Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/13fc59-3b4f-452c-81d4-141528664d0b/1/j47FN1b9Qh66nUBnpby1lJe9CYU.roa
File:                     j47FN1b9Qh66nUBnpby1lJe9CYU.roa (raw, json)
Hash identifier:          sZWGSAo/74IVtkMhs6kmHJc9kEJANjXcYOtxcE90TYw=
Subject key identifier:   8F:8E:C5:37:56:FD:42:1E:BA:9D:40:67:A5:BC:B5:94:97:BD:09:85
Certificate issuer:       /CN=55959b0bda0a0f591f968408539f331810bb2534
Certificate serial:       019B7EA4465C55EC96E0D3A8581A2C42D4BE
Authority key identifier: 55:95:9B:0B:DA:0A:0F:59:1F:96:84:08:53:9F:33:18:10:BB:25:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VZWbC9oKD1kfloQIU58zGBC7JTQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/13fc59-3b4f-452c-81d4-141528664d0b/1/j47FN1b9Qh66nUBnpby1lJe9CYU.roa
Signing time:             Fri 02 Jan 2026 12:17:33 +0000
ROA not before:           Fri 02 Jan 2026 12:17:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212589
IP address blocks:        5.133.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/13fc59-3b4f-452c-81d4-141528664d0b/1/VZWbC9oKD1kfloQIU58zGBC7JTQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/13fc59-3b4f-452c-81d4-141528664d0b/1/VZWbC9oKD1kfloQIU58zGBC7JTQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VZWbC9oKD1kfloQIU58zGBC7JTQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a4:46:5c:55:ec:96:e0:d3:a8:58:1a:2c:42:d4:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55959b0bda0a0f591f968408539f331810bb2534
        Validity
            Not Before: Jan  2 12:17:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8f8ec53756fd421eba9d4067a5bcb59497bd0985
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:8f:3b:2f:9a:e2:5e:77:52:8f:50:bf:d2:f9:
                    64:56:53:de:34:7a:bc:99:fd:9c:74:45:99:8e:1c:
                    c2:18:75:db:20:a1:dd:08:fa:ff:d9:29:39:ae:62:
                    cd:13:03:5e:9e:ac:34:fb:63:55:58:66:e6:73:49:
                    9b:47:ac:40:6c:30:ab:74:1b:88:51:20:e3:5e:e9:
                    9e:c6:2f:6d:fc:3e:6e:30:66:12:5f:e5:2d:75:11:
                    35:93:1f:85:47:25:2d:af:6a:cb:bc:e1:a7:72:9d:
                    88:03:3d:c5:02:05:2f:55:ff:d5:6b:3b:d2:e7:7c:
                    49:50:1e:05:bc:76:39:c7:c3:96:08:54:7f:b4:24:
                    9e:74:cf:b2:3f:4c:4a:34:b5:88:5d:8c:bf:07:17:
                    9a:b0:e3:bd:21:26:e7:53:55:73:0e:bf:31:4d:5a:
                    44:97:54:2f:ae:bf:c3:ce:02:f3:18:ee:1e:50:c9:
                    d9:a4:ee:56:f5:83:6c:bf:fb:fc:21:fe:32:73:64:
                    da:71:57:0d:fc:27:ec:38:51:78:50:35:ef:22:e4:
                    2f:26:f2:4c:12:2d:e4:d6:af:4d:a6:53:10:3e:11:
                    fb:53:ff:03:f2:a3:99:01:a2:86:ac:f2:6c:dc:4d:
                    7d:37:49:18:ca:59:91:a3:e0:ea:57:d2:dc:7c:f8:
                    54:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:8E:C5:37:56:FD:42:1E:BA:9D:40:67:A5:BC:B5:94:97:BD:09:85
            X509v3 Authority Key Identifier:
                keyid:55:95:9B:0B:DA:0A:0F:59:1F:96:84:08:53:9F:33:18:10:BB:25:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VZWbC9oKD1kfloQIU58zGBC7JTQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/13fc59-3b4f-452c-81d4-141528664d0b/1/j47FN1b9Qh66nUBnpby1lJe9CYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/13fc59-3b4f-452c-81d4-141528664d0b/1/VZWbC9oKD1kfloQIU58zGBC7JTQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:57:b7:aa:76:13:f6:7a:dd:af:33:24:9e:ea:14:d4:8f:1e:
         c5:00:ae:bd:ed:ef:01:54:d3:81:e2:f9:c8:aa:c2:a0:09:15:
         46:91:5e:a4:33:f8:2a:10:dc:42:8c:b7:ed:53:c3:f3:ec:39:
         2a:dc:6f:8c:06:68:ff:7f:af:be:1f:c2:dd:5d:1a:67:1c:91:
         8e:29:3f:e9:b3:5f:95:74:c7:e2:f1:95:2e:64:87:4a:79:66:
         60:f7:d4:bd:4d:d3:65:fd:29:94:c6:f7:c8:38:90:43:ab:94:
         4e:6a:fc:6a:1f:6f:fa:4b:b3:86:8a:4e:42:13:a5:e9:db:f6:
         e9:ff:f7:73:dc:41:f3:10:75:98:26:58:3a:0e:26:11:09:a1:
         58:8f:13:5d:11:57:5b:ea:74:7b:a6:5b:52:35:ca:fe:f6:4c:
         0a:49:3c:c4:53:f1:83:e8:8d:cd:93:39:47:3e:7e:6d:b8:de:
         39:05:4d:de:bd:ca:93:5a:df:af:83:02:ed:41:5f:7a:89:45:
         00:8e:c9:e3:9b:c8:a7:e5:98:eb:08:75:d0:2a:92:03:b7:a8:
         09:64:87:b7:e8:65:d6:01:2a:81:89:01:5d:6e:ac:98:1b:ad:
         57:81:0d:44:10:f0:62:a9:8f:a5:26:ca:59:d1:66:ba:79:9b:
         1d:a8:e8:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pEZcVeyW4NOoWBosQtS+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1OTU5YjBiZGEwYTBmNTkxZjk2ODQwODUzOWYzMzE4MTBi
YjI1MzQwHhcNMjYwMTAyMTIxNzMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjhlYzUzNzU2ZmQ0MjFlYmE5ZDQwNjdhNWJjYjU5NDk3YmQwOTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqo87L5riXndSj1C/0vlkVlPeNHq8
mf2cdEWZjhzCGHXbIKHdCPr/2Sk5rmLNEwNenqw0+2NVWGbmc0mbR6xAbDCrdBuI
USDjXumexi9t/D5uMGYSX+UtdRE1kx+FRyUtr2rLvOGncp2IAz3FAgUvVf/VazvS
53xJUB4FvHY5x8OWCFR/tCSedM+yP0xKNLWIXYy/BxeasOO9ISbnU1VzDr8xTVpE
l1Qvrr/DzgLzGO4eUMnZpO5W9YNsv/v8If4yc2TacVcN/CfsOFF4UDXvIuQvJvJM
Ei3k1q9NplMQPhH7U/8D8qOZAaKGrPJs3E19N0kYylmRo+DqV9LcfPhUCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI+OxTdW/UIeup1AZ6W8tZSXvQmFMB8GA1UdIwQY
MBaAFFWVmwvaCg9ZH5aECFOfMxgQuyU0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlpXYkM5b0tEMWtmbG9RSVU1OHpHQkM3SlRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS8xM2ZjNTktM2I0Zi00NTJjLTgxZDQt
MTQxNTI4NjY0ZDBiLzEvajQ3Rk4xYjlRaDY2blVCbnBieTFsSmU5Q1lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS8xM2ZjNTktM2I0Zi00NTJjLTgxZDQtMTQxNTI4NjY0ZDBi
LzEvVlpXYkM5b0tEMWtmbG9RSVU1OHpHQkM3SlRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABYVxMA0G
CSqGSIb3DQEBCwUAA4IBAQBjV7eqdhP2et2vMySe6hTUjx7FAK697e8BVNOB4vnI
qsKgCRVGkV6kM/gqENxCjLftU8Pz7Dkq3G+MBmj/f6++H8LdXRpnHJGOKT/ps1+V
dMfi8ZUuZIdKeWZg99S9TdNl/SmUxvfIOJBDq5ROavxqH2/6S7OGik5CE6Xp2/bp
//dz3EHzEHWYJlg6DiYRCaFYjxNdEVdb6nR7pltSNcr+9kwKSTzEU/GD6I3NkzlH
Pn5tuN45BU3evcqTWt+vgwLtQV96iUUAjsnjm8in5ZjrCHXQKpIDt6gJZIe36GXW
ASqBiQFdbqyYG61XgQ1EEPBiqY+lJspZ0Wa6eZsdqOja
-----END CERTIFICATE-----