Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/6bb227-5b36-4f2a-a1c5-9ef36d251517/1/XSb0pv-jOm54PcM-GI5OSX17JUQ.roa
File:                     XSb0pv-jOm54PcM-GI5OSX17JUQ.roa (raw, json)
Hash identifier:          jjPvsSWelUMmsHzk/TsCn8q/7aDTMMaIxedWB0oxymI=
Subject key identifier:   5D:26:F4:A6:FF:A3:3A:6E:78:3D:C3:3E:18:8E:4E:49:7D:7B:25:44
Certificate issuer:       /CN=84a4aca020fb2bdc93a47266e87ec67cdc8857c5
Certificate serial:       019DA9BF527DED7CDF17F65EBDDFADFFBEBB
Authority key identifier: 84:A4:AC:A0:20:FB:2B:DC:93:A4:72:66:E8:7E:C6:7C:DC:88:57:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hKSsoCD7K9yTpHJm6H7GfNyIV8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/6bb227-5b36-4f2a-a1c5-9ef36d251517/1/XSb0pv-jOm54PcM-GI5OSX17JUQ.roa
Signing time:             Mon 20 Apr 2026 07:16:20 +0000
ROA not before:           Mon 20 Apr 2026 07:16:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50627
IP address blocks:        5.42.144.0/22 maxlen: 24
                          178.20.36.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/6bb227-5b36-4f2a-a1c5-9ef36d251517/1/hKSsoCD7K9yTpHJm6H7GfNyIV8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/6bb227-5b36-4f2a-a1c5-9ef36d251517/1/hKSsoCD7K9yTpHJm6H7GfNyIV8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hKSsoCD7K9yTpHJm6H7GfNyIV8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 16:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:a9:bf:52:7d:ed:7c:df:17:f6:5e:bd:df:ad:ff:be:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84a4aca020fb2bdc93a47266e87ec67cdc8857c5
        Validity
            Not Before: Apr 20 07:16:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5d26f4a6ffa33a6e783dc33e188e4e497d7b2544
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:95:9d:73:68:ca:d0:18:02:f0:f2:c1:73:ce:
                    73:c5:90:c0:39:39:eb:c3:b5:97:13:b6:fb:0a:dd:
                    2e:3a:59:e3:bd:b0:f6:6a:61:1b:9f:49:91:d4:57:
                    8d:e5:ac:fa:7b:8c:ce:1e:a3:87:15:3c:4c:4b:4c:
                    b6:f3:51:ce:b2:1f:e5:7b:39:ed:a4:dc:6e:d5:3e:
                    87:b2:f5:a5:31:11:16:e4:7b:86:ce:51:12:a6:3f:
                    72:e8:dd:10:2b:ce:ed:e3:39:7d:29:c0:6a:96:55:
                    ea:eb:a2:e7:8f:4a:03:6a:aa:ed:39:a0:91:ad:18:
                    da:0a:e9:16:15:3e:f8:3b:58:cd:4b:78:c4:7b:0e:
                    c9:bc:f3:81:1f:bf:64:c2:92:b4:60:6e:32:01:ab:
                    83:16:f6:94:49:93:28:45:89:9a:01:c2:30:5b:5e:
                    48:fc:c9:13:a1:96:13:1c:5c:65:6e:13:01:c5:8f:
                    c7:de:23:a2:8d:90:a8:96:e7:36:cc:36:13:91:92:
                    40:10:f4:10:da:91:98:37:07:e6:09:fa:e4:e7:36:
                    c4:3f:2f:56:9a:34:10:f8:ff:05:51:72:15:8b:9c:
                    6b:6a:64:61:d4:11:96:26:eb:19:ee:20:22:76:4a:
                    07:e2:bd:f0:af:cd:cd:e7:81:07:9e:35:af:fe:4a:
                    a3:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:26:F4:A6:FF:A3:3A:6E:78:3D:C3:3E:18:8E:4E:49:7D:7B:25:44
            X509v3 Authority Key Identifier:
                keyid:84:A4:AC:A0:20:FB:2B:DC:93:A4:72:66:E8:7E:C6:7C:DC:88:57:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hKSsoCD7K9yTpHJm6H7GfNyIV8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/6bb227-5b36-4f2a-a1c5-9ef36d251517/1/XSb0pv-jOm54PcM-GI5OSX17JUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/6bb227-5b36-4f2a-a1c5-9ef36d251517/1/hKSsoCD7K9yTpHJm6H7GfNyIV8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.144.0/22
                  178.20.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c7:b4:36:de:91:3d:67:3d:1c:68:80:63:72:f6:99:67:a7:46:
         7d:86:9a:a8:3c:54:8d:54:fc:f1:6f:db:02:ec:b1:12:6f:cf:
         78:fe:7b:2d:b5:bd:e4:7c:98:d6:cc:50:16:8c:35:1c:19:eb:
         50:0c:40:48:c2:01:42:a9:50:9a:85:4f:a6:d7:e2:92:15:e7:
         cf:62:a9:81:13:af:d1:c7:84:c5:6a:8e:83:d4:c2:4a:e2:cc:
         9f:1f:b4:5f:bf:dc:8f:00:bd:1c:39:c7:af:ae:df:ca:f7:01:
         f9:dd:a5:d3:ce:b0:d0:82:a4:5c:5b:bc:f0:b3:1f:8e:98:4c:
         9b:ba:e4:9b:d2:91:40:ed:08:81:22:88:05:bb:d3:6a:f4:28:
         4e:15:00:e4:a7:11:ef:96:df:ab:3f:2d:9e:93:14:1a:dc:ae:
         ba:bc:0d:7b:2d:f2:78:94:d2:ca:f5:e7:1c:46:29:4d:bc:eb:
         17:ca:ea:5c:ea:de:a2:4f:26:83:b6:22:27:30:59:99:70:ff:
         cb:7e:4d:dc:51:69:64:c1:24:f7:90:ff:2c:9a:cb:1a:73:38:
         6e:87:42:b3:1b:ca:c6:d3:9b:ba:a3:9d:de:7c:2a:09:8f:17:
         f9:74:ef:d1:9e:c7:76:aa:b2:eb:7a:b0:6f:9a:14:ec:d8:be:
         10:95:c8:9f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2pv1J97XzfF/Zevd+t/767MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YTRhY2EwMjBmYjJiZGM5M2E0NzI2NmU4N2VjNjdjZGM4
ODU3YzUwHhcNMjYwNDIwMDcxNjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDI2ZjRhNmZmYTMzYTZlNzgzZGMzM2UxODhlNGU0OTdkN2IyNTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzZWdc2jK0BgC8PLBc85zxZDAOTnr
w7WXE7b7Ct0uOlnjvbD2amEbn0mR1FeN5az6e4zOHqOHFTxMS0y281HOsh/leznt
pNxu1T6HsvWlMREW5HuGzlESpj9y6N0QK87t4zl9KcBqllXq66Lnj0oDaqrtOaCR
rRjaCukWFT74O1jNS3jEew7JvPOBH79kwpK0YG4yAauDFvaUSZMoRYmaAcIwW15I
/MkToZYTHFxlbhMBxY/H3iOijZColuc2zDYTkZJAEPQQ2pGYNwfmCfrk5zbEPy9W
mjQQ+P8FUXIVi5xramRh1BGWJusZ7iAidkoH4r3wr83N54EHnjWv/kqjowIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF0m9Kb/ozpueD3DPhiOTkl9eyVEMB8GA1UdIwQY
MBaAFISkrKAg+yvck6RyZuh+xnzciFfFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEtTc29DRDdLOXlUcEhKbTZIN0dmTnlJVjhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi82YmIyMjctNWIzNi00ZjJhLWExYzUt
OWVmMzZkMjUxNTE3LzEvWFNiMHB2LWpPbTU0UGNNLUdJNU9TWDE3SlVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi82YmIyMjctNWIzNi00ZjJhLWExYzUtOWVmMzZkMjUxNTE3
LzEvaEtTc29DRDdLOXlUcEhKbTZIN0dmTnlJVjhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCBSqQAwQC
shQkMA0GCSqGSIb3DQEBCwUAA4IBAQDHtDbekT1nPRxogGNy9plnp0Z9hpqoPFSN
VPzxb9sC7LESb894/nsttb3kfJjWzFAWjDUcGetQDEBIwgFCqVCahU+m1+KSFefP
YqmBE6/Rx4TFao6D1MJK4syfH7Rfv9yPAL0cOcevrt/K9wH53aXTzrDQgqRcW7zw
sx+OmEybuuSb0pFA7QiBIogFu9Nq9ChOFQDkpxHvlt+rPy2ekxQa3K66vA17LfJ4
lNLK9eccRilNvOsXyupc6t6iTyaDtiInMFmZcP/Lfk3cUWlkwST3kP8smssaczhu
h0KzG8rG05u6o53efCoJjxf5dO/Rnsd2qrLrerBvmhTs2L4Qlcif
-----END CERTIFICATE-----