Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/5GxvHZCMMVes7bAUdIaYsXEtdX4.roa
File:                     5GxvHZCMMVes7bAUdIaYsXEtdX4.roa (raw, json)
Hash identifier:          x5pIX8HDxeQPjQseodSp8HJv0Ul8z850CXMOjeGpMb0=
Subject key identifier:   E4:6C:6F:1D:90:8C:31:57:AC:ED:B0:14:74:86:98:B1:71:2D:75:7E
Certificate issuer:       /CN=570fb0f1d8b8c198b0dc86158afbcbc529cf16be
Certificate serial:       019C322D42937180D36B3E4911C2FA545142
Authority key identifier: 57:0F:B0:F1:D8:B8:C1:98:B0:DC:86:15:8A:FB:CB:C5:29:CF:16:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/5GxvHZCMMVes7bAUdIaYsXEtdX4.roa
Signing time:             Fri 06 Feb 2026 08:59:12 +0000
ROA not before:           Fri 06 Feb 2026 08:59:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8311
IP address blocks:        185.212.204.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:32:2d:42:93:71:80:d3:6b:3e:49:11:c2:fa:54:51:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=570fb0f1d8b8c198b0dc86158afbcbc529cf16be
        Validity
            Not Before: Feb  6 08:59:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e46c6f1d908c3157acedb014748698b1712d757e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:07:6f:9e:7a:06:10:da:a0:67:87:ca:2a:af:
                    73:1d:e1:5a:11:1c:07:69:5e:15:48:96:3f:06:75:
                    79:ce:6c:f1:41:41:a0:61:c7:d8:78:34:7f:cf:c4:
                    d5:0a:d0:8e:59:42:5b:58:44:af:65:32:51:06:04:
                    13:70:69:1e:93:8a:54:cd:9e:61:2b:b3:ed:66:0f:
                    b8:84:b2:08:37:de:b1:40:6a:a1:42:52:7e:86:41:
                    86:4b:c2:24:5c:4e:c4:6e:d2:03:4c:1f:db:ac:ae:
                    c2:4d:a7:78:c1:71:4d:ae:d4:b0:c4:4c:b9:02:de:
                    be:86:41:e8:15:cd:98:d8:12:c0:2f:6a:85:96:b8:
                    31:e7:6d:41:a5:c2:f6:ce:2c:6a:b9:b8:f5:ee:0a:
                    b7:06:a2:a6:d1:26:1b:5a:db:c6:8a:f2:da:dc:84:
                    6a:e1:30:ae:cb:fc:18:9f:26:9c:7b:47:cf:83:a3:
                    24:13:c2:7b:ad:8e:73:b4:0c:83:17:b8:a9:be:e7:
                    66:45:24:11:1f:ca:33:f1:ea:de:9b:43:10:fe:b6:
                    0b:93:89:b0:4f:db:3a:81:89:b6:31:63:b3:4f:db:
                    94:ad:88:b6:6f:90:39:71:a6:47:9d:d1:22:2a:82:
                    d4:d0:0e:fd:0e:2d:59:70:43:0b:5d:ee:37:13:bb:
                    ac:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:6C:6F:1D:90:8C:31:57:AC:ED:B0:14:74:86:98:B1:71:2D:75:7E
            X509v3 Authority Key Identifier:
                keyid:57:0F:B0:F1:D8:B8:C1:98:B0:DC:86:15:8A:FB:CB:C5:29:CF:16:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/5GxvHZCMMVes7bAUdIaYsXEtdX4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1e:28:bd:22:a5:ee:47:63:d0:d4:d9:44:48:87:d1:8e:7f:f1:
         f0:c3:d7:75:b2:7e:3d:59:26:49:68:d9:f6:21:bb:29:b5:15:
         86:a9:35:a1:10:09:b7:ac:62:9a:6e:dd:7d:5a:62:15:46:4a:
         01:9f:0e:61:26:fc:1b:da:58:97:75:f6:6d:9b:66:04:dc:3f:
         63:99:1e:ad:ef:84:f2:87:66:de:1b:a5:6a:12:c0:7f:ad:9a:
         96:51:f0:1d:ac:28:bb:c8:ad:42:45:77:78:f7:ca:8f:13:56:
         ac:87:29:17:1c:22:a4:a2:45:3f:c4:ab:27:55:e5:0e:2c:af:
         99:a4:87:19:17:da:5e:76:e3:60:ff:b8:49:64:de:92:c5:b6:
         ec:d8:38:f4:e8:a8:d1:a8:59:e1:39:d8:9e:8b:66:87:be:7a:
         f0:e6:f7:04:00:7b:61:62:30:35:88:3c:79:57:76:a0:5e:17:
         5b:aa:df:6e:20:04:fa:be:2d:8c:61:5e:2a:57:28:18:8c:c5:
         9b:b5:c3:77:21:89:df:e8:3f:9e:73:ac:e6:0f:c0:3c:f7:9e:
         cc:c0:41:d0:7b:c8:3b:a1:e1:6a:a8:68:14:a2:69:60:7c:28:
         96:14:62:f8:83:ac:5a:ca:69:7e:2f:84:8e:a1:10:59:e4:8c:
         29:71:5d:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwyLUKTcYDTaz5JEcL6VFFCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MGZiMGYxZDhiOGMxOThiMGRjODYxNThhZmJjYmM1Mjlj
ZjE2YmUwHhcNMjYwMjA2MDg1OTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDZjNmYxZDkwOGMzMTU3YWNlZGIwMTQ3NDg2OThiMTcxMmQ3NTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxwdvnnoGENqgZ4fKKq9zHeFaERwH
aV4VSJY/BnV5zmzxQUGgYcfYeDR/z8TVCtCOWUJbWESvZTJRBgQTcGkek4pUzZ5h
K7PtZg+4hLIIN96xQGqhQlJ+hkGGS8IkXE7EbtIDTB/brK7CTad4wXFNrtSwxEy5
At6+hkHoFc2Y2BLAL2qFlrgx521BpcL2zixqubj17gq3BqKm0SYbWtvGivLa3IRq
4TCuy/wYnyace0fPg6MkE8J7rY5ztAyDF7ipvudmRSQRH8oz8erem0MQ/rYLk4mw
T9s6gYm2MWOzT9uUrYi2b5A5caZHndEiKoLU0A79Di1ZcEMLXe43E7usBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFORsbx2QjDFXrO2wFHSGmLFxLXV+MB8GA1UdIwQY
MBaAFFcPsPHYuMGYsNyGFYr7y8Upzxa+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnctdzhkaTR3Wml3M0lZVml2dkx4U25QRnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8wOTQ5ZmMtYWNjZC00NzFmLWE5Y2Qt
OTcyNDNlMzE2MjcyLzEvNUd4dkhaQ01NVmVzN2JBVWRJYVlzWEV0ZFg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8wOTQ5ZmMtYWNjZC00NzFmLWE5Y2QtOTcyNDNlMzE2Mjcy
LzEvVnctdzhkaTR3Wml3M0lZVml2dkx4U25QRnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudTMMA0G
CSqGSIb3DQEBCwUAA4IBAQAeKL0ipe5HY9DU2URIh9GOf/Hww9d1sn49WSZJaNn2
IbsptRWGqTWhEAm3rGKabt19WmIVRkoBnw5hJvwb2liXdfZtm2YE3D9jmR6t74Ty
h2beG6VqEsB/rZqWUfAdrCi7yK1CRXd498qPE1ashykXHCKkokU/xKsnVeUOLK+Z
pIcZF9peduNg/7hJZN6Sxbbs2Dj06KjRqFnhOdiei2aHvnrw5vcEAHthYjA1iDx5
V3agXhdbqt9uIAT6vi2MYV4qVygYjMWbtcN3IYnf6D+ec6zmD8A8957MwEHQe8g7
oeFqqGgUomlgfCiWFGL4g6xayml+L4SOoRBZ5IwpcV02
-----END CERTIFICATE-----