Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/61d258-111e-48c5-b0ae-7b28c25d44c6/1/m2i02yDWoa9OicV27GMj8Y2x37c.roa
File:                     m2i02yDWoa9OicV27GMj8Y2x37c.roa (raw, json)
Hash identifier:          PcpljpVFgub8o7xEhsLEYIzvRxfNpdllqdeZVEQzjwg=
Subject key identifier:   9B:68:B4:DB:20:D6:A1:AF:4E:89:C5:76:EC:63:23:F1:8D:B1:DF:B7
Certificate issuer:       /CN=bd55cf84afdde3182788dc00763a8230834cec52
Certificate serial:       019CDD04E3042D31BD6F8E82593D7CA11FF6
Authority key identifier: BD:55:CF:84:AF:DD:E3:18:27:88:DC:00:76:3A:82:30:83:4C:EC:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vVXPhK_d4xgniNwAdjqCMINM7FI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/61d258-111e-48c5-b0ae-7b28c25d44c6/1/m2i02yDWoa9OicV27GMj8Y2x37c.roa
Signing time:             Wed 11 Mar 2026 13:10:10 +0000
ROA not before:           Wed 11 Mar 2026 13:10:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214310
IP address blocks:        5.159.194.0/24 maxlen: 24
                          2a12:5ec0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/61d258-111e-48c5-b0ae-7b28c25d44c6/1/vVXPhK_d4xgniNwAdjqCMINM7FI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/61d258-111e-48c5-b0ae-7b28c25d44c6/1/vVXPhK_d4xgniNwAdjqCMINM7FI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vVXPhK_d4xgniNwAdjqCMINM7FI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:dd:04:e3:04:2d:31:bd:6f:8e:82:59:3d:7c:a1:1f:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd55cf84afdde3182788dc00763a8230834cec52
        Validity
            Not Before: Mar 11 13:10:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9b68b4db20d6a1af4e89c576ec6323f18db1dfb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:aa:da:bd:b2:69:92:17:b7:23:3c:2b:0f:30:
                    7c:73:a3:a3:61:f8:4f:69:c0:c6:8f:b2:ba:c0:0c:
                    b6:f4:b9:44:c3:58:61:e1:54:9c:7f:b3:50:c3:67:
                    c9:9f:2b:6d:43:74:e1:b3:dd:3a:75:05:16:39:e0:
                    24:b0:b4:a2:bc:d5:f9:cc:29:dd:90:f0:42:d6:6f:
                    ec:0f:4b:26:ed:e2:54:85:fa:a0:47:1e:2a:5a:84:
                    a4:32:65:26:b1:84:ca:39:04:65:57:53:d3:3f:92:
                    75:75:94:2c:92:c3:48:4b:a7:4e:ca:50:23:d8:d5:
                    3a:f4:8f:cc:42:1b:f2:ed:92:35:d8:4e:3a:f4:65:
                    5d:7a:4d:98:80:b9:5c:fc:c1:71:7b:0a:b0:7c:08:
                    50:aa:70:6e:36:23:b4:9c:2c:d2:ab:98:38:df:24:
                    24:a7:77:c9:7d:8a:65:9a:16:ed:57:21:61:f7:bb:
                    df:a2:0c:85:71:3e:bd:03:e9:4e:84:ec:75:08:fb:
                    2d:2e:f5:75:66:5d:ad:95:c1:66:a5:09:86:54:65:
                    76:9e:8e:bc:37:9b:f3:23:84:c2:8e:72:cb:d2:85:
                    c0:c4:51:f3:99:7b:f8:2f:44:c8:c4:d2:a5:6f:13:
                    e9:18:49:3e:95:59:c4:39:84:5b:66:b4:a4:b9:b2:
                    c4:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:68:B4:DB:20:D6:A1:AF:4E:89:C5:76:EC:63:23:F1:8D:B1:DF:B7
            X509v3 Authority Key Identifier:
                keyid:BD:55:CF:84:AF:DD:E3:18:27:88:DC:00:76:3A:82:30:83:4C:EC:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vVXPhK_d4xgniNwAdjqCMINM7FI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/61d258-111e-48c5-b0ae-7b28c25d44c6/1/m2i02yDWoa9OicV27GMj8Y2x37c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/61d258-111e-48c5-b0ae-7b28c25d44c6/1/vVXPhK_d4xgniNwAdjqCMINM7FI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.159.194.0/24
                IPv6:
                  2a12:5ec0::/32

    Signature Algorithm: sha256WithRSAEncryption
         03:96:08:80:d3:f5:8e:b4:f1:24:57:9e:a2:a5:4e:bb:cf:94:
         73:2b:4c:90:c8:34:02:3c:41:d1:af:94:54:6b:5e:6e:9d:82:
         3a:43:36:20:f2:1a:7f:32:64:31:5d:8f:32:6f:2f:d3:71:56:
         36:0f:1d:4e:4f:aa:26:f8:0e:08:d9:aa:e6:66:62:55:ad:4f:
         db:73:de:cb:ae:5f:ac:35:c6:76:ed:54:66:ec:66:c3:b8:7a:
         ed:0d:3d:a1:bf:71:3f:af:43:15:f6:90:2e:2c:6c:ac:6a:ec:
         01:3b:4c:fe:c6:c8:9b:77:56:08:a9:1d:de:7c:5b:d6:d1:18:
         6e:e3:d9:8f:8a:56:5d:50:7c:b1:01:79:e5:e5:d5:44:f0:d9:
         5a:23:a6:18:ae:ab:2a:32:54:66:ce:08:78:92:3b:fe:36:fc:
         d7:c6:6c:c9:9f:ab:5d:1a:db:0e:5d:ce:c7:57:d6:76:3d:53:
         2b:41:19:94:d4:b0:b9:b6:ff:12:f6:b2:de:c7:ab:3d:82:aa:
         f4:3a:e5:e3:59:d2:92:b7:23:e0:ff:eb:84:04:dd:62:d1:9c:
         f6:f6:9d:7e:7d:ae:9b:43:f7:98:6e:a8:dc:5e:cf:ab:68:90:
         34:f6:b1:a6:c4:3a:67:20:c1:8c:d9:ed:8f:89:69:28:5d:4a:
         c5:47:e0:38
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZzdBOMELTG9b46CWT18oR/2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkNTVjZjg0YWZkZGUzMTgyNzg4ZGMwMDc2M2E4MjMwODM0
Y2VjNTIwHhcNMjYwMzExMTMxMDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjY4YjRkYjIwZDZhMWFmNGU4OWM1NzZlYzYzMjNmMThkYjFkZmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqravbJpkhe3IzwrDzB8c6OjYfhP
acDGj7K6wAy29LlEw1hh4VScf7NQw2fJnyttQ3Ths906dQUWOeAksLSivNX5zCnd
kPBC1m/sD0sm7eJUhfqgRx4qWoSkMmUmsYTKOQRlV1PTP5J1dZQsksNIS6dOylAj
2NU69I/MQhvy7ZI12E469GVdek2YgLlc/MFxewqwfAhQqnBuNiO0nCzSq5g43yQk
p3fJfYplmhbtVyFh97vfogyFcT69A+lOhOx1CPstLvV1Zl2tlcFmpQmGVGV2no68
N5vzI4TCjnLL0oXAxFHzmXv4L0TIxNKlbxPpGEk+lVnEOYRbZrSkubLE4QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJtotNsg1qGvTonFduxjI/GNsd+3MB8GA1UdIwQY
MBaAFL1Vz4Sv3eMYJ4jcAHY6gjCDTOxSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlZYUGhLX2Q0eGduaU53QWRqcUNNSU5NN0ZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS82MWQyNTgtMTExZS00OGM1LWIwYWUt
N2IyOGMyNWQ0NGM2LzEvbTJpMDJ5RFdvYTlPaWNWMjdHTWo4WTJ4MzdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS82MWQyNTgtMTExZS00OGM1LWIwYWUtN2IyOGMyNWQ0NGM2
LzEvdlZYUGhLX2Q0eGduaU53QWRqcUNNSU5NN0ZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQABZ/CMA0E
AgACMAcDBQAqEl7AMA0GCSqGSIb3DQEBCwUAA4IBAQADlgiA0/WOtPEkV56ipU67
z5RzK0yQyDQCPEHRr5RUa15unYI6QzYg8hp/MmQxXY8yby/TcVY2Dx1OT6om+A4I
2armZmJVrU/bc97Lrl+sNcZ27VRm7GbDuHrtDT2hv3E/r0MV9pAuLGysauwBO0z+
xsibd1YIqR3efFvW0Rhu49mPilZdUHyxAXnl5dVE8NlaI6YYrqsqMlRmzgh4kjv+
NvzXxmzJn6tdGtsOXc7HV9Z2PVMrQRmU1LC5tv8S9rLex6s9gqr0OuXjWdKStyPg
/+uEBN1i0Zz29p1+fa6bQ/eYbqjcXs+raJA09rGmxDpnIMGM2e2PiWkoXUrFR+A4
-----END CERTIFICATE-----