Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/122f6a-c132-49aa-b496-b92ce21ca409/1/tV5_l1JoTOlyn1gV75xG7F66I9I.roa
File:                     tV5_l1JoTOlyn1gV75xG7F66I9I.roa (raw, json)
Hash identifier:          CQ36UA0MMoJmpBpprrqKcSAebezNWRbVUaxNQ4W1kY0=
Subject key identifier:   B5:5E:7F:97:52:68:4C:E9:72:9F:58:15:EF:9C:46:EC:5E:BA:23:D2
Certificate issuer:       /CN=958061d8000cb83d3b8967e66fb8a4c27e912262
Certificate serial:       019CE2E344AD298BD6B013339BF09FAE16EC
Authority key identifier: 95:80:61:D8:00:0C:B8:3D:3B:89:67:E6:6F:B8:A4:C2:7E:91:22:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lYBh2AAMuD07iWfmb7ikwn6RImI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/122f6a-c132-49aa-b496-b92ce21ca409/1/tV5_l1JoTOlyn1gV75xG7F66I9I.roa
Signing time:             Thu 12 Mar 2026 16:31:10 +0000
ROA not before:           Thu 12 Mar 2026 16:31:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203760
IP address blocks:        185.124.184.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/122f6a-c132-49aa-b496-b92ce21ca409/1/lYBh2AAMuD07iWfmb7ikwn6RImI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/122f6a-c132-49aa-b496-b92ce21ca409/1/lYBh2AAMuD07iWfmb7ikwn6RImI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lYBh2AAMuD07iWfmb7ikwn6RImI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e2:e3:44:ad:29:8b:d6:b0:13:33:9b:f0:9f:ae:16:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=958061d8000cb83d3b8967e66fb8a4c27e912262
        Validity
            Not Before: Mar 12 16:31:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b55e7f9752684ce9729f5815ef9c46ec5eba23d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:68:83:a2:2b:31:66:4b:16:87:12:54:d0:4f:
                    db:b5:47:9e:d0:97:90:45:df:b0:6f:10:88:45:c2:
                    15:cc:73:c8:82:d1:55:f6:3e:21:a0:b8:4e:54:67:
                    0c:ca:e6:17:6b:83:ca:ca:02:e5:e7:c9:97:62:61:
                    d7:f5:da:6a:b1:db:75:d4:1d:ba:79:8b:f2:fe:fc:
                    f8:46:94:ef:51:7e:98:cb:d2:9c:12:a7:89:48:0a:
                    02:16:b8:2d:cc:38:d1:86:4b:0f:a0:85:c5:c8:11:
                    71:7c:a1:b1:20:f3:03:00:0c:1f:f6:fb:0a:d4:cd:
                    46:31:74:2d:25:c8:50:9f:0f:45:c1:a9:1a:22:20:
                    e1:0d:f4:99:08:67:a7:f4:01:81:af:b6:27:84:72:
                    e6:a4:33:6e:c0:44:8d:28:1f:24:d4:d6:57:18:fe:
                    dd:74:97:d7:0b:c2:39:4a:9b:ef:84:10:bc:9e:2e:
                    42:6c:e8:f8:cb:9d:e8:c7:67:b8:97:15:7c:06:56:
                    fd:be:bd:3f:e8:49:13:03:67:70:89:dd:a9:50:fb:
                    f8:af:4e:28:b2:75:7a:75:17:9f:ba:ca:bb:a8:07:
                    60:ac:33:d1:6d:b8:97:30:7d:e3:0c:11:c2:29:d8:
                    ff:28:a3:2f:3e:97:e3:98:b5:a5:71:9c:d1:45:87:
                    38:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:5E:7F:97:52:68:4C:E9:72:9F:58:15:EF:9C:46:EC:5E:BA:23:D2
            X509v3 Authority Key Identifier:
                keyid:95:80:61:D8:00:0C:B8:3D:3B:89:67:E6:6F:B8:A4:C2:7E:91:22:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lYBh2AAMuD07iWfmb7ikwn6RImI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/122f6a-c132-49aa-b496-b92ce21ca409/1/tV5_l1JoTOlyn1gV75xG7F66I9I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/122f6a-c132-49aa-b496-b92ce21ca409/1/lYBh2AAMuD07iWfmb7ikwn6RImI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.124.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         93:ee:3a:3d:1c:b7:14:35:09:16:78:12:5e:65:3f:00:4d:55:
         89:1b:b5:73:6d:44:fa:ff:05:02:31:7b:30:20:1a:f0:3a:68:
         6a:4c:59:c8:36:07:ef:2d:71:09:7c:90:1e:79:85:d0:1d:2d:
         f3:72:9e:6f:8c:13:9e:c4:e8:5f:92:14:0e:1b:f7:06:09:fd:
         43:24:bb:1f:64:08:89:cc:82:cb:28:6e:b6:f8:db:ff:28:71:
         26:03:e9:77:0d:ff:5e:ab:21:22:01:1a:a6:b5:a3:31:72:d6:
         84:5e:1a:a1:c1:6c:08:51:cc:a8:89:e6:c1:69:75:dc:18:33:
         4e:ea:ae:9a:2a:9a:cf:53:de:0f:95:73:28:84:3e:31:cb:9a:
         96:54:35:c3:09:f7:fd:28:f7:91:2d:8f:82:4b:b7:7a:d1:e1:
         b3:d2:4f:31:ce:f6:24:39:ab:08:6f:3b:63:76:d0:76:df:51:
         18:a3:26:b9:3b:d0:2e:d1:e8:a9:2f:02:55:93:a2:d8:3d:23:
         7d:08:5c:4a:e9:07:21:58:71:11:18:f9:bd:60:ae:c6:ac:31:
         88:8a:99:2b:2d:76:fa:8d:00:e0:bf:a6:73:11:e0:48:0a:75:
         90:03:98:c5:34:60:b4:c8:cc:91:71:b0:fa:af:0c:70:9b:2b:
         07:4e:86:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzi40StKYvWsBMzm/CfrhbsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1ODA2MWQ4MDAwY2I4M2QzYjg5NjdlNjZmYjhhNGMyN2U5
MTIyNjIwHhcNMjYwMzEyMTYzMTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTVlN2Y5NzUyNjg0Y2U5NzI5ZjU4MTVlZjljNDZlYzVlYmEyM2QyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWiDoisxZksWhxJU0E/btUee0JeQ
Rd+wbxCIRcIVzHPIgtFV9j4hoLhOVGcMyuYXa4PKygLl58mXYmHX9dpqsdt11B26
eYvy/vz4RpTvUX6Yy9KcEqeJSAoCFrgtzDjRhksPoIXFyBFxfKGxIPMDAAwf9vsK
1M1GMXQtJchQnw9FwakaIiDhDfSZCGen9AGBr7YnhHLmpDNuwESNKB8k1NZXGP7d
dJfXC8I5SpvvhBC8ni5CbOj4y53ox2e4lxV8Blb9vr0/6EkTA2dwid2pUPv4r04o
snV6dRefusq7qAdgrDPRbbiXMH3jDBHCKdj/KKMvPpfjmLWlcZzRRYc4ewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLVef5dSaEzpcp9YFe+cRuxeuiPSMB8GA1UdIwQY
MBaAFJWAYdgADLg9O4ln5m+4pMJ+kSJiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFlCaDJBQU11RDA3aVdmbWI3aWt3bjZSSW1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8xMjJmNmEtYzEzMi00OWFhLWI0OTYt
YjkyY2UyMWNhNDA5LzEvdFY1X2wxSm9UT2x5bjFnVjc1eEc3RjY2STlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8xMjJmNmEtYzEzMi00OWFhLWI0OTYtYjkyY2UyMWNhNDA5
LzEvbFlCaDJBQU11RDA3aVdmbWI3aWt3bjZSSW1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXy4MA0G
CSqGSIb3DQEBCwUAA4IBAQCT7jo9HLcUNQkWeBJeZT8ATVWJG7VzbUT6/wUCMXsw
IBrwOmhqTFnINgfvLXEJfJAeeYXQHS3zcp5vjBOexOhfkhQOG/cGCf1DJLsfZAiJ
zILLKG62+Nv/KHEmA+l3Df9eqyEiARqmtaMxctaEXhqhwWwIUcyoiebBaXXcGDNO
6q6aKprPU94PlXMohD4xy5qWVDXDCff9KPeRLY+CS7d60eGz0k8xzvYkOasIbztj
dtB231EYoya5O9Au0eipLwJVk6LYPSN9CFxK6QchWHERGPm9YK7GrDGIipkrLXb6
jQDgv6ZzEeBICnWQA5jFNGC0yMyRcbD6rwxwmysHToZ3
-----END CERTIFICATE-----