Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/3770f8-62fe-40a5-94b5-548e7e4b102b/1/1-5k5xjduxlogWOiXreI7TJnM024.roa
File:                     1-5k5xjduxlogWOiXreI7TJnM024.roa (raw, json)
Hash identifier:          IbwzFMhgk6SMkYxfNDiP7rzrsaMadpQ6ZIFm72M7F0g=
Subject key identifier:   FB:99:39:C6:37:6E:C6:5A:20:58:E8:97:AD:E2:3B:4C:99:CC:D3:6E
Certificate issuer:       /CN=3a3c63cbd934825e55bbe359cb7306869ed451cd
Certificate serial:       019D3E18FA36F3E78615ED6815BAA8E107E5
Authority key identifier: 3A:3C:63:CB:D9:34:82:5E:55:BB:E3:59:CB:73:06:86:9E:D4:51:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ojxjy9k0gl5Vu-NZy3MGhp7UUc0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/3770f8-62fe-40a5-94b5-548e7e4b102b/1/1-5k5xjduxlogWOiXreI7TJnM024.roa
Signing time:             Mon 30 Mar 2026 09:35:17 +0000
ROA not before:           Mon 30 Mar 2026 09:35:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48147
IP address blocks:        109.206.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/3770f8-62fe-40a5-94b5-548e7e4b102b/1/Ojxjy9k0gl5Vu-NZy3MGhp7UUc0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/3770f8-62fe-40a5-94b5-548e7e4b102b/1/Ojxjy9k0gl5Vu-NZy3MGhp7UUc0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ojxjy9k0gl5Vu-NZy3MGhp7UUc0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:3e:18:fa:36:f3:e7:86:15:ed:68:15:ba:a8:e1:07:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a3c63cbd934825e55bbe359cb7306869ed451cd
        Validity
            Not Before: Mar 30 09:35:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fb9939c6376ec65a2058e897ade23b4c99ccd36e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:1e:0c:f3:b4:19:dc:cf:f4:eb:d6:0f:7a:ca:
                    cc:78:34:88:30:7d:f9:7d:35:e7:90:b4:f3:df:3b:
                    4d:a7:f3:35:bd:27:3c:35:db:1c:04:1c:1d:94:c9:
                    d5:50:d0:77:15:86:28:1f:7c:34:6f:7a:ab:28:c6:
                    88:d8:4b:fa:4b:14:42:d5:c3:7f:45:38:54:94:a9:
                    a2:77:ed:78:9c:09:a8:c3:55:da:54:47:d2:6c:b4:
                    e4:99:12:e5:b5:4a:af:9a:74:0a:30:b4:ae:18:35:
                    06:33:35:73:f1:97:c2:c8:5f:4a:e6:a9:69:56:2f:
                    64:62:98:0b:5c:ee:73:e5:91:03:8c:71:bb:63:d0:
                    47:f7:1d:d2:81:c4:a8:2e:4d:39:fd:cd:a4:35:97:
                    c5:d0:7d:24:6e:ec:07:c6:1c:fd:73:88:e8:40:df:
                    ef:79:9e:63:f2:75:87:76:e9:63:f1:3d:19:eb:d3:
                    29:db:f0:f8:3c:08:3d:e6:92:52:17:61:97:73:83:
                    57:a2:28:69:84:7a:5b:9d:47:7b:5c:98:d8:e9:d3:
                    c4:49:31:66:32:f3:51:5c:fd:2e:8e:dd:e9:d6:19:
                    3d:20:78:c9:34:9d:60:8f:22:03:9b:b3:10:3e:34:
                    b6:5d:56:92:75:70:4f:4c:34:b1:73:9e:d5:a0:b0:
                    cd:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:99:39:C6:37:6E:C6:5A:20:58:E8:97:AD:E2:3B:4C:99:CC:D3:6E
            X509v3 Authority Key Identifier:
                keyid:3A:3C:63:CB:D9:34:82:5E:55:BB:E3:59:CB:73:06:86:9E:D4:51:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ojxjy9k0gl5Vu-NZy3MGhp7UUc0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/3770f8-62fe-40a5-94b5-548e7e4b102b/1/1-5k5xjduxlogWOiXreI7TJnM024.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/3770f8-62fe-40a5-94b5-548e7e4b102b/1/Ojxjy9k0gl5Vu-NZy3MGhp7UUc0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.206.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:11:3a:a0:76:3e:a0:9a:dd:1b:4d:d3:4d:88:97:6e:0b:b2:
         97:4f:f9:2e:32:37:81:35:21:85:73:bd:f2:c2:78:6a:aa:76:
         ec:6e:2c:1a:ac:00:69:64:68:3c:a7:d1:c6:2e:3c:0a:67:b7:
         e6:05:cb:e8:5b:ab:80:5f:7e:ec:d4:cd:42:f6:4a:89:38:1a:
         c6:e5:f3:1c:bb:67:04:17:70:e6:39:7c:71:8b:36:6d:af:5c:
         2f:08:aa:ca:ca:47:07:5d:6e:d0:67:2b:38:b3:0d:86:ee:8d:
         cd:04:8c:8c:6e:90:f6:58:96:ca:5f:af:e7:6d:1d:b6:ce:d7:
         d1:ec:9f:36:18:26:d1:f7:53:29:c2:8e:d0:c8:14:6c:01:1d:
         fe:8c:97:d1:e9:be:2a:6c:ba:b1:b9:b6:b8:41:c0:29:f8:e3:
         95:38:b6:2f:f2:0b:f6:e6:5a:bd:f9:2e:37:66:b9:c1:17:5f:
         57:4f:a2:45:b4:cc:6e:64:2e:3e:bf:3e:31:c3:1c:d2:a5:87:
         ee:25:8e:11:f8:af:85:2c:9a:3e:59:18:ef:01:a8:9d:1b:e0:
         01:2c:ee:29:08:1f:f2:02:2d:cf:d8:b1:be:97:4b:bb:c8:10:
         48:6f:b4:7c:2b:91:24:5c:b0:f9:d8:bd:fe:c2:a9:54:8a:f9:
         89:7c:2f:e9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ0+GPo28+eGFe1oFbqo4QflMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhM2M2M2NiZDkzNDgyNWU1NWJiZTM1OWNiNzMwNjg2OWVk
NDUxY2QwHhcNMjYwMzMwMDkzNTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjk5MzljNjM3NmVjNjVhMjA1OGU4OTdhZGUyM2I0Yzk5Y2NkMzZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7h4M87QZ3M/069YPesrMeDSIMH35
fTXnkLTz3ztNp/M1vSc8NdscBBwdlMnVUNB3FYYoH3w0b3qrKMaI2Ev6SxRC1cN/
RThUlKmid+14nAmow1XaVEfSbLTkmRLltUqvmnQKMLSuGDUGMzVz8ZfCyF9K5qlp
Vi9kYpgLXO5z5ZEDjHG7Y9BH9x3SgcSoLk05/c2kNZfF0H0kbuwHxhz9c4joQN/v
eZ5j8nWHdulj8T0Z69Mp2/D4PAg95pJSF2GXc4NXoihphHpbnUd7XJjY6dPESTFm
MvNRXP0ujt3p1hk9IHjJNJ1gjyIDm7MQPjS2XVaSdXBPTDSxc57VoLDNDQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPuZOcY3bsZaIFjol63iO0yZzNNuMB8GA1UdIwQY
MBaAFDo8Y8vZNIJeVbvjWctzBoae1FHNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2p4ank5azBnbDVWdS1OWnkzTUdocDdVVWMwLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8zNzcwZjgtNjJmZS00MGE1LTk0YjUt
NTQ4ZTdlNGIxMDJiLzEvMS01azV4amR1eGxvZ1dPaVhyZUk3VEpuTTAyNC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODIvMzc3MGY4LTYyZmUtNDBhNS05NGI1LTU0OGU3ZTRiMTAy
Yi8xL09qeGp5OWswZ2w1VnUtTlp5M01HaHA3VVVjMC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAG3O/TAN
BgkqhkiG9w0BAQsFAAOCAQEAShE6oHY+oJrdG03TTYiXbguyl0/5LjI3gTUhhXO9
8sJ4aqp27G4sGqwAaWRoPKfRxi48Cme35gXL6FurgF9+7NTNQvZKiTgaxuXzHLtn
BBdw5jl8cYs2ba9cLwiqyspHB11u0GcrOLMNhu6NzQSMjG6Q9liWyl+v520dts7X
0eyfNhgm0fdTKcKO0MgUbAEd/oyX0em+Kmy6sbm2uEHAKfjjlTi2L/IL9uZavfku
N2a5wRdfV0+iRbTMbmQuPr8+McMc0qWH7iWOEfivhSyaPlkY7wGonRvgASzuKQgf
8gItz9ixvpdLu8gQSG+0fCuRJFyw+di9/sKpVIr5iXwv6Q==
-----END CERTIFICATE-----