Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/da614b-dd19-41e0-a7c4-66fd23eec34d/1/fWxv8lO3ivyCQAwR1ysW1woUeRc.roa
File:                     fWxv8lO3ivyCQAwR1ysW1woUeRc.roa (raw, json)
Hash identifier:          tMsUYGCQVUbCpKIFU+OCagwMzBqxAVsA3If+ro/cz/k=
Subject key identifier:   7D:6C:6F:F2:53:B7:8A:FC:82:40:0C:11:D7:2B:16:D7:0A:14:79:17
Certificate issuer:       /CN=a978c3655c5a609712e755100d98892ae1c8e5eb
Certificate serial:       019B79ED4658256D2A79E86F538ABD93C6EC
Authority key identifier: A9:78:C3:65:5C:5A:60:97:12:E7:55:10:0D:98:89:2A:E1:C8:E5:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qXjDZVxaYJcS51UQDZiJKuHI5es.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/da614b-dd19-41e0-a7c4-66fd23eec34d/1/fWxv8lO3ivyCQAwR1ysW1woUeRc.roa
Signing time:             Thu 01 Jan 2026 14:19:11 +0000
ROA not before:           Thu 01 Jan 2026 14:19:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209110
IP address blocks:        5.182.40.0/22 maxlen: 24
                          2a0e:d800::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/da614b-dd19-41e0-a7c4-66fd23eec34d/1/qXjDZVxaYJcS51UQDZiJKuHI5es.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/da614b-dd19-41e0-a7c4-66fd23eec34d/1/qXjDZVxaYJcS51UQDZiJKuHI5es.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qXjDZVxaYJcS51UQDZiJKuHI5es.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 13:50:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:46:58:25:6d:2a:79:e8:6f:53:8a:bd:93:c6:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a978c3655c5a609712e755100d98892ae1c8e5eb
        Validity
            Not Before: Jan  1 14:19:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7d6c6ff253b78afc82400c11d72b16d70a147917
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:3c:6f:17:58:a2:2c:c6:61:62:35:03:65:19:
                    66:71:f0:ef:a0:d6:68:d6:3e:6b:a2:6f:3e:a0:c6:
                    b6:8a:5c:67:cd:ad:58:df:7c:37:48:47:c4:30:c9:
                    fb:cd:2b:ff:7f:c4:32:56:ed:8f:34:d8:9c:2b:90:
                    f4:39:e6:48:60:12:d9:90:d7:dc:82:be:3d:ee:5a:
                    00:cf:59:26:a8:c7:d6:6d:34:ca:ce:fb:f8:0e:ec:
                    72:9c:98:d0:da:4b:16:b1:b5:26:f9:17:21:b7:55:
                    7d:e3:c6:79:aa:59:1b:ce:aa:8a:96:a7:b0:cf:d4:
                    0e:ee:f7:2d:d8:fc:09:d5:f1:a3:69:48:80:0a:75:
                    0c:24:66:64:36:b1:be:55:24:bd:c0:87:dd:26:63:
                    90:46:f4:8d:4b:c4:88:c0:6e:13:a6:b0:37:cb:0f:
                    ab:08:3c:d4:80:24:50:31:2b:45:65:1c:ea:7e:98:
                    dc:d0:61:74:db:73:3c:ed:f2:fa:04:d6:a9:38:6e:
                    c4:e1:b4:9e:13:1c:ed:77:76:a3:61:ef:76:70:fa:
                    f5:47:33:0b:ca:2b:e6:0a:72:4f:6d:be:ae:00:25:
                    e0:c9:9d:06:bd:5d:13:19:91:3b:0f:a8:73:c5:a9:
                    a8:55:f9:d9:8b:69:c0:d7:28:2c:ea:02:62:5c:3f:
                    d2:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:6C:6F:F2:53:B7:8A:FC:82:40:0C:11:D7:2B:16:D7:0A:14:79:17
            X509v3 Authority Key Identifier:
                keyid:A9:78:C3:65:5C:5A:60:97:12:E7:55:10:0D:98:89:2A:E1:C8:E5:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qXjDZVxaYJcS51UQDZiJKuHI5es.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/da614b-dd19-41e0-a7c4-66fd23eec34d/1/fWxv8lO3ivyCQAwR1ysW1woUeRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/da614b-dd19-41e0-a7c4-66fd23eec34d/1/qXjDZVxaYJcS51UQDZiJKuHI5es.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.40.0/22
                IPv6:
                  2a0e:d800::/29

    Signature Algorithm: sha256WithRSAEncryption
         47:57:2f:96:cf:9e:0e:ce:27:97:64:e2:3e:a2:a3:de:9e:10:
         4c:98:a9:cf:de:12:ab:c4:8f:eb:5b:51:bb:7c:c4:b4:3d:c4:
         b8:f2:80:a4:da:76:eb:eb:10:54:33:93:73:5f:28:d7:98:1f:
         71:5b:af:ab:e5:b1:83:81:9c:25:bf:a7:19:5b:4d:6b:dd:f3:
         25:f1:02:d2:3b:09:66:fb:1c:d5:dc:e3:cb:8e:f8:d8:1c:fb:
         8f:d7:02:8b:86:48:98:77:74:2d:4f:0c:d3:c7:b4:f0:04:3a:
         87:c2:28:82:fe:3a:f6:67:65:d1:ad:f1:bc:a0:8d:74:ca:21:
         6f:38:30:ec:d0:1f:2f:0d:72:1c:48:e7:fc:67:9a:84:a9:89:
         40:70:0e:9c:68:fa:d6:84:45:8b:de:59:38:c3:56:8b:e5:8c:
         ea:cd:f3:a7:e4:3b:b0:d0:e8:ca:c4:92:36:2c:9e:81:4b:ef:
         26:af:e8:e5:c1:e8:b7:49:65:ec:29:45:04:be:df:6d:06:54:
         35:fc:ed:64:58:51:94:fd:ee:62:52:e3:33:30:59:9a:57:fd:
         00:c1:c4:ad:38:d0:74:6d:bc:83:5e:77:bb:f9:6d:f1:91:4a:
         f0:df:fa:4b:44:7c:63:f6:bc:a3:cc:0e:aa:f3:32:08:56:ed:
         26:be:4f:41
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt57UZYJW0qeehvU4q9k8bsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5NzhjMzY1NWM1YTYwOTcxMmU3NTUxMDBkOTg4OTJhZTFj
OGU1ZWIwHhcNMjYwMTAxMTQxOTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDZjNmZmMjUzYjc4YWZjODI0MDBjMTFkNzJiMTZkNzBhMTQ3OTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnjxvF1iiLMZhYjUDZRlmcfDvoNZo
1j5rom8+oMa2ilxnza1Y33w3SEfEMMn7zSv/f8QyVu2PNNicK5D0OeZIYBLZkNfc
gr497loAz1kmqMfWbTTKzvv4DuxynJjQ2ksWsbUm+Rcht1V948Z5qlkbzqqKlqew
z9QO7vct2PwJ1fGjaUiACnUMJGZkNrG+VSS9wIfdJmOQRvSNS8SIwG4TprA3yw+r
CDzUgCRQMStFZRzqfpjc0GF023M87fL6BNapOG7E4bSeExztd3ajYe92cPr1RzML
yivmCnJPbb6uACXgyZ0GvV0TGZE7D6hzxamoVfnZi2nA1ygs6gJiXD/SUwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFH1sb/JTt4r8gkAMEdcrFtcKFHkXMB8GA1UdIwQY
MBaAFKl4w2VcWmCXEudVEA2YiSrhyOXrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVhqRFpWeGFZSmNTNTFVUURaaUpLdUhJNWVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9kYTYxNGItZGQxOS00MWUwLWE3YzQt
NjZmZDIzZWVjMzRkLzEvZld4djhsTzNpdnlDUUF3UjF5c1cxd29VZVJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9kYTYxNGItZGQxOS00MWUwLWE3YzQtNjZmZDIzZWVjMzRk
LzEvcVhqRFpWeGFZSmNTNTFVUURaaUpLdUhJNWVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCBbYoMA0E
AgACMAcDBQMqDtgAMA0GCSqGSIb3DQEBCwUAA4IBAQBHVy+Wz54OzieXZOI+oqPe
nhBMmKnP3hKrxI/rW1G7fMS0PcS48oCk2nbr6xBUM5NzXyjXmB9xW6+r5bGDgZwl
v6cZW01r3fMl8QLSOwlm+xzV3OPLjvjYHPuP1wKLhkiYd3QtTwzTx7TwBDqHwiiC
/jr2Z2XRrfG8oI10yiFvODDs0B8vDXIcSOf8Z5qEqYlAcA6caPrWhEWL3lk4w1aL
5YzqzfOn5Duw0OjKxJI2LJ6BS+8mr+jlwei3SWXsKUUEvt9tBlQ1/O1kWFGU/e5i
UuMzMFmaV/0AwcStONB0bbyDXne7+W3xkUrw3/pLRHxj9ryjzA6q8zIIVu0mvk9B
-----END CERTIFICATE-----