Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/4748c7-cd9e-401e-a8a4-0d48e6895f12/1/dfSHgrd5C6hUKxMq0PSCmRKJm9I.roa
File:                     dfSHgrd5C6hUKxMq0PSCmRKJm9I.roa (raw, json)
Hash identifier:          W8W0n8nFNFor8/swBReYXbRZIyqMzRCTk+zhUXiNuJc=
Subject key identifier:   75:F4:87:82:B7:79:0B:A8:54:2B:13:2A:D0:F4:82:99:12:89:9B:D2
Certificate issuer:       /CN=b630b73b51cbc5380dd4adb3d5aaff4d7a334c5e
Certificate serial:       019E1B9DF2B511585A39C9DEA3CB7CA86548
Authority key identifier: B6:30:B7:3B:51:CB:C5:38:0D:D4:AD:B3:D5:AA:FF:4D:7A:33:4C:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tjC3O1HLxTgN1K2z1ar_TXozTF4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/4748c7-cd9e-401e-a8a4-0d48e6895f12/1/dfSHgrd5C6hUKxMq0PSCmRKJm9I.roa
Signing time:             Tue 12 May 2026 09:56:36 +0000
ROA not before:           Tue 12 May 2026 09:56:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47925
IP address blocks:        153.56.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/4748c7-cd9e-401e-a8a4-0d48e6895f12/1/tjC3O1HLxTgN1K2z1ar_TXozTF4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/4748c7-cd9e-401e-a8a4-0d48e6895f12/1/tjC3O1HLxTgN1K2z1ar_TXozTF4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tjC3O1HLxTgN1K2z1ar_TXozTF4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 18:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:1b:9d:f2:b5:11:58:5a:39:c9:de:a3:cb:7c:a8:65:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b630b73b51cbc5380dd4adb3d5aaff4d7a334c5e
        Validity
            Not Before: May 12 09:56:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=75f48782b7790ba8542b132ad0f4829912899bd2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:1e:19:c3:4b:59:76:25:36:2d:8e:7e:85:d1:
                    b2:98:dc:b0:8b:a3:a7:87:fe:de:05:8b:4a:37:7e:
                    9b:7a:56:d4:be:7f:ff:ab:2a:00:02:42:07:9a:2f:
                    31:25:c3:95:cb:82:e8:c6:4e:32:51:d9:4e:4d:c9:
                    5f:04:fe:85:83:cd:fc:c0:7f:b8:9b:b3:f8:4f:46:
                    db:16:42:1b:3a:80:77:b3:bc:ea:65:07:5e:94:c9:
                    5f:f6:7c:40:2f:af:c3:39:17:ee:93:55:7a:91:1a:
                    31:4a:1b:11:7b:9a:56:a1:bb:47:17:ac:a6:b3:fb:
                    2a:64:41:f0:78:85:a2:24:b0:0f:1b:ba:1f:02:82:
                    f9:54:42:fc:80:39:0a:c7:63:4e:c4:c0:da:a1:45:
                    2e:6c:5e:03:03:3f:b6:6f:03:e5:b5:82:f5:a4:a1:
                    5a:8a:fe:9a:52:f0:d5:44:df:5b:6e:ea:dd:14:94:
                    ef:4f:ca:f0:c2:5d:23:7b:81:f2:98:63:e9:2b:f1:
                    8e:dc:ba:08:69:b3:b0:d2:7c:68:42:d5:35:7d:b2:
                    c8:fd:f2:57:b6:d5:55:b9:db:e7:76:b6:16:91:cb:
                    64:ec:36:71:d1:e0:89:38:c2:98:43:74:26:8c:b4:
                    06:e1:20:2a:d0:78:0c:32:5a:74:65:71:e2:a5:2f:
                    77:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:F4:87:82:B7:79:0B:A8:54:2B:13:2A:D0:F4:82:99:12:89:9B:D2
            X509v3 Authority Key Identifier:
                keyid:B6:30:B7:3B:51:CB:C5:38:0D:D4:AD:B3:D5:AA:FF:4D:7A:33:4C:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tjC3O1HLxTgN1K2z1ar_TXozTF4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/4748c7-cd9e-401e-a8a4-0d48e6895f12/1/dfSHgrd5C6hUKxMq0PSCmRKJm9I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/4748c7-cd9e-401e-a8a4-0d48e6895f12/1/tjC3O1HLxTgN1K2z1ar_TXozTF4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.56.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:9f:0b:36:00:5f:a9:8d:f9:3a:27:f6:cc:d6:0c:f3:3c:87:
         c9:4b:32:79:56:0e:79:93:36:16:25:e7:9a:92:9d:9a:52:e0:
         f0:d2:a6:4c:1a:9d:ec:0a:9f:11:0b:0b:c6:b3:c6:04:54:a4:
         b3:3b:b7:7e:be:4f:86:74:33:38:63:a1:d6:9d:d2:2b:0a:3b:
         08:fb:b3:ce:0e:9b:9b:27:b4:81:da:5e:90:3b:58:e5:2d:a9:
         73:06:d5:18:97:95:9d:a5:d2:54:45:f2:aa:16:9c:90:17:97:
         42:29:54:f3:15:6d:4b:1f:0a:06:ef:3a:c5:55:28:cf:e7:19:
         6b:ea:72:a9:5f:5b:eb:84:e3:9d:c3:96:34:70:5e:ba:5b:15:
         2e:e5:99:f9:75:3e:3c:2e:4c:18:19:f6:40:78:8c:02:4c:2b:
         91:2d:93:7e:aa:5b:dc:50:e7:83:f3:76:93:6c:3f:50:d2:fe:
         64:e9:cf:6b:7e:fc:d4:e5:c1:be:e9:78:12:24:1a:e3:19:03:
         98:7a:5b:3d:02:77:a4:70:78:e4:7c:cd:d2:9a:ff:24:1e:74:
         4d:f1:78:94:66:ac:9d:3f:5a:79:19:2a:a3:f9:5c:52:70:23:
         04:43:f1:31:de:e8:5d:24:9f:c7:8d:6c:88:23:00:ce:0e:74:
         5d:e5:9c:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4bnfK1EVhaOcneo8t8qGVIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2MzBiNzNiNTFjYmM1MzgwZGQ0YWRiM2Q1YWFmZjRkN2Ez
MzRjNWUwHhcNMjYwNTEyMDk1NjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWY0ODc4MmI3NzkwYmE4NTQyYjEzMmFkMGY0ODI5OTEyODk5YmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4x4Zw0tZdiU2LY5+hdGymNywi6On
h/7eBYtKN36belbUvn//qyoAAkIHmi8xJcOVy4Loxk4yUdlOTclfBP6Fg838wH+4
m7P4T0bbFkIbOoB3s7zqZQdelMlf9nxAL6/DORfuk1V6kRoxShsRe5pWobtHF6ym
s/sqZEHweIWiJLAPG7ofAoL5VEL8gDkKx2NOxMDaoUUubF4DAz+2bwPltYL1pKFa
iv6aUvDVRN9bburdFJTvT8rwwl0je4HymGPpK/GO3LoIabOw0nxoQtU1fbLI/fJX
ttVVudvndrYWkctk7DZx0eCJOMKYQ3QmjLQG4SAq0HgMMlp0ZXHipS936wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHX0h4K3eQuoVCsTKtD0gpkSiZvSMB8GA1UdIwQY
MBaAFLYwtztRy8U4DdSts9Wq/016M0xeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGpDM08xSEx4VGdOMUsyejFhcl9UWG96VEY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC80NzQ4YzctY2Q5ZS00MDFlLWE4YTQt
MGQ0OGU2ODk1ZjEyLzEvZGZTSGdyZDVDNmhVS3hNcTBQU0NtUktKbTlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC80NzQ4YzctY2Q5ZS00MDFlLWE4YTQtMGQ0OGU2ODk1ZjEy
LzEvdGpDM08xSEx4VGdOMUsyejFhcl9UWG96VEY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmTiLMA0G
CSqGSIb3DQEBCwUAA4IBAQCYnws2AF+pjfk6J/bM1gzzPIfJSzJ5Vg55kzYWJeea
kp2aUuDw0qZMGp3sCp8RCwvGs8YEVKSzO7d+vk+GdDM4Y6HWndIrCjsI+7PODpub
J7SB2l6QO1jlLalzBtUYl5WdpdJURfKqFpyQF5dCKVTzFW1LHwoG7zrFVSjP5xlr
6nKpX1vrhOOdw5Y0cF66WxUu5Zn5dT48LkwYGfZAeIwCTCuRLZN+qlvcUOeD83aT
bD9Q0v5k6c9rfvzU5cG+6XgSJBrjGQOYels9AnekcHjkfM3Smv8kHnRN8XiUZqyd
P1p5GSqj+VxScCMEQ/Ex3uhdJJ/HjWyIIwDODnRd5ZxD
-----END CERTIFICATE-----