Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/o2LsDsR-WYb7YwjqLk6jjcuW-uM.roa
File:                     o2LsDsR-WYb7YwjqLk6jjcuW-uM.roa (raw, json)
Hash identifier:          5xE4UpV7AA8kmN1vq7J02kiiLM8rThgxAL2+lujvPnE=
Subject key identifier:   A3:62:EC:0E:C4:7E:59:86:FB:63:08:EA:2E:4E:A3:8D:CB:96:FA:E3
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       019DB493A0AF67821ED25738EBB9E140A858
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/o2LsDsR-WYb7YwjqLk6jjcuW-uM.roa
Signing time:             Wed 22 Apr 2026 09:44:26 +0000
ROA not before:           Wed 22 Apr 2026 09:44:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203919
IP address blocks:        5.10.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b4:93:a0:af:67:82:1e:d2:57:38:eb:b9:e1:40:a8:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Apr 22 09:44:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a362ec0ec47e5986fb6308ea2e4ea38dcb96fae3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:7c:6e:e1:c3:32:e0:61:a1:8c:ff:4a:80:16:
                    b8:3f:f9:01:34:de:ee:a7:9a:ee:6f:5f:53:4f:34:
                    f3:b9:a2:b2:56:b1:2e:90:bc:a3:d3:61:fa:85:85:
                    d3:1c:2d:ad:a9:c4:2d:d8:d2:17:2f:e6:99:d5:fb:
                    5d:b2:7a:a1:07:a9:14:da:6d:5d:91:5c:c3:45:2b:
                    7b:26:df:1d:05:15:16:74:5c:36:f9:d3:50:db:5f:
                    ac:2c:20:25:6d:81:fe:b7:c7:a3:97:10:1f:70:c3:
                    42:fd:89:48:28:71:4c:22:f6:b4:9f:08:c3:59:0a:
                    f6:4c:f9:50:43:e2:51:98:f2:cd:99:b0:9a:52:2f:
                    c7:29:d2:aa:45:db:20:2f:95:f8:2c:5c:1c:cc:15:
                    21:32:33:83:b4:bd:d0:2c:38:90:51:58:9e:2f:5e:
                    6f:6c:99:77:ac:db:07:cc:41:fb:65:d9:91:3c:72:
                    2a:dc:d2:96:c3:6c:64:41:bd:68:24:c8:05:6c:de:
                    c9:52:b2:54:e4:8c:85:73:b3:22:b0:c9:7e:72:42:
                    74:91:8e:2f:b0:04:81:fa:66:cc:a6:18:f6:cc:a7:
                    e7:dc:d9:7e:53:36:ea:01:85:08:dd:84:c7:9f:56:
                    1f:58:63:52:bf:ff:f4:00:ae:c9:2a:e6:61:e3:97:
                    c3:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:62:EC:0E:C4:7E:59:86:FB:63:08:EA:2E:4E:A3:8D:CB:96:FA:E3
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/o2LsDsR-WYb7YwjqLk6jjcuW-uM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.10.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:19:2e:90:cb:ca:62:56:76:21:ee:13:dc:fb:29:fe:78:2b:
         d1:e4:81:83:5a:85:bd:55:b3:d4:4e:ca:c8:ea:67:f4:0b:14:
         33:ad:ae:3c:af:ca:0f:95:85:20:9e:5b:0f:71:53:5f:e6:24:
         93:35:2b:64:8d:52:8e:4d:33:0b:7e:a1:f8:e6:f7:1c:a0:ad:
         a8:cb:9a:0c:20:b9:78:45:32:f8:bb:62:9f:46:30:3b:4f:ef:
         8b:11:68:51:18:53:64:d0:25:83:e6:91:78:17:fb:a9:4a:9c:
         ce:bc:55:cc:a3:3e:61:16:ba:47:d6:db:92:d3:36:7a:67:2f:
         dc:71:33:e7:3b:1c:53:4e:58:4d:6a:92:b6:eb:e0:76:46:a5:
         8c:09:29:2c:a5:60:a6:93:c4:9c:ee:a4:b8:80:c5:09:c5:ec:
         dc:f4:71:02:e5:96:1a:66:64:f8:cf:de:85:20:ce:86:c4:98:
         e7:88:0a:3f:27:0c:12:c1:e3:a5:3f:de:31:57:31:72:d3:eb:
         75:1b:13:42:c0:ae:9c:14:d8:9d:4c:2b:e8:9c:b3:94:42:0e:
         2f:b9:81:75:36:00:1e:b4:6a:66:ac:38:60:fa:11:d8:c8:09:
         2c:99:dd:5a:df:b3:7d:43:be:9e:0b:a9:e5:eb:f1:e6:e0:b0:
         be:c2:94:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ20k6CvZ4Ie0lc467nhQKhYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjYwNDIyMDk0NDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzYyZWMwZWM0N2U1OTg2ZmI2MzA4ZWEyZTRlYTM4ZGNiOTZmYWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAknxu4cMy4GGhjP9KgBa4P/kBNN7u
p5rub19TTzTzuaKyVrEukLyj02H6hYXTHC2tqcQt2NIXL+aZ1ftdsnqhB6kU2m1d
kVzDRSt7Jt8dBRUWdFw2+dNQ21+sLCAlbYH+t8ejlxAfcMNC/YlIKHFMIva0nwjD
WQr2TPlQQ+JRmPLNmbCaUi/HKdKqRdsgL5X4LFwczBUhMjODtL3QLDiQUVieL15v
bJl3rNsHzEH7ZdmRPHIq3NKWw2xkQb1oJMgFbN7JUrJU5IyFc7MisMl+ckJ0kY4v
sASB+mbMphj2zKfn3Nl+UzbqAYUI3YTHn1YfWGNSv//0AK7JKuZh45fD4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKNi7A7EflmG+2MI6i5Oo43LlvrjMB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvbzJMc0RzUi1XWWI3WXdqcUxrNmpqY3VXLXVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABQr6MA0G
CSqGSIb3DQEBCwUAA4IBAQCXGS6Qy8piVnYh7hPc+yn+eCvR5IGDWoW9VbPUTsrI
6mf0CxQzra48r8oPlYUgnlsPcVNf5iSTNStkjVKOTTMLfqH45vccoK2oy5oMILl4
RTL4u2KfRjA7T++LEWhRGFNk0CWD5pF4F/upSpzOvFXMoz5hFrpH1tuS0zZ6Zy/c
cTPnOxxTTlhNapK26+B2RqWMCSkspWCmk8Sc7qS4gMUJxezc9HEC5ZYaZmT4z96F
IM6GxJjniAo/JwwSweOlP94xVzFy0+t1GxNCwK6cFNidTCvonLOUQg4vuYF1NgAe
tGpmrDhg+hHYyAksmd1a37N9Q76eC6nl6/Hm4LC+wpT7
-----END CERTIFICATE-----