Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/q1z9wEUZ-3q2dVe1kVMgwooEueU.roa
File:                     q1z9wEUZ-3q2dVe1kVMgwooEueU.roa (raw, json)
Hash identifier:          0i6Usfk5Np9doym2lgfbGxDGei4jmouvH6UyKjL5l/k=
Subject key identifier:   AB:5C:FD:C0:45:19:FB:7A:B6:75:57:B5:91:53:20:C2:8A:04:B9:E5
Certificate issuer:       /CN=8bdf76c54b9e6935c30a9b4c9ba9309ac470ec02
Certificate serial:       019E03985AEB3ECD0CD00750CD523A7AA9CC
Authority key identifier: 8B:DF:76:C5:4B:9E:69:35:C3:0A:9B:4C:9B:A9:30:9A:C4:70:EC:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/q1z9wEUZ-3q2dVe1kVMgwooEueU.roa
Signing time:             Thu 07 May 2026 17:59:36 +0000
ROA not before:           Thu 07 May 2026 17:59:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        5.102.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 00:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:03:98:5a:eb:3e:cd:0c:d0:07:50:cd:52:3a:7a:a9:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bdf76c54b9e6935c30a9b4c9ba9309ac470ec02
        Validity
            Not Before: May  7 17:59:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ab5cfdc04519fb7ab67557b5915320c28a04b9e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:ef:42:c9:92:5f:15:b3:5a:60:d9:78:50:59:
                    b9:74:ae:67:6c:97:d7:da:9e:da:62:d8:8e:57:cd:
                    aa:01:04:e7:62:f8:49:cd:2b:f8:ac:b7:6f:98:c2:
                    4f:2f:cd:07:45:85:11:62:81:84:67:ba:dc:78:d9:
                    ee:f1:42:5f:b8:b6:da:af:83:71:da:cf:63:69:6e:
                    60:64:04:b7:a0:9b:53:81:9e:77:a4:b0:8c:21:65:
                    1c:0d:d7:ca:93:c0:ad:dc:1d:b9:f5:26:d4:60:e0:
                    a6:e1:84:b1:97:89:48:be:8b:a6:bd:9a:59:0f:76:
                    59:50:8d:6e:67:94:04:1f:48:be:36:54:7b:07:7e:
                    27:56:cd:1f:b4:92:6b:9f:c8:29:02:a8:36:1c:4a:
                    d1:00:0c:17:7d:63:36:7d:93:65:36:a1:66:16:be:
                    a9:7c:ea:94:23:0b:b9:ee:83:67:4e:24:f8:cf:38:
                    5a:7a:09:c0:e5:0a:65:ac:a7:d8:34:d3:6e:9e:83:
                    73:16:c1:a2:e0:c4:fe:da:98:18:f4:b1:0d:c3:1d:
                    a1:b9:5b:65:67:9a:c2:d2:88:08:22:9d:b2:48:c0:
                    dc:b2:6a:4d:93:c0:36:ef:82:f3:d8:ae:57:44:9e:
                    29:cc:a9:31:90:6a:38:57:14:a6:3f:43:e5:0e:16:
                    1a:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:5C:FD:C0:45:19:FB:7A:B6:75:57:B5:91:53:20:C2:8A:04:B9:E5
            X509v3 Authority Key Identifier:
                keyid:8B:DF:76:C5:4B:9E:69:35:C3:0A:9B:4C:9B:A9:30:9A:C4:70:EC:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/q1z9wEUZ-3q2dVe1kVMgwooEueU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:13:55:9c:85:93:80:c6:4c:d2:15:3f:b5:45:9c:62:3a:06:
         43:96:a7:29:ed:02:82:77:92:93:70:0d:6c:3a:82:79:e3:3e:
         b8:d5:3e:dd:d1:d8:44:5f:40:8c:59:ce:ff:45:c7:2b:ac:a8:
         6e:55:9c:b0:95:16:d6:69:fc:6b:92:7e:ff:3a:44:42:f5:42:
         06:92:30:39:f2:21:47:f2:a2:fc:44:49:19:a8:c1:a5:dd:f2:
         b7:ba:92:c0:de:59:58:ed:77:3c:bb:c9:52:68:16:fc:aa:3b:
         81:04:9e:2f:60:43:2a:c9:9f:08:c2:28:54:ac:e6:fd:69:0b:
         83:18:61:f2:85:7b:d7:77:c2:eb:87:1b:70:7c:30:2a:8e:4b:
         02:82:d2:bd:37:c2:bd:06:f9:bd:ff:f5:5c:d7:1f:11:68:a5:
         a0:5e:63:1b:4d:b3:a7:14:5a:4f:29:18:6e:c0:61:87:18:1e:
         e0:0b:ef:54:ca:ab:06:54:53:01:22:5b:0c:4f:79:f4:38:91:
         fd:d4:1b:94:ca:9e:e9:36:10:ec:50:71:c2:ca:f3:11:fa:9b:
         a7:f5:84:3b:b3:15:cb:83:fe:85:24:a0:02:f7:78:65:41:ac:
         a9:a5:f8:0f:c0:a0:49:65:aa:cc:95:71:3a:bc:98:27:40:7c:
         69:a0:cb:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4DmFrrPs0M0AdQzVI6eqnMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiZGY3NmM1NGI5ZTY5MzVjMzBhOWI0YzliYTkzMDlhYzQ3
MGVjMDIwHhcNMjYwNTA3MTc1OTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjVjZmRjMDQ1MTlmYjdhYjY3NTU3YjU5MTUzMjBjMjhhMDRiOWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAze9CyZJfFbNaYNl4UFm5dK5nbJfX
2p7aYtiOV82qAQTnYvhJzSv4rLdvmMJPL80HRYURYoGEZ7rceNnu8UJfuLbar4Nx
2s9jaW5gZAS3oJtTgZ53pLCMIWUcDdfKk8Ct3B259SbUYOCm4YSxl4lIvoumvZpZ
D3ZZUI1uZ5QEH0i+NlR7B34nVs0ftJJrn8gpAqg2HErRAAwXfWM2fZNlNqFmFr6p
fOqUIwu57oNnTiT4zzhaegnA5QplrKfYNNNunoNzFsGi4MT+2pgY9LENwx2huVtl
Z5rC0ogIIp2ySMDcsmpNk8A274Lz2K5XRJ4pzKkxkGo4VxSmP0PlDhYaswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKtc/cBFGft6tnVXtZFTIMKKBLnlMB8GA1UdIwQY
MBaAFIvfdsVLnmk1wwqbTJupMJrEcOwCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTk5MnhVdWVhVFhEQ3B0TW02a3dtc1J3N0FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS8yMTUxOWUtYjhkYy00MjQwLWFhNzgt
OGQyMTg2NjUwMjdkLzEvcTF6OXdFVVotM3EyZFZlMWtWTWd3b29FdWVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS8yMTUxOWUtYjhkYy00MjQwLWFhNzgtOGQyMTg2NjUwMjdk
LzEvaTk5MnhVdWVhVFhEQ3B0TW02a3dtc1J3N0FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABWYkMA0G
CSqGSIb3DQEBCwUAA4IBAQA+E1WchZOAxkzSFT+1RZxiOgZDlqcp7QKCd5KTcA1s
OoJ54z641T7d0dhEX0CMWc7/RccrrKhuVZywlRbWafxrkn7/OkRC9UIGkjA58iFH
8qL8REkZqMGl3fK3upLA3llY7Xc8u8lSaBb8qjuBBJ4vYEMqyZ8IwihUrOb9aQuD
GGHyhXvXd8LrhxtwfDAqjksCgtK9N8K9Bvm9//Vc1x8RaKWgXmMbTbOnFFpPKRhu
wGGHGB7gC+9UyqsGVFMBIlsMT3n0OJH91BuUyp7pNhDsUHHCyvMR+pun9YQ7sxXL
g/6FJKAC93hlQayppfgPwKBJZarMlXE6vJgnQHxpoMsP
-----END CERTIFICATE-----