Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/X5YGeqr-K4nkGCYQs516uFKrTlk.roa
File:                     X5YGeqr-K4nkGCYQs516uFKrTlk.roa (raw, json)
Hash identifier:          /RUJpXWTCzPKXYEqPW7IR3CpfZnaHcLmZKd3SYa9F+c=
Subject key identifier:   5F:96:06:7A:AA:FE:2B:89:E4:18:26:10:B3:9D:7A:B8:52:AB:4E:59
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       019D25E50D1E2E359B03160A2B4ABF5B9183
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/X5YGeqr-K4nkGCYQs516uFKrTlk.roa
Signing time:             Wed 25 Mar 2026 16:47:41 +0000
ROA not before:           Wed 25 Mar 2026 16:47:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199754
IP address blocks:        45.154.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:25:e5:0d:1e:2e:35:9b:03:16:0a:2b:4a:bf:5b:91:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: Mar 25 16:47:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5f96067aaafe2b89e4182610b39d7ab852ab4e59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:b6:c2:fc:9d:f1:29:ba:97:7b:21:e1:81:6a:
                    7d:2f:70:1d:de:ca:7c:e6:d2:03:72:22:f5:fc:74:
                    0a:68:93:20:43:77:dc:02:80:4e:bd:da:e0:a4:73:
                    33:47:65:91:7b:75:69:33:57:63:b8:99:a7:d4:f0:
                    f2:ee:b6:5b:ba:29:9b:c0:e2:b9:df:a1:d2:a1:60:
                    8d:24:c5:df:6a:ca:db:bc:a5:24:0c:a1:a4:24:ea:
                    ea:18:79:83:f9:c8:78:11:74:09:a0:c3:28:61:8b:
                    e7:61:c2:a3:24:7f:66:49:c4:74:4a:2c:44:da:ec:
                    74:0b:4f:2c:39:f4:81:45:a0:4b:ab:30:ab:79:53:
                    6d:18:70:30:e5:a4:6c:1f:71:73:32:0e:0a:c1:24:
                    e6:16:e8:bc:d7:13:c7:0b:d6:de:cb:db:b6:0a:c0:
                    18:17:8a:a0:74:4c:1b:27:9f:a3:65:72:5a:9b:86:
                    c5:85:b2:1f:fe:04:bd:40:6e:2b:92:ce:ed:fa:fc:
                    c6:21:47:cf:7f:e4:6e:b0:dd:71:3a:72:31:c8:41:
                    b9:c1:3f:27:03:2b:e2:39:d4:0f:36:9b:89:fe:ad:
                    42:81:52:71:fa:bb:34:07:f7:ee:74:1e:d0:82:f2:
                    00:0b:87:66:ff:8b:44:72:b0:94:d6:a1:a4:b2:6c:
                    20:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:96:06:7A:AA:FE:2B:89:E4:18:26:10:B3:9D:7A:B8:52:AB:4E:59
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/X5YGeqr-K4nkGCYQs516uFKrTlk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:cd:2d:b9:0b:6e:b3:2c:df:3a:2a:12:c8:16:9b:3b:5e:2b:
         3b:8a:9a:4d:8a:da:cd:a5:8c:4f:e0:63:eb:29:26:cb:f4:be:
         e0:5f:f0:e8:e0:0b:65:86:81:71:e1:0f:c4:fd:a2:c2:57:e7:
         a9:13:4a:c3:fa:1d:b3:52:63:00:e3:3e:00:85:6f:ba:7f:7d:
         53:66:6a:8e:e2:c6:28:8b:eb:3a:ff:c2:dc:b9:78:5f:9a:6b:
         8d:2b:11:52:c5:17:52:ff:28:54:ba:48:b3:4c:7a:f9:8c:af:
         7e:d1:f6:9e:36:35:b2:72:e3:14:1e:79:5b:52:a0:b4:a4:6e:
         cb:0e:fd:a4:c8:a5:f8:6e:b5:c5:9c:d1:ee:09:2e:f5:33:e7:
         aa:0c:49:28:b2:84:88:46:87:63:af:f9:8b:e1:14:89:fa:1b:
         90:1a:6d:54:f2:8f:16:c3:22:98:0f:98:6d:61:ec:2c:aa:7e:
         97:13:12:ba:6a:36:8b:60:64:2b:1f:9c:6d:00:cc:a3:a2:3e:
         e7:49:65:d5:65:55:c2:bd:b2:8f:5d:f5:39:90:91:f5:f9:2c:
         59:08:45:57:f5:24:3b:6b:49:6c:9a:f6:5a:f7:43:a6:16:5b:
         85:b7:af:c3:66:1e:ca:d2:b0:c4:02:27:c3:c5:85:dc:95:00:
         19:d3:61:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0l5Q0eLjWbAxYKK0q/W5GDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjYwMzI1MTY0NzQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Zjk2MDY3YWFhZmUyYjg5ZTQxODI2MTBiMzlkN2FiODUyYWI0ZTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi7bC/J3xKbqXeyHhgWp9L3Ad3sp8
5tIDciL1/HQKaJMgQ3fcAoBOvdrgpHMzR2WRe3VpM1djuJmn1PDy7rZbuimbwOK5
36HSoWCNJMXfasrbvKUkDKGkJOrqGHmD+ch4EXQJoMMoYYvnYcKjJH9mScR0SixE
2ux0C08sOfSBRaBLqzCreVNtGHAw5aRsH3FzMg4KwSTmFui81xPHC9bey9u2CsAY
F4qgdEwbJ5+jZXJam4bFhbIf/gS9QG4rks7t+vzGIUfPf+RusN1xOnIxyEG5wT8n
AyviOdQPNpuJ/q1CgVJx+rs0B/fudB7QgvIAC4dm/4tEcrCU1qGksmwgaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF+WBnqq/iuJ5BgmELOderhSq05ZMB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEvWDVZR2Vxci1LNG5rR0NZUXM1MTZ1RktyVGxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUtMTMyZmZjOGJkZTQ2
LzEvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZoiMA0G
CSqGSIb3DQEBCwUAA4IBAQChzS25C26zLN86KhLIFps7Xis7ippNitrNpYxP4GPr
KSbL9L7gX/Do4AtlhoFx4Q/E/aLCV+epE0rD+h2zUmMA4z4AhW+6f31TZmqO4sYo
i+s6/8LcuXhfmmuNKxFSxRdS/yhUukizTHr5jK9+0faeNjWycuMUHnlbUqC0pG7L
Dv2kyKX4brXFnNHuCS71M+eqDEkosoSIRodjr/mL4RSJ+huQGm1U8o8WwyKYD5ht
Yewsqn6XExK6ajaLYGQrH5xtAMyjoj7nSWXVZVXCvbKPXfU5kJH1+SxZCEVX9SQ7
a0lsmvZa90OmFluFt6/DZh7K0rDEAifDxYXclQAZ02G5
-----END CERTIFICATE-----