Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/4L5LfyrxMkGQ2rN7oxTaKP0FiGE.roa
File:                     4L5LfyrxMkGQ2rN7oxTaKP0FiGE.roa (raw, json)
Hash identifier:          xGJ0KNYmEJfn7BJL9lBi0LmA90ycY8g1fLRg9+7CUrk=
Subject key identifier:   E0:BE:4B:7F:2A:F1:32:41:90:DA:B3:7B:A3:14:DA:28:FD:05:88:61
Certificate issuer:       /CN=50182bee9aa010c1ffd2d804f6aa7b14bddb91f7
Certificate serial:       019CA7FA079A0DB40DCDB936390AE71E3330
Authority key identifier: 50:18:2B:EE:9A:A0:10:C1:FF:D2:D8:04:F6:AA:7B:14:BD:DB:91:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UBgr7pqgEMH_0tgE9qp7FL3bkfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/4L5LfyrxMkGQ2rN7oxTaKP0FiGE.roa
Signing time:             Sun 01 Mar 2026 05:58:26 +0000
ROA not before:           Sun 01 Mar 2026 05:58:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208905
IP address blocks:        62.56.222.0/23 maxlen: 24
                          81.199.34.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/UBgr7pqgEMH_0tgE9qp7FL3bkfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/UBgr7pqgEMH_0tgE9qp7FL3bkfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UBgr7pqgEMH_0tgE9qp7FL3bkfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:a7:fa:07:9a:0d:b4:0d:cd:b9:36:39:0a:e7:1e:33:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50182bee9aa010c1ffd2d804f6aa7b14bddb91f7
        Validity
            Not Before: Mar  1 05:58:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e0be4b7f2af1324190dab37ba314da28fd058861
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:5d:04:a2:d1:04:e2:ae:90:4b:da:6e:bf:35:
                    60:42:15:e5:b8:1c:91:73:de:a1:05:3e:b5:36:69:
                    53:d2:4d:61:11:bb:4c:ee:01:2b:19:b5:a8:0e:eb:
                    8f:4a:a4:87:ec:1d:c1:e8:0c:b6:e1:e0:6a:4f:50:
                    13:d5:47:90:87:9c:f6:6a:1c:cc:5f:b3:7f:a7:a7:
                    66:2e:da:50:32:d9:78:67:33:dd:fa:1d:4d:a4:bf:
                    94:45:65:68:9c:a7:20:a4:49:d6:af:fe:06:af:1e:
                    a5:4c:ae:52:20:89:c4:54:1d:2c:1d:b9:c7:90:9b:
                    f3:0d:8f:b1:8d:2d:21:5d:6d:9d:7d:ee:a0:25:93:
                    b8:ed:df:6f:8a:7c:53:03:3a:b3:3a:af:29:e4:30:
                    aa:66:9d:8d:d1:0c:15:bd:95:78:69:b0:7b:ec:68:
                    7a:e6:57:c7:24:53:ff:61:a9:51:b2:48:28:d3:ec:
                    da:7b:f0:79:1a:43:34:06:10:a9:48:99:02:ac:d8:
                    65:46:b2:72:38:f7:1d:e0:d6:ea:2e:68:03:15:3b:
                    f0:87:2d:b3:47:d4:09:b7:75:8b:0a:6c:8a:42:6b:
                    5e:23:c2:a7:62:52:75:33:36:f4:76:8a:85:25:f2:
                    95:70:53:a2:fb:df:49:bf:c8:d8:90:1d:f2:c5:99:
                    23:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:BE:4B:7F:2A:F1:32:41:90:DA:B3:7B:A3:14:DA:28:FD:05:88:61
            X509v3 Authority Key Identifier:
                keyid:50:18:2B:EE:9A:A0:10:C1:FF:D2:D8:04:F6:AA:7B:14:BD:DB:91:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UBgr7pqgEMH_0tgE9qp7FL3bkfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/4L5LfyrxMkGQ2rN7oxTaKP0FiGE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/bd4566-ac27-46f8-94f9-19d1bb61d9a7/1/UBgr7pqgEMH_0tgE9qp7FL3bkfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.56.222.0/23
                  81.199.34.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ac:66:80:2d:99:81:71:d8:9a:21:0a:79:97:8f:d8:4c:28:1b:
         31:ea:6e:13:9b:b5:97:e5:9c:db:d7:50:fc:20:d5:97:7f:4e:
         77:ac:d7:9d:16:f5:fb:49:d6:e4:51:e6:35:8c:17:b5:17:7f:
         54:d5:26:1e:5d:27:00:57:01:07:0d:97:60:07:c2:43:f4:1a:
         f4:bb:f7:69:25:7a:ff:76:61:72:ec:fb:95:49:0a:78:43:a2:
         23:2a:56:b8:fd:f1:70:da:5d:e5:1f:42:67:94:8f:29:f4:c8:
         cc:e5:29:92:4d:57:fa:13:88:7d:6b:5c:0f:d0:f3:4b:e8:58:
         35:27:aa:57:fa:ed:6b:6d:b6:91:6e:f7:c7:f7:27:31:fd:bf:
         a1:4c:58:7e:83:5e:cf:5b:29:6d:4d:c2:28:00:6d:d9:98:7b:
         bb:d8:1e:37:93:b3:3c:89:95:a9:21:08:23:43:02:e4:7a:14:
         78:3e:15:84:24:d1:53:50:bc:d0:5d:d0:5c:3d:05:f3:7c:19:
         00:5e:77:0c:ab:17:9c:8d:78:e0:e3:a1:38:bd:82:12:e5:c7:
         9b:ff:7f:3c:51:6b:43:de:39:c7:9d:6d:87:42:62:41:cc:fb:
         8c:a5:07:1b:89:5f:a1:93:44:24:83:87:32:e8:7a:7f:0c:96:
         e4:be:7c:90
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZyn+geaDbQNzbk2OQrnHjMwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwMTgyYmVlOWFhMDEwYzFmZmQyZDgwNGY2YWE3YjE0YmRk
YjkxZjcwHhcNMjYwMzAxMDU1ODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGJlNGI3ZjJhZjEzMjQxOTBkYWIzN2JhMzE0ZGEyOGZkMDU4ODYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA510EotEE4q6QS9puvzVgQhXluByR
c96hBT61NmlT0k1hEbtM7gErGbWoDuuPSqSH7B3B6Ay24eBqT1AT1UeQh5z2ahzM
X7N/p6dmLtpQMtl4ZzPd+h1NpL+URWVonKcgpEnWr/4Grx6lTK5SIInEVB0sHbnH
kJvzDY+xjS0hXW2dfe6gJZO47d9vinxTAzqzOq8p5DCqZp2N0QwVvZV4abB77Gh6
5lfHJFP/YalRskgo0+zae/B5GkM0BhCpSJkCrNhlRrJyOPcd4NbqLmgDFTvwhy2z
R9QJt3WLCmyKQmteI8KnYlJ1Mzb0doqFJfKVcFOi+99Jv8jYkB3yxZkjOQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOC+S38q8TJBkNqze6MU2ij9BYhhMB8GA1UdIwQY
MBaAFFAYK+6aoBDB/9LYBPaqexS925H3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUJncjdwcWdFTUhfMHRnRTlxcDdGTDNia2ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9iZDQ1NjYtYWMyNy00NmY4LTk0Zjkt
MTlkMWJiNjFkOWE3LzEvNEw1TGZ5cnhNa0dRMnJON294VGFLUDBGaUdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9iZDQ1NjYtYWMyNy00NmY4LTk0ZjktMTlkMWJiNjFkOWE3
LzEvVUJncjdwcWdFTUhfMHRnRTlxcDdGTDNia2ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBPjjeAwQB
UcciMA0GCSqGSIb3DQEBCwUAA4IBAQCsZoAtmYFx2JohCnmXj9hMKBsx6m4Tm7WX
5Zzb11D8INWXf053rNedFvX7SdbkUeY1jBe1F39U1SYeXScAVwEHDZdgB8JD9Br0
u/dpJXr/dmFy7PuVSQp4Q6IjKla4/fFw2l3lH0JnlI8p9MjM5SmSTVf6E4h9a1wP
0PNL6Fg1J6pX+u1rbbaRbvfH9ycx/b+hTFh+g17PWyltTcIoAG3ZmHu72B43k7M8
iZWpIQgjQwLkehR4PhWEJNFTULzQXdBcPQXzfBkAXncMqxecjXjg46E4vYIS5ceb
/388UWtD3jnHnW2HQmJBzPuMpQcbiV+hk0Qkg4cy6Hp/DJbkvnyQ
-----END CERTIFICATE-----