Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/7ba877-4839-4717-8aa4-24419b876f08/1/5zAcr2MhyDCdacqJvxwBmq4sOH4.roa
File:                     5zAcr2MhyDCdacqJvxwBmq4sOH4.roa (raw, json)
Hash identifier:          9czlcLD7YQeH0gyDdNkBNpm6fNiGuz9s468YZ9/nJQI=
Subject key identifier:   E7:30:1C:AF:63:21:C8:30:9D:69:CA:89:BF:1C:01:9A:AE:2C:38:7E
Certificate issuer:       /CN=e0866e5a7c725dcb6a138cc6c340cfdad4315d3e
Certificate serial:       019C8F7D6B2220FF6D7231C354AF226B3FE8
Authority key identifier: E0:86:6E:5A:7C:72:5D:CB:6A:13:8C:C6:C3:40:CF:DA:D4:31:5D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4IZuWnxyXctqE4zGw0DP2tQxXT4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/7ba877-4839-4717-8aa4-24419b876f08/1/5zAcr2MhyDCdacqJvxwBmq4sOH4.roa
Signing time:             Tue 24 Feb 2026 11:51:27 +0000
ROA not before:           Tue 24 Feb 2026 11:51:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50294
IP address blocks:        95.128.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/7ba877-4839-4717-8aa4-24419b876f08/1/4IZuWnxyXctqE4zGw0DP2tQxXT4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/7ba877-4839-4717-8aa4-24419b876f08/1/4IZuWnxyXctqE4zGw0DP2tQxXT4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4IZuWnxyXctqE4zGw0DP2tQxXT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8f:7d:6b:22:20:ff:6d:72:31:c3:54:af:22:6b:3f:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0866e5a7c725dcb6a138cc6c340cfdad4315d3e
        Validity
            Not Before: Feb 24 11:51:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e7301caf6321c8309d69ca89bf1c019aae2c387e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:36:c9:cb:f3:83:18:13:99:b5:8d:98:56:df:
                    4f:ea:d4:0f:e2:91:82:e5:fe:24:5c:19:ff:11:43:
                    50:5e:fc:77:6a:af:69:32:8c:ef:a8:75:5f:0e:ce:
                    6f:b0:bd:89:6d:37:19:0c:78:b2:64:82:20:7b:f5:
                    ce:c0:86:82:34:66:80:43:77:ca:d0:dd:09:8e:cc:
                    ce:cc:06:cf:eb:4f:3a:f7:bf:9e:bf:d6:3a:9b:cf:
                    5f:5d:33:2c:52:bf:95:cd:55:53:26:9e:a8:eb:af:
                    52:e0:fe:3f:41:42:52:67:be:e3:fd:a7:ec:59:20:
                    35:f3:0a:de:f3:3d:de:02:cc:25:b5:ab:20:23:fa:
                    ef:ee:44:0b:50:99:2f:f2:b6:10:3d:b4:d6:b1:bf:
                    2c:46:7c:28:1b:84:80:a8:d1:d8:f6:2c:d4:c1:76:
                    d9:26:1d:3f:5b:ac:d4:3f:52:35:95:6e:69:ac:8e:
                    72:f4:ce:71:ed:bf:fb:af:d8:7b:56:b0:97:a4:ed:
                    4d:02:eb:1e:af:06:f9:f9:02:e3:1e:19:99:b5:60:
                    35:0b:6d:61:59:26:96:aa:da:43:f4:bb:31:72:93:
                    45:f3:b3:99:7b:7d:6b:1f:34:fd:55:36:8a:42:f1:
                    35:18:99:c1:96:66:37:dd:a2:4d:1d:3c:0d:28:3d:
                    3f:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:30:1C:AF:63:21:C8:30:9D:69:CA:89:BF:1C:01:9A:AE:2C:38:7E
            X509v3 Authority Key Identifier:
                keyid:E0:86:6E:5A:7C:72:5D:CB:6A:13:8C:C6:C3:40:CF:DA:D4:31:5D:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4IZuWnxyXctqE4zGw0DP2tQxXT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/7ba877-4839-4717-8aa4-24419b876f08/1/5zAcr2MhyDCdacqJvxwBmq4sOH4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/7ba877-4839-4717-8aa4-24419b876f08/1/4IZuWnxyXctqE4zGw0DP2tQxXT4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.128.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:7a:db:d8:1e:9d:72:68:c5:81:00:21:56:85:4c:6f:f5:bf:
         ff:29:dd:88:0d:7d:ce:23:99:26:9f:34:b5:35:47:96:2d:fc:
         c3:d6:01:f4:b5:cf:51:0e:f0:74:08:33:cb:72:88:ab:a6:37:
         42:e5:fd:26:a8:80:25:26:d3:b9:e1:fb:f2:ba:68:de:48:b3:
         84:47:fa:f6:11:a6:bf:a0:07:fb:4d:a0:d7:ea:62:ba:0f:d5:
         e8:04:5f:c5:dd:72:16:c3:1c:70:43:42:f1:ce:6e:1a:45:31:
         43:bc:15:84:8c:88:49:3e:35:01:38:c8:e9:7a:72:5c:02:4a:
         a5:d8:ee:96:05:af:70:f3:f8:07:01:6f:40:e9:b1:79:97:1f:
         67:35:91:7b:a1:89:30:e7:6a:bc:ff:46:0f:e1:ea:20:a6:a4:
         92:d3:0e:2a:55:de:0b:99:b6:aa:88:0c:63:ff:57:ea:83:49:
         c1:06:d2:8d:3c:99:4e:32:73:1a:bb:5c:ed:ff:cc:3a:60:5c:
         87:50:9e:10:bd:b8:28:72:91:c0:f1:cc:44:35:ba:0b:e8:30:
         73:72:c5:3c:1a:eb:5b:18:98:12:d9:c4:78:13:df:dd:95:31:
         3b:4c:81:5d:0d:ea:73:00:8d:b8:2c:9e:50:9f:ff:02:b5:08:
         f1:ed:0c:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyPfWsiIP9tcjHDVK8iaz/oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwODY2ZTVhN2M3MjVkY2I2YTEzOGNjNmMzNDBjZmRhZDQz
MTVkM2UwHhcNMjYwMjI0MTE1MTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzMwMWNhZjYzMjFjODMwOWQ2OWNhODliZjFjMDE5YWFlMmMzODdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTbJy/ODGBOZtY2YVt9P6tQP4pGC
5f4kXBn/EUNQXvx3aq9pMozvqHVfDs5vsL2JbTcZDHiyZIIge/XOwIaCNGaAQ3fK
0N0JjszOzAbP608697+ev9Y6m89fXTMsUr+VzVVTJp6o669S4P4/QUJSZ77j/afs
WSA18wre8z3eAswltasgI/rv7kQLUJkv8rYQPbTWsb8sRnwoG4SAqNHY9izUwXbZ
Jh0/W6zUP1I1lW5prI5y9M5x7b/7r9h7VrCXpO1NAuserwb5+QLjHhmZtWA1C21h
WSaWqtpD9LsxcpNF87OZe31rHzT9VTaKQvE1GJnBlmY33aJNHTwNKD0/3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOcwHK9jIcgwnWnKib8cAZquLDh+MB8GA1UdIwQY
MBaAFOCGblp8cl3LahOMxsNAz9rUMV0+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEladVdueHlYY3RxRTR6R3cwRFAydFF4WFQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC83YmE4NzctNDgzOS00NzE3LThhYTQt
MjQ0MTliODc2ZjA4LzEvNXpBY3IyTWh5RENkYWNxSnZ4d0JtcTRzT0g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC83YmE4NzctNDgzOS00NzE3LThhYTQtMjQ0MTliODc2ZjA4
LzEvNEladVdueHlYY3RxRTR6R3cwRFAydFF4WFQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4BHMA0G
CSqGSIb3DQEBCwUAA4IBAQCcetvYHp1yaMWBACFWhUxv9b//Kd2IDX3OI5kmnzS1
NUeWLfzD1gH0tc9RDvB0CDPLcoirpjdC5f0mqIAlJtO54fvyumjeSLOER/r2Eaa/
oAf7TaDX6mK6D9XoBF/F3XIWwxxwQ0Lxzm4aRTFDvBWEjIhJPjUBOMjpenJcAkql
2O6WBa9w8/gHAW9A6bF5lx9nNZF7oYkw52q8/0YP4eogpqSS0w4qVd4LmbaqiAxj
/1fqg0nBBtKNPJlOMnMau1zt/8w6YFyHUJ4QvbgocpHA8cxENboL6DBzcsU8Gutb
GJgS2cR4E9/dlTE7TIFdDepzAI24LJ5Qn/8CtQjx7Qzs
-----END CERTIFICATE-----