Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/5devLI90yLuFWf2XQ2o239Do8yg.roa
File:                     5devLI90yLuFWf2XQ2o239Do8yg.roa (raw, json)
Hash identifier:          jL1cEy1sFrlYO+4RtXG3pOu6FL4swCWAJzin4tcyNX8=
Subject key identifier:   E5:D7:AF:2C:8F:74:C8:BB:85:59:FD:97:43:6A:36:DF:D0:E8:F3:28
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D1C42963A906AB65A10101695AB5343C2
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/5devLI90yLuFWf2XQ2o239Do8yg.roa
Signing time:             Mon 23 Mar 2026 19:53:39 +0000
ROA not before:           Mon 23 Mar 2026 19:53:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     11798
IP address blocks:        185.207.135.0/24 maxlen: 24
                          185.216.104.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1c:42:96:3a:90:6a:b6:5a:10:10:16:95:ab:53:43:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 23 19:53:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e5d7af2c8f74c8bb8559fd97436a36dfd0e8f328
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:38:e1:85:8a:95:ab:d4:51:1e:64:d1:c5:ca:
                    b3:1f:a4:7d:e5:fb:ed:83:04:40:5e:12:ae:93:fb:
                    b2:b9:84:5a:61:e7:23:28:81:cf:f4:45:4c:0d:04:
                    f5:ab:8a:20:5f:99:bf:bf:ae:a2:a2:5d:8c:74:fd:
                    68:fe:09:e7:d3:c8:1b:da:24:0d:38:49:dd:a4:65:
                    54:be:9a:5a:26:46:4b:44:82:b5:53:d5:52:dd:da:
                    4c:a2:a4:49:4e:90:46:63:da:24:03:68:db:bd:cb:
                    ce:4a:68:60:c0:fc:b2:bd:61:33:db:95:82:3a:9b:
                    74:8d:8e:c9:87:08:ab:2f:5e:69:d3:6b:06:1d:d2:
                    b9:78:4b:0b:2e:dc:a9:73:58:76:55:25:76:45:3f:
                    b2:08:a8:70:c0:9b:36:2e:84:e3:ed:0a:07:f8:4e:
                    55:f6:80:a1:3f:df:da:eb:3c:79:43:ef:42:73:81:
                    e8:d0:0b:f5:23:4c:da:63:0a:d4:b4:61:15:29:a5:
                    b1:5d:9f:5a:e4:16:dd:1b:7a:c1:2f:c5:b2:c3:d7:
                    9d:d4:e1:9f:c8:b8:03:ad:2b:d8:85:ea:6e:3f:18:
                    9b:77:8a:97:ec:48:81:93:65:8a:b1:49:cd:12:ac:
                    f7:db:8f:da:a5:bf:22:18:b8:84:94:ee:18:44:9c:
                    3d:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:D7:AF:2C:8F:74:C8:BB:85:59:FD:97:43:6A:36:DF:D0:E8:F3:28
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/5devLI90yLuFWf2XQ2o239Do8yg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.207.135.0/24
                  185.216.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         42:10:b9:8a:8c:94:0f:7d:69:40:13:0e:4a:b8:00:e4:5c:d1:
         d7:d4:ad:de:62:12:35:5b:d2:83:21:9a:34:b2:e2:da:a2:33:
         d0:cf:2c:1b:12:fa:11:da:0e:6d:16:02:fa:e6:ad:85:c8:96:
         d9:e4:ac:5c:81:c1:40:ea:8b:f5:06:a2:b9:25:20:56:08:e4:
         f2:be:19:8f:c7:f9:76:00:f6:37:a8:a0:f2:01:91:65:c0:2b:
         cf:12:03:ac:3a:75:5d:d6:ab:4e:b8:bf:e0:b1:3a:c9:22:4a:
         a6:a6:1d:d5:fe:8f:41:4f:17:b8:3f:d1:f9:17:b6:8c:94:20:
         b5:e3:67:7d:c7:d6:84:a9:2f:51:00:b0:57:89:8a:c2:d5:47:
         da:60:f5:6b:eb:c7:28:4f:11:a1:c8:44:a8:e5:d5:60:47:51:
         c6:3d:23:6f:72:94:dc:69:61:a9:11:39:16:bd:3c:9c:15:84:
         ab:15:7c:2a:9b:08:5b:7b:fd:b6:9d:3f:bc:f9:5f:5c:b7:2a:
         61:98:e9:83:3e:00:c0:03:2f:f9:4b:fd:44:fc:6b:77:16:16:
         3c:f8:65:de:17:76:e1:80:a0:b2:03:ed:9b:93:bc:25:02:8b:
         fe:fb:51:a0:9f:bb:51:da:c4:9d:58:32:ce:48:ed:4b:e6:aa:
         d8:94:7c:10
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0cQpY6kGq2WhAQFpWrU0PCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzIzMTk1MzM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWQ3YWYyYzhmNzRjOGJiODU1OWZkOTc0MzZhMzZkZmQwZThmMzI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmTjhhYqVq9RRHmTRxcqzH6R95fvt
gwRAXhKuk/uyuYRaYecjKIHP9EVMDQT1q4ogX5m/v66iol2MdP1o/gnn08gb2iQN
OEndpGVUvppaJkZLRIK1U9VS3dpMoqRJTpBGY9okA2jbvcvOSmhgwPyyvWEz25WC
Opt0jY7JhwirL15p02sGHdK5eEsLLtypc1h2VSV2RT+yCKhwwJs2LoTj7QoH+E5V
9oChP9/a6zx5Q+9Cc4Ho0Av1I0zaYwrUtGEVKaWxXZ9a5BbdG3rBL8Wyw9ed1OGf
yLgDrSvYhepuPxibd4qX7EiBk2WKsUnNEqz324/apb8iGLiElO4YRJw9qQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOXXryyPdMi7hVn9l0NqNt/Q6PMoMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvNWRldkxJOTB5THVGV2YyWFEybzIzOURvOHlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuc+HAwQC
udhoMA0GCSqGSIb3DQEBCwUAA4IBAQBCELmKjJQPfWlAEw5KuADkXNHX1K3eYhI1
W9KDIZo0suLaojPQzywbEvoR2g5tFgL65q2FyJbZ5KxcgcFA6ov1BqK5JSBWCOTy
vhmPx/l2APY3qKDyAZFlwCvPEgOsOnVd1qtOuL/gsTrJIkqmph3V/o9BTxe4P9H5
F7aMlCC142d9x9aEqS9RALBXiYrC1UfaYPVr68coTxGhyESo5dVgR1HGPSNvcpTc
aWGpETkWvTycFYSrFXwqmwhbe/22nT+8+V9ctyphmOmDPgDAAy/5S/1E/Gt3FhY8
+GXeF3bhgKCyA+2bk7wlAov++1Ggn7tR2sSdWDLOSO1L5qrYlHwQ
-----END CERTIFICATE-----