Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/RXnpZe86HRTs6-Hyr28ldQBv_fU.roa
File:                     RXnpZe86HRTs6-Hyr28ldQBv_fU.roa (raw, json)
Hash identifier:          gjqULoDpUOFUva9eITmdGpGn/TQ4xqa4COnGLeH/v0Y=
Subject key identifier:   45:79:E9:65:EF:3A:1D:14:EC:EB:E1:F2:AF:6F:25:75:00:6F:FD:F5
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       019D9649041A0CEF24B8B207820F99C2C77B
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/RXnpZe86HRTs6-Hyr28ldQBv_fU.roa
Signing time:             Thu 16 Apr 2026 12:34:20 +0000
ROA not before:           Thu 16 Apr 2026 12:34:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57898
IP address blocks:        5.22.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 15:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:96:49:04:1a:0c:ef:24:b8:b2:07:82:0f:99:c2:c7:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Apr 16 12:34:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4579e965ef3a1d14ecebe1f2af6f2575006ffdf5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:64:93:88:cd:b2:ec:25:c2:bc:ed:e0:60:a7:
                    48:61:25:bf:4b:2a:01:46:95:8e:95:09:41:ef:55:
                    98:84:b9:aa:55:9a:3f:2c:25:3a:7c:16:77:9b:0f:
                    64:2e:90:9f:07:f0:e5:e1:76:c5:35:2a:57:e8:fd:
                    8a:44:ce:65:bf:5e:de:15:ea:05:98:d3:61:50:9c:
                    01:57:1f:40:25:b1:ad:5a:1a:f7:6b:16:55:86:8d:
                    9a:81:2e:42:0d:54:79:91:bb:07:9d:d4:02:ee:54:
                    89:6f:2f:a4:08:8d:13:8c:97:64:87:97:84:1e:e9:
                    68:d6:a7:47:eb:2b:58:df:54:5e:85:73:8c:82:da:
                    ac:b1:64:4b:13:93:10:e9:37:27:d1:dc:50:e9:29:
                    a1:02:9c:9e:74:97:2d:94:1a:a8:82:3c:7d:36:99:
                    60:c2:e0:58:d9:df:97:e0:1d:7f:e7:c3:36:82:b8:
                    24:e7:6d:2f:31:ba:73:3e:3e:36:52:cc:ad:ad:b5:
                    f3:60:0d:1c:8e:09:89:58:c3:a6:d0:01:b8:8b:42:
                    49:6e:c9:15:f7:d3:7d:7e:14:e4:ba:9c:7b:ea:a6:
                    a3:31:c4:54:5e:13:28:35:89:8f:e2:48:c5:dc:6b:
                    92:8b:59:0a:15:6e:bb:5d:a6:4a:fd:06:a3:da:9b:
                    2a:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:79:E9:65:EF:3A:1D:14:EC:EB:E1:F2:AF:6F:25:75:00:6F:FD:F5
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/RXnpZe86HRTs6-Hyr28ldQBv_fU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.22.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:61:75:d5:17:23:bc:9f:d8:27:5c:84:7c:f8:72:13:4f:5c:
         2a:6d:a9:bb:e0:4f:f6:89:99:9d:c2:36:d7:af:a4:ec:3a:4a:
         d2:9f:5a:93:ae:ae:7b:3d:82:ef:31:fe:1f:0b:ad:ee:10:85:
         c4:8f:7b:f7:0f:b5:17:cb:b6:c2:14:9f:5a:72:04:68:a2:bf:
         6e:9b:57:67:28:54:b1:e6:7d:c7:3a:cb:b3:27:46:bb:0b:43:
         0b:f4:d3:b9:19:db:9d:4c:35:bc:32:f8:59:e8:ec:74:e2:66:
         1c:d9:15:d2:6f:70:8c:a3:c0:7f:f0:f7:7a:ba:af:d7:6b:99:
         3c:b1:dc:fb:38:b1:bf:60:3a:6d:c1:34:29:05:96:52:d7:7a:
         6f:f2:bb:02:74:c2:96:05:93:6f:63:1b:26:da:7a:ed:b3:4e:
         7c:5a:84:3c:59:bd:d1:ff:76:c2:a7:bd:5a:1f:51:5e:64:19:
         d8:28:b5:59:09:d0:de:d7:fa:88:c6:59:a5:76:2d:56:ce:40:
         6b:5a:f2:96:a2:f7:6c:03:cb:91:74:7f:10:10:06:1b:29:4e:
         db:cf:5f:7b:f0:89:5f:59:57:95:0f:17:27:30:8f:70:90:92:
         a0:a8:30:c0:9d:8f:cc:7d:ee:5f:b4:3d:d0:cf:8d:8f:64:d1:
         0f:88:5f:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2WSQQaDO8kuLIHgg+Zwsd7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTNkM2JhMTk3ZjVjZTMwOThiZmE3NzAwYjQzODU0ZWFh
ODBlOWUwHhcNMjYwNDE2MTIzNDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTc5ZTk2NWVmM2ExZDE0ZWNlYmUxZjJhZjZmMjU3NTAwNmZmZGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1mSTiM2y7CXCvO3gYKdIYSW/SyoB
RpWOlQlB71WYhLmqVZo/LCU6fBZ3mw9kLpCfB/Dl4XbFNSpX6P2KRM5lv17eFeoF
mNNhUJwBVx9AJbGtWhr3axZVho2agS5CDVR5kbsHndQC7lSJby+kCI0TjJdkh5eE
Hulo1qdH6ytY31RehXOMgtqssWRLE5MQ6Tcn0dxQ6SmhApyedJctlBqogjx9Nplg
wuBY2d+X4B1/58M2grgk520vMbpzPj42UsytrbXzYA0cjgmJWMOm0AG4i0JJbskV
99N9fhTkupx76qajMcRUXhMoNYmP4kjF3GuSi1kKFW67XaZK/Qaj2psqJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEV56WXvOh0U7Ovh8q9vJXUAb/31MB8GA1UdIwQY
MBaAFC+T07oZf1zjCYv6dwC0OFTqqA6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUt
OWU3MWRjMjRhNjgzLzEvUlhucFplODZIUlRzNi1IeXIyOGxkUUJ2X2ZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUtOWU3MWRjMjRhNjgz
LzEvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABRadMA0G
CSqGSIb3DQEBCwUAA4IBAQBtYXXVFyO8n9gnXIR8+HITT1wqbam74E/2iZmdwjbX
r6TsOkrSn1qTrq57PYLvMf4fC63uEIXEj3v3D7UXy7bCFJ9acgRoor9um1dnKFSx
5n3HOsuzJ0a7C0ML9NO5GdudTDW8MvhZ6Ox04mYc2RXSb3CMo8B/8Pd6uq/Xa5k8
sdz7OLG/YDptwTQpBZZS13pv8rsCdMKWBZNvYxsm2nrts058WoQ8Wb3R/3bCp71a
H1FeZBnYKLVZCdDe1/qIxlmldi1WzkBrWvKWovdsA8uRdH8QEAYbKU7bz1978Ilf
WVeVDxcnMI9wkJKgqDDAnY/Mfe5ftD3Qz42PZNEPiF/m
-----END CERTIFICATE-----