a:a9:bf:1d:76:bf:1f:e3:da:00:4c:99:e6:04:bd:e3:ee:
         3f:cd:7b:c1:7e:58:32:fa:24:22:16:08:80:95:2e:64:5b:34:
         6c:07:3c:6f:bd:c5:6a:4f:22:25:f2:81:6d:00:1e:af:9e:01:
         4b:be:27:63
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ3SztJtCzgF8igwwwEXvh/cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhNmRjNDE5MjY0NWM4NDJhNGZhMmY4ODIzNGYyZTVhMTg0
Yzc2NjQwHhcNMjYwNDI4MDYzNzQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTIwMjdjMGQyNWE4MjM1NWY4OWUyY2VjNzU3MzU1NjJjN2EyMGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApkCTn2VK5bIKvVc/v4fpuAEx9Zer
+S75LNiCnydA8il+3CeKoIcIlouOfCR+sz71tlKjAWwKqnQXlVQoeRuXvP1rYEzH
vj91BRMVUZLEpbksc/odmIqwUbv/KkAyyCcxl2PRmRig3p5x9UpZ1RHM0g/S3AqL
jfrB0Zbh5TMLJ9hoWa5mz6pKYRIoZxQkJvBREasD55Tlv1p7KILq4IsyJgpjFus+
BIV8ykUbdevQ1wdn3H0oRXONg4AecYH6frgB4epHo6QKGWHOltxt5Uvio1GNCmfz
k4Zw6dL/nA52Dimk6pUN4ZUMDm3QC2QIT5aENWxm1r7VZxS3feCUo3gLxQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFAogJ8DSWoI1X4nizsdXNVYseiDgMB8GA1UdIwQY
MBaAFNptxBkmRchCpPoviCNPLloYTHZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm0zRUdTWkZ5RUtrLWktSUkwOHVXaGhNZG1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8yM2M1N2MtYjhhNy00OWE1LTljMDUt
ZWVmNzBhYWIwMzVlLzEvQ2lBbndOSmFnalZmaWVMT3gxYzFWaXg2SU9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8yM2M1N2MtYjhhNy00OWE1LTljMDUtZWVmNzBhYWIwMzVl
LzEvMm0zRUdTWkZ5RUtrLWktSUkwOHVXaGhNZG1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAcF/IAD
BAAF/IIwDQYJKoZIhvcNAQELBQADggEBAFGcxbh4U4MZivJkDg0O4DKUdK0ZP3e8
ai+F/OIe93QHyxWyUcDkf3iQ/x0aO9cFLNDOYkrPCcI6d6InlafummWcZxesl/4j
C9/jXanB0ZvS7FSlWAYss43nQG9ViZPm7e6SFuzHzQ0Trv2vSpk7uzx+lML6Tt3n
WXNHwYMiVc30pW/9gKmBBc72UHK+vrJqh04EeYDYfBN3PkiX+yWhX7UrADOhZ/a2
E+MlA8nQ8jrAoZbtgmBv0pBxzDXyzihwvV5bymKG9dIKqb8ddr8f49oATJnmBL3j
7j/Ne8F+WDL6JCIWCICVLmRbNGwHPG+9xWpPIiXygW0AHq+eAUu+J2M=
-----END CERTIFICATE-----