Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/5OcaW_u-IVVVs4vVhK7WkBglTgU.roa
File:                     5OcaW_u-IVVVs4vVhK7WkBglTgU.roa (raw, json)
Hash identifier:          OGfPTP+KfzJ3exJYRBgK9TdIK/XRuaNfOoDR836pTHM=
Subject key identifier:   E4:E7:1A:5B:FB:BE:21:55:55:B3:8B:D5:84:AE:D6:90:18:25:4E:05
Certificate issuer:       /CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
Certificate serial:       019C24F4229AEDF62C202C43E4E34DE25003
Authority key identifier: 9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/5OcaW_u-IVVVs4vVhK7WkBglTgU.roa
Signing time:             Tue 03 Feb 2026 19:21:45 +0000
ROA not before:           Tue 03 Feb 2026 19:21:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8708
IP address blocks:        185.253.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:24:f4:22:9a:ed:f6:2c:20:2c:43:e4:e3:4d:e2:50:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
        Validity
            Not Before: Feb  3 19:21:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e4e71a5bfbbe215555b38bd584aed69018254e05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:ed:55:d5:1f:bb:89:d5:1f:69:3b:c6:ce:e3:
                    77:6a:31:c4:de:99:d2:67:7b:a0:0f:17:be:cb:b0:
                    58:42:a4:ef:43:72:05:7d:13:fa:3c:c0:e8:52:a0:
                    a5:8d:78:ce:c0:43:d4:7c:a0:10:67:b9:31:6b:f3:
                    91:cb:3b:0c:d4:71:86:96:fc:a3:a7:28:ce:fa:35:
                    a1:81:9b:d2:61:f4:4b:ce:7a:fc:e8:4f:c5:78:03:
                    c3:f8:28:3b:f8:bd:fd:40:6d:7d:5a:50:f1:b9:d0:
                    38:05:cb:f4:e3:9d:9f:74:69:ef:43:0d:fb:2f:a2:
                    b1:26:2e:03:a7:2c:e6:13:2b:54:04:93:4b:7b:34:
                    c9:29:37:d9:7b:57:cd:8f:2d:b2:4d:c0:9c:0f:77:
                    72:54:82:8c:82:d2:d5:59:19:90:48:98:aa:d0:22:
                    6b:7b:6a:3e:f9:01:6c:a5:7d:92:b0:4e:de:c9:d7:
                    ed:7e:ab:49:35:59:a3:0a:8e:dc:ef:cd:9a:7c:73:
                    a3:60:b5:5a:2d:db:a2:5b:53:b7:59:ac:fe:f3:ba:
                    d7:f4:ea:db:1b:ac:e4:63:18:c6:c2:5e:9b:3b:fb:
                    a0:06:e0:01:2f:f7:f8:0d:40:17:c2:65:96:69:cd:
                    c8:31:02:10:5c:6e:94:fb:b2:47:81:51:e7:d9:f4:
                    4f:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:E7:1A:5B:FB:BE:21:55:55:B3:8B:D5:84:AE:D6:90:18:25:4E:05
            X509v3 Authority Key Identifier:
                keyid:9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/5OcaW_u-IVVVs4vVhK7WkBglTgU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.253.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:53:be:b6:3b:ab:49:7a:f2:8e:4b:dc:78:da:b3:26:d1:37:
         db:e4:5d:13:fb:48:f3:05:5a:e6:6c:ac:48:9f:60:fb:a5:59:
         af:f9:43:27:1b:f6:bb:fc:a0:e1:a5:b5:55:ca:6b:a6:60:50:
         74:d4:df:bd:8b:5b:85:ca:09:65:13:b9:75:3e:0f:51:66:25:
         d7:c8:d7:fa:19:cc:a6:77:6c:75:29:d1:01:34:15:77:31:3a:
         0c:e2:37:ba:ef:87:41:aa:82:6e:b8:e9:e1:f4:7f:93:1f:45:
         d0:25:17:6e:8f:d5:2b:84:cb:6a:95:72:fd:83:69:1a:23:05:
         25:04:d7:40:b6:a9:dd:7e:a3:89:ac:fe:4f:e4:fd:57:38:25:
         81:11:ee:76:fe:5c:ac:14:74:27:c0:d6:9e:7c:a3:ad:a6:11:
         fe:d0:42:57:72:e2:4a:07:e9:0b:43:b4:fc:19:08:7c:8a:ed:
         a2:da:0f:10:39:ac:0a:7c:a8:06:02:c4:e0:7f:0f:72:18:17:
         c2:25:e4:bc:7b:49:2e:37:68:58:d7:15:22:37:fa:58:cf:7f:
         06:df:c5:61:29:62:dd:36:d6:23:e4:45:e5:78:62:58:99:8b:
         00:a9:fb:e5:64:1b:e6:14:af:4a:2e:6b:05:f3:57:ce:b3:a8:
         af:6a:35:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwk9CKa7fYsICxD5ONN4lADMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNTQyZjVkZjNjMWFjYjg1N2ZkNTBlZWIwMTZlZWQwNzM4
NWZmOGMwHhcNMjYwMjAzMTkyMTQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGU3MWE1YmZiYmUyMTU1NTViMzhiZDU4NGFlZDY5MDE4MjU0ZTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsu1V1R+7idUfaTvGzuN3ajHE3pnS
Z3ugDxe+y7BYQqTvQ3IFfRP6PMDoUqCljXjOwEPUfKAQZ7kxa/ORyzsM1HGGlvyj
pyjO+jWhgZvSYfRLznr86E/FeAPD+Cg7+L39QG19WlDxudA4Bcv0452fdGnvQw37
L6KxJi4DpyzmEytUBJNLezTJKTfZe1fNjy2yTcCcD3dyVIKMgtLVWRmQSJiq0CJr
e2o++QFspX2SsE7eydftfqtJNVmjCo7c782afHOjYLVaLduiW1O3Waz+87rX9Orb
G6zkYxjGwl6bO/ugBuABL/f4DUAXwmWWac3IMQIQXG6U+7JHgVHn2fRPvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOTnGlv7viFVVbOL1YSu1pAYJU4FMB8GA1UdIwQY
MBaAFJxUL13zway4V/1Q7rAW7tBzhf+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUt
MjVkYmY0MzgwNGM1LzEvNU9jYVdfdS1JVlZWczR2VmhLN1drQmdsVGdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUtMjVkYmY0MzgwNGM1
LzEvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf0GMA0G
CSqGSIb3DQEBCwUAA4IBAQAAU762O6tJevKOS9x42rMm0Tfb5F0T+0jzBVrmbKxI
n2D7pVmv+UMnG/a7/KDhpbVVymumYFB01N+9i1uFygllE7l1Pg9RZiXXyNf6Gcym
d2x1KdEBNBV3MToM4je674dBqoJuuOnh9H+TH0XQJRduj9UrhMtqlXL9g2kaIwUl
BNdAtqndfqOJrP5P5P1XOCWBEe52/lysFHQnwNaefKOtphH+0EJXcuJKB+kLQ7T8
GQh8iu2i2g8QOawKfKgGAsTgfw9yGBfCJeS8e0kuN2hY1xUiN/pYz38G38VhKWLd
NtYj5EXleGJYmYsAqfvlZBvmFK9KLmsF81fOs6ivajVW
-----END CERTIFICATE-----