Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/paqARLWGHEvsQE4mxfqd0XmF8E4.roa
File:                     paqARLWGHEvsQE4mxfqd0XmF8E4.roa (raw, json)
Hash identifier:          Lm5mjKYgm61guBsug/q9pfcT7JFo4wdbLfBTxr3dfhg=
Subject key identifier:   A5:AA:80:44:B5:86:1C:4B:EC:40:4E:26:C5:FA:9D:D1:79:85:F0:4E
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       019D1C740779F6195C982D286655BB0BE747
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/paqARLWGHEvsQE4mxfqd0XmF8E4.roa
Signing time:             Mon 23 Mar 2026 20:47:39 +0000
ROA not before:           Mon 23 Mar 2026 20:47:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49478
IP address blocks:        192.144.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 20:50:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1c:74:07:79:f6:19:5c:98:2d:28:66:55:bb:0b:e7:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Mar 23 20:47:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a5aa8044b5861c4bec404e26c5fa9dd17985f04e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:5e:90:17:94:a6:d8:77:9f:cd:17:8f:66:fb:
                    a2:7e:99:94:af:21:95:63:1f:38:c3:81:a6:3b:fd:
                    f7:ce:f6:dc:21:49:73:d7:c6:cb:86:2a:85:c3:01:
                    ff:49:50:56:2c:de:df:a8:05:09:0a:c2:b5:4e:69:
                    42:c6:f7:8d:c5:aa:38:07:6a:cf:f8:3e:38:32:33:
                    22:77:c4:c3:41:3d:62:9d:99:af:1f:29:e4:b9:17:
                    63:07:cb:ed:88:90:d6:bc:0e:bb:9d:a3:61:96:a2:
                    44:d9:fe:2b:9c:aa:9e:4f:bd:23:a2:10:ec:ea:9c:
                    3c:21:1b:16:e1:d9:dd:77:05:95:de:c3:15:65:4b:
                    d0:34:0b:a8:5e:a9:ab:ac:01:87:e1:e4:81:69:2e:
                    17:11:cc:0f:93:69:07:cb:98:44:c0:34:ba:77:64:
                    de:23:a0:94:fa:b4:b8:e7:40:3a:1e:22:ff:ad:e0:
                    05:7b:d3:48:42:58:5d:ff:49:80:88:7d:7c:0c:fd:
                    d0:82:78:dd:9c:d6:50:1c:d7:7c:44:29:94:7e:08:
                    5c:26:4e:c7:25:40:51:01:70:05:30:a8:8d:75:31:
                    bf:05:c3:31:53:a3:e5:6c:4a:5a:aa:da:81:15:0f:
                    7f:1b:0a:1b:d9:fd:bd:b0:82:1f:09:74:dd:fa:3a:
                    9b:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:AA:80:44:B5:86:1C:4B:EC:40:4E:26:C5:FA:9D:D1:79:85:F0:4E
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/paqARLWGHEvsQE4mxfqd0XmF8E4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.144.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:5c:49:5b:70:87:5e:87:35:67:1b:01:6f:74:d4:6f:33:6b:
         be:c2:58:34:83:d1:38:03:8a:b1:13:b5:e9:d7:8d:d6:e8:d7:
         34:b3:85:73:1c:33:4f:8b:08:c2:39:1b:04:b5:1f:f9:0d:11:
         ce:1e:9b:5e:20:ef:be:4d:dc:02:eb:1e:cd:1f:e0:7a:8d:23:
         9c:c9:97:52:2c:01:f2:57:09:f3:ac:65:3c:93:31:d4:9b:1e:
         93:4b:e8:65:fd:64:96:0d:79:a4:ad:bb:62:e2:8e:13:44:14:
         04:8f:06:53:ac:41:2a:16:e8:42:ac:b2:c3:b4:76:8f:3f:d2:
         d2:95:26:21:fc:5d:53:00:57:57:fd:d8:48:80:08:ca:6b:c8:
         ee:7f:34:7f:e4:7a:29:c5:26:69:33:3e:88:5a:60:e7:d6:59:
         87:04:ef:20:d1:4d:a6:3c:3c:e2:2b:88:26:86:0a:2e:29:e0:
         58:61:9b:24:d4:a3:9e:45:5c:2c:05:f3:bb:9b:e3:7b:9b:7e:
         ab:2f:56:3a:2f:a9:ea:bc:cd:97:7c:13:f4:59:a1:35:47:4d:
         2c:9b:b8:58:5a:9b:dc:15:13:17:23:d7:b8:5b:93:d1:c7:be:
         63:29:b0:3f:94:be:46:89:7a:33:e5:7e:c2:f0:04:33:9b:d6:
         29:ac:c0:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0cdAd59hlcmC0oZlW7C+dHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjYwMzIzMjA0NzM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWFhODA0NGI1ODYxYzRiZWM0MDRlMjZjNWZhOWRkMTc5ODVmMDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwF6QF5Sm2HefzRePZvuifpmUryGV
Yx84w4GmO/33zvbcIUlz18bLhiqFwwH/SVBWLN7fqAUJCsK1TmlCxveNxao4B2rP
+D44MjMid8TDQT1inZmvHynkuRdjB8vtiJDWvA67naNhlqJE2f4rnKqeT70johDs
6pw8IRsW4dnddwWV3sMVZUvQNAuoXqmrrAGH4eSBaS4XEcwPk2kHy5hEwDS6d2Te
I6CU+rS450A6HiL/reAFe9NIQlhd/0mAiH18DP3QgnjdnNZQHNd8RCmUfghcJk7H
JUBRAXAFMKiNdTG/BcMxU6PlbEpaqtqBFQ9/Gwob2f29sIIfCXTd+jqbpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKWqgES1hhxL7EBOJsX6ndF5hfBOMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvcGFxQVJMV0dIRXZzUUU0bXhmcWQwWG1GOEU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwJAdMA0G
CSqGSIb3DQEBCwUAA4IBAQCSXElbcIdehzVnGwFvdNRvM2u+wlg0g9E4A4qxE7Xp
143W6Nc0s4VzHDNPiwjCORsEtR/5DRHOHpteIO++TdwC6x7NH+B6jSOcyZdSLAHy
VwnzrGU8kzHUmx6TS+hl/WSWDXmkrbti4o4TRBQEjwZTrEEqFuhCrLLDtHaPP9LS
lSYh/F1TAFdX/dhIgAjKa8jufzR/5HopxSZpMz6IWmDn1lmHBO8g0U2mPDziK4gm
hgouKeBYYZsk1KOeRVwsBfO7m+N7m36rL1Y6L6nqvM2XfBP0WaE1R00sm7hYWpvc
FRMXI9e4W5PRx75jKbA/lL5GiXoz5X7C8AQzm9YprMCz
-----END CERTIFICATE-----