Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/5azAcs8OHA0txKLTl_RFmS3yXrI.roa
File:                     5azAcs8OHA0txKLTl_RFmS3yXrI.roa (raw, json)
Hash identifier:          jYxXe6SoO7K85VqnOaNNfvza1+dsUl6Ri0ni/0ZOgno=
Subject key identifier:   E5:AC:C0:72:CF:0E:1C:0D:2D:C4:A2:D3:97:F4:45:99:2D:F2:5E:B2
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       019DFDBE12123DFC1DA2DF9982297C9A114D
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/5azAcs8OHA0txKLTl_RFmS3yXrI.roa
Signing time:             Wed 06 May 2026 14:43:05 +0000
ROA not before:           Wed 06 May 2026 14:43:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197779
IP address blocks:        146.120.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fd:be:12:12:3d:fc:1d:a2:df:99:82:29:7c:9a:11:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: May  6 14:43:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e5acc072cf0e1c0d2dc4a2d397f445992df25eb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:fd:0a:cd:29:06:05:4f:7c:b6:e8:47:26:6c:
                    2b:c5:95:e4:83:7a:83:e4:89:ae:01:b6:e6:43:3f:
                    89:e2:8e:75:e9:9e:ce:0e:26:67:5d:b0:33:d7:32:
                    9b:34:46:17:ec:79:f9:26:30:cf:61:01:f0:d6:a5:
                    4e:34:6e:e2:44:d4:94:3e:11:67:bb:04:3e:6a:a0:
                    a1:a2:41:5d:12:52:d0:2a:85:f9:59:24:52:99:c2:
                    9d:0f:92:dd:d7:c8:94:bb:cf:54:54:eb:c2:1d:58:
                    bf:09:e2:e3:72:fd:c7:89:32:ed:a5:fa:7d:53:e4:
                    ad:39:80:e2:c9:30:85:be:25:51:09:82:06:29:d9:
                    e0:61:82:67:cd:05:da:ed:76:49:fd:51:3a:dd:89:
                    22:0e:4e:47:10:d1:2e:ca:8e:6b:23:4c:93:69:dc:
                    38:dc:33:48:85:5b:82:b9:b3:c0:ca:cf:4e:3b:5f:
                    f1:11:8a:60:88:bf:c0:36:4e:d3:79:50:29:0e:f2:
                    1b:81:7c:91:5f:46:6d:ff:62:ca:c0:a3:91:47:f6:
                    63:27:5b:b1:86:43:e2:58:36:3a:25:42:29:d3:92:
                    9b:fc:da:08:8f:45:31:19:ef:39:eb:a3:4e:8f:f8:
                    31:98:ad:45:c4:0c:f1:c9:46:f3:12:bb:25:d8:3b:
                    66:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:AC:C0:72:CF:0E:1C:0D:2D:C4:A2:D3:97:F4:45:99:2D:F2:5E:B2
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/5azAcs8OHA0txKLTl_RFmS3yXrI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.120.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:9e:d0:61:77:48:7b:71:15:fd:dd:1f:10:c5:00:e9:88:07:
         40:04:9e:05:72:7f:ba:4f:f1:11:c4:95:97:c5:87:58:9f:87:
         d9:09:dd:fe:3b:e4:a4:a3:dc:f9:95:91:4f:bd:85:6f:ca:8d:
         a9:75:bb:d3:c5:32:9c:0e:23:f2:87:91:42:69:48:63:49:e8:
         ec:ac:72:b2:0c:04:43:42:06:7d:e9:67:9d:f0:c5:b9:ec:36:
         3e:b2:51:4f:18:53:49:60:91:16:8f:d9:51:a2:df:85:e9:70:
         7f:b7:08:44:df:28:e2:ac:32:6c:87:a2:8c:a7:98:8e:0d:d3:
         93:37:11:98:6e:ea:df:af:d5:ce:23:08:21:e9:75:73:b7:46:
         0a:53:61:92:01:f5:1c:a0:34:86:e2:d9:40:04:48:76:fc:f6:
         8b:2a:40:7e:0f:be:95:ce:04:3a:b4:0f:84:c8:76:67:5c:e2:
         3a:86:27:7e:c9:dd:e1:a0:4e:18:9e:1e:e1:59:67:18:bd:b2:
         09:31:b3:1d:78:70:44:b8:c9:86:00:0c:7e:6a:ca:8a:7f:a9:
         43:c2:ff:ec:19:3b:b1:60:5f:6e:e7:be:19:bf:32:03:a5:5b:
         85:b6:56:0f:78:31:b1:dc:50:6b:3b:46:78:b7:08:a2:c4:2f:
         73:da:57:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ39vhISPfwdot+Zgil8mhFNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjYwNTA2MTQ0MzA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWFjYzA3MmNmMGUxYzBkMmRjNGEyZDM5N2Y0NDU5OTJkZjI1ZWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9/0KzSkGBU98tuhHJmwrxZXkg3qD
5ImuAbbmQz+J4o516Z7ODiZnXbAz1zKbNEYX7Hn5JjDPYQHw1qVONG7iRNSUPhFn
uwQ+aqChokFdElLQKoX5WSRSmcKdD5Ld18iUu89UVOvCHVi/CeLjcv3HiTLtpfp9
U+StOYDiyTCFviVRCYIGKdngYYJnzQXa7XZJ/VE63YkiDk5HENEuyo5rI0yTadw4
3DNIhVuCubPAys9OO1/xEYpgiL/ANk7TeVApDvIbgXyRX0Zt/2LKwKORR/ZjJ1ux
hkPiWDY6JUIp05Kb/NoIj0UxGe8566NOj/gxmK1FxAzxyUbzErsl2DtmrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOWswHLPDhwNLcSi05f0RZkt8l6yMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvNWF6QWNzOE9IQTB0eEtMVGxfUkZtUzN5WHJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkngVMA0G
CSqGSIb3DQEBCwUAA4IBAQAXntBhd0h7cRX93R8QxQDpiAdABJ4Fcn+6T/ERxJWX
xYdYn4fZCd3+O+Sko9z5lZFPvYVvyo2pdbvTxTKcDiPyh5FCaUhjSejsrHKyDARD
QgZ96Wed8MW57DY+slFPGFNJYJEWj9lRot+F6XB/twhE3yjirDJsh6KMp5iODdOT
NxGYburfr9XOIwgh6XVzt0YKU2GSAfUcoDSG4tlABEh2/PaLKkB+D76VzgQ6tA+E
yHZnXOI6hid+yd3hoE4Ynh7hWWcYvbIJMbMdeHBEuMmGAAx+asqKf6lDwv/sGTux
YF9u574ZvzIDpVuFtlYPeDGx3FBrO0Z4twiixC9z2le6
-----END CERTIFICATE-----