Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f32454-3ef9-4412-8570-5cf43d35908e/1/XY5E_RelyGQ_x471R3yDmTVoDTk.roa
File:                     XY5E_RelyGQ_x471R3yDmTVoDTk.roa (raw, json)
Hash identifier:          eROWL67g5W2cGW9pnAdECfpL0HCLybLp8h6TDlEvGJU=
Subject key identifier:   5D:8E:44:FD:17:A5:C8:64:3F:C7:8E:F5:47:7C:83:99:35:68:0D:39
Certificate issuer:       /CN=38482b1320b980f46d6e404fe7d58bdb11d50fd3
Certificate serial:       019C9F78F811D78087A341CFF5C656B08E73
Authority key identifier: 38:48:2B:13:20:B9:80:F4:6D:6E:40:4F:E7:D5:8B:DB:11:D5:0F:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OEgrEyC5gPRtbkBP59WL2xHVD9M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f32454-3ef9-4412-8570-5cf43d35908e/1/XY5E_RelyGQ_x471R3yDmTVoDTk.roa
Signing time:             Fri 27 Feb 2026 14:20:31 +0000
ROA not before:           Fri 27 Feb 2026 14:20:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59780
IP address blocks:        45.135.188.0/22 maxlen: 22
                          185.71.120.0/22 maxlen: 24
                          2a05:3240::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f32454-3ef9-4412-8570-5cf43d35908e/1/OEgrEyC5gPRtbkBP59WL2xHVD9M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f32454-3ef9-4412-8570-5cf43d35908e/1/OEgrEyC5gPRtbkBP59WL2xHVD9M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OEgrEyC5gPRtbkBP59WL2xHVD9M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9f:78:f8:11:d7:80:87:a3:41:cf:f5:c6:56:b0:8e:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38482b1320b980f46d6e404fe7d58bdb11d50fd3
        Validity
            Not Before: Feb 27 14:20:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5d8e44fd17a5c8643fc78ef5477c839935680d39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:ad:c0:4f:83:7a:14:46:e9:7c:f0:ac:c1:bb:
                    8a:41:98:b9:bf:05:db:e6:60:83:80:02:f3:0b:06:
                    76:23:e1:0e:85:ba:a3:c3:e1:75:c6:08:83:92:08:
                    ec:19:ed:97:66:cd:83:51:81:cc:c2:02:83:9d:c3:
                    7d:24:d2:15:4b:bb:5a:4a:e1:97:0c:20:7c:f8:fe:
                    4c:da:4d:0f:22:01:d0:a0:78:c9:e3:75:68:8b:c4:
                    7d:9f:5a:5d:00:60:02:39:d7:a0:86:19:b8:72:b3:
                    62:8b:1c:eb:69:90:b0:f2:32:54:bc:1a:4f:ff:10:
                    37:1f:21:7b:34:4c:01:61:43:d2:c3:e5:1e:17:e0:
                    53:d0:fa:ff:a9:ae:6e:30:84:71:7c:5c:e9:52:a6:
                    ad:9b:30:79:65:43:4f:7a:2f:5e:43:01:b7:27:10:
                    9c:95:4f:dd:32:28:e8:3c:65:37:16:79:64:58:50:
                    2a:05:06:77:32:fd:3f:7e:3f:72:c3:61:57:af:68:
                    01:4f:97:a0:2e:68:73:47:3d:0c:e8:a4:e8:67:ec:
                    b4:a2:63:b3:6a:33:c0:24:b0:34:6b:67:d9:70:70:
                    c7:54:73:b6:71:1d:ba:a3:2e:23:6f:cf:37:3e:c5:
                    b3:a1:5d:e2:03:0d:03:32:ab:f0:88:60:92:c7:bc:
                    ad:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:8E:44:FD:17:A5:C8:64:3F:C7:8E:F5:47:7C:83:99:35:68:0D:39
            X509v3 Authority Key Identifier:
                keyid:38:48:2B:13:20:B9:80:F4:6D:6E:40:4F:E7:D5:8B:DB:11:D5:0F:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OEgrEyC5gPRtbkBP59WL2xHVD9M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f32454-3ef9-4412-8570-5cf43d35908e/1/XY5E_RelyGQ_x471R3yDmTVoDTk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f32454-3ef9-4412-8570-5cf43d35908e/1/OEgrEyC5gPRtbkBP59WL2xHVD9M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.188.0/22
                  185.71.120.0/22
                IPv6:
                  2a05:3240::/29

    Signature Algorithm: sha256WithRSAEncryption
         3b:20:f0:08:86:54:0a:20:6f:7f:e1:4d:21:1c:c5:92:bc:77:
         c1:38:19:f2:e9:d8:19:e5:15:bc:a1:40:ec:70:ad:21:f0:04:
         7b:37:aa:e6:e2:44:5b:e5:b8:a5:10:c5:b1:49:94:6f:bb:a2:
         ce:85:f9:f5:16:e3:62:77:4c:11:a5:71:4f:16:ca:35:f2:9f:
         45:d2:10:c4:ff:ab:42:c7:b4:69:e8:b3:1c:10:69:cf:7b:3d:
         1d:40:4f:6b:35:75:c0:64:18:80:c9:69:40:96:0e:da:9c:8e:
         7f:ae:da:ef:cc:b8:4a:21:94:08:20:e1:2f:07:62:95:24:19:
         3b:00:60:e4:df:06:dc:ff:e2:72:4d:91:24:8a:e2:2c:9d:b4:
         50:a4:3d:de:c1:50:22:c2:d2:e6:c4:c9:e1:77:0c:62:bb:8f:
         c5:e9:21:a0:c9:fe:d4:ea:37:bb:9c:bb:c8:3c:36:d6:fd:f6:
         82:c9:7e:39:36:cc:94:41:55:48:8c:dc:a2:ac:f1:37:27:bf:
         83:71:d9:f5:a8:df:f6:d0:10:b2:3c:33:21:1f:3b:b2:c7:ea:
         24:7b:35:ee:8b:a8:08:cf:e8:e5:90:d2:cc:ff:cd:45:00:5f:
         5b:ee:96:a8:bf:a5:ad:54:15:a8:f0:b9:d7:34:f2:53:a2:10:
         e5:55:6c:7c
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZyfePgR14CHo0HP9cZWsI5zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4NDgyYjEzMjBiOTgwZjQ2ZDZlNDA0ZmU3ZDU4YmRiMTFk
NTBmZDMwHhcNMjYwMjI3MTQyMDMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDhlNDRmZDE3YTVjODY0M2ZjNzhlZjU0NzdjODM5OTM1NjgwZDM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxq3AT4N6FEbpfPCswbuKQZi5vwXb
5mCDgALzCwZ2I+EOhbqjw+F1xgiDkgjsGe2XZs2DUYHMwgKDncN9JNIVS7taSuGX
DCB8+P5M2k0PIgHQoHjJ43Voi8R9n1pdAGACOdeghhm4crNiixzraZCw8jJUvBpP
/xA3HyF7NEwBYUPSw+UeF+BT0Pr/qa5uMIRxfFzpUqatmzB5ZUNPei9eQwG3JxCc
lU/dMijoPGU3FnlkWFAqBQZ3Mv0/fj9yw2FXr2gBT5egLmhzRz0M6KToZ+y0omOz
ajPAJLA0a2fZcHDHVHO2cR26oy4jb883PsWzoV3iAw0DMqvwiGCSx7ytewIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFF2ORP0XpchkP8eO9Ud8g5k1aA05MB8GA1UdIwQY
MBaAFDhIKxMguYD0bW5AT+fVi9sR1Q/TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0VnckV5QzVnUFJ0YmtCUDU5V0wyeEhWRDlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMzI0NTQtM2VmOS00NDEyLTg1NzAt
NWNmNDNkMzU5MDhlLzEvWFk1RV9SZWx5R1FfeDQ3MVIzeURtVFZvRFRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mMzI0NTQtM2VmOS00NDEyLTg1NzAtNWNmNDNkMzU5MDhl
LzEvT0VnckV5QzVnUFJ0YmtCUDU5V0wyeEhWRDlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCLYe8AwQC
uUd4MA0EAgACMAcDBQMqBTJAMA0GCSqGSIb3DQEBCwUAA4IBAQA7IPAIhlQKIG9/
4U0hHMWSvHfBOBny6dgZ5RW8oUDscK0h8AR7N6rm4kRb5bilEMWxSZRvu6LOhfn1
FuNid0wRpXFPFso18p9F0hDE/6tCx7Rp6LMcEGnPez0dQE9rNXXAZBiAyWlAlg7a
nI5/rtrvzLhKIZQIIOEvB2KVJBk7AGDk3wbc/+JyTZEkiuIsnbRQpD3ewVAiwtLm
xMnhdwxiu4/F6SGgyf7U6je7nLvIPDbW/faCyX45NsyUQVVIjNyirPE3J7+Dcdn1
qN/20BCyPDMhHzuyx+okezXui6gIz+jlkNLM/81FAF9b7paov6WtVBWo8LnXNPJT
ohDlVWx8
-----END CERTIFICATE-----