Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/C4f83wbuhvm67wo3Q2n-w0zn1PY.roa
File:                     C4f83wbuhvm67wo3Q2n-w0zn1PY.roa (raw, json)
Hash identifier:          N0S4tMJTvn1xvf616bJM2JY2FOCxdAnko8amLl/Hkoc=
Subject key identifier:   0B:87:FC:DF:06:EE:86:F9:BA:EF:0A:37:43:69:FE:C3:4C:E7:D4:F6
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       019E0EAE7DBCFC15CCD32E79BE39F5BF1AFC
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/C4f83wbuhvm67wo3Q2n-w0zn1PY.roa
Signing time:             Sat 09 May 2026 21:39:36 +0000
ROA not before:           Sat 09 May 2026 21:39:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16276
IP address blocks:        5.172.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 12:37:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:0e:ae:7d:bc:fc:15:cc:d3:2e:79:be:39:f5:bf:1a:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: May  9 21:39:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0b87fcdf06ee86f9baef0a374369fec34ce7d4f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:c4:ad:e7:55:8a:9b:5d:22:2b:0e:24:3a:ba:
                    52:e0:60:9a:8a:92:de:9c:14:74:7a:fa:bb:35:b8:
                    83:9c:b9:80:81:cf:06:c0:e1:e9:d5:30:d3:9d:93:
                    b8:ef:4c:64:e8:cf:a9:60:ae:3b:33:83:57:8b:8d:
                    13:05:bf:4b:e7:d3:d3:18:d1:27:5e:3e:30:4d:dc:
                    f8:ad:a0:ca:6e:5c:db:a0:f6:ec:52:e6:b8:31:58:
                    3d:a8:b5:61:a1:0c:20:1c:a8:b0:31:7e:0c:b5:24:
                    34:ef:41:33:cf:74:0f:48:be:7a:8d:d4:1e:04:9b:
                    61:a0:1b:7e:3a:62:fc:6b:63:29:5e:0a:5e:28:2d:
                    66:1a:44:8d:31:df:56:cd:7c:e1:0e:0a:a3:d6:85:
                    dc:d0:d3:ea:c8:70:84:66:08:85:cc:23:83:44:11:
                    91:93:54:06:d0:15:81:cb:7b:f8:22:9a:c4:b1:b9:
                    1f:6e:1b:27:6d:01:62:2b:7f:31:94:3f:b9:19:66:
                    14:04:f1:d4:28:45:38:31:cc:fb:5e:4d:39:15:28:
                    1b:d4:ef:b1:cc:09:98:21:f7:be:5d:49:7f:9d:27:
                    97:7a:e6:9c:2f:06:b1:e8:78:7a:97:f7:4b:61:a9:
                    e1:ae:37:43:44:7c:28:f7:5b:43:bd:68:03:11:63:
                    a1:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:87:FC:DF:06:EE:86:F9:BA:EF:0A:37:43:69:FE:C3:4C:E7:D4:F6
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/C4f83wbuhvm67wo3Q2n-w0zn1PY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.172.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:fa:64:b0:46:f0:8e:51:de:b8:cf:0f:2c:82:65:82:7a:45:
         71:c6:1e:2c:39:76:33:f1:39:84:78:82:7e:c8:3b:58:e1:fd:
         87:5c:e6:03:62:f3:86:53:3d:64:0d:41:ae:4f:58:dd:e3:8d:
         67:88:6b:ff:8b:97:76:e2:23:0f:94:37:c7:d7:3a:38:91:6d:
         28:6c:c3:d3:fc:87:4f:ab:1e:32:c8:59:df:19:c0:a0:9f:9e:
         da:48:de:13:42:0c:f6:95:2f:94:39:da:ee:af:1f:ea:b3:01:
         f2:bf:a8:08:01:cb:bf:fd:a8:3a:65:4e:09:03:54:b4:b9:9c:
         9f:7d:01:f1:38:78:c8:85:70:0b:54:fe:cb:5a:93:0d:cc:b6:
         73:40:02:61:5d:5e:c5:24:db:39:30:dc:c2:15:b5:24:f0:79:
         72:ba:b5:a3:d1:80:05:e6:79:44:64:d1:b5:74:b7:c5:f0:bc:
         03:70:0a:83:bd:57:e4:93:52:92:37:6f:00:74:df:f8:f9:bf:
         9d:b3:a4:4b:84:59:b7:3c:ab:b1:82:a8:01:72:40:f3:66:2f:
         ed:1f:37:ca:e3:84:fc:85:8b:f9:98:e9:79:ce:a5:3e:38:89:
         89:05:41:39:7e:7f:a5:5a:ce:8a:8f:de:1a:d8:ab:a6:fa:dd:
         c4:e9:a0:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4Orn28/BXM0y55vjn1vxr8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjYwNTA5MjEzOTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjg3ZmNkZjA2ZWU4NmY5YmFlZjBhMzc0MzY5ZmVjMzRjZTdkNGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApsSt51WKm10iKw4kOrpS4GCaipLe
nBR0evq7NbiDnLmAgc8GwOHp1TDTnZO470xk6M+pYK47M4NXi40TBb9L59PTGNEn
Xj4wTdz4raDKblzboPbsUua4MVg9qLVhoQwgHKiwMX4MtSQ070Ezz3QPSL56jdQe
BJthoBt+OmL8a2MpXgpeKC1mGkSNMd9WzXzhDgqj1oXc0NPqyHCEZgiFzCODRBGR
k1QG0BWBy3v4IprEsbkfbhsnbQFiK38xlD+5GWYUBPHUKEU4Mcz7Xk05FSgb1O+x
zAmYIfe+XUl/nSeXeuacLwax6Hh6l/dLYanhrjdDRHwo91tDvWgDEWOhawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAuH/N8G7ob5uu8KN0Np/sNM59T2MB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvQzRmODN3YnVodm02N3dvM1Eybi13MHpuMVBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABawkMA0G
CSqGSIb3DQEBCwUAA4IBAQAK+mSwRvCOUd64zw8sgmWCekVxxh4sOXYz8TmEeIJ+
yDtY4f2HXOYDYvOGUz1kDUGuT1jd441niGv/i5d24iMPlDfH1zo4kW0obMPT/IdP
qx4yyFnfGcCgn57aSN4TQgz2lS+UOdrurx/qswHyv6gIAcu//ag6ZU4JA1S0uZyf
fQHxOHjIhXALVP7LWpMNzLZzQAJhXV7FJNs5MNzCFbUk8HlyurWj0YAF5nlEZNG1
dLfF8LwDcAqDvVfkk1KSN28AdN/4+b+ds6RLhFm3PKuxgqgBckDzZi/tHzfK44T8
hYv5mOl5zqU+OImJBUE5fn+lWs6Kj94a2Kum+t3E6aCe
-----END CERTIFICATE-----