Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/d5wNSxT9uRKujFo7gDOfytGMHEs.roa
File:                     d5wNSxT9uRKujFo7gDOfytGMHEs.roa (raw, json)
Hash identifier:          5QQM/ywhFwvOCB39wYqdy8qkVoB0mRZy1U/eWwm+H90=
Subject key identifier:   77:9C:0D:4B:14:FD:B9:12:AE:8C:5A:3B:80:33:9F:CA:D1:8C:1C:4B
Certificate issuer:       /CN=57182aab5ad9efa380a6c6f06c016e158be977bc
Certificate serial:       019DF886B96CDF335DC4DB95203168B2A1AB
Authority key identifier: 57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/d5wNSxT9uRKujFo7gDOfytGMHEs.roa
Signing time:             Tue 05 May 2026 14:24:32 +0000
ROA not before:           Tue 05 May 2026 14:24:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204328
IP address blocks:        2a02:11f4:2020::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f8:86:b9:6c:df:33:5d:c4:db:95:20:31:68:b2:a1:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57182aab5ad9efa380a6c6f06c016e158be977bc
        Validity
            Not Before: May  5 14:24:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=779c0d4b14fdb912ae8c5a3b80339fcad18c1c4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:31:a0:9a:24:b5:81:ec:e2:43:26:90:7a:c0:
                    bd:17:04:ad:31:13:ac:27:33:e0:42:0a:ee:62:77:
                    6c:7d:41:fc:8e:6e:b7:19:6f:ec:24:e2:05:14:32:
                    e1:52:07:6c:55:5d:1d:73:d1:10:26:f2:bd:0c:1d:
                    00:69:f4:de:7e:dd:3e:c4:01:61:64:07:70:23:8b:
                    a0:93:14:d1:78:2c:15:8e:ef:c4:ee:ce:33:e7:2e:
                    d6:d2:65:11:e3:88:48:fd:b7:a4:e8:f7:2a:57:cc:
                    11:37:40:16:d5:f9:e7:ea:ec:c9:14:73:96:60:3d:
                    9a:03:57:18:0a:ad:e6:98:89:6f:39:5f:e2:f8:03:
                    98:52:49:10:1c:e7:f7:e5:d1:38:f9:7f:d8:99:11:
                    f8:89:40:5d:8c:78:36:e1:8b:e2:2e:ea:8a:04:f0:
                    ac:28:3a:39:3a:77:52:70:bc:4e:81:d5:05:15:48:
                    df:c6:f9:cf:2c:75:68:93:5d:ea:4e:f3:4b:fb:86:
                    ea:34:c0:d9:18:5c:c9:82:8b:38:74:2b:95:e4:97:
                    e9:81:f2:93:cb:7c:61:6e:7c:4b:bd:5f:cf:77:c9:
                    61:96:ed:5a:bb:1f:b9:9d:1f:d5:e4:53:33:e3:54:
                    b5:5a:79:b3:23:0c:8f:2b:4e:77:20:f1:68:49:fa:
                    97:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:9C:0D:4B:14:FD:B9:12:AE:8C:5A:3B:80:33:9F:CA:D1:8C:1C:4B
            X509v3 Authority Key Identifier:
                keyid:57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/d5wNSxT9uRKujFo7gDOfytGMHEs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:11f4:2020::/44

    Signature Algorithm: sha256WithRSAEncryption
         4d:82:61:8c:a6:9d:fe:da:7d:53:ae:8d:55:c8:b5:6e:31:2f:
         7d:94:61:b9:15:32:93:b2:78:43:80:b8:eb:6c:a7:8c:d7:0e:
         14:83:4e:f7:07:c6:48:81:0c:28:07:c4:58:52:77:8e:ad:74:
         0c:ed:80:7d:41:a6:48:cf:2f:93:31:a5:cc:e7:62:42:a7:1b:
         a9:20:71:fb:ee:47:36:05:4a:39:d4:23:d6:f0:28:88:ec:b4:
         de:a6:c3:3e:23:a2:2c:6f:dc:91:f5:d4:3d:65:fa:84:3f:91:
         21:12:99:b2:f3:9a:b7:82:6d:49:0a:d2:a8:6b:e5:24:de:e4:
         e4:ea:7a:a6:95:d8:7b:32:2f:a5:87:9e:0d:84:d0:24:52:5b:
         4e:a8:9a:46:b4:43:03:6d:2e:71:36:2d:33:60:f0:73:c3:01:
         fe:41:b7:a3:bf:fd:a5:ba:48:bd:f4:32:2a:b6:a6:e1:32:0b:
         8f:e3:c8:f2:1c:b7:a4:7d:6d:56:e1:28:e5:a2:c1:41:fd:c9:
         af:be:0f:11:f7:ae:ef:30:cc:34:88:ba:9d:d5:ca:8b:9d:7d:
         f2:0d:91:ec:7d:f5:0a:17:62:d5:bc:a9:61:08:01:9c:1d:98:
         a3:a2:ea:88:a5:5b:5e:d3:96:e7:8b:83:86:96:02:92:f3:8b:
         03:47:ea:e4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ34hrls3zNdxNuVIDFosqGrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MTgyYWFiNWFkOWVmYTM4MGE2YzZmMDZjMDE2ZTE1OGJl
OTc3YmMwHhcNMjYwNTA1MTQyNDMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzljMGQ0YjE0ZmRiOTEyYWU4YzVhM2I4MDMzOWZjYWQxOGMxYzRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTGgmiS1geziQyaQesC9FwStMROs
JzPgQgruYndsfUH8jm63GW/sJOIFFDLhUgdsVV0dc9EQJvK9DB0AafTeft0+xAFh
ZAdwI4ugkxTReCwVju/E7s4z5y7W0mUR44hI/bek6PcqV8wRN0AW1fnn6uzJFHOW
YD2aA1cYCq3mmIlvOV/i+AOYUkkQHOf35dE4+X/YmRH4iUBdjHg24YviLuqKBPCs
KDo5OndScLxOgdUFFUjfxvnPLHVok13qTvNL+4bqNMDZGFzJgos4dCuV5JfpgfKT
y3xhbnxLvV/Pd8lhlu1aux+5nR/V5FMz41S1WnmzIwyPK053IPFoSfqXhwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHecDUsU/bkSroxaO4Azn8rRjBxLMB8GA1UdIwQY
MBaAFFcYKqta2e+jgKbG8GwBbhWL6Xe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYt
YTk2YzYyNjZhYmRiLzEvZDV3TlN4VDl1Ukt1akZvN2dET2Z5dEdNSEVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYtYTk2YzYyNjZhYmRi
LzEvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgIR9CAg
MA0GCSqGSIb3DQEBCwUAA4IBAQBNgmGMpp3+2n1Tro1VyLVuMS99lGG5FTKTsnhD
gLjrbKeM1w4Ug073B8ZIgQwoB8RYUneOrXQM7YB9QaZIzy+TMaXM52JCpxupIHH7
7kc2BUo51CPW8CiI7LTepsM+I6Isb9yR9dQ9ZfqEP5EhEpmy85q3gm1JCtKoa+Uk
3uTk6nqmldh7Mi+lh54NhNAkUltOqJpGtEMDbS5xNi0zYPBzwwH+Qbejv/2luki9
9DIqtqbhMguP48jyHLekfW1W4SjlosFB/cmvvg8R967vMMw0iLqd1cqLnX3yDZHs
ffUKF2LVvKlhCAGcHZijouqIpVte05bni4OGlgKS84sDR+rk
-----END CERTIFICATE-----