Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/e744bd-f6d9-4f74-8c01-8c4bc45927a3/1/H5wbUVeilk2D-TcSNo2ZLtCgIlA.roa
File:                     H5wbUVeilk2D-TcSNo2ZLtCgIlA.roa (raw, json)
Hash identifier:          y8Qj275T8H/xyA6R6IvTJAbGim0TMTFbre+wAij8hCM=
Subject key identifier:   1F:9C:1B:51:57:A2:96:4D:83:F9:37:12:36:8D:99:2E:D0:A0:22:50
Certificate issuer:       /CN=5dd7336fa915721ce3bfee217f4e99164db9532b
Certificate serial:       019C9FB813AC276A64B605BB38DE731BAD0C
Authority key identifier: 5D:D7:33:6F:A9:15:72:1C:E3:BF:EE:21:7F:4E:99:16:4D:B9:53:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xdczb6kVchzjv-4hf06ZFk25Uys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/e744bd-f6d9-4f74-8c01-8c4bc45927a3/1/H5wbUVeilk2D-TcSNo2ZLtCgIlA.roa
Signing time:             Fri 27 Feb 2026 15:29:26 +0000
ROA not before:           Fri 27 Feb 2026 15:29:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     36351
IP address blocks:        5.62.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/e744bd-f6d9-4f74-8c01-8c4bc45927a3/1/Xdczb6kVchzjv-4hf06ZFk25Uys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/e744bd-f6d9-4f74-8c01-8c4bc45927a3/1/Xdczb6kVchzjv-4hf06ZFk25Uys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xdczb6kVchzjv-4hf06ZFk25Uys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 21:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9f:b8:13:ac:27:6a:64:b6:05:bb:38:de:73:1b:ad:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd7336fa915721ce3bfee217f4e99164db9532b
        Validity
            Not Before: Feb 27 15:29:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1f9c1b5157a2964d83f93712368d992ed0a02250
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:42:82:47:f9:e0:d9:8c:9a:e7:7e:d0:04:ac:
                    8f:3d:3c:b3:97:3e:4f:ac:a0:d6:b1:45:dc:98:d9:
                    7f:5e:38:50:a7:ec:e9:26:47:ac:2a:ab:cf:28:99:
                    18:d7:97:3f:a1:99:a4:72:dc:45:ee:0c:d3:7e:80:
                    47:79:bc:a9:9e:ff:fb:fe:d9:3d:68:d5:f3:ae:85:
                    a6:02:4c:f2:c5:67:3c:35:c7:6c:b5:c2:ea:58:28:
                    7b:96:98:dc:70:5e:1e:60:b0:b0:9d:3a:0c:7d:31:
                    f7:a3:f7:a2:bb:4f:ad:29:0c:d0:c4:4b:38:7d:c1:
                    ab:db:94:73:45:24:16:66:7f:b4:c6:88:b3:f3:26:
                    27:b6:7c:e4:68:4c:55:83:7e:58:0d:f2:f5:ab:89:
                    3d:b0:b0:f7:99:44:7c:40:85:ae:e2:39:52:b7:c2:
                    72:71:63:e8:b4:b8:97:f7:24:64:70:07:3e:38:90:
                    3a:b5:5b:b6:ad:a8:12:4e:e7:ac:5c:f6:28:f0:69:
                    55:e4:40:65:d6:da:16:51:49:44:06:5f:bb:3c:d1:
                    0d:cb:de:36:74:e5:05:17:41:2c:d9:2e:44:59:24:
                    fb:c3:47:7b:bc:2e:85:21:27:73:21:8b:ed:3a:8b:
                    bd:d2:33:ba:2f:c9:fe:bb:b3:cb:3d:c4:bd:f1:11:
                    90:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:9C:1B:51:57:A2:96:4D:83:F9:37:12:36:8D:99:2E:D0:A0:22:50
            X509v3 Authority Key Identifier:
                keyid:5D:D7:33:6F:A9:15:72:1C:E3:BF:EE:21:7F:4E:99:16:4D:B9:53:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xdczb6kVchzjv-4hf06ZFk25Uys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/e744bd-f6d9-4f74-8c01-8c4bc45927a3/1/H5wbUVeilk2D-TcSNo2ZLtCgIlA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/e744bd-f6d9-4f74-8c01-8c4bc45927a3/1/Xdczb6kVchzjv-4hf06ZFk25Uys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.62.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:65:64:b9:f3:c0:51:b0:41:84:0e:93:a4:7f:63:38:17:7e:
         02:13:ad:1a:9a:6f:d8:96:51:55:cd:d6:e2:b5:20:ef:79:ce:
         11:a6:38:cb:52:f8:c7:6d:67:af:2e:b4:b7:30:e0:2f:f6:f7:
         ae:08:12:50:7e:44:f9:a0:e6:fc:f0:a6:96:88:1a:97:9d:12:
         79:84:b7:d1:be:e6:98:94:86:2f:0b:f7:08:71:23:fb:23:3a:
         91:9f:8f:27:5c:fb:9c:d8:b9:a5:e5:83:4e:6a:eb:ec:07:f1:
         d9:7b:31:fd:49:db:32:cb:a0:f2:2f:90:37:8c:17:bb:f8:d0:
         61:8f:5d:8c:70:0b:44:33:04:bb:8e:4a:0f:c3:34:89:75:6b:
         f2:78:74:b8:d5:83:ac:86:8d:f5:b2:2f:b2:81:ed:96:a6:77:
         34:98:7e:08:67:d9:6b:96:cf:6c:e1:c3:89:33:4e:94:d8:76:
         b5:46:eb:38:14:77:a1:f4:95:e3:4f:27:6f:1a:c3:bd:27:8c:
         62:93:79:f2:9a:73:5e:80:ec:98:95:ba:b5:78:26:c1:04:38:
         fd:40:8c:8e:7a:dd:b5:91:30:e5:49:d5:e6:4a:44:b5:27:b9:
         0c:8d:8e:ff:4a:40:97:8f:a3:c6:55:36:ea:e0:5d:92:f0:a0:
         76:51:78:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyfuBOsJ2pktgW7ON5zG60MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZDczMzZmYTkxNTcyMWNlM2JmZWUyMTdmNGU5OTE2NGRi
OTUzMmIwHhcNMjYwMjI3MTUyOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjljMWI1MTU3YTI5NjRkODNmOTM3MTIzNjhkOTkyZWQwYTAyMjUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArUKCR/ng2Yya537QBKyPPTyzlz5P
rKDWsUXcmNl/XjhQp+zpJkesKqvPKJkY15c/oZmkctxF7gzTfoBHebypnv/7/tk9
aNXzroWmAkzyxWc8NcdstcLqWCh7lpjccF4eYLCwnToMfTH3o/eiu0+tKQzQxEs4
fcGr25RzRSQWZn+0xoiz8yYntnzkaExVg35YDfL1q4k9sLD3mUR8QIWu4jlSt8Jy
cWPotLiX9yRkcAc+OJA6tVu2ragSTuesXPYo8GlV5EBl1toWUUlEBl+7PNENy942
dOUFF0Es2S5EWST7w0d7vC6FISdzIYvtOou90jO6L8n+u7PLPcS98RGQmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB+cG1FXopZNg/k3EjaNmS7QoCJQMB8GA1UdIwQY
MBaAFF3XM2+pFXIc47/uIX9OmRZNuVMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGRjemI2a1ZjaHpqdi00aGYwNlpGazI1VXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi9lNzQ0YmQtZjZkOS00Zjc0LThjMDEt
OGM0YmM0NTkyN2EzLzEvSDV3YlVWZWlsazJELVRjU05vMlpMdENnSWxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi9lNzQ0YmQtZjZkOS00Zjc0LThjMDEtOGM0YmM0NTkyN2Ez
LzEvWGRjemI2a1ZjaHpqdi00aGYwNlpGazI1VXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABT4hMA0G
CSqGSIb3DQEBCwUAA4IBAQCgZWS588BRsEGEDpOkf2M4F34CE60amm/YllFVzdbi
tSDvec4RpjjLUvjHbWevLrS3MOAv9veuCBJQfkT5oOb88KaWiBqXnRJ5hLfRvuaY
lIYvC/cIcSP7IzqRn48nXPuc2Lml5YNOauvsB/HZezH9Sdsyy6DyL5A3jBe7+NBh
j12McAtEMwS7jkoPwzSJdWvyeHS41YOsho31si+yge2Wpnc0mH4IZ9lrls9s4cOJ
M06U2Ha1Rus4FHeh9JXjTydvGsO9J4xik3nymnNegOyYlbq1eCbBBDj9QIyOet21
kTDlSdXmSkS1J7kMjY7/SkCXj6PGVTbq4F2S8KB2UXj7
-----END CERTIFICATE-----