Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/n5GrD1S3Fj6v91XC2pJlnXZjifo.roa
File:                     n5GrD1S3Fj6v91XC2pJlnXZjifo.roa (raw, json)
Hash identifier:          EtjU3pwtWKeS4lXXkUkBBOVb2z1/JI5yIYuzHZjKARI=
Subject key identifier:   9F:91:AB:0F:54:B7:16:3E:AF:F7:55:C2:DA:92:65:9D:76:63:89:FA
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       019CF605A18E5D3DBA6FC849DEC694DF1B69
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/n5GrD1S3Fj6v91XC2pJlnXZjifo.roa
Signing time:             Mon 16 Mar 2026 09:41:30 +0000
ROA not before:           Mon 16 Mar 2026 09:41:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214449
IP address blocks:        104.222.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f6:05:a1:8e:5d:3d:ba:6f:c8:49:de:c6:94:df:1b:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Mar 16 09:41:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9f91ab0f54b7163eaff755c2da92659d766389fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:0e:da:92:13:b1:92:a8:9e:75:63:b6:d5:19:
                    54:0b:54:74:38:76:fa:60:b3:b0:e7:00:1d:96:06:
                    87:89:0d:df:ca:45:fe:04:03:05:1e:f3:e5:2c:94:
                    25:2d:1d:59:0c:db:76:3b:8a:a4:51:89:99:be:30:
                    29:4d:67:4a:87:b0:4b:72:d2:9f:6a:f1:b4:1a:42:
                    2a:3b:95:c5:e7:80:a4:1f:21:01:4c:44:96:50:68:
                    cd:24:5f:c7:e8:3a:66:52:69:98:3c:5c:fa:29:a4:
                    28:ae:fd:53:ba:a4:c3:50:c2:4f:7e:48:a7:a7:20:
                    d9:5a:ea:0a:be:0a:86:2e:cf:eb:29:73:01:e7:50:
                    d9:8b:05:b5:0f:e7:09:25:63:06:cc:54:1e:4e:db:
                    40:1b:10:84:fd:69:18:25:b7:2e:18:19:ce:96:1a:
                    93:9f:18:b4:b3:c5:ba:c7:d7:53:9a:a9:e5:74:ef:
                    e2:42:63:f4:c0:87:70:e5:1e:07:d2:e6:b4:f9:a4:
                    47:d7:48:18:98:be:db:9c:1f:de:2b:8b:4d:52:54:
                    8e:e2:13:f5:62:8a:21:b4:5b:bd:0f:80:86:af:a7:
                    df:88:00:33:c7:03:d8:c2:1a:fc:bf:41:c9:3f:a1:
                    53:7e:6e:5d:20:d7:19:b3:aa:8f:f9:32:0d:ad:b3:
                    01:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:91:AB:0F:54:B7:16:3E:AF:F7:55:C2:DA:92:65:9D:76:63:89:FA
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/n5GrD1S3Fj6v91XC2pJlnXZjifo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.222.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:08:38:fd:92:15:d2:0a:64:4a:ab:8c:de:4c:30:1b:7a:79:
         61:e1:ea:54:c6:54:83:c0:04:72:9c:cf:77:fd:c4:d7:04:1b:
         bd:fd:72:b6:ea:b7:78:72:a5:56:3f:af:5d:45:cd:cb:81:9c:
         58:09:ec:fe:61:dc:b8:36:54:15:ca:cf:30:d3:51:fd:f1:b6:
         6c:81:99:48:da:24:ba:c2:4e:6c:16:64:a9:4b:9f:67:f9:9f:
         0f:28:ed:e8:76:1f:5d:b2:78:c9:cf:57:bd:73:d4:0d:dc:2f:
         08:b8:0c:bf:9c:cd:08:7d:47:5e:52:cb:e6:69:35:88:e1:ba:
         3c:83:c3:b6:c3:7b:08:f5:dc:5c:98:b8:2b:6b:eb:9a:96:0b:
         6a:fb:ee:d0:16:cd:6e:e3:a4:d5:0d:02:8a:1c:3b:20:bb:94:
         13:08:c0:cc:4e:eb:3b:70:be:27:c1:2a:c6:5a:98:e9:7e:1e:
         4f:75:cd:a0:35:0f:2c:7f:79:32:2f:51:7f:83:f6:64:cf:00:
         b0:e1:c1:ad:92:c7:11:2a:4c:0b:6b:00:ef:29:a1:c2:c6:f2:
         eb:01:c2:94:8f:51:29:69:08:1f:c0:e7:3c:8c:57:b2:b7:35:
         1e:40:00:4d:05:8c:a5:ff:cb:a3:f5:20:d3:b2:51:8e:ea:c5:
         d8:31:57:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz2BaGOXT26b8hJ3saU3xtpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjYwMzE2MDk0MTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjkxYWIwZjU0YjcxNjNlYWZmNzU1YzJkYTkyNjU5ZDc2NjM4OWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQ7akhOxkqiedWO21RlUC1R0OHb6
YLOw5wAdlgaHiQ3fykX+BAMFHvPlLJQlLR1ZDNt2O4qkUYmZvjApTWdKh7BLctKf
avG0GkIqO5XF54CkHyEBTESWUGjNJF/H6DpmUmmYPFz6KaQorv1TuqTDUMJPfkin
pyDZWuoKvgqGLs/rKXMB51DZiwW1D+cJJWMGzFQeTttAGxCE/WkYJbcuGBnOlhqT
nxi0s8W6x9dTmqnldO/iQmP0wIdw5R4H0ua0+aRH10gYmL7bnB/eK4tNUlSO4hP1
YoohtFu9D4CGr6ffiAAzxwPYwhr8v0HJP6FTfm5dINcZs6qP+TINrbMB8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ+Rqw9UtxY+r/dVwtqSZZ12Y4n6MB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvbjVHckQxUzNGajZ2OTFYQzJwSmxuWFpqaWZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAaN6wMA0G
CSqGSIb3DQEBCwUAA4IBAQBxCDj9khXSCmRKq4zeTDAbenlh4epUxlSDwARynM93
/cTXBBu9/XK26rd4cqVWP69dRc3LgZxYCez+Ydy4NlQVys8w01H98bZsgZlI2iS6
wk5sFmSpS59n+Z8PKO3odh9dsnjJz1e9c9QN3C8IuAy/nM0IfUdeUsvmaTWI4bo8
g8O2w3sI9dxcmLgra+ualgtq++7QFs1u46TVDQKKHDsgu5QTCMDMTus7cL4nwSrG
Wpjpfh5Pdc2gNQ8sf3kyL1F/g/ZkzwCw4cGtkscRKkwLawDvKaHCxvLrAcKUj1Ep
aQgfwOc8jFeytzUeQABNBYyl/8uj9SDTslGO6sXYMVcQ
-----END CERTIFICATE-----