Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/j52xS__sosf5mFaMvVnRI8MptCs.roa
File:                     j52xS__sosf5mFaMvVnRI8MptCs.roa (raw, json)
Hash identifier:          7GzQRCQ65tctOTsCeENwKryTEAKOSSkLgXhJjHGkc60=
Subject key identifier:   8F:9D:B1:4B:FF:EC:A2:C7:F9:98:56:8C:BD:59:D1:23:C3:29:B4:2B
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019D6C037C84A8427EF1731DC978C4825F02
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/j52xS__sosf5mFaMvVnRI8MptCs.roa
Signing time:             Wed 08 Apr 2026 07:34:20 +0000
ROA not before:           Wed 08 Apr 2026 07:34:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215136
IP address blocks:        5.83.134.0/24 maxlen: 24
                          5.175.140.0/24 maxlen: 24
                          5.175.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:6c:03:7c:84:a8:42:7e:f1:73:1d:c9:78:c4:82:5f:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Apr  8 07:34:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8f9db14bffeca2c7f998568cbd59d123c329b42b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d4:a9:d6:9d:d9:33:7c:87:38:cd:86:db:40:
                    61:eb:86:1d:c7:79:f6:f6:fa:37:e6:1a:51:5b:63:
                    87:bd:9e:ff:f0:db:7e:76:0d:3a:84:fe:6e:c6:f9:
                    8d:fa:43:9f:3d:9e:af:51:bd:56:9c:07:00:6a:6b:
                    80:89:f6:3f:63:5e:0f:5a:09:3a:31:c5:9b:40:d6:
                    de:c7:10:61:20:ec:82:f9:4e:7c:50:58:3d:40:22:
                    7e:53:4f:ab:8d:28:96:91:6e:b9:ac:e7:47:5a:9b:
                    69:4d:4a:17:80:33:ed:d2:02:9c:47:68:8a:de:90:
                    c9:91:2a:8f:12:61:f5:19:23:f0:08:87:ad:84:2f:
                    ef:b6:d7:2a:f1:f2:05:89:08:36:02:60:34:c0:6a:
                    7a:90:91:88:4d:22:9c:99:09:5e:8c:7a:4c:d6:64:
                    f4:d7:54:5f:db:91:0d:a9:17:a5:70:d0:83:45:32:
                    7a:d1:df:db:c5:61:f4:36:fe:1e:59:09:62:9b:c1:
                    9f:89:2c:bd:18:28:dc:56:f5:d6:e5:5e:ae:b5:32:
                    75:4d:da:dd:e1:71:10:db:52:a6:77:41:d6:a8:d5:
                    4b:81:26:fd:27:c3:6a:ed:fc:e0:85:34:5e:e8:54:
                    8d:0e:54:29:c0:50:0f:d2:62:f9:55:f6:99:12:03:
                    42:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:9D:B1:4B:FF:EC:A2:C7:F9:98:56:8C:BD:59:D1:23:C3:29:B4:2B
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/j52xS__sosf5mFaMvVnRI8MptCs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.83.134.0/24
                  5.175.140.0/24
                  5.175.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:a6:20:e5:76:b1:d6:10:aa:52:bf:4a:d9:39:03:e4:82:81:
         45:cb:51:13:e7:96:90:2e:d5:bf:26:4c:32:df:84:94:bc:36:
         ad:8b:a1:1a:7c:d7:08:73:4f:d0:c5:96:e2:36:88:22:84:3f:
         f4:13:f2:52:7b:51:ff:6c:a6:fb:e9:d3:2b:21:2b:c6:fd:75:
         4b:c9:4e:a2:41:3e:af:ba:3f:e3:d7:9c:e0:cf:9c:15:ae:c4:
         0b:69:51:11:2b:2c:e4:ac:93:f8:0f:51:31:47:07:5e:95:0f:
         6d:6f:7f:4c:0f:ee:89:c9:73:2b:1b:5f:9d:7d:ff:f8:d4:85:
         0d:a9:d2:b4:5c:5c:70:98:d7:36:70:23:27:96:29:11:ae:ab:
         3b:3b:1b:89:55:b0:b9:97:ba:00:64:cc:d3:d4:06:d5:33:ee:
         b6:00:b6:f3:81:08:94:36:bb:1f:06:25:cc:02:a6:fe:c9:ac:
         46:6d:53:83:46:48:18:18:68:68:97:94:77:5d:5e:ea:74:8f:
         54:5f:4c:77:df:a5:ad:e7:e4:34:e8:47:db:30:a9:cb:bc:c9:
         48:f0:85:b2:37:4b:39:ce:a4:8a:a4:96:12:6b:e7:de:97:a7:
         f4:c6:d7:f9:68:72:47:a6:18:b1:16:b6:d9:a9:02:12:78:29:
         d9:11:3c:88
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ1sA3yEqEJ+8XMdyXjEgl8CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwNDA4MDczNDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjlkYjE0YmZmZWNhMmM3Zjk5ODU2OGNiZDU5ZDEyM2MzMjliNDJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNSp1p3ZM3yHOM2G20Bh64Ydx3n2
9vo35hpRW2OHvZ7/8Nt+dg06hP5uxvmN+kOfPZ6vUb1WnAcAamuAifY/Y14PWgk6
McWbQNbexxBhIOyC+U58UFg9QCJ+U0+rjSiWkW65rOdHWptpTUoXgDPt0gKcR2iK
3pDJkSqPEmH1GSPwCIethC/vttcq8fIFiQg2AmA0wGp6kJGITSKcmQlejHpM1mT0
11Rf25ENqRelcNCDRTJ60d/bxWH0Nv4eWQlim8GfiSy9GCjcVvXW5V6utTJ1Tdrd
4XEQ21Kmd0HWqNVLgSb9J8Nq7fzghTRe6FSNDlQpwFAP0mL5VfaZEgNCIQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFI+dsUv/7KLH+ZhWjL1Z0SPDKbQrMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvajUyeFNfX3Nvc2Y1bUZhTXZWblJJOE1wdENzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABVOGAwQA
Ba+MAwQABa/eMA0GCSqGSIb3DQEBCwUAA4IBAQASpiDldrHWEKpSv0rZOQPkgoFF
y1ET55aQLtW/Jkwy34SUvDati6EafNcIc0/QxZbiNogihD/0E/JSe1H/bKb76dMr
ISvG/XVLyU6iQT6vuj/j15zgz5wVrsQLaVERKyzkrJP4D1ExRwdelQ9tb39MD+6J
yXMrG1+dff/41IUNqdK0XFxwmNc2cCMnlikRrqs7OxuJVbC5l7oAZMzT1AbVM+62
ALbzgQiUNrsfBiXMAqb+yaxGbVODRkgYGGhol5R3XV7qdI9UX0x336Wt5+Q06Efb
MKnLvMlI8IWyN0s5zqSKpJYSa+fel6f0xtf5aHJHphixFrbZqQISeCnZETyI
-----END CERTIFICATE-----