Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/AOBpMAFIZke-NCYDA3g31uHmY5g.roa
File:                     AOBpMAFIZke-NCYDA3g31uHmY5g.roa (raw, json)
Hash identifier:          soDDUwNQmWppMZdPAOzc26S+bczwtRaZ9oQA+wZh9bw=
Subject key identifier:   00:E0:69:30:01:48:66:47:BE:34:26:03:03:78:37:D6:E1:E6:63:98
Certificate issuer:       /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial:       019D76B5D15DE4DA1E9650C540B382C80061
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/AOBpMAFIZke-NCYDA3g31uHmY5g.roa
Signing time:             Fri 10 Apr 2026 09:25:20 +0000
ROA not before:           Fri 10 Apr 2026 09:25:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60711
IP address blocks:        5.154.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 13:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:76:b5:d1:5d:e4:da:1e:96:50:c5:40:b3:82:c8:00:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
        Validity
            Not Before: Apr 10 09:25:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=00e0693001486647be342603037837d6e1e66398
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:4e:d8:bd:ac:62:46:63:6f:ed:d5:1e:bb:55:
                    79:57:b7:4c:e7:00:0b:af:93:69:2b:a0:f4:0d:fa:
                    7b:e6:c7:38:0e:29:d5:43:bf:2a:40:91:53:ec:4a:
                    dc:32:7e:fa:9c:e9:80:63:c6:3d:2c:7c:e9:6e:17:
                    a9:1e:a5:23:cb:89:3d:82:32:5b:7d:b9:7f:09:b9:
                    33:3d:56:2d:62:b9:65:32:e7:7d:b2:b6:f0:af:eb:
                    fa:3d:94:ae:f1:b6:06:8a:6c:21:72:79:81:82:ad:
                    9d:70:eb:56:37:24:66:75:eb:3e:6b:03:3a:ca:5a:
                    70:a3:6f:71:2e:cd:12:ff:bd:5c:7f:24:e7:3d:0e:
                    de:a0:f5:7b:01:9d:f9:87:0a:ff:10:9c:35:20:af:
                    e2:f3:e8:f2:22:95:6b:55:6c:8a:d0:35:d3:09:ac:
                    fd:c1:32:24:0c:a5:67:96:e4:17:f9:4d:81:9d:e4:
                    3b:43:e9:be:bf:d8:7c:04:05:07:2f:63:d4:95:aa:
                    e3:cb:dc:41:bf:b0:73:19:53:2b:e6:d6:2a:5f:4b:
                    0f:c3:7c:e5:97:70:d6:97:ea:31:9c:29:12:36:b3:
                    47:ef:7f:15:ec:37:f8:70:07:75:b5:ff:66:77:47:
                    65:5c:4e:76:c6:d5:f6:2f:54:be:6f:8d:81:ba:17:
                    ee:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:E0:69:30:01:48:66:47:BE:34:26:03:03:78:37:D6:E1:E6:63:98
            X509v3 Authority Key Identifier:
                keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/AOBpMAFIZke-NCYDA3g31uHmY5g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.154.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:b9:88:f5:c5:bc:73:d8:7a:8b:38:b8:77:9c:50:c3:3e:9b:
         fc:ad:17:48:77:b1:09:ba:1c:0d:21:5b:d7:24:d8:f8:58:f9:
         db:e5:f0:95:fa:70:c2:9b:d3:9a:3a:9a:77:3c:53:07:93:7e:
         fc:15:cf:11:f7:bc:46:54:db:a5:bd:93:9b:a4:f7:0f:60:61:
         a0:d1:c8:0b:0a:c0:3e:8e:da:fb:52:c2:2d:cb:b1:a5:d9:8f:
         c2:c6:a7:21:c4:74:69:27:36:58:b2:b8:89:00:85:6e:bd:dc:
         1a:e4:27:ca:98:5a:1c:f6:fc:c2:57:f7:2e:f3:a3:1b:eb:69:
         fe:e7:83:c7:73:08:71:36:aa:1e:db:9b:9b:05:15:dc:c4:f6:
         d5:d1:53:37:7f:d6:29:3d:b1:db:e9:87:f0:22:43:ca:08:da:
         a9:be:29:f7:4c:78:a0:87:31:3c:3f:d5:d2:2b:64:4a:9c:cd:
         42:3e:94:26:70:1c:47:36:c7:91:ae:44:53:71:99:1f:d2:a3:
         ed:61:66:20:90:c3:e1:1b:ca:8d:c7:eb:97:2d:19:05:09:bc:
         2e:d5:00:e9:8c:64:8f:76:9d:1b:60:52:10:38:e1:cb:50:0e:
         18:b0:4d:f9:45:d9:7c:7c:01:bc:85:24:28:da:37:ff:9a:60:
         7b:14:b5:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ12tdFd5NoellDFQLOCyABhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjYwNDEwMDkyNTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGUwNjkzMDAxNDg2NjQ3YmUzNDI2MDMwMzc4MzdkNmUxZTY2Mzk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvk7YvaxiRmNv7dUeu1V5V7dM5wAL
r5NpK6D0Dfp75sc4DinVQ78qQJFT7ErcMn76nOmAY8Y9LHzpbhepHqUjy4k9gjJb
fbl/CbkzPVYtYrllMud9srbwr+v6PZSu8bYGimwhcnmBgq2dcOtWNyRmdes+awM6
ylpwo29xLs0S/71cfyTnPQ7eoPV7AZ35hwr/EJw1IK/i8+jyIpVrVWyK0DXTCaz9
wTIkDKVnluQX+U2BneQ7Q+m+v9h8BAUHL2PUlarjy9xBv7BzGVMr5tYqX0sPw3zl
l3DWl+oxnCkSNrNH738V7Df4cAd1tf9md0dlXE52xtX2L1S+b42BuhfuNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFADgaTABSGZHvjQmAwN4N9bh5mOYMB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEvQU9CcE1BRklaa2UtTkNZREEzZzMxdUhtWTVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAtY2YwNmQxOTgzYmEx
LzEvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABZonMA0G
CSqGSIb3DQEBCwUAA4IBAQC4uYj1xbxz2HqLOLh3nFDDPpv8rRdId7EJuhwNIVvX
JNj4WPnb5fCV+nDCm9OaOpp3PFMHk378Fc8R97xGVNulvZObpPcPYGGg0cgLCsA+
jtr7UsIty7Gl2Y/CxqchxHRpJzZYsriJAIVuvdwa5CfKmFoc9vzCV/cu86Mb62n+
54PHcwhxNqoe25ubBRXcxPbV0VM3f9YpPbHb6YfwIkPKCNqpvin3THighzE8P9XS
K2RKnM1CPpQmcBxHNseRrkRTcZkf0qPtYWYgkMPhG8qNx+uXLRkFCbwu1QDpjGSP
dp0bYFIQOOHLUA4YsE35Rdl8fAG8hSQo2jf/mmB7FLUS
-----END CERTIFICATE-----