Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/2fbcbf-358e-4928-9a84-ce78d4c0642f/1/5OcccwQslADzpJ8HL6Y7KqGcVVU.roa
File:                     5OcccwQslADzpJ8HL6Y7KqGcVVU.roa (raw, json)
Hash identifier:          irYRIWXEtiw19tZuoevHJTgjYRjpfkAs2mq69Ns5wSo=
Subject key identifier:   E4:E7:1C:73:04:2C:94:00:F3:A4:9F:07:2F:A6:3B:2A:A1:9C:55:55
Certificate issuer:       /CN=db2ec22a66b5b24986395feed7fb5b90e28c9be4
Certificate serial:       019DB5043C843B404D0751608210C1C4A2AE
Authority key identifier: DB:2E:C2:2A:66:B5:B2:49:86:39:5F:EE:D7:FB:5B:90:E2:8C:9B:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2y7CKma1skmGOV_u1_tbkOKMm-Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/2fbcbf-358e-4928-9a84-ce78d4c0642f/1/5OcccwQslADzpJ8HL6Y7KqGcVVU.roa
Signing time:             Wed 22 Apr 2026 11:47:26 +0000
ROA not before:           Wed 22 Apr 2026 11:47:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13335
IP address blocks:        185.85.40.0/22 maxlen: 24
                          195.226.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/2fbcbf-358e-4928-9a84-ce78d4c0642f/1/2y7CKma1skmGOV_u1_tbkOKMm-Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/2fbcbf-358e-4928-9a84-ce78d4c0642f/1/2y7CKma1skmGOV_u1_tbkOKMm-Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2y7CKma1skmGOV_u1_tbkOKMm-Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b5:04:3c:84:3b:40:4d:07:51:60:82:10:c1:c4:a2:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db2ec22a66b5b24986395feed7fb5b90e28c9be4
        Validity
            Not Before: Apr 22 11:47:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e4e71c73042c9400f3a49f072fa63b2aa19c5555
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:1f:6e:ac:a2:28:87:4c:e1:97:21:21:3a:d2:
                    19:60:42:d5:4a:85:5e:ba:bb:c0:ce:d4:f4:07:3d:
                    50:5d:b8:cb:74:36:22:3f:4d:83:e7:ee:69:e7:f6:
                    3e:5c:0e:81:a6:08:20:98:6c:55:90:cd:73:c4:08:
                    e0:6e:af:20:f4:fe:a4:b0:7c:48:35:f4:c6:79:3c:
                    5c:14:b9:6b:01:38:fd:41:a0:ec:21:ea:5c:2b:b3:
                    8d:36:a2:20:14:22:f1:9f:d6:f5:9d:d8:ab:04:78:
                    62:7a:cf:3c:70:3c:f7:90:58:0a:85:9e:f1:a1:5c:
                    77:9d:53:4f:d1:57:0d:72:d3:d3:f1:f0:12:1d:a4:
                    a5:4c:c5:f0:99:25:17:26:19:4d:e4:f0:13:0d:3d:
                    2b:8e:59:91:f0:94:db:26:93:48:32:92:cd:01:b5:
                    d0:b6:75:68:32:d6:d5:ba:a5:f5:af:ca:73:c0:f9:
                    39:53:13:75:31:71:f6:c7:71:28:67:db:43:27:bd:
                    b1:85:43:81:21:b9:62:73:b0:69:31:86:6b:7d:af:
                    4e:a4:a9:02:fa:26:51:5f:3a:1f:38:af:68:51:b7:
                    b1:e1:0c:a0:04:f6:d9:05:ff:31:8b:02:b6:9f:2c:
                    ab:8b:e9:dd:a5:de:47:e3:52:13:00:a0:cc:7a:5b:
                    f1:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:E7:1C:73:04:2C:94:00:F3:A4:9F:07:2F:A6:3B:2A:A1:9C:55:55
            X509v3 Authority Key Identifier:
                keyid:DB:2E:C2:2A:66:B5:B2:49:86:39:5F:EE:D7:FB:5B:90:E2:8C:9B:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2y7CKma1skmGOV_u1_tbkOKMm-Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/2fbcbf-358e-4928-9a84-ce78d4c0642f/1/5OcccwQslADzpJ8HL6Y7KqGcVVU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/2fbcbf-358e-4928-9a84-ce78d4c0642f/1/2y7CKma1skmGOV_u1_tbkOKMm-Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.85.40.0/22
                  195.226.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:2f:dd:23:3b:5e:da:63:cb:23:85:b1:f9:46:64:4f:ac:c7:
         18:d3:45:87:bb:cf:cc:c4:8e:e6:f2:c9:36:bc:52:24:0d:6b:
         37:29:2a:4d:97:e1:06:4e:af:93:e8:e6:78:fe:fd:b1:4a:7e:
         e1:92:61:61:04:c7:45:5f:8f:e5:9a:23:c5:cf:01:37:99:8d:
         d9:48:86:87:0b:73:32:11:ac:03:dd:e5:02:23:38:8f:71:19:
         73:fa:63:46:a8:93:02:0a:c6:c7:d9:54:91:69:4d:41:ca:44:
         f1:fc:7c:ae:09:96:12:36:e2:eb:f2:7f:a5:41:76:90:2f:c9:
         d2:46:01:5f:32:6f:e1:8e:76:64:ad:dd:fc:a4:b2:51:89:c2:
         dc:0a:68:eb:63:a2:f0:00:0f:6b:5e:4c:80:35:3d:20:5b:b4:
         c6:06:72:df:24:14:06:a3:8f:b5:43:d7:bb:91:51:f0:27:c0:
         76:0d:cf:68:af:4b:01:92:61:93:b5:22:aa:e0:ae:1b:68:cf:
         62:99:33:dd:6d:fe:c8:b9:56:65:4d:5a:45:d3:df:d8:cc:a7:
         5c:0c:a1:47:ad:b3:87:84:93:47:0e:05:01:9c:79:ce:5b:99:
         1e:96:8d:34:31:5b:9a:27:5f:d1:02:2f:dc:75:86:6f:60:89:
         0e:e6:6a:0b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ21BDyEO0BNB1FgghDBxKKuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiMmVjMjJhNjZiNWIyNDk4NjM5NWZlZWQ3ZmI1YjkwZTI4
YzliZTQwHhcNMjYwNDIyMTE0NzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGU3MWM3MzA0MmM5NDAwZjNhNDlmMDcyZmE2M2IyYWExOWM1NTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuh9urKIoh0zhlyEhOtIZYELVSoVe
urvAztT0Bz1QXbjLdDYiP02D5+5p5/Y+XA6BpgggmGxVkM1zxAjgbq8g9P6ksHxI
NfTGeTxcFLlrATj9QaDsIepcK7ONNqIgFCLxn9b1ndirBHhies88cDz3kFgKhZ7x
oVx3nVNP0VcNctPT8fASHaSlTMXwmSUXJhlN5PATDT0rjlmR8JTbJpNIMpLNAbXQ
tnVoMtbVuqX1r8pzwPk5UxN1MXH2x3EoZ9tDJ72xhUOBIblic7BpMYZrfa9OpKkC
+iZRXzofOK9oUbex4QygBPbZBf8xiwK2nyyri+ndpd5H41ITAKDMelvx3QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOTnHHMELJQA86SfBy+mOyqhnFVVMB8GA1UdIwQY
MBaAFNsuwipmtbJJhjlf7tf7W5DijJvkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnk3Q0ttYTFza21HT1ZfdTFfdGJrT0tNbS1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy8yZmJjYmYtMzU4ZS00OTI4LTlhODQt
Y2U3OGQ0YzA2NDJmLzEvNU9jY2N3UXNsQUR6cEo4SEw2WTdLcUdjVlZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy8yZmJjYmYtMzU4ZS00OTI4LTlhODQtY2U3OGQ0YzA2NDJm
LzEvMnk3Q0ttYTFza21HT1ZfdTFfdGJrT0tNbS1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuVUoAwQA
w+LYMA0GCSqGSIb3DQEBCwUAA4IBAQCRL90jO17aY8sjhbH5RmRPrMcY00WHu8/M
xI7m8sk2vFIkDWs3KSpNl+EGTq+T6OZ4/v2xSn7hkmFhBMdFX4/lmiPFzwE3mY3Z
SIaHC3MyEawD3eUCIziPcRlz+mNGqJMCCsbH2VSRaU1BykTx/HyuCZYSNuLr8n+l
QXaQL8nSRgFfMm/hjnZkrd38pLJRicLcCmjrY6LwAA9rXkyANT0gW7TGBnLfJBQG
o4+1Q9e7kVHwJ8B2Dc9or0sBkmGTtSKq4K4baM9imTPdbf7IuVZlTVpF09/YzKdc
DKFHrbOHhJNHDgUBnHnOW5kelo00MVuaJ1/RAi/cdYZvYIkO5moL
-----END CERTIFICATE-----