Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/cc8bfa-2b13-4674-a984-a5fdb570fe9a/1/U5jUW6kVQANcgdkSZF0_o8Z5HxM.roa
File:                     U5jUW6kVQANcgdkSZF0_o8Z5HxM.roa (raw, json)
Hash identifier:          ee+UkpqCqWusUiwf+8/nqwTSBqyDv29ReVKx7hNeR3o=
Subject key identifier:   53:98:D4:5B:A9:15:40:03:5C:81:D9:12:64:5D:3F:A3:C6:79:1F:13
Certificate issuer:       /CN=0620eadb2e1562b4e2e4f480772c36887a777f24
Certificate serial:       019CF8B7045BCABE94D8A69F607AC55E7757
Authority key identifier: 06:20:EA:DB:2E:15:62:B4:E2:E4:F4:80:77:2C:36:88:7A:77:7F:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BiDq2y4VYrTi5PSAdyw2iHp3fyQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/cc8bfa-2b13-4674-a984-a5fdb570fe9a/1/U5jUW6kVQANcgdkSZF0_o8Z5HxM.roa
Signing time:             Mon 16 Mar 2026 22:14:29 +0000
ROA not before:           Mon 16 Mar 2026 22:14:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41683
IP address blocks:        217.195.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/cc8bfa-2b13-4674-a984-a5fdb570fe9a/1/BiDq2y4VYrTi5PSAdyw2iHp3fyQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/cc8bfa-2b13-4674-a984-a5fdb570fe9a/1/BiDq2y4VYrTi5PSAdyw2iHp3fyQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BiDq2y4VYrTi5PSAdyw2iHp3fyQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f8:b7:04:5b:ca:be:94:d8:a6:9f:60:7a:c5:5e:77:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0620eadb2e1562b4e2e4f480772c36887a777f24
        Validity
            Not Before: Mar 16 22:14:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5398d45ba91540035c81d912645d3fa3c6791f13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:95:7d:b1:59:2e:3f:21:06:78:2e:96:37:cf:
                    a1:d3:5b:07:6d:b5:da:e7:7c:11:48:af:7e:73:86:
                    69:63:94:99:2d:d6:e5:37:a5:57:ef:50:8e:52:00:
                    8d:d0:32:97:c5:87:2f:1e:d6:98:65:f3:f6:17:ee:
                    d8:50:13:c3:f6:87:27:1b:d9:d8:e6:dd:7e:de:25:
                    4c:d2:e2:5b:4a:66:f2:89:62:6d:00:4d:a5:e5:31:
                    c3:b2:5d:53:3c:3c:e4:82:be:02:14:29:c8:74:69:
                    63:0c:82:22:db:e3:53:be:20:b3:e1:4a:fa:22:b3:
                    47:91:3c:7f:10:8b:e7:6a:d2:59:77:4d:93:97:0d:
                    1d:d5:c2:2f:28:de:42:39:a1:40:5f:56:24:4f:33:
                    f1:0d:ff:da:53:16:1d:28:4f:08:bc:4f:de:d2:2c:
                    2d:96:67:6f:5e:52:a1:bf:fd:73:d5:68:cf:13:87:
                    3b:b2:da:86:0e:55:d7:3e:a3:0d:49:e0:a5:1b:00:
                    bf:bd:7d:b6:13:bb:21:b4:98:8b:dc:8a:72:86:ff:
                    3b:2a:01:d2:be:39:61:f8:f4:ca:20:fc:ed:48:88:
                    24:cc:f0:4c:de:9a:40:44:65:39:01:75:fb:b2:17:
                    ec:3a:6f:62:b7:d2:ff:e6:e0:84:27:4c:b2:b0:2d:
                    e6:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:98:D4:5B:A9:15:40:03:5C:81:D9:12:64:5D:3F:A3:C6:79:1F:13
            X509v3 Authority Key Identifier:
                keyid:06:20:EA:DB:2E:15:62:B4:E2:E4:F4:80:77:2C:36:88:7A:77:7F:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BiDq2y4VYrTi5PSAdyw2iHp3fyQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/cc8bfa-2b13-4674-a984-a5fdb570fe9a/1/U5jUW6kVQANcgdkSZF0_o8Z5HxM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/cc8bfa-2b13-4674-a984-a5fdb570fe9a/1/BiDq2y4VYrTi5PSAdyw2iHp3fyQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.195.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:ea:b7:27:93:8a:7a:a9:60:54:67:df:6e:ba:b4:47:d2:6a:
         03:f2:06:ba:c6:ac:c3:5d:8f:2c:f6:8e:3d:ee:7f:18:4b:fc:
         57:c7:7e:d8:c1:ac:3f:50:37:88:b2:5d:dd:0a:a7:13:80:59:
         c3:99:dc:26:97:26:c0:41:a2:5a:8f:b8:5d:ef:4a:62:ff:45:
         83:7d:c7:07:aa:31:42:f0:c2:4a:fe:1e:f5:05:7c:ca:0b:4e:
         f3:b2:79:a1:58:39:96:b2:ef:5a:b4:91:d1:fa:1e:3f:21:b9:
         05:57:5f:5c:95:00:d7:15:c1:e7:3c:96:95:02:66:57:c9:90:
         c1:7e:0c:1e:87:32:7e:40:cb:cb:99:a7:5f:84:b5:ee:7e:55:
         ce:e1:01:93:1a:ca:76:64:94:bb:4f:23:17:5c:cd:6b:af:bb:
         fd:07:56:24:33:8e:7d:5d:6a:ae:72:1a:7b:02:8a:c2:b5:eb:
         e2:ab:ca:3c:c5:47:be:06:cd:bc:26:51:45:ab:53:65:08:f8:
         19:7d:64:f6:e2:dc:02:c7:c1:d8:85:9e:44:73:49:14:b3:a6:
         bd:55:dd:70:db:a5:3d:95:38:83:a8:d6:62:b0:17:ba:f6:bd:
         bc:3b:e5:84:ba:e5:ef:04:f4:c7:ac:c7:61:1f:e8:ec:3c:2e:
         7c:2f:87:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz4twRbyr6U2KafYHrFXndXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2MjBlYWRiMmUxNTYyYjRlMmU0ZjQ4MDc3MmMzNjg4N2E3
NzdmMjQwHhcNMjYwMzE2MjIxNDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Mzk4ZDQ1YmE5MTU0MDAzNWM4MWQ5MTI2NDVkM2ZhM2M2NzkxZjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtpV9sVkuPyEGeC6WN8+h01sHbbXa
53wRSK9+c4ZpY5SZLdblN6VX71COUgCN0DKXxYcvHtaYZfP2F+7YUBPD9ocnG9nY
5t1+3iVM0uJbSmbyiWJtAE2l5THDsl1TPDzkgr4CFCnIdGljDIIi2+NTviCz4Ur6
IrNHkTx/EIvnatJZd02Tlw0d1cIvKN5COaFAX1YkTzPxDf/aUxYdKE8IvE/e0iwt
lmdvXlKhv/1z1WjPE4c7stqGDlXXPqMNSeClGwC/vX22E7shtJiL3Ipyhv87KgHS
vjlh+PTKIPztSIgkzPBM3ppARGU5AXX7shfsOm9it9L/5uCEJ0yysC3m7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFOY1FupFUADXIHZEmRdP6PGeR8TMB8GA1UdIwQY
MBaAFAYg6tsuFWK04uT0gHcsNoh6d38kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmlEcTJ5NFZZclRpNVBTQWR5dzJpSHAzZnlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jYzhiZmEtMmIxMy00Njc0LWE5ODQt
YTVmZGI1NzBmZTlhLzEvVTVqVVc2a1ZRQU5jZ2RrU1pGMF9vOFo1SHhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jYzhiZmEtMmIxMy00Njc0LWE5ODQtYTVmZGI1NzBmZTlh
LzEvQmlEcTJ5NFZZclRpNVBTQWR5dzJpSHAzZnlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2cPFMA0G
CSqGSIb3DQEBCwUAA4IBAQCY6rcnk4p6qWBUZ99uurRH0moD8ga6xqzDXY8s9o49
7n8YS/xXx37Ywaw/UDeIsl3dCqcTgFnDmdwmlybAQaJaj7hd70pi/0WDfccHqjFC
8MJK/h71BXzKC07zsnmhWDmWsu9atJHR+h4/IbkFV19clQDXFcHnPJaVAmZXyZDB
fgwehzJ+QMvLmadfhLXuflXO4QGTGsp2ZJS7TyMXXM1rr7v9B1YkM459XWquchp7
AorCteviq8o8xUe+Bs28JlFFq1NlCPgZfWT24twCx8HYhZ5Ec0kUs6a9Vd1w26U9
lTiDqNZisBe69r28O+WEuuXvBPTHrMdhH+jsPC58L4cx
-----END CERTIFICATE-----