Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/b1541b-ca10-40f7-b3ed-b321055cfa2f/1/sr5kiWaUNJb3k53oHKiE3zAeNCc.roa
File:                     sr5kiWaUNJb3k53oHKiE3zAeNCc.roa (raw, json)
Hash identifier:          4lKEnHHPq8ieSuUmi9tpKwDYW28NC9iz/gZMj6c8NHQ=
Subject key identifier:   B2:BE:64:89:66:94:34:96:F7:93:9D:E8:1C:A8:84:DF:30:1E:34:27
Certificate issuer:       /CN=247cdb5ea82e033336640e9eec8ea098cac86180
Certificate serial:       019D53BB20B0FD7B88505D9A66F86CA40C54
Authority key identifier: 24:7C:DB:5E:A8:2E:03:33:36:64:0E:9E:EC:8E:A0:98:CA:C8:61:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JHzbXqguAzM2ZA6e7I6gmMrIYYA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/b1541b-ca10-40f7-b3ed-b321055cfa2f/1/sr5kiWaUNJb3k53oHKiE3zAeNCc.roa
Signing time:             Fri 03 Apr 2026 14:24:25 +0000
ROA not before:           Fri 03 Apr 2026 14:24:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202676
IP address blocks:        2a0b:4040::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/b1541b-ca10-40f7-b3ed-b321055cfa2f/1/JHzbXqguAzM2ZA6e7I6gmMrIYYA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/b1541b-ca10-40f7-b3ed-b321055cfa2f/1/JHzbXqguAzM2ZA6e7I6gmMrIYYA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JHzbXqguAzM2ZA6e7I6gmMrIYYA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 11:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:53:bb:20:b0:fd:7b:88:50:5d:9a:66:f8:6c:a4:0c:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=247cdb5ea82e033336640e9eec8ea098cac86180
        Validity
            Not Before: Apr  3 14:24:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b2be648966943496f7939de81ca884df301e3427
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:7b:c8:08:44:05:a2:d5:f8:c2:a3:4b:77:9c:
                    96:34:13:c4:94:26:23:bb:8d:8a:9c:7d:96:0a:13:
                    d3:0d:b6:1f:0d:7b:47:77:7a:48:0d:91:5d:7a:f7:
                    03:82:76:49:ab:98:2d:58:28:4d:da:f5:86:2b:9d:
                    21:8a:51:72:8e:eb:22:2f:fc:ae:26:0d:27:4a:f3:
                    12:e7:3f:91:f3:ab:6e:37:ad:ac:ea:7a:f2:c1:47:
                    d1:6e:07:cf:b1:0f:8e:36:5b:9a:6d:13:c2:d0:2a:
                    3e:13:9e:fe:8c:5c:c2:9c:0b:dc:6b:4f:ef:a6:55:
                    79:e7:b8:9e:93:cf:32:f6:8e:f8:08:15:bd:80:2a:
                    d8:9c:e0:2a:ae:ee:b3:47:40:9f:e8:0b:5f:18:4d:
                    6b:b8:06:db:9e:62:d8:bb:bf:bd:ba:05:7f:84:09:
                    e2:dc:0c:5a:ad:cd:1a:f8:a0:7b:6a:fa:2b:77:6e:
                    ad:59:a7:a7:2a:19:70:fd:cd:39:bb:b9:cb:e3:2a:
                    5b:e7:43:e7:1c:db:1c:78:57:16:2f:63:e3:7e:d8:
                    70:d5:4e:74:0d:aa:a7:29:ce:08:0d:18:22:5a:5d:
                    4a:be:d8:02:6e:d0:80:a7:eb:a8:c0:02:c7:8b:ef:
                    94:21:60:aa:e8:02:f2:2f:b3:99:a0:c9:ea:95:7f:
                    e8:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:BE:64:89:66:94:34:96:F7:93:9D:E8:1C:A8:84:DF:30:1E:34:27
            X509v3 Authority Key Identifier:
                keyid:24:7C:DB:5E:A8:2E:03:33:36:64:0E:9E:EC:8E:A0:98:CA:C8:61:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JHzbXqguAzM2ZA6e7I6gmMrIYYA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/b1541b-ca10-40f7-b3ed-b321055cfa2f/1/sr5kiWaUNJb3k53oHKiE3zAeNCc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/b1541b-ca10-40f7-b3ed-b321055cfa2f/1/JHzbXqguAzM2ZA6e7I6gmMrIYYA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:4040::/29

    Signature Algorithm: sha256WithRSAEncryption
         66:65:54:d2:91:6d:cf:88:e6:fa:1d:e7:49:e8:61:ef:22:25:
         1a:40:10:46:20:91:ee:04:36:34:fd:a6:7e:11:fc:d8:5f:93:
         56:16:01:89:d9:3b:e3:44:29:f7:27:0b:62:ba:f0:50:85:7a:
         1d:bd:a5:c9:1f:c3:ce:f6:6c:91:a8:d8:cf:b2:95:7b:e0:52:
         b0:0e:9a:ef:69:3b:9f:28:eb:f7:79:07:75:75:d6:7f:46:5a:
         01:bc:66:a7:d8:2d:fe:83:25:bc:91:6a:49:0f:ec:17:3f:bf:
         27:15:51:30:42:81:92:3b:52:c3:7a:34:d4:42:95:86:03:53:
         2b:4e:7a:f2:1e:12:e7:54:97:27:e6:52:36:83:c9:92:ea:cc:
         92:c6:2c:bc:d5:98:23:90:80:47:ad:a9:2c:09:31:4b:fb:86:
         57:a3:d1:6f:78:8c:a6:fe:8b:92:02:08:4b:3a:93:23:59:84:
         73:1c:e4:f2:0e:5e:cc:e1:42:d0:12:15:f7:29:9c:14:11:1a:
         70:35:5f:6f:48:19:84:80:71:5c:15:92:6c:b1:6b:0a:65:f8:
         67:d5:8f:34:aa:68:b0:cb:5a:33:da:10:82:5f:25:b4:6a:e2:
         a0:af:ca:c5:e3:90:12:a3:40:1e:84:c3:1d:79:97:c7:91:fa:
         3f:44:26:03
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ1TuyCw/XuIUF2aZvhspAxUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0N2NkYjVlYTgyZTAzMzMzNjY0MGU5ZWVjOGVhMDk4Y2Fj
ODYxODAwHhcNMjYwNDAzMTQyNDI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmJlNjQ4OTY2OTQzNDk2Zjc5MzlkZTgxY2E4ODRkZjMwMWUzNDI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1XvICEQFotX4wqNLd5yWNBPElCYj
u42KnH2WChPTDbYfDXtHd3pIDZFdevcDgnZJq5gtWChN2vWGK50hilFyjusiL/yu
Jg0nSvMS5z+R86tuN62s6nrywUfRbgfPsQ+ONluabRPC0Co+E57+jFzCnAvca0/v
plV557iek88y9o74CBW9gCrYnOAqru6zR0Cf6AtfGE1ruAbbnmLYu7+9ugV/hAni
3Axarc0a+KB7avord26tWaenKhlw/c05u7nL4ypb50PnHNsceFcWL2Pjfthw1U50
DaqnKc4IDRgiWl1KvtgCbtCAp+uowALHi++UIWCq6ALyL7OZoMnqlX/ohwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLK+ZIlmlDSW95Od6ByohN8wHjQnMB8GA1UdIwQY
MBaAFCR8216oLgMzNmQOnuyOoJjKyGGAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkh6YlhxZ3VBek0yWkE2ZTdJNmdtTXJJWVlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9iMTU0MWItY2ExMC00MGY3LWIzZWQt
YjMyMTA1NWNmYTJmLzEvc3I1a2lXYVVOSmIzazUzb0hLaUUzekFlTkNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9iMTU0MWItY2ExMC00MGY3LWIzZWQtYjMyMTA1NWNmYTJm
LzEvSkh6YlhxZ3VBek0yWkE2ZTdJNmdtTXJJWVlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgtAQDAN
BgkqhkiG9w0BAQsFAAOCAQEAZmVU0pFtz4jm+h3nSehh7yIlGkAQRiCR7gQ2NP2m
fhH82F+TVhYBidk740Qp9ycLYrrwUIV6Hb2lyR/DzvZskajYz7KVe+BSsA6a72k7
nyjr93kHdXXWf0ZaAbxmp9gt/oMlvJFqSQ/sFz+/JxVRMEKBkjtSw3o01EKVhgNT
K0568h4S51SXJ+ZSNoPJkurMksYsvNWYI5CAR62pLAkxS/uGV6PRb3iMpv6LkgII
SzqTI1mEcxzk8g5ezOFC0BIV9ymcFBEacDVfb0gZhIBxXBWSbLFrCmX4Z9WPNKpo
sMtaM9oQgl8ltGrioK/KxeOQEqNAHoTDHXmXx5H6P0QmAw==
-----END CERTIFICATE-----