Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/e5qzK7N-C80XP3WeSw_bPj_N2Jg.roa
File:                     e5qzK7N-C80XP3WeSw_bPj_N2Jg.roa (raw, json)
Hash identifier:          w/iO1ArMKyAfbI9CY1MySDVQWWQnJ1ofGwIzAiTc00E=
Subject key identifier:   7B:9A:B3:2B:B3:7E:0B:CD:17:3F:75:9E:4B:0F:DB:3E:3F:CD:D8:98
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       019D7D69839B8E16300FAD81C97554E62B7A
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/e5qzK7N-C80XP3WeSw_bPj_N2Jg.roa
Signing time:             Sat 11 Apr 2026 16:39:20 +0000
ROA not before:           Sat 11 Apr 2026 16:39:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6079
IP address blocks:        178.239.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:7d:69:83:9b:8e:16:30:0f:ad:81:c9:75:54:e6:2b:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Apr 11 16:39:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7b9ab32bb37e0bcd173f759e4b0fdb3e3fcdd898
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:76:33:b9:3d:12:85:3d:7d:20:a7:9c:02:59:
                    a1:20:c2:e0:2d:f0:f0:cf:38:bd:9c:ec:8c:14:d1:
                    ad:e0:52:26:91:f3:f2:3a:76:ef:4d:c3:65:0e:b0:
                    df:de:b2:62:bd:c1:a0:4b:ff:1b:8d:dd:f3:e3:0f:
                    89:bc:d1:d3:37:d1:20:e2:ae:ac:11:ea:af:4a:94:
                    0b:89:02:c9:fd:d2:56:57:4d:ae:fc:9b:21:8f:7b:
                    74:84:32:d6:b5:5b:a1:f0:e9:cc:ea:2b:7b:2d:59:
                    db:5d:fe:f7:e7:d6:dc:8c:51:74:3a:33:2d:5d:38:
                    5e:ce:64:0a:68:f4:a8:b3:f7:84:a1:90:8d:81:c0:
                    12:be:8f:d9:66:03:cd:d3:60:6a:67:ba:c8:65:ce:
                    89:b2:30:57:c1:83:b6:c7:59:28:2e:2f:5e:5d:14:
                    8f:80:88:2f:80:2d:dc:c1:aa:61:2c:4b:1e:1a:f7:
                    79:0c:2d:d8:56:82:39:be:8b:9a:6a:7f:31:31:d6:
                    ed:0e:81:d0:96:26:b4:3b:ed:8d:96:b9:52:ab:bf:
                    bc:8c:cd:ba:3d:41:bf:42:dd:6f:c5:4e:81:89:f8:
                    45:f8:41:4e:23:b6:0e:bc:99:10:98:be:cb:7c:1c:
                    70:dd:b4:f1:60:1b:0c:aa:db:c8:09:b9:1e:6e:d4:
                    b2:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:9A:B3:2B:B3:7E:0B:CD:17:3F:75:9E:4B:0F:DB:3E:3F:CD:D8:98
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/e5qzK7N-C80XP3WeSw_bPj_N2Jg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:07:49:d6:ee:91:b5:cc:53:64:e3:2a:21:23:da:b3:6c:16:
         9e:80:e9:34:b9:d8:60:5b:b0:84:34:8e:4a:c0:d8:a3:85:dc:
         09:dd:ae:09:25:03:94:22:84:07:b7:0b:7e:05:55:0f:b1:ea:
         8d:24:7b:f6:fc:4d:c3:60:83:7d:e4:47:e5:0e:02:a8:f3:f6:
         99:a8:2e:25:0c:44:6c:71:2c:4a:f4:76:f1:22:28:72:11:23:
         a0:67:b8:4b:15:de:c0:3c:5c:5a:ce:ca:9e:d7:4b:ef:51:ea:
         b3:ae:40:44:14:0d:79:73:ba:b2:21:b5:6e:94:3d:c7:b7:ea:
         14:15:a9:15:6b:0f:4e:3d:51:0f:ad:33:1e:bd:4b:6f:6e:01:
         f3:1e:9f:06:cc:ed:12:75:2d:8c:7d:89:fd:4f:8c:99:d9:4f:
         f0:d0:43:e4:61:8a:be:c8:ce:5e:02:62:b5:3e:60:de:3b:72:
         81:8b:bb:5c:13:ed:d2:02:2f:1b:eb:26:cf:2c:a2:17:7e:91:
         ef:8c:00:84:5c:96:cb:4e:7d:cf:db:98:4f:64:a4:14:34:a9:
         01:96:e8:07:52:2c:27:9d:09:95:1d:9a:db:cb:83:b4:b1:e5:
         c7:bb:77:9a:78:de:78:a5:b0:cb:2b:93:08:3b:99:c9:f3:f1:
         aa:b4:55:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ19aYObjhYwD62ByXVU5it6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjYwNDExMTYzOTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjlhYjMyYmIzN2UwYmNkMTczZjc1OWU0YjBmZGIzZTNmY2RkODk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAznYzuT0ShT19IKecAlmhIMLgLfDw
zzi9nOyMFNGt4FImkfPyOnbvTcNlDrDf3rJivcGgS/8bjd3z4w+JvNHTN9Eg4q6s
EeqvSpQLiQLJ/dJWV02u/Jshj3t0hDLWtVuh8OnM6it7LVnbXf7359bcjFF0OjMt
XThezmQKaPSos/eEoZCNgcASvo/ZZgPN02BqZ7rIZc6JsjBXwYO2x1koLi9eXRSP
gIgvgC3cwaphLEseGvd5DC3YVoI5vouaan8xMdbtDoHQlia0O+2NlrlSq7+8jM26
PUG/Qt1vxU6BifhF+EFOI7YOvJkQmL7LfBxw3bTxYBsMqtvICbkebtSydwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHuasyuzfgvNFz91nksP2z4/zdiYMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvZTVxeks3Ti1DODBYUDNXZVN3X2JQal9OMkpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsu95MA0G
CSqGSIb3DQEBCwUAA4IBAQC7B0nW7pG1zFNk4yohI9qzbBaegOk0udhgW7CENI5K
wNijhdwJ3a4JJQOUIoQHtwt+BVUPseqNJHv2/E3DYIN95EflDgKo8/aZqC4lDERs
cSxK9HbxIihyESOgZ7hLFd7APFxazsqe10vvUeqzrkBEFA15c7qyIbVulD3Ht+oU
FakVaw9OPVEPrTMevUtvbgHzHp8GzO0SdS2MfYn9T4yZ2U/w0EPkYYq+yM5eAmK1
PmDeO3KBi7tcE+3SAi8b6ybPLKIXfpHvjACEXJbLTn3P25hPZKQUNKkBlugHUiwn
nQmVHZrby4O0seXHu3eaeN54pbDLK5MIO5nJ8/GqtFXV
-----END CERTIFICATE-----