Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/0b06c0-d890-49bd-a29f-f07efac4e2de/1/w5HD1csfXjmFKmasXsLYPmCNHeA.roa
File:                     w5HD1csfXjmFKmasXsLYPmCNHeA.roa (raw, json)
Hash identifier:          t2awOD5Jt/jsxWnfuH1G6NJOKstAPGkxQQ8ztVL68Ng=
Subject key identifier:   C3:91:C3:D5:CB:1F:5E:39:85:2A:66:AC:5E:C2:D8:3E:60:8D:1D:E0
Certificate issuer:       /CN=d36e5d70935b8cbc37cf216c446697d4c27a993e
Certificate serial:       019E300B70FCA7C0CDE6B561FA0D37BAC277
Authority key identifier: D3:6E:5D:70:93:5B:8C:BC:37:CF:21:6C:44:66:97:D4:C2:7A:99:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/025dcJNbjLw3zyFsRGaX1MJ6mT4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/0b06c0-d890-49bd-a29f-f07efac4e2de/1/w5HD1csfXjmFKmasXsLYPmCNHeA.roa
Signing time:             Sat 16 May 2026 09:08:36 +0000
ROA not before:           Sat 16 May 2026 09:08:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49972
IP address blocks:        134.255.206.0/24 maxlen: 24
                          194.32.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/0b06c0-d890-49bd-a29f-f07efac4e2de/1/025dcJNbjLw3zyFsRGaX1MJ6mT4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/0b06c0-d890-49bd-a29f-f07efac4e2de/1/025dcJNbjLw3zyFsRGaX1MJ6mT4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/025dcJNbjLw3zyFsRGaX1MJ6mT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:30:0b:70:fc:a7:c0:cd:e6:b5:61:fa:0d:37:ba:c2:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d36e5d70935b8cbc37cf216c446697d4c27a993e
        Validity
            Not Before: May 16 09:08:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c391c3d5cb1f5e39852a66ac5ec2d83e608d1de0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:cb:a3:a4:4e:23:4a:7b:23:9d:33:9f:13:1b:
                    e8:35:40:b2:9a:bf:74:e9:1e:b5:27:b2:60:27:d6:
                    22:32:a2:4b:56:64:09:37:67:64:23:22:ca:05:24:
                    80:6b:56:e1:5b:a1:be:23:1e:f6:32:ab:c5:42:62:
                    80:ca:1a:24:a9:6e:08:2d:9c:4e:78:58:6e:f7:da:
                    ef:1f:c1:53:77:66:c1:cf:da:1f:9b:78:e2:d3:f8:
                    ae:13:3b:fe:b2:69:9b:43:76:bd:a2:74:7b:3f:c9:
                    51:b0:4d:63:de:01:5c:f3:6d:b1:8f:79:1e:63:9e:
                    13:2c:9c:db:43:74:51:e3:43:b2:b5:64:fe:3e:b6:
                    87:39:7a:99:55:47:48:d9:f0:76:bd:e1:57:21:6e:
                    6e:10:19:f6:92:16:38:87:27:2b:b7:a6:37:00:b3:
                    7b:0f:5a:c7:d5:f6:a7:00:0f:48:98:b8:fb:8b:a3:
                    5f:c6:fd:ec:6e:e4:27:29:84:bc:b6:92:48:06:7c:
                    16:c4:38:5b:31:0f:ab:2f:a4:18:58:d6:94:96:5d:
                    2e:fb:95:a3:30:27:fb:2c:5d:60:b9:8d:99:e6:ae:
                    aa:ab:b2:22:e0:15:41:d3:af:c1:6d:56:dd:19:21:
                    3f:1e:99:f0:18:34:2f:66:f8:2d:44:ad:50:2c:0e:
                    20:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:91:C3:D5:CB:1F:5E:39:85:2A:66:AC:5E:C2:D8:3E:60:8D:1D:E0
            X509v3 Authority Key Identifier:
                keyid:D3:6E:5D:70:93:5B:8C:BC:37:CF:21:6C:44:66:97:D4:C2:7A:99:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/025dcJNbjLw3zyFsRGaX1MJ6mT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/0b06c0-d890-49bd-a29f-f07efac4e2de/1/w5HD1csfXjmFKmasXsLYPmCNHeA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/0b06c0-d890-49bd-a29f-f07efac4e2de/1/025dcJNbjLw3zyFsRGaX1MJ6mT4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.255.206.0/24
                  194.32.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:2e:34:40:d0:14:b4:37:cc:24:4b:3f:18:9b:93:48:0a:8d:
         aa:19:cc:74:f0:f9:f0:77:50:35:c1:b6:4d:93:0f:8f:35:5e:
         ba:d6:c2:a8:5b:cb:3b:08:c7:e3:57:13:4d:da:db:d5:05:20:
         59:c0:36:b9:e7:27:88:be:d8:c8:1d:81:58:b0:59:b4:81:bc:
         47:dd:fc:a5:79:bb:51:1c:3e:3e:21:9f:c5:c4:55:69:ab:6f:
         50:46:33:03:e9:d1:aa:ec:7f:4d:96:22:0b:2a:0c:49:b1:b8:
         20:a1:36:0d:ca:c6:5e:1d:76:99:11:dc:39:73:05:8c:8c:1e:
         74:2a:5b:89:23:ec:3e:7d:9f:61:35:98:96:05:82:b0:62:b5:
         51:85:f5:5a:40:e1:dd:fd:a8:d2:e3:dd:3b:5d:7a:73:54:46:
         c4:bc:47:d6:b2:f1:b0:24:6e:68:36:df:ef:15:f5:74:ef:19:
         3b:e2:1f:95:79:97:13:e2:ce:b3:15:d6:3b:3f:40:15:c7:ce:
         7d:20:24:e2:71:29:00:3b:8f:7e:9c:f6:4c:4f:7a:9c:15:bf:
         fa:72:62:40:4f:56:ff:ec:f3:15:e3:ce:69:eb:ab:6e:fa:a6:
         3e:c6:06:6b:57:f2:6e:ec:b9:72:d7:ae:c8:42:54:b4:90:cf:
         04:74:7a:1b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ4wC3D8p8DN5rVh+g03usJ3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzNmU1ZDcwOTM1YjhjYmMzN2NmMjE2YzQ0NjY5N2Q0YzI3
YTk5M2UwHhcNMjYwNTE2MDkwODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzkxYzNkNWNiMWY1ZTM5ODUyYTY2YWM1ZWMyZDgzZTYwOGQxZGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzMujpE4jSnsjnTOfExvoNUCymr90
6R61J7JgJ9YiMqJLVmQJN2dkIyLKBSSAa1bhW6G+Ix72MqvFQmKAyhokqW4ILZxO
eFhu99rvH8FTd2bBz9ofm3ji0/iuEzv+smmbQ3a9onR7P8lRsE1j3gFc822xj3ke
Y54TLJzbQ3RR40OytWT+PraHOXqZVUdI2fB2veFXIW5uEBn2khY4hycrt6Y3ALN7
D1rH1fanAA9ImLj7i6Nfxv3sbuQnKYS8tpJIBnwWxDhbMQ+rL6QYWNaUll0u+5Wj
MCf7LF1guY2Z5q6qq7Ii4BVB06/BbVbdGSE/HpnwGDQvZvgtRK1QLA4gHQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMORw9XLH145hSpmrF7C2D5gjR3gMB8GA1UdIwQY
MBaAFNNuXXCTW4y8N88hbERml9TCepk+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDI1ZGNKTmJqTHczenlGc1JHYVgxTUo2bVQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi8wYjA2YzAtZDg5MC00OWJkLWEyOWYt
ZjA3ZWZhYzRlMmRlLzEvdzVIRDFjc2ZYam1GS21hc1hzTFlQbUNOSGVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi8wYjA2YzAtZDg5MC00OWJkLWEyOWYtZjA3ZWZhYzRlMmRl
LzEvMDI1ZGNKTmJqTHczenlGc1JHYVgxTUo2bVQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAhv/OAwQA
wiDRMA0GCSqGSIb3DQEBCwUAA4IBAQCoLjRA0BS0N8wkSz8Ym5NICo2qGcx08Pnw
d1A1wbZNkw+PNV661sKoW8s7CMfjVxNN2tvVBSBZwDa55yeIvtjIHYFYsFm0gbxH
3fylebtRHD4+IZ/FxFVpq29QRjMD6dGq7H9NliILKgxJsbggoTYNysZeHXaZEdw5
cwWMjB50KluJI+w+fZ9hNZiWBYKwYrVRhfVaQOHd/ajS4907XXpzVEbEvEfWsvGw
JG5oNt/vFfV07xk74h+VeZcT4s6zFdY7P0AVx859ICTicSkAO49+nPZMT3qcFb/6
cmJAT1b/7PMV485p66tu+qY+xgZrV/Ju7Lly167IQlS0kM8EdHob
-----END CERTIFICATE-----