Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/6a532b-3315-46ae-86de-e8e695b18583/1/5qhVPI1i7bgsBqCDOR_pBDzMDds.roa
File:                     5qhVPI1i7bgsBqCDOR_pBDzMDds.roa (raw, json)
Hash identifier:          hsXI0HXZI7WGFauILyyNN6KaKFpRLSAYg6OSGX8LjyY=
Subject key identifier:   E6:A8:55:3C:8D:62:ED:B8:2C:06:A0:83:39:1F:E9:04:3C:CC:0D:DB
Certificate issuer:       /CN=b8c9e7b1897afb008f3b1df8bf04f9b567703de4
Certificate serial:       019B7DCB11000BAFD0125E5EEFD2DBEFDAA0
Authority key identifier: B8:C9:E7:B1:89:7A:FB:00:8F:3B:1D:F8:BF:04:F9:B5:67:70:3D:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uMnnsYl6-wCPOx34vwT5tWdwPeQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/6a532b-3315-46ae-86de-e8e695b18583/1/5qhVPI1i7bgsBqCDOR_pBDzMDds.roa
Signing time:             Fri 02 Jan 2026 08:20:18 +0000
ROA not before:           Fri 02 Jan 2026 08:20:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50355
IP address blocks:        193.24.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/6a532b-3315-46ae-86de-e8e695b18583/1/uMnnsYl6-wCPOx34vwT5tWdwPeQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/6a532b-3315-46ae-86de-e8e695b18583/1/uMnnsYl6-wCPOx34vwT5tWdwPeQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uMnnsYl6-wCPOx34vwT5tWdwPeQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:cb:11:00:0b:af:d0:12:5e:5e:ef:d2:db:ef:da:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8c9e7b1897afb008f3b1df8bf04f9b567703de4
        Validity
            Not Before: Jan  2 08:20:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e6a8553c8d62edb82c06a083391fe9043ccc0ddb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:99:8d:e7:2c:a3:2e:47:71:8f:da:f3:89:5b:
                    15:ce:b7:df:25:ba:c4:ab:f6:20:f9:ee:c9:d3:0f:
                    1c:0d:c5:c0:97:42:26:02:db:22:93:8a:ec:3b:f8:
                    0d:a1:8d:8e:16:47:16:af:ad:ba:14:b7:28:05:6f:
                    8c:d1:00:73:42:2d:43:9d:1e:8e:91:ae:05:81:be:
                    89:22:a2:08:e3:f9:77:22:54:79:49:b1:42:43:61:
                    1a:1e:29:30:13:85:c6:d3:1d:fd:6f:24:b3:e2:3b:
                    43:12:9c:3c:24:f1:40:62:13:93:3a:4f:33:cd:0c:
                    06:97:9f:ac:06:81:17:93:bc:ed:fe:e8:b7:77:56:
                    a2:22:d2:2d:9f:0f:56:20:2e:05:6a:32:46:51:b2:
                    05:58:fe:60:7e:7e:b2:ec:9f:82:da:aa:2b:7c:6c:
                    57:b4:99:b8:f7:4c:36:65:2c:0e:07:a8:bc:50:79:
                    53:f3:26:27:3d:e8:ba:1a:bd:58:28:c7:25:67:e6:
                    46:26:45:59:27:15:77:51:64:34:c4:05:ec:88:ac:
                    90:4a:b2:c2:e5:b8:65:14:38:3d:92:30:33:b0:20:
                    19:e9:66:c1:2c:2f:e5:0c:96:f5:15:6d:42:01:2f:
                    90:ca:9c:9e:96:f1:51:42:e7:f4:eb:20:21:c6:39:
                    ae:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:A8:55:3C:8D:62:ED:B8:2C:06:A0:83:39:1F:E9:04:3C:CC:0D:DB
            X509v3 Authority Key Identifier:
                keyid:B8:C9:E7:B1:89:7A:FB:00:8F:3B:1D:F8:BF:04:F9:B5:67:70:3D:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uMnnsYl6-wCPOx34vwT5tWdwPeQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/6a532b-3315-46ae-86de-e8e695b18583/1/5qhVPI1i7bgsBqCDOR_pBDzMDds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/6a532b-3315-46ae-86de-e8e695b18583/1/uMnnsYl6-wCPOx34vwT5tWdwPeQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.24.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:67:1e:03:56:e1:3d:be:56:54:d2:2c:7d:35:c8:13:a7:0f:
         fe:97:05:f0:93:de:68:96:22:da:bd:32:21:a1:a3:f8:da:57:
         0d:67:af:96:64:b2:a4:c2:c9:48:af:18:1b:81:28:30:9c:38:
         41:d3:c4:67:01:a8:d9:ab:5a:c1:58:24:69:a8:48:7e:47:d7:
         58:5f:2c:29:f6:19:2d:ff:2c:6c:60:59:de:2e:9f:93:2a:29:
         08:a5:7e:39:26:ff:9f:cb:b8:bd:23:bf:e3:f6:20:4b:1b:79:
         be:0b:f2:95:fa:2d:37:68:1c:89:a3:d9:0a:d5:c9:2e:3b:ca:
         83:ca:14:27:f2:bd:1b:35:a5:41:e1:4c:35:6f:51:92:c6:e8:
         cb:30:80:94:2f:3a:fd:5f:1c:c1:15:4b:39:80:fd:74:a7:fe:
         60:8f:72:11:9b:ea:69:ba:25:bf:16:f6:2b:4b:26:6b:24:e6:
         7c:7a:42:c7:50:3a:fc:b9:f8:55:63:ca:f3:21:cd:ab:20:7b:
         84:c3:47:f0:c1:67:d4:5f:5b:7a:12:ad:63:3a:53:30:50:a8:
         d0:f0:82:af:36:2a:c3:13:68:34:ec:dc:b5:88:ba:b7:0b:b3:
         a3:74:57:db:61:2b:c8:44:94:29:94:6c:db:4b:dc:b4:da:f5:
         54:ae:9f:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yxEAC6/QEl5e79Lb79qgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4YzllN2IxODk3YWZiMDA4ZjNiMWRmOGJmMDRmOWI1Njc3
MDNkZTQwHhcNMjYwMTAyMDgyMDE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmE4NTUzYzhkNjJlZGI4MmMwNmEwODMzOTFmZTkwNDNjY2MwZGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1JmN5yyjLkdxj9rziVsVzrffJbrE
q/Yg+e7J0w8cDcXAl0ImAtsik4rsO/gNoY2OFkcWr626FLcoBW+M0QBzQi1DnR6O
ka4Fgb6JIqII4/l3IlR5SbFCQ2EaHikwE4XG0x39bySz4jtDEpw8JPFAYhOTOk8z
zQwGl5+sBoEXk7zt/ui3d1aiItItnw9WIC4FajJGUbIFWP5gfn6y7J+C2qorfGxX
tJm490w2ZSwOB6i8UHlT8yYnPei6Gr1YKMclZ+ZGJkVZJxV3UWQ0xAXsiKyQSrLC
5bhlFDg9kjAzsCAZ6WbBLC/lDJb1FW1CAS+QypyelvFRQuf06yAhxjmujQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOaoVTyNYu24LAaggzkf6QQ8zA3bMB8GA1UdIwQY
MBaAFLjJ57GJevsAjzsd+L8E+bVncD3kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdU1ubnNZbDYtd0NQT3gzNHZ3VDV0V2R3UGVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS82YTUzMmItMzMxNS00NmFlLTg2ZGUt
ZThlNjk1YjE4NTgzLzEvNXFoVlBJMWk3YmdzQnFDRE9SX3BCRHpNRGRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS82YTUzMmItMzMxNS00NmFlLTg2ZGUtZThlNjk1YjE4NTgz
LzEvdU1ubnNZbDYtd0NQT3gzNHZ3VDV0V2R3UGVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRgOMA0G
CSqGSIb3DQEBCwUAA4IBAQB7Zx4DVuE9vlZU0ix9NcgTpw/+lwXwk95oliLavTIh
oaP42lcNZ6+WZLKkwslIrxgbgSgwnDhB08RnAajZq1rBWCRpqEh+R9dYXywp9hkt
/yxsYFneLp+TKikIpX45Jv+fy7i9I7/j9iBLG3m+C/KV+i03aByJo9kK1ckuO8qD
yhQn8r0bNaVB4Uw1b1GSxujLMICULzr9XxzBFUs5gP10p/5gj3IRm+ppuiW/FvYr
SyZrJOZ8ekLHUDr8ufhVY8rzIc2rIHuEw0fwwWfUX1t6Eq1jOlMwUKjQ8IKvNirD
E2g07Ny1iLq3C7OjdFfbYSvIRJQplGzbS9y02vVUrp9X
-----END CERTIFICATE-----