Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/5IujmjPdPrZmK1hk9okGjCtd4Fk.roa
File:                     5IujmjPdPrZmK1hk9okGjCtd4Fk.roa (raw, json)
Hash identifier:          N/+2a7/ElpiyUASzR7GuSZmGO/Q/QAu9cL/09RfCYNc=
Subject key identifier:   E4:8B:A3:9A:33:DD:3E:B6:66:2B:58:64:F6:89:06:8C:2B:5D:E0:59
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       019D765B2DDBCDEBC19F07282B993B60B22E
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/5IujmjPdPrZmK1hk9okGjCtd4Fk.roa
Signing time:             Fri 10 Apr 2026 07:46:20 +0000
ROA not before:           Fri 10 Apr 2026 07:46:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199240
IP address blocks:        2a03:5840:13d::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:76:5b:2d:db:cd:eb:c1:9f:07:28:2b:99:3b:60:b2:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Apr 10 07:46:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e48ba39a33dd3eb6662b5864f689068c2b5de059
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:ca:49:ff:63:e1:9f:40:97:74:d1:62:b4:77:
                    ed:a1:7a:28:dd:8d:87:14:df:2b:e5:c7:66:ae:13:
                    9e:41:02:27:e1:7a:53:fc:da:17:3c:c8:c6:81:b1:
                    81:0d:49:06:d7:9f:6d:71:38:05:85:f3:19:c8:38:
                    95:43:35:15:54:c0:46:98:bb:fb:d9:8f:6d:ef:60:
                    32:5a:4a:ce:64:6b:9d:51:ef:c6:5b:db:ee:02:40:
                    f3:86:4c:a2:ca:21:64:39:c3:e4:33:33:b6:05:78:
                    ff:c1:e3:95:f3:4c:0b:27:0c:ec:97:e9:72:3f:db:
                    20:4e:38:51:1e:ca:cc:ad:bb:ba:88:1d:74:ae:6a:
                    09:4d:a6:53:d3:01:f6:02:69:eb:f8:58:e5:a7:ea:
                    03:02:28:8c:8b:c6:82:9b:34:99:75:87:52:bb:e0:
                    9e:49:2b:3f:9c:99:6f:db:93:e5:c4:93:d4:4b:92:
                    07:58:0c:05:3c:70:f6:f7:e3:9f:2e:6f:e3:ec:85:
                    0d:f7:0f:3f:08:4f:99:b6:f0:2d:cc:82:06:cd:f8:
                    7d:fd:61:c5:1e:24:ac:20:91:8f:fa:9c:9f:25:4e:
                    0a:c5:c9:63:af:7c:df:41:f0:da:46:11:3f:02:6a:
                    c1:40:d6:eb:63:f3:f4:f5:65:4a:3a:d3:34:03:cd:
                    f7:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:8B:A3:9A:33:DD:3E:B6:66:2B:58:64:F6:89:06:8C:2B:5D:E0:59
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/5IujmjPdPrZmK1hk9okGjCtd4Fk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:13d::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:c1:9d:ee:9f:01:1e:ca:79:95:32:46:5d:d4:7b:29:3b:17:
         ff:61:f1:63:05:9d:c6:94:0a:04:da:c0:ea:70:80:a9:2d:8d:
         f0:bb:b7:a5:ac:6e:1d:6d:8b:57:13:58:81:09:23:2f:e9:8b:
         50:89:f2:67:16:7d:65:47:f8:dc:e8:80:84:87:8c:6e:3a:35:
         a9:d9:9b:71:b7:87:93:77:f1:26:6c:3d:a9:7b:fc:52:58:6b:
         0f:44:95:ef:c8:ce:c7:11:01:f3:50:56:e3:bc:bd:29:c7:e8:
         5f:74:dc:50:83:63:2c:3e:f2:45:c2:e6:94:8e:a0:e5:4b:1c:
         82:f0:26:38:ae:f4:55:df:c6:01:db:10:a3:a3:67:71:de:2d:
         7d:6b:02:d1:d2:5d:2c:52:23:ca:dc:ad:30:7f:72:c8:57:41:
         ed:ce:45:50:c5:c9:11:f0:02:4e:17:4f:1a:d0:99:ef:99:f0:
         24:68:e2:81:68:1f:19:63:83:97:a1:68:02:4c:09:4e:4d:1f:
         04:45:a6:5c:59:b9:30:cf:a9:45:14:46:12:c4:09:b1:06:8d:
         e8:0a:d0:46:bb:6a:53:6e:94:26:94:f7:e6:dd:c6:e8:69:69:
         c8:0e:48:0f:ed:93:86:04:32:db:31:26:76:dc:28:30:8f:34:
         d7:56:b8:13
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ12Wy3bzevBnwcoK5k7YLIuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjYwNDEwMDc0NjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDhiYTM5YTMzZGQzZWI2NjYyYjU4NjRmNjg5MDY4YzJiNWRlMDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArMpJ/2Phn0CXdNFitHftoXoo3Y2H
FN8r5cdmrhOeQQIn4XpT/NoXPMjGgbGBDUkG159tcTgFhfMZyDiVQzUVVMBGmLv7
2Y9t72AyWkrOZGudUe/GW9vuAkDzhkyiyiFkOcPkMzO2BXj/weOV80wLJwzsl+ly
P9sgTjhRHsrMrbu6iB10rmoJTaZT0wH2Amnr+Fjlp+oDAiiMi8aCmzSZdYdSu+Ce
SSs/nJlv25PlxJPUS5IHWAwFPHD29+OfLm/j7IUN9w8/CE+ZtvAtzIIGzfh9/WHF
HiSsIJGP+pyfJU4Kxcljr3zfQfDaRhE/AmrBQNbrY/P09WVKOtM0A833WwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOSLo5oz3T62ZitYZPaJBowrXeBZMB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvNUl1am1qUGRQclptSzFoazlva0dqQ3RkNEZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNYQAE9
MA0GCSqGSIb3DQEBCwUAA4IBAQBwwZ3unwEeynmVMkZd1HspOxf/YfFjBZ3GlAoE
2sDqcICpLY3wu7elrG4dbYtXE1iBCSMv6YtQifJnFn1lR/jc6ICEh4xuOjWp2Ztx
t4eTd/EmbD2pe/xSWGsPRJXvyM7HEQHzUFbjvL0px+hfdNxQg2MsPvJFwuaUjqDl
SxyC8CY4rvRV38YB2xCjo2dx3i19awLR0l0sUiPK3K0wf3LIV0HtzkVQxckR8AJO
F08a0JnvmfAkaOKBaB8ZY4OXoWgCTAlOTR8ERaZcWbkwz6lFFEYSxAmxBo3oCtBG
u2pTbpQmlPfm3cboaWnIDkgP7ZOGBDLbMSZ23CgwjzTXVrgT
-----END CERTIFICATE-----