Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/564bd0-7b52-44dd-b56b-8eaa6bf40357/1/5t7LxZOnJ1oA36BSSTw5AEmUq20.roa
File:                     5t7LxZOnJ1oA36BSSTw5AEmUq20.roa (raw, json)
Hash identifier:          VZXGO3QetxGEp6QAJJaHETqqkuTNwYe6IR9YcZcrEN8=
Subject key identifier:   E6:DE:CB:C5:93:A7:27:5A:00:DF:A0:52:49:3C:39:00:49:94:AB:6D
Certificate issuer:       /CN=e1856c3082ab2fc8dd1b359a7b3991368538b4d0
Certificate serial:       019D74A76562F9A88659C892301BA262330F
Authority key identifier: E1:85:6C:30:82:AB:2F:C8:DD:1B:35:9A:7B:39:91:36:85:38:B4:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4YVsMIKrL8jdGzWaezmRNoU4tNA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/564bd0-7b52-44dd-b56b-8eaa6bf40357/1/5t7LxZOnJ1oA36BSSTw5AEmUq20.roa
Signing time:             Thu 09 Apr 2026 23:50:20 +0000
ROA not before:           Thu 09 Apr 2026 23:50:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211557
IP address blocks:        5.63.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/564bd0-7b52-44dd-b56b-8eaa6bf40357/1/4YVsMIKrL8jdGzWaezmRNoU4tNA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/564bd0-7b52-44dd-b56b-8eaa6bf40357/1/4YVsMIKrL8jdGzWaezmRNoU4tNA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4YVsMIKrL8jdGzWaezmRNoU4tNA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 04:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:74:a7:65:62:f9:a8:86:59:c8:92:30:1b:a2:62:33:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1856c3082ab2fc8dd1b359a7b3991368538b4d0
        Validity
            Not Before: Apr  9 23:50:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e6decbc593a7275a00dfa052493c39004994ab6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:8b:cd:fa:3f:9a:de:15:02:6d:57:02:ff:74:
                    7d:39:e1:c2:12:18:b3:16:91:1d:fe:42:94:6e:c4:
                    90:2f:39:7c:a1:0a:4c:14:b9:75:fd:60:09:f8:80:
                    f6:22:1b:d3:56:9a:c3:cd:49:51:15:f0:02:7a:fc:
                    ed:1e:8c:7c:2f:94:a2:77:fe:8b:a8:96:16:46:0d:
                    6f:35:60:54:76:9d:1c:4b:e8:d7:37:76:82:9b:90:
                    d2:cc:f4:e1:bc:0c:88:86:36:5c:a5:70:a6:6e:ab:
                    81:85:8e:b4:ef:6f:4b:17:32:d0:7f:82:35:5f:db:
                    ca:ec:c3:f9:e1:27:2e:9e:29:c0:e1:99:60:f8:3b:
                    fe:aa:96:be:47:52:7a:15:12:b4:fc:5d:7d:5e:11:
                    5d:59:7c:f3:c3:82:7d:8b:1b:94:67:f2:d7:83:95:
                    22:ab:6d:21:33:6a:b9:9f:74:9e:ca:be:64:82:c2:
                    f6:7d:dd:e9:f7:5e:96:c2:9c:6d:d7:da:24:06:23:
                    f8:30:48:83:a7:a6:3f:2c:b9:4c:a1:98:81:17:bd:
                    51:46:dd:88:bc:50:0a:18:bd:4a:e9:85:f9:f8:08:
                    40:55:e9:c0:ae:a2:db:3c:66:50:00:c6:45:4d:4c:
                    14:d2:c9:4a:fe:26:aa:51:c5:d2:21:a4:94:e3:80:
                    8a:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:DE:CB:C5:93:A7:27:5A:00:DF:A0:52:49:3C:39:00:49:94:AB:6D
            X509v3 Authority Key Identifier:
                keyid:E1:85:6C:30:82:AB:2F:C8:DD:1B:35:9A:7B:39:91:36:85:38:B4:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4YVsMIKrL8jdGzWaezmRNoU4tNA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/564bd0-7b52-44dd-b56b-8eaa6bf40357/1/5t7LxZOnJ1oA36BSSTw5AEmUq20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/564bd0-7b52-44dd-b56b-8eaa6bf40357/1/4YVsMIKrL8jdGzWaezmRNoU4tNA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.63.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:0d:9e:80:30:a1:cd:00:f3:1a:53:4f:87:28:13:36:82:47:
         9b:15:5f:9b:13:ad:cf:7c:13:7e:00:6a:7e:f3:e6:08:f9:fa:
         22:af:c5:fd:4d:ef:b3:0c:9e:69:8d:b5:8b:3a:4f:e8:04:56:
         53:0b:b2:16:a5:24:dd:b9:83:0d:46:24:c1:12:93:ff:98:90:
         78:97:9c:c4:b0:bf:26:f5:4d:85:36:f6:3b:7f:de:bc:1a:1a:
         f3:0b:7d:a0:95:06:f4:c1:5a:c7:d8:7c:db:43:27:ba:ff:a4:
         2d:87:15:4c:c7:94:11:8a:3f:6a:90:83:22:c7:90:99:1b:0d:
         4e:0a:c8:2a:46:36:1b:67:d6:16:9a:6c:03:3a:5c:70:bc:05:
         71:b5:97:ae:f3:9a:79:8a:47:81:5f:39:5c:5d:6f:30:64:46:
         c0:f9:e9:22:d1:21:10:ea:08:9f:02:c4:55:c7:f6:72:57:5a:
         33:f0:ba:45:b5:db:c2:78:23:27:4c:73:a8:87:4d:a3:eb:a6:
         97:40:17:92:41:fc:5f:cd:24:2a:79:b2:29:de:a8:9b:89:db:
         ce:ae:2c:0c:09:05:dc:48:89:7e:3c:b7:06:15:cf:4b:ae:d9:
         8e:32:ef:6e:38:82:93:db:7a:64:49:68:17:9c:dc:72:f0:34:
         7f:df:2a:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ10p2Vi+aiGWciSMBuiYjMPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxODU2YzMwODJhYjJmYzhkZDFiMzU5YTdiMzk5MTM2ODUz
OGI0ZDAwHhcNMjYwNDA5MjM1MDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmRlY2JjNTkzYTcyNzVhMDBkZmEwNTI0OTNjMzkwMDQ5OTRhYjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzYvN+j+a3hUCbVcC/3R9OeHCEhiz
FpEd/kKUbsSQLzl8oQpMFLl1/WAJ+ID2IhvTVprDzUlRFfACevztHox8L5Sid/6L
qJYWRg1vNWBUdp0cS+jXN3aCm5DSzPThvAyIhjZcpXCmbquBhY60729LFzLQf4I1
X9vK7MP54ScuninA4Zlg+Dv+qpa+R1J6FRK0/F19XhFdWXzzw4J9ixuUZ/LXg5Ui
q20hM2q5n3Seyr5kgsL2fd3p916Wwpxt19okBiP4MEiDp6Y/LLlMoZiBF71RRt2I
vFAKGL1K6YX5+AhAVenArqLbPGZQAMZFTUwU0slK/iaqUcXSIaSU44CKeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFObey8WTpydaAN+gUkk8OQBJlKttMB8GA1UdIwQY
MBaAFOGFbDCCqy/I3Rs1mns5kTaFOLTQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFlWc01JS3JMOGpkR3pXYWV6bVJOb1U0dE5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC81NjRiZDAtN2I1Mi00NGRkLWI1NmIt
OGVhYTZiZjQwMzU3LzEvNXQ3THhaT25KMW9BMzZCU1NUdzVBRW1VcTIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC81NjRiZDAtN2I1Mi00NGRkLWI1NmItOGVhYTZiZjQwMzU3
LzEvNFlWc01JS3JMOGpkR3pXYWV6bVJOb1U0dE5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABT8VMA0G
CSqGSIb3DQEBCwUAA4IBAQAEDZ6AMKHNAPMaU0+HKBM2gkebFV+bE63PfBN+AGp+
8+YI+foir8X9Te+zDJ5pjbWLOk/oBFZTC7IWpSTduYMNRiTBEpP/mJB4l5zEsL8m
9U2FNvY7f968GhrzC32glQb0wVrH2HzbQye6/6QthxVMx5QRij9qkIMix5CZGw1O
CsgqRjYbZ9YWmmwDOlxwvAVxtZeu85p5ikeBXzlcXW8wZEbA+eki0SEQ6gifAsRV
x/ZyV1oz8LpFtdvCeCMnTHOoh02j66aXQBeSQfxfzSQqebIp3qibidvOriwMCQXc
SIl+PLcGFc9LrtmOMu9uOIKT23pkSWgXnNxy8DR/3ypi
-----END CERTIFICATE-----