Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/RPqlt-O41K-wPGecQjDwly3STlY.roa
File:                     RPqlt-O41K-wPGecQjDwly3STlY.roa (raw, json)
Hash identifier:          haF6uyo54YIqQOsDZsYFKB4BBxOGR5FBiQpPVWTCjOU=
Subject key identifier:   44:FA:A5:B7:E3:B8:D4:AF:B0:3C:67:9C:42:30:F0:97:2D:D2:4E:56
Certificate issuer:       /CN=297ef9befd1a7e24c0cc9729987fc065d6b7132f
Certificate serial:       019DD519C5B3AF7F287E6E7CCB247CC84F19
Authority key identifier: 29:7E:F9:BE:FD:1A:7E:24:C0:CC:97:29:98:7F:C0:65:D6:B7:13:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/RPqlt-O41K-wPGecQjDwly3STlY.roa
Signing time:             Tue 28 Apr 2026 17:18:49 +0000
ROA not before:           Tue 28 Apr 2026 17:18:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        5.10.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d5:19:c5:b3:af:7f:28:7e:6e:7c:cb:24:7c:c8:4f:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=297ef9befd1a7e24c0cc9729987fc065d6b7132f
        Validity
            Not Before: Apr 28 17:18:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=44faa5b7e3b8d4afb03c679c4230f0972dd24e56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:4c:24:c6:62:06:a9:fc:94:c1:af:a3:fc:3e:
                    c5:e8:e8:78:49:d4:3e:14:8e:bf:7e:12:9c:71:f4:
                    50:56:d3:35:8d:95:e5:5b:04:51:2e:a4:f6:79:c8:
                    a9:99:3d:73:35:6a:79:2f:e8:dd:63:b9:8d:5e:1c:
                    56:d3:c7:a3:78:41:8f:7c:01:86:07:d8:15:1b:1b:
                    d6:92:6c:38:17:6d:64:93:ea:ef:1b:f9:b3:53:c5:
                    41:a0:e7:4a:71:9e:73:fb:f2:fd:3e:d9:b2:b2:d4:
                    53:fa:ab:37:b5:22:52:e5:1f:01:12:f4:b4:7c:59:
                    1e:26:c8:ac:60:7b:9e:c2:63:c3:1c:8c:37:2f:ca:
                    61:7f:d7:14:1e:18:cb:d1:c4:35:4f:ae:16:af:bf:
                    c5:3c:9e:0d:94:e9:f4:b4:d9:cd:bb:99:b6:ad:ae:
                    f9:ce:a8:9b:54:de:ce:9a:1d:99:25:64:fe:3c:0d:
                    82:41:88:d7:a4:e4:7f:36:71:9b:6d:a9:57:d0:70:
                    2c:ce:70:e2:d1:d0:37:f3:e1:d5:cf:9c:26:2d:37:
                    ab:35:b1:77:d6:01:a8:53:db:9f:14:fa:88:f1:60:
                    a1:b7:cd:70:fb:ef:c3:e8:bf:ad:17:f6:99:95:56:
                    67:94:89:c2:17:3c:8b:46:8c:c1:4e:c2:74:c8:73:
                    1f:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:FA:A5:B7:E3:B8:D4:AF:B0:3C:67:9C:42:30:F0:97:2D:D2:4E:56
            X509v3 Authority Key Identifier:
                keyid:29:7E:F9:BE:FD:1A:7E:24:C0:CC:97:29:98:7F:C0:65:D6:B7:13:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/RPqlt-O41K-wPGecQjDwly3STlY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.10.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:3a:e1:59:3f:87:bb:7f:b9:52:98:36:39:cc:4e:33:09:cd:
         a2:d5:97:23:16:09:80:ce:1c:d9:6c:23:ec:be:eb:03:45:fd:
         f2:bb:fb:49:6b:13:66:7a:1e:25:81:57:34:c8:05:ad:df:77:
         bf:54:39:93:72:f5:a6:9f:08:4a:d8:7e:8b:19:9a:b8:a6:eb:
         9b:27:a9:12:0b:c9:8d:96:54:78:2d:f1:9d:c3:d5:1b:0b:57:
         9e:45:8b:02:a9:c2:1d:8d:05:9e:c3:48:0a:f5:37:d1:bd:60:
         ef:7c:d8:da:b8:7b:60:dc:40:fe:c1:2b:b8:29:67:47:4f:78:
         7e:c2:0b:7e:42:5e:23:67:00:ec:04:95:35:85:07:4f:85:e2:
         b4:db:20:e1:c1:a9:ce:c4:14:7c:d0:31:a1:bd:20:a7:ea:77:
         ef:8d:46:e0:73:0f:4a:af:dc:2d:07:54:79:5a:95:f7:85:52:
         61:56:29:81:5c:e7:90:11:a8:bb:56:be:47:ad:fa:d5:50:12:
         a8:89:74:15:bc:1b:a4:a8:7b:b0:88:c3:51:3d:d3:ee:31:2a:
         1b:53:3f:e3:22:94:b8:9a:6c:80:af:9e:19:38:3e:28:c2:70:
         a7:5e:4d:9b:d3:4e:23:4d:b3:a6:8b:81:ba:cb:81:52:4b:4f:
         50:76:49:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3VGcWzr38ofm58yyR8yE8ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5N2VmOWJlZmQxYTdlMjRjMGNjOTcyOTk4N2ZjMDY1ZDZi
NzEzMmYwHhcNMjYwNDI4MTcxODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGZhYTViN2UzYjhkNGFmYjAzYzY3OWM0MjMwZjA5NzJkZDI0ZTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyUwkxmIGqfyUwa+j/D7F6Oh4SdQ+
FI6/fhKccfRQVtM1jZXlWwRRLqT2ecipmT1zNWp5L+jdY7mNXhxW08ejeEGPfAGG
B9gVGxvWkmw4F21kk+rvG/mzU8VBoOdKcZ5z+/L9PtmystRT+qs3tSJS5R8BEvS0
fFkeJsisYHuewmPDHIw3L8phf9cUHhjL0cQ1T64Wr7/FPJ4NlOn0tNnNu5m2ra75
zqibVN7Omh2ZJWT+PA2CQYjXpOR/NnGbbalX0HAsznDi0dA38+HVz5wmLTerNbF3
1gGoU9ufFPqI8WCht81w++/D6L+tF/aZlVZnlInCFzyLRozBTsJ0yHMfzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFET6pbfjuNSvsDxnnEIw8Jct0k5WMB8GA1UdIwQY
MBaAFCl++b79Gn4kwMyXKZh/wGXWtxMvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1g3NXZ2MGFmaVRBekpjcG1IX0FaZGEzRXk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9iZTQ5MDktNzQ1Zi00ZDBjLWJmYWIt
ZGVlNzY4NjAwMTNkLzEvUlBxbHQtTzQxSy13UEdlY1FqRHdseTNTVGxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9iZTQ5MDktNzQ1Zi00ZDBjLWJmYWItZGVlNzY4NjAwMTNk
LzEvS1g3NXZ2MGFmaVRBekpjcG1IX0FaZGEzRXk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABQreMA0G
CSqGSIb3DQEBCwUAA4IBAQAROuFZP4e7f7lSmDY5zE4zCc2i1ZcjFgmAzhzZbCPs
vusDRf3yu/tJaxNmeh4lgVc0yAWt33e/VDmTcvWmnwhK2H6LGZq4puubJ6kSC8mN
llR4LfGdw9UbC1eeRYsCqcIdjQWew0gK9TfRvWDvfNjauHtg3ED+wSu4KWdHT3h+
wgt+Ql4jZwDsBJU1hQdPheK02yDhwanOxBR80DGhvSCn6nfvjUbgcw9Kr9wtB1R5
WpX3hVJhVimBXOeQEai7Vr5HrfrVUBKoiXQVvBukqHuwiMNRPdPuMSobUz/jIpS4
mmyAr54ZOD4ownCnXk2b004jTbOmi4G6y4FSS09Qdkk5
-----END CERTIFICATE-----