Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/5HW8zLPLznfqUxUNyTpDFY9vGw0.roa
File:                     5HW8zLPLznfqUxUNyTpDFY9vGw0.roa (raw, json)
Hash identifier:          jK18epl37v4PqkLcmNcS8ap8X/7NG9axWJ770xDMXcY=
Subject key identifier:   E4:75:BC:CC:B3:CB:CE:77:EA:53:15:0D:C9:3A:43:15:8F:6F:1B:0D
Certificate issuer:       /CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
Certificate serial:       019D9C1C68784228BB0F6C295B209C03DCD3
Authority key identifier: 8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/5HW8zLPLznfqUxUNyTpDFY9vGw0.roa
Signing time:             Fri 17 Apr 2026 15:43:20 +0000
ROA not before:           Fri 17 Apr 2026 15:43:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     394814
IP address blocks:        94.131.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 14:47:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9c:1c:68:78:42:28:bb:0f:6c:29:5b:20:9c:03:dc:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
        Validity
            Not Before: Apr 17 15:43:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e475bcccb3cbce77ea53150dc93a43158f6f1b0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:4b:f0:84:d4:d2:ad:58:44:e6:13:05:b4:1a:
                    57:dd:be:6f:fa:b0:74:f0:b0:a6:63:1d:93:ef:03:
                    1a:7a:1c:e4:67:8c:d2:4f:0a:53:4f:4b:b9:f2:a7:
                    75:ff:1a:01:bf:02:69:57:84:3c:eb:12:b2:27:a4:
                    a4:ca:90:c5:6f:9f:8f:10:29:21:52:d9:7e:6b:41:
                    2d:b9:04:0d:29:f3:37:e2:47:6b:f9:13:27:9a:f8:
                    c4:b6:dd:d9:2f:08:aa:d2:a1:f9:9d:e3:fa:82:04:
                    ee:d4:0e:ea:6a:a2:be:ef:a7:d7:72:3e:66:d6:2e:
                    0b:9e:d9:3f:68:55:38:76:77:a4:05:6a:51:be:43:
                    09:15:a6:4e:12:9f:bb:9b:eb:b2:ca:5d:40:be:45:
                    8c:56:a9:83:8e:cd:f6:28:b6:ea:05:1b:c3:d5:7e:
                    f7:69:b6:11:fe:55:20:37:4a:54:49:46:11:be:70:
                    56:f4:78:5b:24:7c:7b:f7:9f:a8:0f:79:0a:0c:84:
                    d6:5f:8a:49:c8:77:1a:7a:c7:f6:8a:d4:2c:3d:b8:
                    fb:de:d1:fe:d3:99:37:ea:63:18:74:b2:ba:b8:e4:
                    a3:68:10:c9:a1:9b:23:a4:a0:63:bf:d6:04:a9:23:
                    92:ef:f5:b6:51:f4:95:51:c7:cd:a5:f8:6c:9a:be:
                    a5:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:75:BC:CC:B3:CB:CE:77:EA:53:15:0D:C9:3A:43:15:8F:6F:1B:0D
            X509v3 Authority Key Identifier:
                keyid:8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/5HW8zLPLznfqUxUNyTpDFY9vGw0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:c9:c0:12:92:69:3b:85:e6:3d:70:13:c9:47:9b:e1:d9:e7:
         49:bb:6b:96:ea:68:d2:ce:7d:b0:71:a2:9c:ea:eb:fe:32:00:
         c4:26:4f:b3:da:d7:17:78:63:2a:06:e7:f8:59:a1:ba:45:f2:
         ec:4d:e3:57:30:fc:87:89:9f:7d:51:a1:f1:88:86:ee:16:b8:
         de:38:18:fc:b7:7d:8e:1c:6e:b2:c7:c9:87:d8:f4:2b:34:5e:
         2e:e3:ac:b3:f6:0e:67:f0:f7:4b:29:65:f8:6a:a1:aa:43:96:
         4d:cf:e6:a4:4a:d6:8a:0b:ba:2b:3a:09:2c:df:65:2e:77:53:
         ac:59:ff:48:e8:41:3a:df:61:c1:09:97:36:62:c7:47:a3:be:
         03:27:05:88:c0:79:40:dd:3c:dd:f4:c3:89:c4:3c:0a:4b:cc:
         5b:27:c4:28:ab:dd:a2:1d:26:63:7c:48:c8:5c:0f:10:15:48:
         58:6c:e7:90:30:80:c6:03:cf:d9:e2:8d:5b:34:da:60:e8:b4:
         1f:f8:f0:2f:50:d9:4f:a0:01:d2:66:af:00:17:d0:8e:45:03:
         93:f3:04:b9:8b:d9:7c:a2:9a:f9:4b:d3:95:cd:ff:09:dc:3a:
         42:9e:06:7e:0d:0d:d7:a6:fc:2f:be:d0:af:31:51:6b:8b:fe:
         9e:4b:0a:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2cHGh4Qii7D2wpWyCcA9zTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYjQ0MWRhZGJiZWNiNjk2NWQ0ZWExZjA0NmNjNWM4ZTI4
ODE3ZmMwHhcNMjYwNDE3MTU0MzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDc1YmNjY2IzY2JjZTc3ZWE1MzE1MGRjOTNhNDMxNThmNmYxYjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApEvwhNTSrVhE5hMFtBpX3b5v+rB0
8LCmYx2T7wMaehzkZ4zSTwpTT0u58qd1/xoBvwJpV4Q86xKyJ6SkypDFb5+PECkh
Utl+a0EtuQQNKfM34kdr+RMnmvjEtt3ZLwiq0qH5neP6ggTu1A7qaqK+76fXcj5m
1i4Lntk/aFU4dnekBWpRvkMJFaZOEp+7m+uyyl1AvkWMVqmDjs32KLbqBRvD1X73
abYR/lUgN0pUSUYRvnBW9HhbJHx795+oD3kKDITWX4pJyHcaesf2itQsPbj73tH+
05k36mMYdLK6uOSjaBDJoZsjpKBjv9YEqSOS7/W2UfSVUcfNpfhsmr6lVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOR1vMyzy8536lMVDck6QxWPbxsNMB8GA1UdIwQY
MBaAFI60QdrbvstpZdTqHwRsxcjiiBf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmIt
NDZiOTQ5MDkyY2JlLzEvNUhXOHpMUEx6bmZxVXhVTnlUcERGWTl2R3cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmItNDZiOTQ5MDkyY2Jl
LzEvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXoPaMA0G
CSqGSIb3DQEBCwUAA4IBAQAIycASkmk7heY9cBPJR5vh2edJu2uW6mjSzn2wcaKc
6uv+MgDEJk+z2tcXeGMqBuf4WaG6RfLsTeNXMPyHiZ99UaHxiIbuFrjeOBj8t32O
HG6yx8mH2PQrNF4u46yz9g5n8PdLKWX4aqGqQ5ZNz+akStaKC7orOgks32Uud1Os
Wf9I6EE632HBCZc2YsdHo74DJwWIwHlA3Tzd9MOJxDwKS8xbJ8Qoq92iHSZjfEjI
XA8QFUhYbOeQMIDGA8/Z4o1bNNpg6LQf+PAvUNlPoAHSZq8AF9CORQOT8wS5i9l8
opr5S9OVzf8J3DpCngZ+DQ3XpvwvvtCvMVFri/6eSwot
-----END CERTIFICATE-----