Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/7bdd07-6e55-4a05-9d1b-eeedd99b8cc4/1/IRKwCUFzai38fr65-FRH_xYS0jI.roa
File:                     IRKwCUFzai38fr65-FRH_xYS0jI.roa (raw, json)
Hash identifier:          oO+4buqTDLcCJZOc7fvRD7YLk4AQs3LNbZe5FzwGorY=
Subject key identifier:   21:12:B0:09:41:73:6A:2D:FC:7E:BE:B9:F8:54:47:FF:16:12:D2:32
Certificate issuer:       /CN=5e7c7736945c29a77bacd5b18b0ff58751117bad
Certificate serial:       019CB313D34CC657115E17255EA00BD44BCC
Authority key identifier: 5E:7C:77:36:94:5C:29:A7:7B:AC:D5:B1:8B:0F:F5:87:51:11:7B:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xnx3NpRcKad7rNWxiw_1h1ERe60.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/7bdd07-6e55-4a05-9d1b-eeedd99b8cc4/1/IRKwCUFzai38fr65-FRH_xYS0jI.roa
Signing time:             Tue 03 Mar 2026 09:42:26 +0000
ROA not before:           Tue 03 Mar 2026 09:42:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206674
IP address blocks:        185.179.56.0/24 maxlen: 24
                          185.179.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/7bdd07-6e55-4a05-9d1b-eeedd99b8cc4/1/Xnx3NpRcKad7rNWxiw_1h1ERe60.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/7bdd07-6e55-4a05-9d1b-eeedd99b8cc4/1/Xnx3NpRcKad7rNWxiw_1h1ERe60.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xnx3NpRcKad7rNWxiw_1h1ERe60.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 12:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b3:13:d3:4c:c6:57:11:5e:17:25:5e:a0:0b:d4:4b:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e7c7736945c29a77bacd5b18b0ff58751117bad
        Validity
            Not Before: Mar  3 09:42:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2112b00941736a2dfc7ebeb9f85447ff1612d232
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:f6:75:dc:ed:f4:5d:6e:5c:20:cb:a7:f1:e4:
                    47:18:ed:7b:06:53:71:17:0e:e5:43:84:83:74:7e:
                    a6:1b:fc:aa:48:cd:1d:8a:0b:c6:0d:d6:63:73:a8:
                    4f:fa:c6:5f:91:cd:52:ed:24:85:3d:6e:bb:a2:c2:
                    d8:d8:33:db:82:c7:f0:b8:e6:51:43:4b:9f:70:81:
                    10:cd:49:11:c1:ae:2a:b4:db:22:6b:e6:d3:a6:4a:
                    cc:57:32:02:0f:af:5c:1e:47:1e:c2:cc:3f:e7:9b:
                    b8:52:6a:ab:71:e1:89:0c:41:79:a0:f4:39:e7:c7:
                    36:e3:cc:21:79:b7:e3:0a:50:e5:6b:1b:f9:f3:fe:
                    16:72:7e:2f:1d:cf:62:03:bf:ee:28:91:24:d8:d9:
                    be:f1:75:43:6d:01:4c:b7:79:70:c7:cd:4a:8c:10:
                    d7:da:54:52:bb:69:50:e6:dd:50:15:00:3a:13:ed:
                    1e:25:f8:85:48:a5:d9:40:82:86:aa:6d:c5:1c:6c:
                    d7:02:44:96:43:d4:ce:04:77:6c:a4:95:f3:d0:f9:
                    fa:02:ba:3f:c6:7b:21:63:a4:57:90:38:37:5d:0a:
                    8c:c7:fe:8b:3b:63:95:fd:75:82:e7:cb:bf:4d:31:
                    1d:05:da:a7:f0:54:ac:4e:ac:e4:67:3f:d5:01:ec:
                    2d:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:12:B0:09:41:73:6A:2D:FC:7E:BE:B9:F8:54:47:FF:16:12:D2:32
            X509v3 Authority Key Identifier:
                keyid:5E:7C:77:36:94:5C:29:A7:7B:AC:D5:B1:8B:0F:F5:87:51:11:7B:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xnx3NpRcKad7rNWxiw_1h1ERe60.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/7bdd07-6e55-4a05-9d1b-eeedd99b8cc4/1/IRKwCUFzai38fr65-FRH_xYS0jI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/7bdd07-6e55-4a05-9d1b-eeedd99b8cc4/1/Xnx3NpRcKad7rNWxiw_1h1ERe60.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.179.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         d0:ac:c2:65:dc:2d:30:75:98:d0:e7:99:b3:27:ee:34:ec:da:
         e7:8d:45:30:ae:85:8b:85:91:26:c7:01:9d:30:03:f7:14:19:
         b0:7d:23:7c:06:be:7a:0d:99:74:02:03:0f:59:ed:b9:3a:59:
         11:7d:fe:15:1c:33:2d:07:3f:0b:84:fa:c0:67:26:f5:d4:c0:
         b1:20:39:c8:e5:52:de:f6:57:5e:a0:42:b2:02:a6:09:77:3b:
         5e:00:a9:70:4b:a3:f3:2a:af:f5:89:a6:bb:18:09:0f:cb:cc:
         97:af:46:5c:ce:4c:c4:0b:25:9f:fc:35:7d:04:c5:79:5a:a4:
         3b:34:16:3c:dd:69:d2:47:6d:7b:d9:e4:b8:38:3f:57:2a:ce:
         55:af:0f:44:cf:a9:07:96:f2:3f:77:0d:cd:20:28:b4:7c:70:
         5a:22:d2:b7:89:a4:2c:b2:90:96:58:7a:72:1d:cd:3a:d9:d0:
         f4:a1:3e:cf:f5:02:c0:c6:81:5e:86:04:8a:7c:f2:3a:f0:19:
         15:d8:e6:9c:d0:2b:b1:05:aa:b3:0e:00:94:bd:b7:b0:ed:f8:
         c1:57:6e:c5:3c:0b:88:05:c7:23:c1:36:15:f2:8f:85:c1:f4:
         f8:ae:f7:13:e9:fc:16:4d:af:05:03:5b:f2:59:06:32:17:3f:
         bf:7a:e4:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyzE9NMxlcRXhclXqAL1EvMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlN2M3NzM2OTQ1YzI5YTc3YmFjZDViMThiMGZmNTg3NTEx
MTdiYWQwHhcNMjYwMzAzMDk0MjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTEyYjAwOTQxNzM2YTJkZmM3ZWJlYjlmODU0NDdmZjE2MTJkMjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAofZ13O30XW5cIMun8eRHGO17BlNx
Fw7lQ4SDdH6mG/yqSM0digvGDdZjc6hP+sZfkc1S7SSFPW67osLY2DPbgsfwuOZR
Q0ufcIEQzUkRwa4qtNsia+bTpkrMVzICD69cHkcewsw/55u4UmqrceGJDEF5oPQ5
58c248whebfjClDlaxv58/4Wcn4vHc9iA7/uKJEk2Nm+8XVDbQFMt3lwx81KjBDX
2lRSu2lQ5t1QFQA6E+0eJfiFSKXZQIKGqm3FHGzXAkSWQ9TOBHdspJXz0Pn6Aro/
xnshY6RXkDg3XQqMx/6LO2OV/XWC58u/TTEdBdqn8FSsTqzkZz/VAewtUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCESsAlBc2ot/H6+ufhUR/8WEtIyMB8GA1UdIwQY
MBaAFF58dzaUXCmne6zVsYsP9YdREXutMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWG54M05wUmNLYWQ3ck5XeGl3XzFoMUVSZTYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS83YmRkMDctNmU1NS00YTA1LTlkMWIt
ZWVlZGQ5OWI4Y2M0LzEvSVJLd0NVRnphaTM4ZnI2NS1GUkhfeFlTMGpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS83YmRkMDctNmU1NS00YTA1LTlkMWItZWVlZGQ5OWI4Y2M0
LzEvWG54M05wUmNLYWQ3ck5XeGl3XzFoMUVSZTYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBubM4MA0G
CSqGSIb3DQEBCwUAA4IBAQDQrMJl3C0wdZjQ55mzJ+407NrnjUUwroWLhZEmxwGd
MAP3FBmwfSN8Br56DZl0AgMPWe25OlkRff4VHDMtBz8LhPrAZyb11MCxIDnI5VLe
9ldeoEKyAqYJdzteAKlwS6PzKq/1iaa7GAkPy8yXr0ZczkzECyWf/DV9BMV5WqQ7
NBY83WnSR2172eS4OD9XKs5Vrw9Ez6kHlvI/dw3NICi0fHBaItK3iaQsspCWWHpy
Hc062dD0oT7P9QLAxoFehgSKfPI68BkV2Oac0CuxBaqzDgCUvbew7fjBV27FPAuI
BccjwTYV8o+FwfT4rvcT6fwWTa8FA1vyWQYyFz+/euSo
-----END CERTIFICATE-----