Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/cddb63-9308-43c9-9473-eae418158a52/1/5ryFhi9ZcM4ZXUi-AstHZtjweAE.roa
File:                     5ryFhi9ZcM4ZXUi-AstHZtjweAE.roa (raw, json)
Hash identifier:          2qM0IhOL1SBTen6Ye0bZXnOAWOFNUbuFBAheUHcm2J0=
Subject key identifier:   E6:BC:85:86:2F:59:70:CE:19:5D:48:BE:02:CB:47:66:D8:F0:78:01
Certificate issuer:       /CN=4151d6b441d3f57762c032f8fad217608a22f7a1
Certificate serial:       019B77588F9F24087FDD46399A9838B4FBA9
Authority key identifier: 41:51:D6:B4:41:D3:F5:77:62:C0:32:F8:FA:D2:17:60:8A:22:F7:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QVHWtEHT9XdiwDL4-tIXYIoi96E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/cddb63-9308-43c9-9473-eae418158a52/1/5ryFhi9ZcM4ZXUi-AstHZtjweAE.roa
Signing time:             Thu 01 Jan 2026 02:17:31 +0000
ROA not before:           Thu 01 Jan 2026 02:17:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49560
IP address blocks:        92.51.56.0/21 maxlen: 21
                          2a01:a320::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/cddb63-9308-43c9-9473-eae418158a52/1/QVHWtEHT9XdiwDL4-tIXYIoi96E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/cddb63-9308-43c9-9473-eae418158a52/1/QVHWtEHT9XdiwDL4-tIXYIoi96E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QVHWtEHT9XdiwDL4-tIXYIoi96E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:8f:9f:24:08:7f:dd:46:39:9a:98:38:b4:fb:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4151d6b441d3f57762c032f8fad217608a22f7a1
        Validity
            Not Before: Jan  1 02:17:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e6bc85862f5970ce195d48be02cb4766d8f07801
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:6c:88:9c:97:6e:6b:f7:36:b5:7b:4a:b7:96:
                    26:8d:27:f7:de:45:ab:a3:5a:f5:7e:9c:bd:3b:29:
                    fa:c8:74:83:29:0b:2e:49:ef:16:66:a1:a4:b2:c9:
                    61:c3:c2:55:22:d6:cc:2d:e5:b1:16:1b:06:08:e8:
                    b9:c1:16:9e:46:c6:b5:fe:d6:17:3f:cb:55:5f:d7:
                    22:3f:b9:65:eb:01:7b:1d:d4:44:3f:44:e8:dc:e2:
                    71:b5:07:35:e2:13:59:5f:25:a0:03:e4:4b:93:27:
                    8f:d2:6d:7e:25:db:72:5d:e6:27:96:29:16:d1:b5:
                    66:d7:9a:cd:9a:4c:fc:b1:de:48:11:c0:a1:d0:f3:
                    b0:8e:b1:92:30:87:4a:c3:b5:34:a1:43:dc:cc:80:
                    3d:5d:e3:15:4e:90:a7:17:54:a8:28:2e:71:64:f7:
                    f2:88:21:f2:70:f8:10:c1:fb:62:15:77:34:9d:cf:
                    d3:b4:db:6a:bf:aa:10:91:19:92:03:10:7c:ba:db:
                    81:58:7f:81:01:7a:cf:5e:39:1c:37:22:e7:3e:d0:
                    16:c6:90:84:73:56:43:ff:5f:b0:3b:fe:6f:4b:e5:
                    39:ee:f0:1a:f4:a8:a4:06:ff:86:05:f7:c6:af:36:
                    4c:e7:33:e5:15:88:52:a4:7a:f1:78:81:ae:cc:e6:
                    8e:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:BC:85:86:2F:59:70:CE:19:5D:48:BE:02:CB:47:66:D8:F0:78:01
            X509v3 Authority Key Identifier:
                keyid:41:51:D6:B4:41:D3:F5:77:62:C0:32:F8:FA:D2:17:60:8A:22:F7:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QVHWtEHT9XdiwDL4-tIXYIoi96E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/cddb63-9308-43c9-9473-eae418158a52/1/5ryFhi9ZcM4ZXUi-AstHZtjweAE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/cddb63-9308-43c9-9473-eae418158a52/1/QVHWtEHT9XdiwDL4-tIXYIoi96E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.51.56.0/21
                IPv6:
                  2a01:a320::/32

    Signature Algorithm: sha256WithRSAEncryption
         3c:6e:0e:ab:4e:04:fe:75:8c:8c:29:4f:76:08:58:f2:1c:ae:
         6e:92:a4:e8:6b:6f:35:83:e8:c1:68:05:e6:41:55:f3:d3:5a:
         01:53:4f:9f:39:20:e0:bf:76:70:b3:ae:ce:64:ef:a4:db:8f:
         69:3e:cf:96:77:37:71:e9:30:98:b9:d9:e2:c0:06:85:f4:83:
         e9:39:5a:7e:d5:cc:c3:1a:6c:a8:18:1f:21:93:ad:d6:62:29:
         51:49:39:0b:b6:de:f5:85:ce:16:2a:96:05:97:1f:6c:f0:e2:
         9e:e8:60:71:bb:db:b7:3c:9d:53:b1:d8:06:e3:80:e3:af:da:
         75:31:c6:df:0a:15:93:d4:40:d6:75:ad:c2:7c:2f:ad:0d:7d:
         9a:eb:d2:e0:e8:f8:05:ad:40:dc:36:31:95:05:56:63:52:d7:
         55:04:c7:01:9c:98:30:3c:35:04:b0:04:35:2f:8d:32:2b:09:
         76:97:11:d1:60:80:04:a3:ec:e1:03:75:5c:82:17:ef:f8:c1:
         21:d6:ea:eb:40:e5:68:ca:e7:8a:09:35:b7:43:e2:77:a8:2d:
         3c:18:31:ec:16:ef:d9:f4:f4:38:f2:4e:ee:7f:71:57:e4:0d:
         49:f2:90:89:0b:04:48:35:7c:d3:93:c7:71:77:af:ce:9d:2a:
         14:c3:8c:8b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt3WI+fJAh/3UY5mpg4tPupMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxNTFkNmI0NDFkM2Y1Nzc2MmMwMzJmOGZhZDIxNzYwOGEy
MmY3YTEwHhcNMjYwMTAxMDIxNzMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmJjODU4NjJmNTk3MGNlMTk1ZDQ4YmUwMmNiNDc2NmQ4ZjA3ODAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArWyInJdua/c2tXtKt5YmjSf33kWr
o1r1fpy9Oyn6yHSDKQsuSe8WZqGksslhw8JVItbMLeWxFhsGCOi5wRaeRsa1/tYX
P8tVX9ciP7ll6wF7HdREP0To3OJxtQc14hNZXyWgA+RLkyeP0m1+JdtyXeYnlikW
0bVm15rNmkz8sd5IEcCh0POwjrGSMIdKw7U0oUPczIA9XeMVTpCnF1SoKC5xZPfy
iCHycPgQwftiFXc0nc/TtNtqv6oQkRmSAxB8utuBWH+BAXrPXjkcNyLnPtAWxpCE
c1ZD/1+wO/5vS+U57vAa9KikBv+GBffGrzZM5zPlFYhSpHrxeIGuzOaOYQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOa8hYYvWXDOGV1IvgLLR2bY8HgBMB8GA1UdIwQY
MBaAFEFR1rRB0/V3YsAy+PrSF2CKIvehMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVZIV3RFSFQ5WGRpd0RMNC10SVhZSW9pOTZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9jZGRiNjMtOTMwOC00M2M5LTk0NzMt
ZWFlNDE4MTU4YTUyLzEvNXJ5RmhpOVpjTTRaWFVpLUFzdEhadGp3ZUFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9jZGRiNjMtOTMwOC00M2M5LTk0NzMtZWFlNDE4MTU4YTUy
LzEvUVZIV3RFSFQ5WGRpd0RMNC10SVhZSW9pOTZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDXDM4MA0E
AgACMAcDBQAqAaMgMA0GCSqGSIb3DQEBCwUAA4IBAQA8bg6rTgT+dYyMKU92CFjy
HK5ukqToa281g+jBaAXmQVXz01oBU0+fOSDgv3Zws67OZO+k249pPs+Wdzdx6TCY
udniwAaF9IPpOVp+1czDGmyoGB8hk63WYilRSTkLtt71hc4WKpYFlx9s8OKe6GBx
u9u3PJ1TsdgG44Djr9p1McbfChWT1EDWda3CfC+tDX2a69Lg6PgFrUDcNjGVBVZj
UtdVBMcBnJgwPDUEsAQ1L40yKwl2lxHRYIAEo+zhA3Vcghfv+MEh1urrQOVoyueK
CTW3Q+J3qC08GDHsFu/Z9PQ48k7uf3FX5A1J8pCJCwRINXzTk8dxd6/OnSoUw4yL
-----END CERTIFICATE-----