Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/7c2a15-ac4d-464a-a77e-32f9a282f56c/1/m0NQBZ6XvTWPMiWsX0wTun30DiM.roa
File:                     m0NQBZ6XvTWPMiWsX0wTun30DiM.roa (raw, json)
Hash identifier:          7AzW8C0oi0Ht7xq3BopOUhvowxO30E+ewpFpqQ9MzqY=
Subject key identifier:   9B:43:50:05:9E:97:BD:35:8F:32:25:AC:5F:4C:13:BA:7D:F4:0E:23
Certificate issuer:       /CN=373b47a3cee79982adb170341d02026027332023
Certificate serial:       019B7F8078F1B23E28458F84593F7D4E9661
Authority key identifier: 37:3B:47:A3:CE:E7:99:82:AD:B1:70:34:1D:02:02:60:27:33:20:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NztHo87nmYKtsXA0HQICYCczICM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/7c2a15-ac4d-464a-a77e-32f9a282f56c/1/m0NQBZ6XvTWPMiWsX0wTun30DiM.roa
Signing time:             Fri 02 Jan 2026 16:18:04 +0000
ROA not before:           Fri 02 Jan 2026 16:18:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200568
IP address blocks:        5.159.22.0/23 maxlen: 23
                          5.159.22.0/24 maxlen: 24
                          5.159.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/7c2a15-ac4d-464a-a77e-32f9a282f56c/1/NztHo87nmYKtsXA0HQICYCczICM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/7c2a15-ac4d-464a-a77e-32f9a282f56c/1/NztHo87nmYKtsXA0HQICYCczICM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NztHo87nmYKtsXA0HQICYCczICM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 04:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:80:78:f1:b2:3e:28:45:8f:84:59:3f:7d:4e:96:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=373b47a3cee79982adb170341d02026027332023
        Validity
            Not Before: Jan  2 16:18:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9b4350059e97bd358f3225ac5f4c13ba7df40e23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:cb:2e:93:31:59:5b:9c:49:2a:0e:fb:59:ab:
                    b5:c9:39:d7:ad:92:35:88:19:bb:41:e3:74:90:66:
                    34:99:05:89:99:94:9f:1d:b3:f0:f2:16:e1:c0:98:
                    bf:08:c0:e7:41:da:e1:99:ac:3b:2f:1f:d8:a2:c2:
                    5a:39:2a:d3:26:0e:76:6f:9a:53:7c:e3:8b:b1:e0:
                    01:fe:a0:d3:57:0a:87:49:ab:98:7a:8e:27:03:cf:
                    29:81:97:37:db:19:90:90:ca:86:9c:f2:30:fb:f3:
                    9e:12:fc:3f:83:bf:f5:8b:90:29:3f:ff:69:bd:e5:
                    71:19:0f:4e:f7:89:2f:3f:0a:f0:f9:84:0e:53:fd:
                    4f:e3:21:fb:f3:7c:55:84:4f:e6:38:a4:59:db:54:
                    03:3d:aa:80:67:4f:c8:6f:8a:38:78:ce:e7:23:0c:
                    4b:4e:5b:df:92:78:6a:f6:7f:27:94:14:bb:07:bb:
                    8d:61:c3:e7:5c:d6:ae:db:c7:2e:81:1a:18:36:e7:
                    11:46:5f:99:c8:dd:30:01:99:56:4d:18:83:05:90:
                    93:ab:6c:59:4e:45:7f:b8:70:fa:c2:18:53:97:16:
                    59:51:89:44:4f:d1:16:0a:d0:9c:76:dc:53:7f:0c:
                    31:6c:90:a3:df:02:4d:cf:89:72:93:73:64:9e:70:
                    c1:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:43:50:05:9E:97:BD:35:8F:32:25:AC:5F:4C:13:BA:7D:F4:0E:23
            X509v3 Authority Key Identifier:
                keyid:37:3B:47:A3:CE:E7:99:82:AD:B1:70:34:1D:02:02:60:27:33:20:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NztHo87nmYKtsXA0HQICYCczICM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/7c2a15-ac4d-464a-a77e-32f9a282f56c/1/m0NQBZ6XvTWPMiWsX0wTun30DiM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/7c2a15-ac4d-464a-a77e-32f9a282f56c/1/NztHo87nmYKtsXA0HQICYCczICM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.159.22.0/23

    Signature Algorithm: sha256WithRSAEncryption
         79:6d:14:9d:69:02:2d:d2:cd:7d:0b:07:f6:c1:3e:d8:e6:68:
         ec:f7:76:ed:0b:c8:fa:b3:67:59:14:e9:6e:83:c2:c4:e1:2b:
         41:a9:63:a3:ef:f7:ea:af:52:76:fe:00:d3:4a:33:88:b2:97:
         81:15:e1:c8:11:85:51:55:99:64:9e:e5:86:d2:22:75:26:21:
         9f:e9:53:42:56:83:ed:20:7a:26:2c:51:5f:a1:c0:42:dd:2f:
         39:a3:a3:36:a1:e0:d2:a3:42:ed:b1:b4:ad:45:6d:2a:44:9e:
         73:5b:73:10:d1:4a:cf:d9:a1:97:1f:b7:2b:d0:54:d6:57:8b:
         cf:23:0a:8b:62:8c:a3:71:d3:ff:1b:7b:82:f0:0f:4b:fd:52:
         f6:33:e8:f3:30:32:f7:86:05:eb:36:6f:2b:c0:95:e1:d6:27:
         9b:6f:9a:e7:e7:dd:87:ce:45:b7:c3:51:f8:27:d8:56:55:85:
         ca:e1:d1:01:bc:24:eb:a8:ac:a8:6c:66:b7:79:4a:97:9b:a5:
         52:ac:4d:b4:85:7e:91:3a:20:bb:fb:2a:9a:03:27:cf:d7:b6:
         ef:ef:1d:35:0b:bd:ca:f2:02:89:53:42:04:7a:f3:17:8a:b4:
         80:d2:58:72:05:1e:54:10:2e:f4:47:72:4a:80:b5:db:71:b4:
         87:e6:bd:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gHjxsj4oRY+EWT99TpZhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3M2I0N2EzY2VlNzk5ODJhZGIxNzAzNDFkMDIwMjYwMjcz
MzIwMjMwHhcNMjYwMTAyMTYxODA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjQzNTAwNTllOTdiZDM1OGYzMjI1YWM1ZjRjMTNiYTdkZjQwZTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0csukzFZW5xJKg77Wau1yTnXrZI1
iBm7QeN0kGY0mQWJmZSfHbPw8hbhwJi/CMDnQdrhmaw7Lx/YosJaOSrTJg52b5pT
fOOLseAB/qDTVwqHSauYeo4nA88pgZc32xmQkMqGnPIw+/OeEvw/g7/1i5ApP/9p
veVxGQ9O94kvPwrw+YQOU/1P4yH783xVhE/mOKRZ21QDPaqAZ0/Ib4o4eM7nIwxL
Tlvfknhq9n8nlBS7B7uNYcPnXNau28cugRoYNucRRl+ZyN0wAZlWTRiDBZCTq2xZ
TkV/uHD6whhTlxZZUYlET9EWCtCcdtxTfwwxbJCj3wJNz4lyk3NknnDBfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJtDUAWel701jzIlrF9ME7p99A4jMB8GA1UdIwQY
MBaAFDc7R6PO55mCrbFwNB0CAmAnMyAjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnp0SG84N25tWUt0c1hBMEhRSUNZQ2N6SUNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC83YzJhMTUtYWM0ZC00NjRhLWE3N2Ut
MzJmOWEyODJmNTZjLzEvbTBOUUJaNlh2VFdQTWlXc1gwd1R1bjMwRGlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC83YzJhMTUtYWM0ZC00NjRhLWE3N2UtMzJmOWEyODJmNTZj
LzEvTnp0SG84N25tWUt0c1hBMEhRSUNZQ2N6SUNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBZ8WMA0G
CSqGSIb3DQEBCwUAA4IBAQB5bRSdaQIt0s19Cwf2wT7Y5mjs93btC8j6s2dZFOlu
g8LE4StBqWOj7/fqr1J2/gDTSjOIspeBFeHIEYVRVZlknuWG0iJ1JiGf6VNCVoPt
IHomLFFfocBC3S85o6M2oeDSo0LtsbStRW0qRJ5zW3MQ0UrP2aGXH7cr0FTWV4vP
IwqLYoyjcdP/G3uC8A9L/VL2M+jzMDL3hgXrNm8rwJXh1iebb5rn592HzkW3w1H4
J9hWVYXK4dEBvCTrqKyobGa3eUqXm6VSrE20hX6ROiC7+yqaAyfP17bv7x01C73K
8gKJU0IEevMXirSA0lhyBR5UEC70R3JKgLXbcbSH5r2c
-----END CERTIFICATE-----