Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/d06961-d6c3-4a19-a692-7fd39539e146/1/DlCDvPsLyfCovsVIAJGyN69ajpE.roa
File:                     DlCDvPsLyfCovsVIAJGyN69ajpE.roa (raw, json)
Hash identifier:          r0hFqETAQa/pmuDs8mHeKOi2RSGD3PLOmZh2GwV/DTE=
Subject key identifier:   0E:50:83:BC:FB:0B:C9:F0:A8:BE:C5:48:00:91:B2:37:AF:5A:8E:91
Certificate issuer:       /CN=887a386865ef9f87ceb797e66746474963859621
Certificate serial:       019CDCE5C35BBF690C407EF8054425E7C1C9
Authority key identifier: 88:7A:38:68:65:EF:9F:87:CE:B7:97:E6:67:46:47:49:63:85:96:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iHo4aGXvn4fOt5fmZ0ZHSWOFliE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/d06961-d6c3-4a19-a692-7fd39539e146/1/DlCDvPsLyfCovsVIAJGyN69ajpE.roa
Signing time:             Wed 11 Mar 2026 12:36:11 +0000
ROA not before:           Wed 11 Mar 2026 12:36:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209130
IP address blocks:        5.252.236.0/23 maxlen: 23
                          5.252.238.0/24 maxlen: 24
                          5.252.239.0/24 maxlen: 24
                          185.143.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/d06961-d6c3-4a19-a692-7fd39539e146/1/iHo4aGXvn4fOt5fmZ0ZHSWOFliE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/d06961-d6c3-4a19-a692-7fd39539e146/1/iHo4aGXvn4fOt5fmZ0ZHSWOFliE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iHo4aGXvn4fOt5fmZ0ZHSWOFliE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:dc:e5:c3:5b:bf:69:0c:40:7e:f8:05:44:25:e7:c1:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=887a386865ef9f87ceb797e66746474963859621
        Validity
            Not Before: Mar 11 12:36:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0e5083bcfb0bc9f0a8bec5480091b237af5a8e91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:63:cb:1b:dd:13:1b:11:70:68:4c:e8:58:3b:
                    f2:f0:88:e6:fc:0e:f8:b1:f7:7a:03:25:dd:49:f3:
                    9d:41:57:a8:ad:0e:70:81:68:37:4e:2a:8b:6a:02:
                    7d:86:54:e1:47:51:fb:59:1c:8a:47:59:38:e2:cf:
                    23:a1:5e:eb:c5:66:b6:16:2b:d6:d6:ea:a2:3e:c2:
                    a2:6c:61:4e:08:ce:a2:5e:60:45:f4:0c:c4:64:d1:
                    d3:ea:ae:0d:03:28:c6:27:18:8d:b1:7e:43:f9:21:
                    d9:1d:b1:9c:08:32:fd:24:d6:13:80:9d:88:de:01:
                    a6:20:e1:09:03:bb:80:9a:19:05:29:61:f3:5d:27:
                    de:88:03:43:c5:34:60:ce:7d:d9:88:30:fb:32:99:
                    b2:db:08:cd:8b:dc:f0:9e:60:43:f8:3e:e8:ac:2c:
                    eb:9a:1f:0a:a7:df:69:e0:9f:a9:9e:00:7e:1c:4b:
                    8e:ee:6c:7f:6d:61:4c:5b:da:c2:6f:af:8e:05:28:
                    4c:af:41:f4:a7:1d:72:bc:31:61:49:f1:d7:dd:a9:
                    e3:77:0e:2f:29:61:2f:45:94:70:ba:cd:a6:7a:94:
                    4f:20:15:5a:6d:33:6a:59:44:8d:ea:bb:b7:bc:9b:
                    39:41:19:e0:89:ee:b4:cb:40:c1:82:45:bc:7b:ae:
                    7c:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:50:83:BC:FB:0B:C9:F0:A8:BE:C5:48:00:91:B2:37:AF:5A:8E:91
            X509v3 Authority Key Identifier:
                keyid:88:7A:38:68:65:EF:9F:87:CE:B7:97:E6:67:46:47:49:63:85:96:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iHo4aGXvn4fOt5fmZ0ZHSWOFliE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/d06961-d6c3-4a19-a692-7fd39539e146/1/DlCDvPsLyfCovsVIAJGyN69ajpE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/d06961-d6c3-4a19-a692-7fd39539e146/1/iHo4aGXvn4fOt5fmZ0ZHSWOFliE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.236.0/22
                  185.143.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:26:fe:4e:6a:70:33:d0:d9:31:75:59:62:f9:a4:a8:00:50:
         e1:89:3a:33:c5:44:d2:e1:ce:ce:21:85:2a:6f:c8:48:da:fd:
         8d:9e:83:7e:63:ed:cd:3a:55:50:74:a5:ed:65:22:a0:63:a9:
         80:f7:c2:c2:89:d7:3d:b2:0b:76:f3:86:d5:84:90:69:43:b1:
         49:5c:f0:66:27:83:9d:0d:c5:bc:55:79:05:7f:03:cf:ef:fc:
         9d:37:90:b7:f0:46:f2:80:4d:d9:a3:ec:32:70:e5:e2:9a:d4:
         2b:a0:ce:07:cb:05:0f:74:8b:d7:6d:14:7e:4e:55:0f:e3:56:
         92:85:80:6d:2c:a4:97:9c:7e:f1:6d:eb:6e:c1:c3:38:ab:16:
         b3:d4:f9:18:65:25:ea:b7:33:d1:75:28:d3:7b:c3:c1:e6:40:
         1a:8b:99:6b:12:5f:51:fe:bd:cf:c9:ef:88:69:18:59:0b:36:
         23:17:0d:6b:1a:02:13:23:71:af:b8:82:39:69:84:66:49:bd:
         da:82:74:3c:af:48:cb:36:af:32:ad:0f:7e:25:ed:99:55:0d:
         f3:8c:64:8f:12:df:8b:bd:3f:0b:57:90:71:10:ee:3e:5c:0b:
         cb:ba:af:f8:39:e0:6f:78:c4:a3:c7:a4:4a:90:6f:8d:2e:31:
         ca:2b:0d:b3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZzc5cNbv2kMQH74BUQl58HJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4N2EzODY4NjVlZjlmODdjZWI3OTdlNjY3NDY0NzQ5NjM4
NTk2MjEwHhcNMjYwMzExMTIzNjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTUwODNiY2ZiMGJjOWYwYThiZWM1NDgwMDkxYjIzN2FmNWE4ZTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2PLG90TGxFwaEzoWDvy8Ijm/A74
sfd6AyXdSfOdQVeorQ5wgWg3TiqLagJ9hlThR1H7WRyKR1k44s8joV7rxWa2FivW
1uqiPsKibGFOCM6iXmBF9AzEZNHT6q4NAyjGJxiNsX5D+SHZHbGcCDL9JNYTgJ2I
3gGmIOEJA7uAmhkFKWHzXSfeiANDxTRgzn3ZiDD7Mpmy2wjNi9zwnmBD+D7orCzr
mh8Kp99p4J+pngB+HEuO7mx/bWFMW9rCb6+OBShMr0H0px1yvDFhSfHX3anjdw4v
KWEvRZRwus2mepRPIBVabTNqWUSN6ru3vJs5QRngie60y0DBgkW8e658JwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA5Qg7z7C8nwqL7FSACRsjevWo6RMB8GA1UdIwQY
MBaAFIh6OGhl75+HzreX5mdGR0ljhZYhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUhvNGFHWHZuNGZPdDVmbVowWkhTV09GbGlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi9kMDY5NjEtZDZjMy00YTE5LWE2OTIt
N2ZkMzk1MzllMTQ2LzEvRGxDRHZQc0x5ZkNvdnNWSUFKR3lONjlhanBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi9kMDY5NjEtZDZjMy00YTE5LWE2OTItN2ZkMzk1MzllMTQ2
LzEvaUhvNGFHWHZuNGZPdDVmbVowWkhTV09GbGlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCBfzsAwQA
uY96MA0GCSqGSIb3DQEBCwUAA4IBAQBAJv5OanAz0NkxdVli+aSoAFDhiTozxUTS
4c7OIYUqb8hI2v2NnoN+Y+3NOlVQdKXtZSKgY6mA98LCidc9sgt284bVhJBpQ7FJ
XPBmJ4OdDcW8VXkFfwPP7/ydN5C38EbygE3Zo+wycOXimtQroM4HywUPdIvXbRR+
TlUP41aShYBtLKSXnH7xbetuwcM4qxaz1PkYZSXqtzPRdSjTe8PB5kAai5lrEl9R
/r3Pye+IaRhZCzYjFw1rGgITI3GvuII5aYRmSb3agnQ8r0jLNq8yrQ9+Je2ZVQ3z
jGSPEt+LvT8LV5BxEO4+XAvLuq/4OeBveMSjx6RKkG+NLjHKKw2z
-----END CERTIFICATE-----