Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/9856ee-699f-4fed-bb98-e06fd0cd3b77/1/5x2-8garOOilf6io7nZnF9dIZSA.roa
File:                     5x2-8garOOilf6io7nZnF9dIZSA.roa (raw, json)
Hash identifier:          hdj3plspymuwOcIm8tESK6Qn+W8Q6cC5cyX/oC/V1CQ=
Subject key identifier:   E7:1D:BE:F2:06:AB:38:E8:A5:7F:A8:A8:EE:76:67:17:D7:48:65:20
Certificate issuer:       /CN=2ba38933358cf66cff3b6ce3f7bc2517fdd47421
Certificate serial:       019B78A23A18819EE64FD2B6666A237834AB
Authority key identifier: 2B:A3:89:33:35:8C:F6:6C:FF:3B:6C:E3:F7:BC:25:17:FD:D4:74:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K6OJMzWM9mz_O2zj97wlF_3UdCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/9856ee-699f-4fed-bb98-e06fd0cd3b77/1/5x2-8garOOilf6io7nZnF9dIZSA.roa
Signing time:             Thu 01 Jan 2026 08:17:36 +0000
ROA not before:           Thu 01 Jan 2026 08:17:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57224
IP address blocks:        91.198.60.0/24 maxlen: 24
                          185.40.116.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/9856ee-699f-4fed-bb98-e06fd0cd3b77/1/K6OJMzWM9mz_O2zj97wlF_3UdCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/9856ee-699f-4fed-bb98-e06fd0cd3b77/1/K6OJMzWM9mz_O2zj97wlF_3UdCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K6OJMzWM9mz_O2zj97wlF_3UdCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 23:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:3a:18:81:9e:e6:4f:d2:b6:66:6a:23:78:34:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ba38933358cf66cff3b6ce3f7bc2517fdd47421
        Validity
            Not Before: Jan  1 08:17:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e71dbef206ab38e8a57fa8a8ee766717d7486520
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:e5:8d:03:2f:8b:43:4b:3a:f4:ed:dc:d6:2a:
                    1b:6c:1f:76:67:20:51:86:12:a0:c3:a0:6b:36:fa:
                    7c:2e:00:0b:4e:d3:94:03:58:a7:5e:72:d7:d8:47:
                    e1:ab:4c:ff:f3:73:83:bb:d1:b4:5e:d1:d9:d9:61:
                    62:1b:6d:18:01:cd:76:af:0d:51:6e:f6:c2:62:ab:
                    9e:b6:29:d8:8d:76:96:54:9f:33:d1:69:a4:5d:b3:
                    a5:b2:96:07:71:f9:c3:eb:af:44:8b:48:99:30:82:
                    b6:77:be:e3:44:9b:3a:72:25:a4:e0:03:1f:73:e7:
                    ff:d5:65:a2:66:b5:ef:70:b3:61:bf:1b:fb:fb:a7:
                    33:1f:cc:9b:a6:61:ab:f2:ff:c4:1f:d0:79:2a:8e:
                    08:5b:9e:37:3d:4d:2e:79:c7:fe:80:cf:d3:c9:76:
                    86:d9:8d:42:8e:db:e5:f2:cf:0a:b5:3b:21:4d:98:
                    6e:ad:f2:60:08:f7:e1:be:02:11:bc:53:67:0d:3c:
                    2c:42:06:7e:92:e1:65:34:4a:e3:f1:0b:6b:b5:c0:
                    21:87:00:a3:1b:29:71:76:36:72:0a:fc:9c:99:a3:
                    c5:62:93:77:98:1f:8a:71:b9:bf:59:8c:db:a5:35:
                    09:34:48:f4:05:81:f7:e0:53:fa:a4:21:0d:45:ed:
                    f4:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:1D:BE:F2:06:AB:38:E8:A5:7F:A8:A8:EE:76:67:17:D7:48:65:20
            X509v3 Authority Key Identifier:
                keyid:2B:A3:89:33:35:8C:F6:6C:FF:3B:6C:E3:F7:BC:25:17:FD:D4:74:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K6OJMzWM9mz_O2zj97wlF_3UdCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/9856ee-699f-4fed-bb98-e06fd0cd3b77/1/5x2-8garOOilf6io7nZnF9dIZSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/9856ee-699f-4fed-bb98-e06fd0cd3b77/1/K6OJMzWM9mz_O2zj97wlF_3UdCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.60.0/24
                  185.40.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8c:2c:41:ad:20:a0:0c:4b:b8:3a:84:1c:14:9e:86:28:a8:92:
         7d:13:a8:c2:be:1b:20:3d:92:9c:2e:42:7a:ec:21:31:9a:bd:
         75:7b:c8:f5:06:27:d7:3c:32:95:85:00:02:ea:59:dc:6b:95:
         41:d0:60:66:14:02:11:3a:c0:0a:90:ac:79:23:43:cd:ae:11:
         69:db:ba:3d:29:fd:fe:6c:53:b1:b4:04:23:c5:c6:84:f9:b2:
         0e:68:57:48:06:99:02:0d:00:30:04:19:a7:4b:09:31:b5:e2:
         16:65:52:a6:bf:a1:1a:ee:de:bc:96:00:78:da:96:ad:67:ad:
         89:b6:be:61:2b:14:49:35:61:22:3e:9d:13:ba:3e:3f:39:db:
         38:c6:7e:e4:e1:a2:8a:d3:8d:7d:32:e0:0d:3b:4d:80:64:67:
         af:c5:ff:54:47:5e:91:95:b8:7a:ca:0c:72:4b:8f:cd:57:a1:
         34:75:45:2c:fd:54:7a:f3:35:64:b2:65:eb:f5:73:38:70:fb:
         fb:83:8f:58:2d:a0:4d:28:c1:08:05:99:60:41:64:08:98:15:
         26:24:21:ae:ec:8e:4c:e5:de:f9:52:58:c7:a9:32:77:ac:f5:
         33:eb:51:5f:d9:ab:86:a3:5b:a0:2c:ad:e4:c3:c2:92:2c:20:
         db:52:4b:77
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZt4ojoYgZ7mT9K2ZmojeDSrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiYTM4OTMzMzU4Y2Y2NmNmZjNiNmNlM2Y3YmMyNTE3ZmRk
NDc0MjEwHhcNMjYwMTAxMDgxNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzFkYmVmMjA2YWIzOGU4YTU3ZmE4YThlZTc2NjcxN2Q3NDg2NTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuWNAy+LQ0s69O3c1iobbB92ZyBR
hhKgw6BrNvp8LgALTtOUA1inXnLX2Efhq0z/83ODu9G0XtHZ2WFiG20YAc12rw1R
bvbCYquetinYjXaWVJ8z0WmkXbOlspYHcfnD669Ei0iZMIK2d77jRJs6ciWk4AMf
c+f/1WWiZrXvcLNhvxv7+6czH8ybpmGr8v/EH9B5Ko4IW543PU0uecf+gM/TyXaG
2Y1Cjtvl8s8KtTshTZhurfJgCPfhvgIRvFNnDTwsQgZ+kuFlNErj8QtrtcAhhwCj
GylxdjZyCvycmaPFYpN3mB+Kcbm/WYzbpTUJNEj0BYH34FP6pCENRe30QQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOcdvvIGqzjopX+oqO52ZxfXSGUgMB8GA1UdIwQY
MBaAFCujiTM1jPZs/zts4/e8JRf91HQhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzZPSk16V005bXpfTzJ6ajk3d2xGXzNVZENFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC85ODU2ZWUtNjk5Zi00ZmVkLWJiOTgt
ZTA2ZmQwY2QzYjc3LzEvNXgyLThnYXJPT2lsZjZpbzduWm5GOWRJWlNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC85ODU2ZWUtNjk5Zi00ZmVkLWJiOTgtZTA2ZmQwY2QzYjc3
LzEvSzZPSk16V005bXpfTzJ6ajk3d2xGXzNVZENFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8Y8AwQC
uSh0MA0GCSqGSIb3DQEBCwUAA4IBAQCMLEGtIKAMS7g6hBwUnoYoqJJ9E6jCvhsg
PZKcLkJ67CExmr11e8j1BifXPDKVhQAC6lnca5VB0GBmFAIROsAKkKx5I0PNrhFp
27o9Kf3+bFOxtAQjxcaE+bIOaFdIBpkCDQAwBBmnSwkxteIWZVKmv6Ea7t68lgB4
2patZ62Jtr5hKxRJNWEiPp0Tuj4/Ods4xn7k4aKK0419MuANO02AZGevxf9UR16R
lbh6ygxyS4/NV6E0dUUs/VR68zVksmXr9XM4cPv7g49YLaBNKMEIBZlgQWQImBUm
JCGu7I5M5d75UljHqTJ3rPUz61Ff2auGo1ugLK3kw8KSLCDbUkt3
-----END CERTIFICATE-----