Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/3c8dce-8356-4422-be85-fda4e8a5b46e/1/s3WGIAUoxaXezGvnamEPgxxSe6s.roa
File:                     s3WGIAUoxaXezGvnamEPgxxSe6s.roa (raw, json)
Hash identifier:          m+UVZt/8nZjpbFNEjpwY5nsDKhbrb260ASrF4yP760c=
Subject key identifier:   B3:75:86:20:05:28:C5:A5:DE:CC:6B:E7:6A:61:0F:83:1C:52:7B:AB
Certificate issuer:       /CN=d17ae9dc9f43a269eb0accf3488e861f4ff0e89e
Certificate serial:       019EA84E65BF56C003D07294964FE4956C88
Authority key identifier: D1:7A:E9:DC:9F:43:A2:69:EB:0A:CC:F3:48:8E:86:1F:4F:F0:E8:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Xrp3J9DomnrCszzSI6GH0_w6J4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/3c8dce-8356-4422-be85-fda4e8a5b46e/1/s3WGIAUoxaXezGvnamEPgxxSe6s.roa
Signing time:             Mon 08 Jun 2026 17:36:10 +0000
ROA not before:           Mon 08 Jun 2026 17:36:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198949
IP address blocks:        5.100.152.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/3c8dce-8356-4422-be85-fda4e8a5b46e/1/0Xrp3J9DomnrCszzSI6GH0_w6J4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/3c8dce-8356-4422-be85-fda4e8a5b46e/1/0Xrp3J9DomnrCszzSI6GH0_w6J4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Xrp3J9DomnrCszzSI6GH0_w6J4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a8:4e:65:bf:56:c0:03:d0:72:94:96:4f:e4:95:6c:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d17ae9dc9f43a269eb0accf3488e861f4ff0e89e
        Validity
            Not Before: Jun  8 17:36:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b37586200528c5a5decc6be76a610f831c527bab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:f2:0c:62:4f:1a:a0:d9:86:8d:1b:94:ed:83:
                    e0:8b:91:44:b2:cd:01:a3:21:20:7c:f0:bf:99:d4:
                    7b:69:38:d4:71:31:c5:9d:8f:d3:33:fb:23:de:ac:
                    b1:bf:06:ad:e6:b9:63:12:40:2c:45:21:f6:cf:77:
                    62:87:30:10:a7:c6:8c:7e:ae:76:ea:2e:23:c6:5b:
                    c2:1c:03:16:d2:55:b9:dc:3f:47:64:3c:a4:7e:9e:
                    c4:9f:74:0d:ed:5d:13:22:40:d5:ca:f8:78:15:8d:
                    92:6b:ab:f4:47:7c:40:28:26:cd:80:38:72:10:99:
                    83:63:bf:b4:2c:7a:5e:f5:d3:ef:c8:6e:a6:64:c5:
                    42:a9:a9:f6:01:8b:1a:9d:ba:bb:d9:29:b6:9a:7c:
                    60:6a:a7:48:de:6d:a4:d6:9b:15:1b:be:b5:98:ed:
                    b9:06:83:35:c2:50:dc:e6:11:f8:54:cf:14:02:68:
                    d9:d4:bb:27:c7:d9:64:05:1b:0e:f6:7b:33:23:b6:
                    ed:4e:5e:cf:1a:5c:1e:82:88:60:1a:e9:d2:ec:b9:
                    6e:ea:e7:0a:d8:9c:ca:fb:fb:8c:51:6a:f1:22:d9:
                    76:ac:70:de:11:37:55:b5:0a:75:64:ab:44:d4:b0:
                    06:4d:5f:d2:30:e3:31:4b:a3:af:1a:97:5d:4f:79:
                    9b:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:75:86:20:05:28:C5:A5:DE:CC:6B:E7:6A:61:0F:83:1C:52:7B:AB
            X509v3 Authority Key Identifier:
                keyid:D1:7A:E9:DC:9F:43:A2:69:EB:0A:CC:F3:48:8E:86:1F:4F:F0:E8:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Xrp3J9DomnrCszzSI6GH0_w6J4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/3c8dce-8356-4422-be85-fda4e8a5b46e/1/s3WGIAUoxaXezGvnamEPgxxSe6s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/3c8dce-8356-4422-be85-fda4e8a5b46e/1/0Xrp3J9DomnrCszzSI6GH0_w6J4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.100.152.0/21

    Signature Algorithm: sha256WithRSAEncryption
         64:b0:fe:f8:72:2c:f8:ff:4b:33:d8:af:32:3b:26:28:af:e2:
         7d:10:3c:7a:45:7a:8b:08:11:c5:6c:9d:38:f2:60:23:f2:c1:
         52:e1:33:cc:ce:c4:49:56:2d:29:64:94:f3:e9:49:20:57:d0:
         d4:5d:d1:80:82:b0:8d:0d:bd:6d:dc:6c:d7:55:54:b4:ab:fd:
         dd:3d:39:25:25:56:c0:38:cf:d5:78:c8:73:1f:86:e5:a4:88:
         05:53:4d:a3:66:54:80:b6:a0:63:54:11:7a:97:66:c1:24:6b:
         14:61:7c:bf:0c:fe:03:16:9c:8b:a1:f1:a9:c8:78:ef:2a:f8:
         ee:30:3c:01:c7:60:e9:11:dd:50:04:5b:a0:dd:fc:21:f7:30:
         26:3f:5e:2d:bf:fa:79:09:2b:19:08:9f:c7:5b:97:69:53:4d:
         ab:6d:d8:eb:2d:e8:23:66:31:5a:e0:82:b9:45:8c:2a:ca:36:
         9b:20:50:a8:5a:a4:ec:c0:45:8e:62:bb:60:27:87:1c:df:f0:
         a2:d6:c4:e1:57:b7:e8:68:87:d2:ef:59:f3:8b:90:cc:e0:d1:
         7b:ba:cb:16:a0:7b:71:cb:97:7e:95:ba:93:c6:13:ae:c7:bc:
         b9:b6:a7:37:46:9a:37:0c:56:04:c9:ed:81:e8:33:14:02:d5:
         b0:bd:71:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6oTmW/VsAD0HKUlk/klWyIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxN2FlOWRjOWY0M2EyNjllYjBhY2NmMzQ4OGU4NjFmNGZm
MGU4OWUwHhcNMjYwNjA4MTczNjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzc1ODYyMDA1MjhjNWE1ZGVjYzZiZTc2YTYxMGY4MzFjNTI3YmFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7/IMYk8aoNmGjRuU7YPgi5FEss0B
oyEgfPC/mdR7aTjUcTHFnY/TM/sj3qyxvwat5rljEkAsRSH2z3dihzAQp8aMfq52
6i4jxlvCHAMW0lW53D9HZDykfp7En3QN7V0TIkDVyvh4FY2Sa6v0R3xAKCbNgDhy
EJmDY7+0LHpe9dPvyG6mZMVCqan2AYsanbq72Sm2mnxgaqdI3m2k1psVG761mO25
BoM1wlDc5hH4VM8UAmjZ1Lsnx9lkBRsO9nszI7btTl7PGlwegohgGunS7Llu6ucK
2JzK+/uMUWrxItl2rHDeETdVtQp1ZKtE1LAGTV/SMOMxS6OvGpddT3mbaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLN1hiAFKMWl3sxr52phD4McUnurMB8GA1UdIwQY
MBaAFNF66dyfQ6Jp6wrM80iOhh9P8OieMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFhycDNKOURvbW5yQ3N6elNJNkdIMF93Nko0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy8zYzhkY2UtODM1Ni00NDIyLWJlODUt
ZmRhNGU4YTViNDZlLzEvczNXR0lBVW94YVhlekd2bmFtRVBneHhTZTZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy8zYzhkY2UtODM1Ni00NDIyLWJlODUtZmRhNGU4YTViNDZl
LzEvMFhycDNKOURvbW5yQ3N6elNJNkdIMF93Nko0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDBWSYMA0G
CSqGSIb3DQEBCwUAA4IBAQBksP74ciz4/0sz2K8yOyYor+J9EDx6RXqLCBHFbJ04
8mAj8sFS4TPMzsRJVi0pZJTz6UkgV9DUXdGAgrCNDb1t3GzXVVS0q/3dPTklJVbA
OM/VeMhzH4blpIgFU02jZlSAtqBjVBF6l2bBJGsUYXy/DP4DFpyLofGpyHjvKvju
MDwBx2DpEd1QBFug3fwh9zAmP14tv/p5CSsZCJ/HW5dpU02rbdjrLegjZjFa4IK5
RYwqyjabIFCoWqTswEWOYrtgJ4cc3/Ci1sThV7foaIfS71nzi5DM4NF7ussWoHtx
y5d+lbqTxhOux7y5tqc3Rpo3DFYEye2B6DMUAtWwvXFL
-----END CERTIFICATE-----