Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/5ICsFrquvX49HjEzOQU7S93GVkQ.roa
File:                     5ICsFrquvX49HjEzOQU7S93GVkQ.roa (raw, json)
Hash identifier:          dNzwPe5ZKIgncVs1sWSuSbTrhXj7p0vAUSyPZCigSn0=
Subject key identifier:   E4:80:AC:16:BA:AE:BD:7E:3D:1E:31:33:39:05:3B:4B:DD:C6:56:44
Certificate issuer:       /CN=c0e549fdceeb02912c8a8741c816806bbe19c448
Certificate serial:       019EB4C50655518FA9F1CBC394BAA31F08FB
Authority key identifier: C0:E5:49:FD:CE:EB:02:91:2C:8A:87:41:C8:16:80:6B:BE:19:C4:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wOVJ_c7rApEsiodByBaAa74ZxEg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/5ICsFrquvX49HjEzOQU7S93GVkQ.roa
Signing time:             Thu 11 Jun 2026 03:41:11 +0000
ROA not before:           Thu 11 Jun 2026 03:41:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     267823
IP address blocks:        194.30.183.0/24 maxlen: 24
                          194.31.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/wOVJ_c7rApEsiodByBaAa74ZxEg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/wOVJ_c7rApEsiodByBaAa74ZxEg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wOVJ_c7rApEsiodByBaAa74ZxEg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b4:c5:06:55:51:8f:a9:f1:cb:c3:94:ba:a3:1f:08:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0e549fdceeb02912c8a8741c816806bbe19c448
        Validity
            Not Before: Jun 11 03:41:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e480ac16baaebd7e3d1e313339053b4bddc65644
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:85:0a:70:09:4a:51:f5:4c:3b:c0:90:20:2a:
                    1c:94:c0:5a:a0:5d:34:c2:0e:47:a0:cd:c7:7f:a3:
                    cf:0e:a6:99:1b:b1:a8:3a:be:bf:fa:a7:0b:0f:ed:
                    b9:6d:d6:27:20:fc:31:11:da:6e:f5:72:3e:7b:85:
                    40:33:17:8a:d1:f0:70:44:7f:4e:b9:19:e1:2f:80:
                    89:69:e1:40:3a:48:61:e6:fa:66:3f:89:fb:b7:3b:
                    31:ae:3a:2f:68:5d:2c:a9:c6:5c:bb:e2:3e:06:61:
                    de:c7:f8:91:27:02:b0:4e:72:24:ec:80:46:59:e5:
                    b5:31:58:49:1c:a5:a4:dd:15:21:4a:56:8d:ba:98:
                    a7:59:06:18:5c:1d:30:43:9f:11:63:9c:1f:d4:e2:
                    92:a1:f7:5e:27:7f:26:8a:09:61:dc:ae:6e:ba:a2:
                    79:df:25:d7:8e:4c:b6:ff:07:8a:83:3f:57:fb:5b:
                    e5:b6:bf:b3:5e:82:7c:67:f1:e6:04:8e:cc:97:19:
                    a5:c0:54:10:71:48:a4:aa:6d:1d:80:36:31:04:b3:
                    69:9e:14:17:95:a9:5a:da:38:02:1b:20:fd:4a:55:
                    af:9b:f8:86:ea:b9:b9:cf:c4:25:70:4f:7c:72:d2:
                    43:fc:79:53:f6:de:d4:40:fb:a9:b6:f8:33:9e:a9:
                    2d:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:80:AC:16:BA:AE:BD:7E:3D:1E:31:33:39:05:3B:4B:DD:C6:56:44
            X509v3 Authority Key Identifier:
                keyid:C0:E5:49:FD:CE:EB:02:91:2C:8A:87:41:C8:16:80:6B:BE:19:C4:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wOVJ_c7rApEsiodByBaAa74ZxEg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/5ICsFrquvX49HjEzOQU7S93GVkQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/160f8f-dbab-482d-b39c-ad2fda47988e/1/wOVJ_c7rApEsiodByBaAa74ZxEg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.30.183.0/24
                  194.31.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:9a:47:e7:0a:93:4b:02:e6:64:37:7c:93:d0:49:a4:54:15:
         15:e4:77:ee:90:c2:f6:05:d4:2b:f6:8d:50:48:b1:2b:8b:6b:
         89:d3:d7:65:94:72:e8:d7:9a:38:9a:c9:a8:49:16:8c:e3:79:
         7c:e0:c7:44:b0:bf:83:48:26:02:fb:c7:30:0a:32:17:ca:73:
         57:c7:df:70:de:77:5e:41:0b:37:30:30:94:e9:59:f6:7f:da:
         73:10:dc:e9:b4:35:b2:10:64:a3:88:79:8c:c0:89:3a:86:c7:
         85:7c:31:78:3f:e8:bc:1f:cd:5f:53:54:5f:97:18:d1:8d:8a:
         e6:03:8e:76:c0:01:70:ae:6e:9f:a8:d6:50:10:13:62:d6:f0:
         6a:f1:cb:8e:2e:09:f0:ca:2a:59:cf:5d:2f:1a:30:ce:b6:69:
         2b:93:6a:f6:00:cd:73:d5:92:94:fb:1b:33:dd:c2:8c:80:27:
         60:c0:d9:f1:ac:8e:5f:0b:eb:e9:ce:28:00:c9:b5:03:7b:22:
         38:6f:cd:46:9a:0c:5d:1d:67:df:0f:f4:a4:eb:be:cc:89:d0:
         9d:22:a2:e1:4e:53:b2:f7:46:6e:74:dd:a8:eb:b1:03:87:48:
         27:af:6f:82:6b:ed:2c:9a:fa:db:59:3f:d4:ca:09:b3:52:12:
         3e:9f:40:0e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ60xQZVUY+p8cvDlLqjHwj7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwZTU0OWZkY2VlYjAyOTEyYzhhODc0MWM4MTY4MDZiYmUx
OWM0NDgwHhcNMjYwNjExMDM0MTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDgwYWMxNmJhYWViZDdlM2QxZTMxMzMzOTA1M2I0YmRkYzY1NjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmIUKcAlKUfVMO8CQICoclMBaoF00
wg5HoM3Hf6PPDqaZG7GoOr6/+qcLD+25bdYnIPwxEdpu9XI+e4VAMxeK0fBwRH9O
uRnhL4CJaeFAOkhh5vpmP4n7tzsxrjovaF0sqcZcu+I+BmHex/iRJwKwTnIk7IBG
WeW1MVhJHKWk3RUhSlaNupinWQYYXB0wQ58RY5wf1OKSofdeJ38miglh3K5uuqJ5
3yXXjky2/weKgz9X+1vltr+zXoJ8Z/HmBI7MlxmlwFQQcUikqm0dgDYxBLNpnhQX
lala2jgCGyD9SlWvm/iG6rm5z8QlcE98ctJD/HlT9t7UQPuptvgznqkt0QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOSArBa6rr1+PR4xMzkFO0vdxlZEMB8GA1UdIwQY
MBaAFMDlSf3O6wKRLIqHQcgWgGu+GcRIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd09WSl9jN3JBcEVzaW9kQnlCYUFhNzRaeEVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8xNjBmOGYtZGJhYi00ODJkLWIzOWMt
YWQyZmRhNDc5ODhlLzEvNUlDc0ZycXV2WDQ5SGpFek9RVTdTOTNHVmtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8xNjBmOGYtZGJhYi00ODJkLWIzOWMtYWQyZmRhNDc5ODhl
LzEvd09WSl9jN3JBcEVzaW9kQnlCYUFhNzRaeEVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwh63AwQA
wh8BMA0GCSqGSIb3DQEBCwUAA4IBAQB6mkfnCpNLAuZkN3yT0EmkVBUV5HfukML2
BdQr9o1QSLEri2uJ09dllHLo15o4msmoSRaM43l84MdEsL+DSCYC+8cwCjIXynNX
x99w3ndeQQs3MDCU6Vn2f9pzENzptDWyEGSjiHmMwIk6hseFfDF4P+i8H81fU1Rf
lxjRjYrmA452wAFwrm6fqNZQEBNi1vBq8cuOLgnwyipZz10vGjDOtmkrk2r2AM1z
1ZKU+xsz3cKMgCdgwNnxrI5fC+vpzigAybUDeyI4b81GmgxdHWffD/Sk677MidCd
IqLhTlOy90ZudN2o67EDh0gnr2+Ca+0smvrbWT/UygmzUhI+n0AO
-----END CERTIFICATE-----