Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/DYTxErCnEMTTEM07deYL9OTZj2s.roa
File:                     DYTxErCnEMTTEM07deYL9OTZj2s.roa (raw, json)
Hash identifier:          3nh1MYG2w1UUT4lKUmSiAJfITKZmSXnTTY1vGqzp+TE=
Subject key identifier:   0D:84:F1:12:B0:A7:10:C4:D3:10:CD:3B:75:E6:0B:F4:E4:D9:8F:6B
Certificate issuer:       /CN=22373571c90249bf2aa948e78bed13e08528b87e
Certificate serial:       019DE8356FAE9331BC75A29686EE81251991
Authority key identifier: 22:37:35:71:C9:02:49:BF:2A:A9:48:E7:8B:ED:13:E0:85:28:B8:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ijc1cckCSb8qqUjni-0T4IUouH4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/DYTxErCnEMTTEM07deYL9OTZj2s.roa
Signing time:             Sat 02 May 2026 10:21:49 +0000
ROA not before:           Sat 02 May 2026 10:21:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206931
IP address blocks:        5.160.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/Ijc1cckCSb8qqUjni-0T4IUouH4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/Ijc1cckCSb8qqUjni-0T4IUouH4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ijc1cckCSb8qqUjni-0T4IUouH4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e8:35:6f:ae:93:31:bc:75:a2:96:86:ee:81:25:19:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22373571c90249bf2aa948e78bed13e08528b87e
        Validity
            Not Before: May  2 10:21:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0d84f112b0a710c4d310cd3b75e60bf4e4d98f6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:fe:6b:13:db:14:64:f4:3c:2f:20:79:6a:ac:
                    22:6c:b9:c4:ac:f1:51:c1:95:bc:67:64:11:b5:7b:
                    82:17:26:fe:4d:99:76:07:4b:a7:3b:35:6f:dd:84:
                    a1:60:c0:99:f7:04:c9:ae:ea:59:0f:31:5f:e3:90:
                    a7:ec:fe:c8:24:5b:5c:44:2d:8b:27:96:8f:c4:c1:
                    59:fc:56:90:3f:ce:ec:07:14:2d:39:f6:a3:bb:b5:
                    88:f1:92:69:55:3f:df:50:79:f9:de:f5:0d:00:3f:
                    f3:78:57:2d:97:67:cd:a7:0b:1d:8f:1c:ec:de:02:
                    ca:8d:a0:09:f1:6f:00:ea:ee:8c:a6:da:06:94:6d:
                    bd:8b:1c:6f:77:b3:1f:b5:3b:a4:19:a8:5b:d2:7b:
                    7c:a1:1b:85:39:ca:ad:b2:ab:4a:69:01:74:a7:ae:
                    73:25:79:39:bd:c8:e3:1a:85:6d:6e:84:72:7b:10:
                    69:0b:c7:e0:c7:57:17:4d:91:38:93:14:7a:b4:61:
                    40:4f:a6:5c:f5:91:13:1c:65:23:53:96:b6:07:7d:
                    9b:2b:c7:99:3d:a5:d8:6f:db:e9:9b:13:b9:b8:36:
                    d2:93:9b:ef:f2:ad:4d:60:0b:74:61:79:7e:6a:a7:
                    e2:2c:82:54:61:a7:97:7d:c4:3b:96:4e:cf:e2:6f:
                    eb:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:84:F1:12:B0:A7:10:C4:D3:10:CD:3B:75:E6:0B:F4:E4:D9:8F:6B
            X509v3 Authority Key Identifier:
                keyid:22:37:35:71:C9:02:49:BF:2A:A9:48:E7:8B:ED:13:E0:85:28:B8:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ijc1cckCSb8qqUjni-0T4IUouH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/DYTxErCnEMTTEM07deYL9OTZj2s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/Ijc1cckCSb8qqUjni-0T4IUouH4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.160.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:95:99:4e:48:35:c9:b9:94:d8:80:37:9a:c7:74:58:52:0e:
         93:cf:a8:7a:c3:b1:d4:4a:58:51:15:4d:46:79:27:b3:72:63:
         ea:5a:01:04:10:c9:b5:8e:b2:76:b3:65:e6:79:e1:17:49:17:
         02:76:a3:ee:d2:dc:80:8d:9d:5e:2f:5f:36:18:91:f3:6f:ad:
         df:e5:94:11:70:4a:af:5b:8d:7b:1f:da:31:50:72:80:e1:a0:
         ec:6c:be:15:05:a5:15:6d:3c:28:29:b0:01:7c:bd:26:68:5d:
         f7:56:cb:fd:27:af:e9:ff:fa:b0:24:d0:1a:17:e1:c0:20:9e:
         6d:23:5d:07:36:eb:f1:33:03:13:ad:59:31:e2:de:b2:7b:1b:
         79:36:f1:e3:5a:5a:3e:86:03:ab:bb:a3:df:27:30:c3:7c:1b:
         e1:ec:bf:1f:7f:d0:0d:88:5e:28:85:d0:ba:6e:e3:ec:88:77:
         bd:4c:56:ef:dd:fc:9f:d5:d2:4e:44:9e:69:47:d3:d6:9e:2e:
         11:69:34:62:b4:90:f0:9d:06:fb:31:de:03:1c:c1:f7:6b:2d:
         95:1e:b5:25:b3:39:e1:06:37:7f:d6:1f:b5:19:ae:f5:4a:9b:
         9c:bf:65:9c:83:01:1d:8a:66:5c:eb:41:9b:4f:03:d9:19:57:
         f3:2e:8e:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3oNW+ukzG8daKWhu6BJRmRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyMzczNTcxYzkwMjQ5YmYyYWE5NDhlNzhiZWQxM2UwODUy
OGI4N2UwHhcNMjYwNTAyMTAyMTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDg0ZjExMmIwYTcxMGM0ZDMxMGNkM2I3NWU2MGJmNGU0ZDk4ZjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6P5rE9sUZPQ8LyB5aqwibLnErPFR
wZW8Z2QRtXuCFyb+TZl2B0unOzVv3YShYMCZ9wTJrupZDzFf45Cn7P7IJFtcRC2L
J5aPxMFZ/FaQP87sBxQtOfaju7WI8ZJpVT/fUHn53vUNAD/zeFctl2fNpwsdjxzs
3gLKjaAJ8W8A6u6MptoGlG29ixxvd7MftTukGahb0nt8oRuFOcqtsqtKaQF0p65z
JXk5vcjjGoVtboRyexBpC8fgx1cXTZE4kxR6tGFAT6Zc9ZETHGUjU5a2B32bK8eZ
PaXYb9vpmxO5uDbSk5vv8q1NYAt0YXl+aqfiLIJUYaeXfcQ7lk7P4m/rJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA2E8RKwpxDE0xDNO3XmC/Tk2Y9rMB8GA1UdIwQY
MBaAFCI3NXHJAkm/KqlI54vtE+CFKLh+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWpjMWNja0NTYjhxcVVqbmktMFQ0SVVvdUg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS84NjZlNWUtODMxZS00Y2IxLWJkNTEt
YjQ1NDBjNzRjOTRiLzEvRFlUeEVyQ25FTVRURU0wN2RlWUw5T1RaajJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS84NjZlNWUtODMxZS00Y2IxLWJkNTEtYjQ1NDBjNzRjOTRi
LzEvSWpjMWNja0NTYjhxcVVqbmktMFQ0SVVvdUg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABaCFMA0G
CSqGSIb3DQEBCwUAA4IBAQBDlZlOSDXJuZTYgDeax3RYUg6Tz6h6w7HUSlhRFU1G
eSezcmPqWgEEEMm1jrJ2s2XmeeEXSRcCdqPu0tyAjZ1eL182GJHzb63f5ZQRcEqv
W417H9oxUHKA4aDsbL4VBaUVbTwoKbABfL0maF33Vsv9J6/p//qwJNAaF+HAIJ5t
I10HNuvxMwMTrVkx4t6yext5NvHjWlo+hgOru6PfJzDDfBvh7L8ff9ANiF4ohdC6
buPsiHe9TFbv3fyf1dJORJ5pR9PWni4RaTRitJDwnQb7Md4DHMH3ay2VHrUlsznh
Bjd/1h+1Ga71Spucv2WcgwEdimZc60GbTwPZGVfzLo4F
-----END CERTIFICATE-----