Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/VD5fzqbpQlNfvflYD2SszzskwX8.roa
File:                     VD5fzqbpQlNfvflYD2SszzskwX8.roa (raw, json)
Hash identifier:          uIkjrGWZtKT0FDm77R8/8ZB1TTcgMUyfmEi4ZFfScJ0=
Subject key identifier:   54:3E:5F:CE:A6:E9:42:53:5F:BD:F9:58:0F:64:AC:CF:3B:24:C1:7F
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       019D8729408A461F7660202D391C20A854BD
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/VD5fzqbpQlNfvflYD2SszzskwX8.roa
Signing time:             Mon 13 Apr 2026 14:05:20 +0000
ROA not before:           Mon 13 Apr 2026 14:05:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29802
IP address blocks:        45.91.9.0/24 maxlen: 24
                          146.255.185.0/24 maxlen: 24
                          193.19.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 00:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:87:29:40:8a:46:1f:76:60:20:2d:39:1c:20:a8:54:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Apr 13 14:05:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=543e5fcea6e942535fbdf9580f64accf3b24c17f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:e6:d6:92:a9:6e:63:90:e9:f5:cd:c4:19:15:
                    70:40:f9:c5:b0:f3:22:7f:44:d4:c7:a2:8b:f9:fe:
                    17:17:2a:54:40:c8:11:5c:67:b0:70:d0:89:1e:f6:
                    bd:9d:68:20:cf:5b:c9:0a:65:04:e6:df:6d:12:85:
                    28:be:e9:96:14:df:91:67:4a:92:2b:f4:e5:e2:0c:
                    9f:a2:1e:f9:41:39:2a:f9:4b:42:fa:1b:9d:f6:d8:
                    d9:d3:75:2c:ba:c6:78:ba:40:55:99:62:f4:23:f3:
                    d9:73:9f:f6:2b:2a:1e:ac:30:eb:3d:41:de:1f:7f:
                    b6:96:69:ba:3e:9c:b7:f2:ff:17:b1:aa:28:0e:bb:
                    69:d1:ef:41:ca:1e:81:bb:f0:ac:86:6c:eb:7f:20:
                    d6:42:39:99:08:cd:68:01:83:d5:de:df:85:6a:38:
                    6e:5d:ae:74:37:77:ad:65:e2:b3:44:a7:98:24:c9:
                    67:fe:d4:b9:a8:8d:32:32:7c:c2:e3:c9:84:5e:0c:
                    93:05:dc:fd:32:ea:fb:ea:5d:70:99:9e:e3:e1:8a:
                    37:75:eb:39:e9:ac:6d:4b:3b:81:19:d0:03:98:20:
                    f0:54:40:a6:3a:a4:3b:47:a0:0d:77:c4:bb:8a:a1:
                    94:76:63:d9:2a:d4:7a:c5:c3:23:91:7c:fe:8a:3d:
                    09:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:3E:5F:CE:A6:E9:42:53:5F:BD:F9:58:0F:64:AC:CF:3B:24:C1:7F
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/VD5fzqbpQlNfvflYD2SszzskwX8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.9.0/24
                  146.255.185.0/24
                  193.19.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:f7:0b:fa:d4:c4:69:8b:c9:5a:56:4f:9b:be:9a:54:e2:80:
         61:c8:1b:92:36:b3:77:33:81:03:94:3e:5d:df:74:f2:bc:c5:
         b4:f3:20:c1:9d:0e:e5:2f:45:9e:38:df:9b:f5:5f:e2:0f:56:
         6e:75:16:45:65:3d:65:3b:00:4f:41:59:02:35:0e:2d:33:13:
         8f:4f:1e:3b:26:3a:31:65:1b:74:b7:9a:72:c3:88:92:f4:12:
         37:a0:0f:80:bd:97:d2:22:9e:45:df:25:74:32:8a:90:24:c2:
         73:44:70:15:a8:5c:8e:9f:44:45:74:81:e6:cf:8c:4f:69:9d:
         1f:75:45:c1:80:fd:4b:2e:75:19:f8:d0:f8:09:c3:ab:0c:e8:
         d2:a0:39:17:7f:b9:d9:46:0a:33:85:9e:a8:59:43:80:ef:41:
         66:f6:8d:ed:43:d1:91:1b:c4:de:66:79:cd:f4:0d:91:3f:fc:
         23:3e:3f:81:1e:54:bb:a9:04:59:83:d1:e5:ce:15:71:54:19:
         86:3a:8a:0e:da:16:3e:4a:1f:13:f8:1a:48:cd:42:d1:f0:5b:
         6b:f7:03:d5:50:09:1f:68:9a:d3:8f:20:30:cf:30:07:6a:e8:
         3a:01:34:f1:79:b2:fd:bf:9a:66:ff:02:91:42:dd:01:de:6e:
         63:44:9a:d3
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ2HKUCKRh92YCAtORwgqFS9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjYwNDEzMTQwNTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDNlNWZjZWE2ZTk0MjUzNWZiZGY5NTgwZjY0YWNjZjNiMjRjMTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5ubWkqluY5Dp9c3EGRVwQPnFsPMi
f0TUx6KL+f4XFypUQMgRXGewcNCJHva9nWggz1vJCmUE5t9tEoUovumWFN+RZ0qS
K/Tl4gyfoh75QTkq+UtC+hud9tjZ03UsusZ4ukBVmWL0I/PZc5/2KyoerDDrPUHe
H3+2lmm6Ppy38v8XsaooDrtp0e9Byh6Bu/CshmzrfyDWQjmZCM1oAYPV3t+Fajhu
Xa50N3etZeKzRKeYJMln/tS5qI0yMnzC48mEXgyTBdz9Mur76l1wmZ7j4Yo3des5
6axtSzuBGdADmCDwVECmOqQ7R6ANd8S7iqGUdmPZKtR6xcMjkXz+ij0JfQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFQ+X86m6UJTX735WA9krM87JMF/MB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvVkQ1ZnpxYnBRbE5mdmZsWUQyU3N6enNrd1g4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALVsJAwQA
kv+5AwQAwRO/MA0GCSqGSIb3DQEBCwUAA4IBAQCO9wv61MRpi8laVk+bvppU4oBh
yBuSNrN3M4EDlD5d33TyvMW08yDBnQ7lL0WeON+b9V/iD1ZudRZFZT1lOwBPQVkC
NQ4tMxOPTx47JjoxZRt0t5pyw4iS9BI3oA+AvZfSIp5F3yV0MoqQJMJzRHAVqFyO
n0RFdIHmz4xPaZ0fdUXBgP1LLnUZ+ND4CcOrDOjSoDkXf7nZRgozhZ6oWUOA70Fm
9o3tQ9GRG8TeZnnN9A2RP/wjPj+BHlS7qQRZg9HlzhVxVBmGOooO2hY+Sh8T+BpI
zULR8Ftr9wPVUAkfaJrTjyAwzzAHaug6ATTxebL9v5pm/wKRQt0B3m5jRJrT
-----END CERTIFICATE-----