Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7de65c-90f5-4def-b873-d2adeed755d8/1/2lYVGDi42BVnw5t0xgYR_yY2cgs.roa
File:                     2lYVGDi42BVnw5t0xgYR_yY2cgs.roa (raw, json)
Hash identifier:          /AMo6ZvO4n28gn3JyVKBSVgVeI9znY599alD3WrwRYo=
Subject key identifier:   DA:56:15:18:38:B8:D8:15:67:C3:9B:74:C6:06:11:FF:26:36:72:0B
Certificate issuer:       /CN=5954b6183e459748c89ee5431b8f31de692ae3b7
Certificate serial:       019D433AC369CBCD96DD01D792A69FDB559B
Authority key identifier: 59:54:B6:18:3E:45:97:48:C8:9E:E5:43:1B:8F:31:DE:69:2A:E3:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WVS2GD5Fl0jInuVDG48x3mkq47c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7de65c-90f5-4def-b873-d2adeed755d8/1/2lYVGDi42BVnw5t0xgYR_yY2cgs.roa
Signing time:             Tue 31 Mar 2026 09:30:17 +0000
ROA not before:           Tue 31 Mar 2026 09:30:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1257
IP address blocks:        212.180.88.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7de65c-90f5-4def-b873-d2adeed755d8/1/WVS2GD5Fl0jInuVDG48x3mkq47c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7de65c-90f5-4def-b873-d2adeed755d8/1/WVS2GD5Fl0jInuVDG48x3mkq47c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WVS2GD5Fl0jInuVDG48x3mkq47c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:43:3a:c3:69:cb:cd:96:dd:01:d7:92:a6:9f:db:55:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5954b6183e459748c89ee5431b8f31de692ae3b7
        Validity
            Not Before: Mar 31 09:30:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=da56151838b8d81567c39b74c60611ff2636720b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:15:f0:39:82:d5:94:04:cf:08:d9:80:34:b9:
                    44:b5:bd:07:e5:d0:49:d9:ab:2c:35:09:73:ce:ec:
                    e8:2f:d3:1d:cc:3b:f3:94:e7:36:54:13:2b:c9:ec:
                    f7:7d:f5:4c:67:34:88:9d:fa:52:d1:19:0d:e9:11:
                    39:59:a3:53:17:c6:be:cd:bd:b5:8c:0c:77:46:72:
                    38:4a:34:c5:c9:5a:6e:59:da:c2:ca:10:8d:ed:18:
                    ff:38:14:f7:ed:20:e6:4d:d7:56:3e:d4:26:c6:96:
                    82:14:aa:dc:b3:fc:69:71:43:f1:8a:28:a3:75:5e:
                    ae:04:81:82:b3:fa:e3:27:21:52:34:13:38:cf:55:
                    65:bc:85:8e:eb:5f:da:1e:b5:a3:06:94:51:ff:98:
                    55:5f:a6:16:41:d3:8a:df:62:89:1f:bd:02:be:90:
                    c6:ff:59:66:b0:84:cf:18:d5:ea:54:a1:a5:cc:5d:
                    c2:ab:55:93:15:66:2d:b3:5e:dc:1c:9b:53:b2:b6:
                    ec:50:aa:b1:bc:c7:2b:95:54:81:a2:92:3e:7d:35:
                    53:5d:24:64:a3:81:84:6b:b0:11:bf:43:6d:5b:5b:
                    77:d9:e7:fa:15:ea:c5:ac:37:9d:0c:f2:c6:b7:d4:
                    be:d1:a8:f3:4a:50:99:fb:32:4e:33:ad:f2:cf:35:
                    ea:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:56:15:18:38:B8:D8:15:67:C3:9B:74:C6:06:11:FF:26:36:72:0B
            X509v3 Authority Key Identifier:
                keyid:59:54:B6:18:3E:45:97:48:C8:9E:E5:43:1B:8F:31:DE:69:2A:E3:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WVS2GD5Fl0jInuVDG48x3mkq47c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7de65c-90f5-4def-b873-d2adeed755d8/1/2lYVGDi42BVnw5t0xgYR_yY2cgs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7de65c-90f5-4def-b873-d2adeed755d8/1/WVS2GD5Fl0jInuVDG48x3mkq47c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.180.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         29:e0:0b:6f:f8:a8:9b:88:e9:e5:25:28:40:15:b9:cc:1a:22:
         ff:3a:b3:e6:dd:41:0a:05:21:f8:5b:f2:b3:00:9e:40:56:9c:
         17:af:af:94:d9:39:10:8e:2a:c7:e6:3d:84:f6:11:b8:03:5f:
         13:a2:79:78:21:82:cf:21:1e:80:b9:60:63:b5:84:0c:59:ec:
         0a:e8:eb:9e:4b:48:9a:d0:4a:17:e0:61:b4:49:b7:f2:2e:d6:
         e3:09:77:d5:00:71:bf:d7:95:92:d8:da:df:ac:6c:bf:56:0f:
         00:15:5e:68:e5:26:cb:1b:33:b3:fd:ae:b2:ca:f6:ae:87:7a:
         0d:69:09:58:15:4d:9a:99:80:5b:6c:ab:28:51:e4:e0:45:91:
         d4:59:78:9f:9d:5c:72:1c:be:56:f9:a0:fd:fc:5c:ef:77:61:
         a4:09:ef:6a:43:24:02:e6:82:e3:34:0b:da:69:65:b4:67:e5:
         36:0f:eb:ff:56:ac:5b:ec:a4:d7:5d:41:42:e0:77:44:48:c3:
         b7:90:77:f7:9c:18:b2:37:6b:87:cf:15:45:a7:e0:c2:ed:88:
         2c:26:6d:bf:e9:18:d1:d4:4b:bc:90:4b:7f:54:43:12:d6:e1:
         20:b8:34:a8:73:e3:81:9d:cb:36:95:f7:02:2a:97:c1:1a:73:
         07:a7:08:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1DOsNpy82W3QHXkqaf21WbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5NTRiNjE4M2U0NTk3NDhjODllZTU0MzFiOGYzMWRlNjky
YWUzYjcwHhcNMjYwMzMxMDkzMDE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTU2MTUxODM4YjhkODE1NjdjMzliNzRjNjA2MTFmZjI2MzY3MjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmRXwOYLVlATPCNmANLlEtb0H5dBJ
2assNQlzzuzoL9MdzDvzlOc2VBMryez3ffVMZzSInfpS0RkN6RE5WaNTF8a+zb21
jAx3RnI4SjTFyVpuWdrCyhCN7Rj/OBT37SDmTddWPtQmxpaCFKrcs/xpcUPxiiij
dV6uBIGCs/rjJyFSNBM4z1VlvIWO61/aHrWjBpRR/5hVX6YWQdOK32KJH70CvpDG
/1lmsITPGNXqVKGlzF3Cq1WTFWYts17cHJtTsrbsUKqxvMcrlVSBopI+fTVTXSRk
o4GEa7ARv0NtW1t32ef6FerFrDedDPLGt9S+0ajzSlCZ+zJOM63yzzXqpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNpWFRg4uNgVZ8ObdMYGEf8mNnILMB8GA1UdIwQY
MBaAFFlUthg+RZdIyJ7lQxuPMd5pKuO3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1ZTMkdENUZsMGpJbnVWREc0OHgzbWtxNDdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83ZGU2NWMtOTBmNS00ZGVmLWI4NzMt
ZDJhZGVlZDc1NWQ4LzEvMmxZVkdEaTQyQlZudzV0MHhnWVJfeVkyY2dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83ZGU2NWMtOTBmNS00ZGVmLWI4NzMtZDJhZGVlZDc1NWQ4
LzEvV1ZTMkdENUZsMGpJbnVWREc0OHgzbWtxNDdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1LRYMA0G
CSqGSIb3DQEBCwUAA4IBAQAp4Atv+KibiOnlJShAFbnMGiL/OrPm3UEKBSH4W/Kz
AJ5AVpwXr6+U2TkQjirH5j2E9hG4A18Tonl4IYLPIR6AuWBjtYQMWewK6OueS0ia
0EoX4GG0SbfyLtbjCXfVAHG/15WS2NrfrGy/Vg8AFV5o5SbLGzOz/a6yyvauh3oN
aQlYFU2amYBbbKsoUeTgRZHUWXifnVxyHL5W+aD9/Fzvd2GkCe9qQyQC5oLjNAva
aWW0Z+U2D+v/Vqxb7KTXXUFC4HdESMO3kHf3nBiyN2uHzxVFp+DC7YgsJm2/6RjR
1Eu8kEt/VEMS1uEguDSoc+OBncs2lfcCKpfBGnMHpwja
-----END CERTIFICATE-----