Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/9d64ff-d4da-4dc9-8825-7118f8384c77/1/5IiWlb3vHBWlCp6tIVca2yVQHto.roa
File:                     5IiWlb3vHBWlCp6tIVca2yVQHto.roa (raw, json)
Hash identifier:          STYN3zexlvKSLuiZ3ZMU8hJ7HbklvtNxc22+hhIPD74=
Subject key identifier:   E4:88:96:95:BD:EF:1C:15:A5:0A:9E:AD:21:57:1A:DB:25:50:1E:DA
Certificate issuer:       /CN=e47406f4982b61824c8fd44b81ede0a99fc724e0
Certificate serial:       019BFF1AE10C936411CB3C86349E9E1A556B
Authority key identifier: E4:74:06:F4:98:2B:61:82:4C:8F:D4:4B:81:ED:E0:A9:9F:C7:24:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5HQG9JgrYYJMj9RLge3gqZ_HJOA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/9d64ff-d4da-4dc9-8825-7118f8384c77/1/5IiWlb3vHBWlCp6tIVca2yVQHto.roa
Signing time:             Tue 27 Jan 2026 10:58:30 +0000
ROA not before:           Tue 27 Jan 2026 10:58:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15404
IP address blocks:        5.11.96.0/20 maxlen: 20
                          178.249.200.0/21 maxlen: 21
                          185.8.120.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/9d64ff-d4da-4dc9-8825-7118f8384c77/1/5HQG9JgrYYJMj9RLge3gqZ_HJOA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/9d64ff-d4da-4dc9-8825-7118f8384c77/1/5HQG9JgrYYJMj9RLge3gqZ_HJOA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5HQG9JgrYYJMj9RLge3gqZ_HJOA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:ff:1a:e1:0c:93:64:11:cb:3c:86:34:9e:9e:1a:55:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e47406f4982b61824c8fd44b81ede0a99fc724e0
        Validity
            Not Before: Jan 27 10:58:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e4889695bdef1c15a50a9ead21571adb25501eda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:4e:47:4b:56:e1:c7:1b:15:7b:0c:a3:52:71:
                    cf:4a:90:18:97:75:8f:49:dc:26:34:7b:a8:f3:96:
                    fe:5b:19:97:d5:e0:7d:2d:ef:e3:30:fb:7d:7d:f5:
                    7a:77:7a:cb:56:ce:f5:49:25:b2:62:c0:ef:94:fb:
                    78:1b:7f:4a:bb:a4:42:6d:20:4e:62:26:0b:d2:ac:
                    c6:54:29:ab:73:99:e5:cb:27:07:36:b8:9a:8e:82:
                    13:5e:4a:d4:c1:55:b3:69:cf:73:2d:1e:84:8c:d6:
                    03:d0:db:6a:4e:f4:96:60:c4:1e:a5:42:69:03:0b:
                    17:7a:4b:45:82:0d:2d:92:dd:d5:bd:d9:c9:02:3f:
                    da:8f:41:b5:6e:e0:74:02:d0:31:ed:36:0a:9c:c3:
                    cb:77:01:45:da:bd:3b:c2:67:ad:63:6b:48:4a:83:
                    d4:e4:83:c5:96:03:2d:66:18:ce:51:13:1d:18:08:
                    ec:4d:02:a4:d8:05:f8:9e:74:7e:09:08:a2:ff:65:
                    c1:4d:73:c7:a4:fd:52:d2:4d:73:a3:3b:ae:7f:69:
                    a3:19:3d:42:6f:f3:36:cc:c8:ac:50:d0:75:6b:e7:
                    e3:68:f8:13:b4:f8:e1:0d:22:ca:68:13:88:59:ef:
                    bc:1e:d3:a0:10:9a:e7:45:5c:3e:5d:3c:d2:6f:8a:
                    bd:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:88:96:95:BD:EF:1C:15:A5:0A:9E:AD:21:57:1A:DB:25:50:1E:DA
            X509v3 Authority Key Identifier:
                keyid:E4:74:06:F4:98:2B:61:82:4C:8F:D4:4B:81:ED:E0:A9:9F:C7:24:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5HQG9JgrYYJMj9RLge3gqZ_HJOA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/9d64ff-d4da-4dc9-8825-7118f8384c77/1/5IiWlb3vHBWlCp6tIVca2yVQHto.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/9d64ff-d4da-4dc9-8825-7118f8384c77/1/5HQG9JgrYYJMj9RLge3gqZ_HJOA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.11.96.0/20
                  178.249.200.0/21
                  185.8.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         73:09:26:f2:65:af:de:eb:bb:6d:56:bc:6b:3c:29:d0:35:b4:
         1e:55:5f:dc:2b:10:9f:c5:1f:dc:82:f4:3b:80:e3:dc:19:80:
         c0:74:19:50:49:da:b7:85:6a:92:dd:c7:5c:16:df:85:82:ab:
         2b:06:36:97:eb:97:92:4e:60:a7:42:4a:00:b5:14:1a:18:3a:
         c1:3a:e5:3d:56:29:23:8c:d7:93:bb:5b:96:3e:9b:c9:3b:af:
         a9:7a:7d:35:ca:b2:ac:d1:68:a3:e1:22:6d:e9:91:62:a0:6f:
         40:51:98:40:86:9d:dd:8b:c4:10:d0:18:ab:f5:4a:26:95:e9:
         2e:74:0a:94:85:7b:aa:6f:55:ad:4f:fa:18:17:65:5d:12:0c:
         df:31:5e:c6:c5:f1:cd:c8:6a:16:d5:bd:65:65:b1:9d:af:89:
         c9:ea:c7:0c:c5:5e:11:ae:0e:2d:1b:b9:ca:b6:51:fd:11:e9:
         53:46:18:de:53:78:ec:e0:43:0e:77:f8:c6:17:56:32:16:7e:
         7b:20:69:bc:76:cc:74:eb:88:b9:ef:c8:95:ba:77:e1:45:1c:
         2a:b9:63:98:cf:9b:6d:0d:42:b6:d1:ee:03:4d:8e:b2:68:ea:
         c5:80:30:ef:83:1c:00:83:23:ad:27:c6:98:a9:68:b8:08:5f:
         c1:f9:43:f6
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZv/GuEMk2QRyzyGNJ6eGlVrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0NzQwNmY0OTgyYjYxODI0YzhmZDQ0YjgxZWRlMGE5OWZj
NzI0ZTAwHhcNMjYwMTI3MTA1ODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDg4OTY5NWJkZWYxYzE1YTUwYTllYWQyMTU3MWFkYjI1NTAxZWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtE5HS1bhxxsVewyjUnHPSpAYl3WP
SdwmNHuo85b+WxmX1eB9Le/jMPt9ffV6d3rLVs71SSWyYsDvlPt4G39Ku6RCbSBO
YiYL0qzGVCmrc5nlyycHNriajoITXkrUwVWzac9zLR6EjNYD0NtqTvSWYMQepUJp
AwsXektFgg0tkt3VvdnJAj/aj0G1buB0AtAx7TYKnMPLdwFF2r07wmetY2tISoPU
5IPFlgMtZhjOURMdGAjsTQKk2AX4nnR+CQii/2XBTXPHpP1S0k1zozuuf2mjGT1C
b/M2zMisUNB1a+fjaPgTtPjhDSLKaBOIWe+8HtOgEJrnRVw+XTzSb4q9FwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOSIlpW97xwVpQqerSFXGtslUB7aMB8GA1UdIwQY
MBaAFOR0BvSYK2GCTI/US4Ht4KmfxyTgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUhRRzlKZ3JZWUpNajlSTGdlM2dxWl9ISk9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS85ZDY0ZmYtZDRkYS00ZGM5LTg4MjUt
NzExOGY4Mzg0Yzc3LzEvNUlpV2xiM3ZIQldsQ3A2dElWY2EyeVZRSHRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS85ZDY0ZmYtZDRkYS00ZGM5LTg4MjUtNzExOGY4Mzg0Yzc3
LzEvNUhRRzlKZ3JZWUpNajlSTGdlM2dxWl9ISk9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQEBQtgAwQD
svnIAwQCuQh4MA0GCSqGSIb3DQEBCwUAA4IBAQBzCSbyZa/e67ttVrxrPCnQNbQe
VV/cKxCfxR/cgvQ7gOPcGYDAdBlQSdq3hWqS3cdcFt+FgqsrBjaX65eSTmCnQkoA
tRQaGDrBOuU9VikjjNeTu1uWPpvJO6+pen01yrKs0Wij4SJt6ZFioG9AUZhAhp3d
i8QQ0Bir9UomlekudAqUhXuqb1WtT/oYF2VdEgzfMV7GxfHNyGoW1b1lZbGdr4nJ
6scMxV4Rrg4tG7nKtlH9EelTRhjeU3js4EMOd/jGF1YyFn57IGm8dsx064i578iV
unfhRRwquWOYz5ttDUK20e4DTY6yaOrFgDDvgxwAgyOtJ8aYqWi4CF/B+UP2
-----END CERTIFICATE-----