Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7de65c-90f5-4def-b873-d2adeed755d8/1/v43UctCf1m_YqiCCmDLAu1pRtWc.roa
File:                     v43UctCf1m_YqiCCmDLAu1pRtWc.roa (raw, json)
Hash identifier:          jjSq+CF7VsCH0fg5RfOs1DzGWE7oIKtwpD0a4wDShPE=
Subject key identifier:   BF:8D:D4:72:D0:9F:D6:6F:D8:AA:20:82:98:32:C0:BB:5A:51:B5:67
Certificate issuer:       /CN=5954b6183e459748c89ee5431b8f31de692ae3b7
Certificate serial:       019DFD92B33BEBC8CFAF698B29F15186FCB5
Authority key identifier: 59:54:B6:18:3E:45:97:48:C8:9E:E5:43:1B:8F:31:DE:69:2A:E3:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WVS2GD5Fl0jInuVDG48x3mkq47c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7de65c-90f5-4def-b873-d2adeed755d8/1/v43UctCf1m_YqiCCmDLAu1pRtWc.roa
Signing time:             Wed 06 May 2026 13:55:42 +0000
ROA not before:           Wed 06 May 2026 13:55:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396356
IP address blocks:        84.37.108.0/23 maxlen: 24
                          84.37.114.0/23 maxlen: 24
                          84.37.118.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7de65c-90f5-4def-b873-d2adeed755d8/1/WVS2GD5Fl0jInuVDG48x3mkq47c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7de65c-90f5-4def-b873-d2adeed755d8/1/WVS2GD5Fl0jInuVDG48x3mkq47c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WVS2GD5Fl0jInuVDG48x3mkq47c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fd:92:b3:3b:eb:c8:cf:af:69:8b:29:f1:51:86:fc:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5954b6183e459748c89ee5431b8f31de692ae3b7
        Validity
            Not Before: May  6 13:55:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bf8dd472d09fd66fd8aa20829832c0bb5a51b567
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:21:08:68:c7:d6:80:7a:dc:f5:db:3f:73:74:
                    1d:07:bc:43:dc:d1:c0:6e:82:b3:16:5b:c9:d8:46:
                    ed:e7:91:d1:22:cd:05:18:45:0d:4f:87:9d:25:0c:
                    17:67:32:33:c8:b4:6d:a0:11:79:1f:2e:ff:cc:59:
                    ad:85:a6:52:d6:28:4e:e9:f3:63:ef:0e:04:5c:2b:
                    56:8f:a9:25:d5:c8:7b:24:1d:4a:30:2f:20:53:6a:
                    2a:a1:21:56:f4:ae:62:ed:f5:3f:c6:d4:0a:e0:24:
                    6d:d5:79:c1:28:9e:b2:87:3d:8b:64:61:1f:5b:21:
                    bd:dc:1c:a3:1b:ef:46:b1:fb:bf:ee:8b:dc:91:12:
                    3f:e2:75:dc:4e:28:0f:f9:3f:02:73:0c:99:a0:18:
                    b6:c1:7b:e7:1f:7d:3f:40:4d:2c:61:a6:57:5b:03:
                    93:d6:a2:c7:15:3f:f4:0f:87:b0:88:d7:6d:6d:59:
                    36:6c:c7:aa:6e:33:d2:00:d4:fc:a0:e4:37:d8:8c:
                    c1:1b:8f:94:ed:69:17:b8:fc:04:dd:aa:3a:27:5a:
                    66:12:19:37:8b:cd:cd:db:f6:d0:ca:5b:f1:77:2f:
                    79:79:be:13:fb:db:08:4a:a8:83:3b:e3:41:b5:98:
                    28:e5:14:fb:39:8b:ab:01:40:84:b0:a6:fd:bc:35:
                    09:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:8D:D4:72:D0:9F:D6:6F:D8:AA:20:82:98:32:C0:BB:5A:51:B5:67
            X509v3 Authority Key Identifier:
                keyid:59:54:B6:18:3E:45:97:48:C8:9E:E5:43:1B:8F:31:DE:69:2A:E3:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WVS2GD5Fl0jInuVDG48x3mkq47c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7de65c-90f5-4def-b873-d2adeed755d8/1/v43UctCf1m_YqiCCmDLAu1pRtWc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7de65c-90f5-4def-b873-d2adeed755d8/1/WVS2GD5Fl0jInuVDG48x3mkq47c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.37.108.0/23
                  84.37.114.0/23
                  84.37.118.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6e:16:15:85:99:46:f9:90:8b:49:75:a4:4f:52:b8:b0:35:f3:
         37:4b:62:2f:1b:13:02:ab:0f:a8:52:b1:ab:71:c0:9f:61:bd:
         ec:65:08:35:8b:61:0c:47:a2:59:b3:44:66:8c:1a:b8:92:cd:
         69:c4:85:f2:30:cc:6f:96:4f:5a:32:51:f8:d0:33:0c:99:c8:
         b3:47:9e:dd:9d:8d:d7:36:93:ec:25:58:d3:d5:60:2e:1f:a4:
         e9:1d:e8:16:e4:b9:3e:75:dd:b1:d4:d9:ed:98:7b:d6:b1:87:
         9a:ae:7e:3c:a3:74:e5:ab:b7:98:ff:94:ae:d1:06:3c:db:6b:
         36:59:5b:b5:26:f0:0d:b0:d3:48:29:2a:c2:76:ff:fa:73:ed:
         94:62:44:71:6f:e5:ff:9f:f3:db:ba:1f:d7:a4:4a:31:53:2d:
         a1:ac:2a:14:d0:30:1f:25:46:03:f5:65:d5:32:d9:ca:42:50:
         c7:82:65:48:ba:9a:bb:f0:1a:da:9f:d4:c9:ff:cb:b3:aa:d2:
         04:7b:c0:36:67:ae:20:2c:4b:7c:1b:52:6c:a0:c0:5e:d5:62:
         15:a5:95:9e:6f:5e:e9:c0:9a:45:64:d8:88:02:ec:ec:03:8b:
         d2:21:f6:70:51:2f:66:e1:a4:ca:42:dd:0f:1e:23:f1:62:3f:
         4f:22:63:5c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ39krM768jPr2mLKfFRhvy1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5NTRiNjE4M2U0NTk3NDhjODllZTU0MzFiOGYzMWRlNjky
YWUzYjcwHhcNMjYwNTA2MTM1NTQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjhkZDQ3MmQwOWZkNjZmZDhhYTIwODI5ODMyYzBiYjVhNTFiNTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4yEIaMfWgHrc9ds/c3QdB7xD3NHA
boKzFlvJ2Ebt55HRIs0FGEUNT4edJQwXZzIzyLRtoBF5Hy7/zFmthaZS1ihO6fNj
7w4EXCtWj6kl1ch7JB1KMC8gU2oqoSFW9K5i7fU/xtQK4CRt1XnBKJ6yhz2LZGEf
WyG93ByjG+9Gsfu/7ovckRI/4nXcTigP+T8CcwyZoBi2wXvnH30/QE0sYaZXWwOT
1qLHFT/0D4ewiNdtbVk2bMeqbjPSANT8oOQ32IzBG4+U7WkXuPwE3ao6J1pmEhk3
i83N2/bQylvxdy95eb4T+9sISqiDO+NBtZgo5RT7OYurAUCEsKb9vDUJtwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFL+N1HLQn9Zv2KoggpgywLtaUbVnMB8GA1UdIwQY
MBaAFFlUthg+RZdIyJ7lQxuPMd5pKuO3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1ZTMkdENUZsMGpJbnVWREc0OHgzbWtxNDdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83ZGU2NWMtOTBmNS00ZGVmLWI4NzMt
ZDJhZGVlZDc1NWQ4LzEvdjQzVWN0Q2YxbV9ZcWlDQ21ETEF1MXBSdFdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83ZGU2NWMtOTBmNS00ZGVmLWI4NzMtZDJhZGVlZDc1NWQ4
LzEvV1ZTMkdENUZsMGpJbnVWREc0OHgzbWtxNDdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBVCVsAwQB
VCVyAwQBVCV2MA0GCSqGSIb3DQEBCwUAA4IBAQBuFhWFmUb5kItJdaRPUriwNfM3
S2IvGxMCqw+oUrGrccCfYb3sZQg1i2EMR6JZs0RmjBq4ks1pxIXyMMxvlk9aMlH4
0DMMmcizR57dnY3XNpPsJVjT1WAuH6TpHegW5Lk+dd2x1NntmHvWsYearn48o3Tl
q7eY/5Su0QY822s2WVu1JvANsNNIKSrCdv/6c+2UYkRxb+X/n/Pbuh/XpEoxUy2h
rCoU0DAfJUYD9WXVMtnKQlDHgmVIupq78Bran9TJ/8uzqtIEe8A2Z64gLEt8G1Js
oMBe1WIVpZWeb17pwJpFZNiIAuzsA4vSIfZwUS9m4aTKQt0PHiPxYj9PImNc
-----END CERTIFICATE-----