Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/391fd1-63ef-44f3-98b7-47109f035207/1/5yQDORsjAc2qkrpGb2sFa87WdeQ.roa
File:                     5yQDORsjAc2qkrpGb2sFa87WdeQ.roa (raw, json)
Hash identifier:          6lWA3h6svKzAnLIBjtQj55IORN1aTf/i5R1xbiHi7hA=
Subject key identifier:   E7:24:03:39:1B:23:01:CD:AA:92:BA:46:6F:6B:05:6B:CE:D6:75:E4
Certificate issuer:       /CN=aa9ceaa25c0295cc8f638daa6d64f7222f6b092f
Certificate serial:       019CB4686764D16B5027B6CBB4629A4C4E02
Authority key identifier: AA:9C:EA:A2:5C:02:95:CC:8F:63:8D:AA:6D:64:F7:22:2F:6B:09:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qpzqolwClcyPY42qbWT3Ii9rCS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/391fd1-63ef-44f3-98b7-47109f035207/1/5yQDORsjAc2qkrpGb2sFa87WdeQ.roa
Signing time:             Tue 03 Mar 2026 15:54:26 +0000
ROA not before:           Tue 03 Mar 2026 15:54:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201569
IP address blocks:        85.136.82.0/24 maxlen: 24
                          2a0b:d800::/32 maxlen: 56
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/391fd1-63ef-44f3-98b7-47109f035207/1/qpzqolwClcyPY42qbWT3Ii9rCS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/391fd1-63ef-44f3-98b7-47109f035207/1/qpzqolwClcyPY42qbWT3Ii9rCS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qpzqolwClcyPY42qbWT3Ii9rCS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 05:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b4:68:67:64:d1:6b:50:27:b6:cb:b4:62:9a:4c:4e:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa9ceaa25c0295cc8f638daa6d64f7222f6b092f
        Validity
            Not Before: Mar  3 15:54:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e72403391b2301cdaa92ba466f6b056bced675e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:92:d4:83:f8:73:a2:d9:9f:84:9e:8c:30:4a:
                    b2:0f:41:d0:8e:17:50:a9:1f:3f:29:f7:56:ef:3f:
                    6a:28:10:13:aa:0b:c8:00:de:13:77:a6:cb:5a:3e:
                    9c:dc:3b:6c:7b:2f:d1:7e:c7:94:96:c0:a0:f6:2a:
                    50:65:20:02:58:92:48:dd:13:78:0a:c5:39:0b:3d:
                    4c:f2:89:6b:7d:f2:89:02:e3:e8:a5:c7:ee:c1:7e:
                    ea:44:6f:04:64:f0:35:bc:f3:c7:c1:af:69:5f:37:
                    f7:d9:c2:c3:f1:33:a4:48:0f:7a:c6:a1:19:af:8a:
                    9d:44:5e:15:58:10:32:90:e6:ac:d4:96:e0:02:5e:
                    da:5f:0e:78:61:4a:66:a2:fa:ed:03:3e:ef:c8:b9:
                    9a:d5:55:c1:13:6a:68:30:5c:e8:cb:bb:10:60:af:
                    b4:db:bc:da:f4:c9:6c:56:81:89:22:75:0c:e6:5a:
                    6a:d2:1f:18:90:eb:d5:92:a4:98:ee:97:d7:8e:63:
                    47:dd:fb:fc:55:b6:ce:bd:91:0b:7f:cf:4d:72:49:
                    b0:79:9a:49:99:5e:bf:7c:16:20:05:be:90:43:c7:
                    4c:89:f6:e0:43:c9:52:36:e9:d7:21:20:3f:50:19:
                    6a:18:a0:a1:1c:bb:dc:4d:8a:90:05:9a:06:cd:9d:
                    af:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:24:03:39:1B:23:01:CD:AA:92:BA:46:6F:6B:05:6B:CE:D6:75:E4
            X509v3 Authority Key Identifier:
                keyid:AA:9C:EA:A2:5C:02:95:CC:8F:63:8D:AA:6D:64:F7:22:2F:6B:09:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qpzqolwClcyPY42qbWT3Ii9rCS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/391fd1-63ef-44f3-98b7-47109f035207/1/5yQDORsjAc2qkrpGb2sFa87WdeQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/391fd1-63ef-44f3-98b7-47109f035207/1/qpzqolwClcyPY42qbWT3Ii9rCS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.136.82.0/24
                IPv6:
                  2a0b:d800::/32

    Signature Algorithm: sha256WithRSAEncryption
         50:f9:94:2f:f0:9a:ed:3f:e8:7e:bb:40:0a:1f:5f:dd:0f:84:
         10:2b:15:17:5a:0e:8f:8b:2a:0e:c3:fb:ca:f7:7f:06:80:bd:
         4f:13:ff:37:b9:2f:19:e8:d4:d9:04:6d:e8:a1:96:1d:58:35:
         74:16:d7:07:ed:da:eb:da:d3:42:45:90:f1:71:f5:7f:c0:37:
         d6:3f:1c:ac:ac:16:53:c3:29:90:13:5f:79:1c:28:c4:7e:51:
         0b:13:eb:22:b4:71:3e:f1:06:0c:1c:fb:95:7b:b0:a2:92:b6:
         67:ed:fe:82:3e:a7:6c:70:66:f6:5a:93:a4:ae:27:5b:38:a5:
         4a:28:ea:aa:95:4d:16:b9:3a:36:ef:d8:7b:9b:99:a5:f3:f9:
         7e:f2:38:7b:aa:99:6b:3f:4f:ab:2d:1c:57:a6:86:d8:f4:12:
         6d:a6:6f:44:bc:dd:0f:26:4f:3c:bd:16:0d:0f:3a:f3:82:d3:
         1c:4b:bf:dc:aa:1b:2b:44:de:fb:42:7c:d8:d4:57:3b:c9:20:
         0d:a9:d4:31:1a:31:2b:8b:bd:6a:22:b3:65:21:77:14:6c:5d:
         df:35:90:fa:ee:be:e2:d7:91:d6:c5:e0:15:06:03:27:d1:5f:
         85:5b:3a:81:39:45:32:2b:61:d5:3c:34:17:b3:10:15:87:20:
         e1:9a:ef:50
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZy0aGdk0WtQJ7bLtGKaTE4CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhOWNlYWEyNWMwMjk1Y2M4ZjYzOGRhYTZkNjRmNzIyMmY2
YjA5MmYwHhcNMjYwMzAzMTU1NDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzI0MDMzOTFiMjMwMWNkYWE5MmJhNDY2ZjZiMDU2YmNlZDY3NWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvJLUg/hzotmfhJ6MMEqyD0HQjhdQ
qR8/KfdW7z9qKBATqgvIAN4Td6bLWj6c3Dtsey/RfseUlsCg9ipQZSACWJJI3RN4
CsU5Cz1M8olrffKJAuPopcfuwX7qRG8EZPA1vPPHwa9pXzf32cLD8TOkSA96xqEZ
r4qdRF4VWBAykOas1JbgAl7aXw54YUpmovrtAz7vyLma1VXBE2poMFzoy7sQYK+0
27za9MlsVoGJInUM5lpq0h8YkOvVkqSY7pfXjmNH3fv8VbbOvZELf89NckmweZpJ
mV6/fBYgBb6QQ8dMifbgQ8lSNunXISA/UBlqGKChHLvcTYqQBZoGzZ2v+QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOckAzkbIwHNqpK6Rm9rBWvO1nXkMB8GA1UdIwQY
MBaAFKqc6qJcApXMj2ONqm1k9yIvawkvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXB6cW9sd0NsY3lQWTQycWJXVDNJaTlyQ1M4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi8zOTFmZDEtNjNlZi00NGYzLTk4Yjct
NDcxMDlmMDM1MjA3LzEvNXlRRE9Sc2pBYzJxa3JwR2Iyc0ZhODdXZGVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi8zOTFmZDEtNjNlZi00NGYzLTk4YjctNDcxMDlmMDM1MjA3
LzEvcXB6cW9sd0NsY3lQWTQycWJXVDNJaTlyQ1M4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAVYhSMA0E
AgACMAcDBQAqC9gAMA0GCSqGSIb3DQEBCwUAA4IBAQBQ+ZQv8JrtP+h+u0AKH1/d
D4QQKxUXWg6PiyoOw/vK938GgL1PE/83uS8Z6NTZBG3ooZYdWDV0FtcH7drr2tNC
RZDxcfV/wDfWPxysrBZTwymQE195HCjEflELE+sitHE+8QYMHPuVe7CikrZn7f6C
PqdscGb2WpOkridbOKVKKOqqlU0WuTo279h7m5ml8/l+8jh7qplrP0+rLRxXpobY
9BJtpm9EvN0PJk88vRYNDzrzgtMcS7/cqhsrRN77QnzY1Fc7ySANqdQxGjEri71q
IrNlIXcUbF3fNZD67r7i15HWxeAVBgMn0V+FWzqBOUUyK2HVPDQXsxAVhyDhmu9Q
-----END CERTIFICATE-----