Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/S9uiecJ_V_rH09OQWGxwMdpwZbI.roa
File:                     S9uiecJ_V_rH09OQWGxwMdpwZbI.roa (raw, json)
Hash identifier:          nUYADl7mzytkkU8x/rVrDEkyWr72tHMtYDmNMTGmu14=
Subject key identifier:   4B:DB:A2:79:C2:7F:57:FA:C7:D3:D3:90:58:6C:70:31:DA:70:65:B2
Certificate issuer:       /CN=e4c86da3f483246518d368034bc86113906a55a3
Certificate serial:       019DCE687B5DC06B1B77BB0071CDCE5749F1
Authority key identifier: E4:C8:6D:A3:F4:83:24:65:18:D3:68:03:4B:C8:61:13:90:6A:55:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/S9uiecJ_V_rH09OQWGxwMdpwZbI.roa
Signing time:             Mon 27 Apr 2026 10:07:26 +0000
ROA not before:           Mon 27 Apr 2026 10:07:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6079
IP address blocks:        5.39.192.0/22 maxlen: 24
                          185.10.120.0/23 maxlen: 24
                          185.10.122.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 19:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ce:68:7b:5d:c0:6b:1b:77:bb:00:71:cd:ce:57:49:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4c86da3f483246518d368034bc86113906a55a3
        Validity
            Not Before: Apr 27 10:07:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4bdba279c27f57fac7d3d390586c7031da7065b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:c1:bc:31:a0:73:1f:27:fe:56:b4:21:d3:93:
                    e4:61:bf:5e:ef:da:13:5d:a3:4c:5a:33:8f:da:56:
                    a3:59:00:1b:ba:f8:70:29:ba:d2:b2:29:c3:fc:b7:
                    95:9e:0e:54:75:b4:dd:25:53:3d:4e:e5:67:14:74:
                    1b:03:15:22:c4:14:c3:c8:bf:90:f6:e4:fb:66:04:
                    bb:ce:15:38:d2:cd:a4:67:1e:92:87:2b:e3:da:a5:
                    ab:ed:aa:63:3d:b1:f8:38:6d:bb:d9:c5:b9:7d:c2:
                    1e:6e:68:31:e5:a4:61:02:9d:cf:c0:b1:9a:e6:14:
                    38:96:8d:d5:06:42:c7:a9:1a:bf:c6:03:45:47:eb:
                    55:40:18:dd:16:5e:d0:c6:2a:64:ac:0f:9a:fd:3a:
                    8b:95:93:d8:dc:12:a0:57:a8:9f:4c:53:96:1e:1f:
                    04:79:ce:37:d6:af:c6:d3:5a:57:c7:c8:9b:ad:ad:
                    01:63:06:e5:2f:a2:e0:df:11:2b:f5:90:f8:ea:ab:
                    73:34:69:18:b6:0d:8e:e2:22:a4:ce:34:c2:0a:e7:
                    5f:de:e6:0a:57:9a:c0:5e:42:32:4d:a5:35:78:42:
                    d4:63:fa:b3:82:0b:b0:1a:0d:29:be:89:78:3e:a4:
                    52:23:c5:11:0a:31:73:af:36:c6:60:fc:03:e8:f0:
                    74:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:DB:A2:79:C2:7F:57:FA:C7:D3:D3:90:58:6C:70:31:DA:70:65:B2
            X509v3 Authority Key Identifier:
                keyid:E4:C8:6D:A3:F4:83:24:65:18:D3:68:03:4B:C8:61:13:90:6A:55:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/S9uiecJ_V_rH09OQWGxwMdpwZbI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.39.192.0/22
                  185.10.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4e:6c:fb:e8:fc:ed:bd:40:fb:e8:48:4f:d2:85:c9:1a:6e:8c:
         97:d4:1b:2b:6f:1d:84:d9:8d:0a:8b:3e:e3:d0:ee:67:15:8b:
         e3:b6:7a:8c:c0:ba:cf:b4:1b:88:66:d4:0e:58:5d:26:52:a5:
         43:72:c1:f4:12:c9:4d:b2:58:22:d0:f5:d1:35:80:69:9b:b7:
         af:6d:d9:46:bb:79:c8:f2:62:b9:28:1e:b0:bb:cc:7c:da:e1:
         29:72:6c:54:a8:15:46:5c:ff:b6:2d:f8:c5:82:60:f6:a3:88:
         80:f4:c9:11:03:6f:68:44:bd:30:c1:71:69:12:0a:9b:d9:35:
         a9:50:d6:7d:a0:8e:2e:d4:25:97:20:e9:67:d7:f4:e1:ed:24:
         ee:a5:1d:75:f4:50:8b:39:1a:5f:ac:98:b3:f7:71:b5:76:a7:
         36:b1:9a:c1:23:f7:cd:6d:b4:8f:e5:f3:41:49:ad:9d:f7:65:
         e5:b1:68:68:4e:a4:ba:57:7f:e7:56:99:42:27:f0:16:b4:c7:
         bb:01:4c:ef:97:cf:ec:4f:3a:9e:c1:d8:7a:ad:34:4b:cf:0c:
         6e:15:df:23:f8:01:11:ce:4f:22:68:4d:39:a1:b7:37:c3:26:
         a9:63:75:90:b7:6d:e8:7b:4b:5a:df:53:56:4e:a6:3a:6f:78:
         19:12:07:44
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3OaHtdwGsbd7sAcc3OV0nxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0Yzg2ZGEzZjQ4MzI0NjUxOGQzNjgwMzRiYzg2MTEzOTA2
YTU1YTMwHhcNMjYwNDI3MTAwNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmRiYTI3OWMyN2Y1N2ZhYzdkM2QzOTA1ODZjNzAzMWRhNzA2NWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1MG8MaBzHyf+VrQh05PkYb9e79oT
XaNMWjOP2lajWQAbuvhwKbrSsinD/LeVng5UdbTdJVM9TuVnFHQbAxUixBTDyL+Q
9uT7ZgS7zhU40s2kZx6Shyvj2qWr7apjPbH4OG272cW5fcIebmgx5aRhAp3PwLGa
5hQ4lo3VBkLHqRq/xgNFR+tVQBjdFl7QxipkrA+a/TqLlZPY3BKgV6ifTFOWHh8E
ec431q/G01pXx8ibra0BYwblL6Lg3xEr9ZD46qtzNGkYtg2O4iKkzjTCCudf3uYK
V5rAXkIyTaU1eELUY/qzgguwGg0pvol4PqRSI8URCjFzrzbGYPwD6PB0ZwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEvbonnCf1f6x9PTkFhscDHacGWyMB8GA1UdIwQY
MBaAFOTIbaP0gyRlGNNoA0vIYROQalWjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNU1odG9fU0RKR1VZMDJnRFM4aGhFNUJxVmFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9iNGU1MDMtNTc0Yi00NTY1LTkyMTct
YzUxMWEzZTkxMmI2LzEvUzl1aWVjSl9WX3JIMDlPUVdHeHdNZHB3WmJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9iNGU1MDMtNTc0Yi00NTY1LTkyMTctYzUxMWEzZTkxMmI2
LzEvNU1odG9fU0RKR1VZMDJnRFM4aGhFNUJxVmFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCBSfAAwQC
uQp4MA0GCSqGSIb3DQEBCwUAA4IBAQBObPvo/O29QPvoSE/ShckaboyX1Bsrbx2E
2Y0Kiz7j0O5nFYvjtnqMwLrPtBuIZtQOWF0mUqVDcsH0EslNslgi0PXRNYBpm7ev
bdlGu3nI8mK5KB6wu8x82uEpcmxUqBVGXP+2LfjFgmD2o4iA9MkRA29oRL0wwXFp
Egqb2TWpUNZ9oI4u1CWXIOln1/Th7STupR119FCLORpfrJiz93G1dqc2sZrBI/fN
bbSP5fNBSa2d92XlsWhoTqS6V3/nVplCJ/AWtMe7AUzvl8/sTzqewdh6rTRLzwxu
Fd8j+AERzk8iaE05obc3wyapY3WQt23oe0ta31NWTqY6b3gZEgdE
-----END CERTIFICATE-----