Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/NaHxseloa6xDzDhZMknmwfbQRB0.roa
File:                     NaHxseloa6xDzDhZMknmwfbQRB0.roa (raw, json)
Hash identifier:          KXRd62eQqzwgfqerJ7TQrwYVtARyXgywOsRlhqtimfw=
Subject key identifier:   35:A1:F1:B1:E9:68:6B:AC:43:CC:38:59:32:49:E6:C1:F6:D0:44:1D
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       019E021D54E69A848AF1537FB6E24B2C47C3
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/NaHxseloa6xDzDhZMknmwfbQRB0.roa
Signing time:             Thu 07 May 2026 11:05:37 +0000
ROA not before:           Thu 07 May 2026 11:05:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20473
IP address blocks:        5.178.107.0/24 maxlen: 24
                          5.178.108.0/24 maxlen: 24
                          45.12.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:02:1d:54:e6:9a:84:8a:f1:53:7f:b6:e2:4b:2c:47:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: May  7 11:05:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=35a1f1b1e9686bac43cc38593249e6c1f6d0441d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:a5:fb:a9:11:d9:a5:ab:cb:12:50:b1:27:38:
                    60:39:1a:94:d9:96:da:79:b6:aa:6f:09:9a:ba:a8:
                    01:9e:81:e7:c2:e5:0d:f5:a6:84:d2:a0:99:b0:7d:
                    43:8f:d5:0f:14:d9:4e:1f:92:25:77:1f:06:38:ef:
                    33:a5:8a:83:85:cf:1c:34:68:d3:ad:92:96:73:b8:
                    7c:8e:a6:46:2d:57:dc:48:c4:34:c1:40:91:2c:d2:
                    c4:66:db:bc:d1:1b:90:c4:a7:bf:ed:9c:80:23:71:
                    4d:4d:ff:6a:75:4e:0a:18:db:dd:60:32:69:47:39:
                    53:a4:26:1a:07:fb:45:25:40:2d:84:4f:aa:b6:5c:
                    cd:56:fd:f7:52:0c:70:53:a5:d6:0f:f0:fb:b3:78:
                    8e:70:1e:43:c0:04:cc:cb:d4:d5:7a:92:f0:8f:d0:
                    8d:97:b4:f2:4f:a1:c0:de:06:c2:2d:fa:52:1a:43:
                    49:12:ac:05:9d:aa:96:dd:5d:f3:29:63:64:a8:d1:
                    00:82:94:a5:d2:a3:72:1a:f5:98:d7:dd:08:61:c9:
                    4f:88:b6:ee:d3:07:f6:e1:ec:95:1b:ea:60:cf:ff:
                    04:98:fb:36:ed:27:9c:88:ea:f3:db:cc:fd:53:e4:
                    c2:48:87:46:02:57:18:c0:9e:c9:f1:25:81:c5:c0:
                    b4:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:A1:F1:B1:E9:68:6B:AC:43:CC:38:59:32:49:E6:C1:F6:D0:44:1D
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/NaHxseloa6xDzDhZMknmwfbQRB0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.178.107.0-5.178.108.255
                  45.12.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:b1:1b:d0:18:5f:81:af:d9:82:d7:48:c5:5f:d1:48:4f:dd:
         8d:bb:9c:f4:b1:5b:1b:37:87:eb:aa:91:b2:37:c0:97:f0:a1:
         73:20:3d:23:6f:93:89:84:81:35:b6:67:03:9c:78:90:b9:76:
         46:02:43:e6:40:29:34:3f:9e:96:78:3a:98:68:a1:84:d7:7c:
         88:ad:a2:8a:f2:b8:0b:8a:86:ce:61:57:13:81:e7:60:57:22:
         d5:cb:67:20:1c:36:0b:0d:fa:0e:27:60:27:63:9c:3a:17:21:
         78:3a:68:b3:2c:97:ef:cc:9f:6e:0e:58:33:fa:7b:b8:84:d7:
         c5:56:95:fc:74:67:93:cd:cb:27:1f:39:13:7a:1d:c9:bf:32:
         d5:3c:2a:3b:4c:cb:59:bf:0d:3b:4c:b6:aa:4b:0b:93:6d:29:
         b8:ba:8e:d5:75:db:bb:25:cb:4a:ee:c2:bb:79:c3:a0:79:21:
         c0:f9:7e:cb:54:52:d5:a7:89:a5:82:da:f4:90:9b:7b:a0:58:
         78:95:fc:21:a0:c5:08:e6:93:a4:38:47:7b:1a:67:70:05:ba:
         ca:c2:83:96:16:3f:8a:3f:78:3e:9e:34:ff:fb:bf:9f:ef:e2:
         75:7b:59:69:ef:a4:92:83:32:ed:14:b5:03:45:0a:46:12:25:
         77:5d:70:ec
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ4CHVTmmoSK8VN/tuJLLEfDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjYwNTA3MTEwNTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWExZjFiMWU5Njg2YmFjNDNjYzM4NTkzMjQ5ZTZjMWY2ZDA0NDFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtqX7qRHZpavLElCxJzhgORqU2Zba
ebaqbwmauqgBnoHnwuUN9aaE0qCZsH1Dj9UPFNlOH5Ildx8GOO8zpYqDhc8cNGjT
rZKWc7h8jqZGLVfcSMQ0wUCRLNLEZtu80RuQxKe/7ZyAI3FNTf9qdU4KGNvdYDJp
RzlTpCYaB/tFJUAthE+qtlzNVv33UgxwU6XWD/D7s3iOcB5DwATMy9TVepLwj9CN
l7TyT6HA3gbCLfpSGkNJEqwFnaqW3V3zKWNkqNEAgpSl0qNyGvWY190IYclPiLbu
0wf24eyVG+pgz/8EmPs27SeciOrz28z9U+TCSIdGAlcYwJ7J8SWBxcC0jQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFDWh8bHpaGusQ8w4WTJJ5sH20EQdMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvTmFIeHNlbG9hNnhEekRoWk1rbm13ZmJRUkIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAAFsmsD
BAAFsmwDBAAtDNowDQYJKoZIhvcNAQELBQADggEBAEqxG9AYX4Gv2YLXSMVf0UhP
3Y27nPSxWxs3h+uqkbI3wJfwoXMgPSNvk4mEgTW2ZwOceJC5dkYCQ+ZAKTQ/npZ4
OphooYTXfIitooryuAuKhs5hVxOB52BXItXLZyAcNgsN+g4nYCdjnDoXIXg6aLMs
l+/Mn24OWDP6e7iE18VWlfx0Z5PNyycfORN6Hcm/MtU8KjtMy1m/DTtMtqpLC5Nt
Kbi6jtV127sly0ruwrt5w6B5IcD5fstUUtWniaWC2vSQm3ugWHiV/CGgxQjmk6Q4
R3saZ3AFusrCg5YWP4o/eD6eNP/7v5/v4nV7WWnvpJKDMu0UtQNFCkYSJXddcOw=
-----END CERTIFICATE-----