Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/X5UiHYY55PMwPTyXsGspHuEoeOg.roa
File:                     X5UiHYY55PMwPTyXsGspHuEoeOg.roa (raw, json)
Hash identifier:          fIuqUPA3nhKBtyv99+9KTWnAb4PEF1c/hEupb4l2/JA=
Subject key identifier:   5F:95:22:1D:86:39:E4:F3:30:3D:3C:97:B0:6B:29:1E:E1:28:78:E8
Certificate issuer:       /CN=1f1e2eaaef0701595ac2754d0121217e7b91d739
Certificate serial:       019D242726A1AD1AA1450E79DE081C44B76C
Authority key identifier: 1F:1E:2E:AA:EF:07:01:59:5A:C2:75:4D:01:21:21:7E:7B:91:D7:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hx4uqu8HAVlawnVNASEhfnuR1zk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/X5UiHYY55PMwPTyXsGspHuEoeOg.roa
Signing time:             Wed 25 Mar 2026 08:40:38 +0000
ROA not before:           Wed 25 Mar 2026 08:40:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        89.18.56.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/Hx4uqu8HAVlawnVNASEhfnuR1zk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/Hx4uqu8HAVlawnVNASEhfnuR1zk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hx4uqu8HAVlawnVNASEhfnuR1zk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:24:27:26:a1:ad:1a:a1:45:0e:79:de:08:1c:44:b7:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f1e2eaaef0701595ac2754d0121217e7b91d739
        Validity
            Not Before: Mar 25 08:40:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5f95221d8639e4f3303d3c97b06b291ee12878e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:32:08:ef:00:d2:ad:0a:3c:6d:d0:59:13:d5:
                    10:5e:11:12:c8:14:43:93:4a:ba:01:56:d9:e6:c6:
                    5d:8e:79:41:07:4d:57:75:54:77:f8:88:77:1d:6c:
                    98:34:1a:20:15:f0:e2:6f:11:b6:31:88:f6:6a:94:
                    d4:52:e2:c4:13:c9:55:0a:a4:9e:41:34:cf:c3:c8:
                    0b:e3:d0:43:35:54:18:d2:15:f2:61:a1:9d:79:71:
                    19:87:9d:21:1c:ab:8b:5d:42:45:8b:a9:d4:16:b4:
                    35:68:b8:d2:55:ac:ac:bc:b3:3c:fb:00:52:ed:64:
                    10:95:ce:bb:c1:26:92:f3:f4:fe:87:b9:72:7a:0b:
                    4d:3d:bf:15:f4:46:0f:90:59:19:f1:d9:43:30:23:
                    b0:33:67:ee:b2:c4:b2:0e:31:3b:72:b3:e0:a9:e5:
                    74:69:2d:44:06:49:fe:0f:72:fa:02:7e:b8:b5:90:
                    b8:7e:be:21:4b:62:ac:5d:45:df:d2:42:7e:dc:65:
                    de:33:50:90:3a:00:17:81:92:22:ab:05:3f:9b:9e:
                    4e:9e:53:26:dc:0d:80:ab:11:81:2d:a7:2c:c4:d6:
                    5e:4d:b0:48:73:54:ea:c5:98:f1:3b:e9:60:1b:4c:
                    01:c2:c1:bc:3d:7b:9c:34:e2:a0:3a:b5:d3:b2:3b:
                    86:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:95:22:1D:86:39:E4:F3:30:3D:3C:97:B0:6B:29:1E:E1:28:78:E8
            X509v3 Authority Key Identifier:
                keyid:1F:1E:2E:AA:EF:07:01:59:5A:C2:75:4D:01:21:21:7E:7B:91:D7:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hx4uqu8HAVlawnVNASEhfnuR1zk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/X5UiHYY55PMwPTyXsGspHuEoeOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/Hx4uqu8HAVlawnVNASEhfnuR1zk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.18.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         29:6d:64:b7:17:cb:aa:65:c1:8f:48:4e:c1:1c:4b:2a:42:85:
         d3:c5:b5:6e:58:46:fb:44:b3:ce:41:34:ae:3b:af:22:87:58:
         65:d5:10:6f:3e:86:1d:16:0c:2b:b4:76:85:4c:89:ed:7a:a1:
         98:46:2b:bc:b0:1e:82:54:53:f4:06:57:d0:b2:ab:87:bc:72:
         b2:42:46:4c:5c:47:8e:d5:e7:40:61:ea:6f:f2:4d:41:6d:cc:
         53:76:85:90:93:c5:63:a7:47:45:92:19:a1:a3:33:bf:4e:1b:
         bb:21:9c:88:b3:1c:ed:46:7a:ef:33:d4:80:e1:45:79:19:4d:
         df:08:fd:18:c6:52:25:77:e9:3a:3b:ba:98:dc:b7:53:e8:bb:
         26:19:df:09:a7:2e:9e:c7:ee:84:54:de:99:ce:74:b0:a4:c8:
         2f:ef:3d:e9:4a:ff:df:4e:ef:03:b8:55:9b:80:22:24:49:37:
         1f:5c:82:a9:90:a6:c5:49:39:4b:a0:93:cf:53:c5:5a:29:60:
         b4:63:54:8a:c1:e0:89:75:cb:38:91:ca:ea:8a:c9:20:a8:5a:
         07:4c:98:98:94:15:e6:c4:80:76:51:43:aa:13:db:57:8b:6e:
         68:40:02:58:4e:70:78:28:a1:0a:c5:58:8d:59:b1:66:97:dd:
         9f:f5:9e:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0kJyahrRqhRQ553ggcRLdsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmMWUyZWFhZWYwNzAxNTk1YWMyNzU0ZDAxMjEyMTdlN2I5
MWQ3MzkwHhcNMjYwMzI1MDg0MDM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Zjk1MjIxZDg2MzllNGYzMzAzZDNjOTdiMDZiMjkxZWUxMjg3OGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuDII7wDSrQo8bdBZE9UQXhESyBRD
k0q6AVbZ5sZdjnlBB01XdVR3+Ih3HWyYNBogFfDibxG2MYj2apTUUuLEE8lVCqSe
QTTPw8gL49BDNVQY0hXyYaGdeXEZh50hHKuLXUJFi6nUFrQ1aLjSVaysvLM8+wBS
7WQQlc67wSaS8/T+h7lyegtNPb8V9EYPkFkZ8dlDMCOwM2fussSyDjE7crPgqeV0
aS1EBkn+D3L6An64tZC4fr4hS2KsXUXf0kJ+3GXeM1CQOgAXgZIiqwU/m55OnlMm
3A2AqxGBLacsxNZeTbBIc1TqxZjxO+lgG0wBwsG8PXucNOKgOrXTsjuGRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF+VIh2GOeTzMD08l7BrKR7hKHjoMB8GA1UdIwQY
MBaAFB8eLqrvBwFZWsJ1TQEhIX57kdc5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHg0dXF1OEhBVmxhd25WTkFTRWhmbnVSMXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS80ZDZmZmQtMWZhYy00OTdmLTgxMGMt
MmIzNGI4NDMzYmI1LzEvWDVVaUhZWTU1UE13UFR5WHNHc3BIdUVvZU9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS80ZDZmZmQtMWZhYy00OTdmLTgxMGMtMmIzNGI4NDMzYmI1
LzEvSHg0dXF1OEhBVmxhd25WTkFTRWhmbnVSMXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWRI4MA0G
CSqGSIb3DQEBCwUAA4IBAQApbWS3F8uqZcGPSE7BHEsqQoXTxbVuWEb7RLPOQTSu
O68ih1hl1RBvPoYdFgwrtHaFTInteqGYRiu8sB6CVFP0BlfQsquHvHKyQkZMXEeO
1edAYepv8k1BbcxTdoWQk8Vjp0dFkhmhozO/Thu7IZyIsxztRnrvM9SA4UV5GU3f
CP0YxlIld+k6O7qY3LdT6LsmGd8Jpy6ex+6EVN6ZznSwpMgv7z3pSv/fTu8DuFWb
gCIkSTcfXIKpkKbFSTlLoJPPU8VaKWC0Y1SKweCJdcs4kcrqiskgqFoHTJiYlBXm
xIB2UUOqE9tXi25oQAJYTnB4KKEKxViNWbFml92f9Z4o
-----END CERTIFICATE-----