Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/a9jmB7TQiLZJ512wXq2t-uk7RKU.roa
File:                     a9jmB7TQiLZJ512wXq2t-uk7RKU.roa (raw, json)
Hash identifier:          MC6B1CdqZ9LhldDlnacrNAl+G/+ycNNYzCfCs1XTGbs=
Subject key identifier:   6B:D8:E6:07:B4:D0:88:B6:49:E7:5D:B0:5E:AD:AD:FA:E9:3B:44:A5
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019D9008AB90C490DD96E0B4F2DA5C13EFCD
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/a9jmB7TQiLZJ512wXq2t-uk7RKU.roa
Signing time:             Wed 15 Apr 2026 07:26:20 +0000
ROA not before:           Wed 15 Apr 2026 07:26:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21859
IP address blocks:        5.180.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:90:08:ab:90:c4:90:dd:96:e0:b4:f2:da:5c:13:ef:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Apr 15 07:26:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6bd8e607b4d088b649e75db05eadadfae93b44a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:77:aa:1e:d7:28:69:3c:65:e0:ce:83:3f:67:
                    95:b2:8d:34:6e:59:c2:26:af:7c:65:56:15:01:1b:
                    a3:df:d1:47:c2:ce:5c:74:3e:c0:03:ec:1e:1a:bf:
                    68:d3:c8:90:79:c3:f2:2f:dc:60:4a:af:b4:0e:cf:
                    73:12:f3:8d:b8:62:cb:cf:d2:13:12:4e:9b:3e:0d:
                    39:d7:ad:83:3a:0d:4a:5f:d8:77:2f:22:13:42:fa:
                    a5:a3:aa:3e:ad:38:32:d9:09:ab:de:a7:5b:88:19:
                    45:d9:cd:15:f3:bb:d0:89:66:63:f4:24:dc:db:01:
                    23:40:28:40:ff:7c:e3:b5:61:5a:da:23:c4:c7:7e:
                    e2:64:5f:5a:8c:a0:57:aa:90:98:91:5f:e2:d9:0a:
                    26:dc:d7:3b:5d:15:cc:9e:3c:80:ab:91:bb:b6:13:
                    7e:76:d7:28:ef:62:38:67:e1:d1:45:a5:6b:7f:a1:
                    33:e9:d4:70:e8:4f:e9:f6:9b:a6:88:70:c2:ff:ef:
                    91:82:88:da:be:36:a0:db:2a:46:e2:a5:ee:15:2b:
                    e1:24:7b:12:82:e7:7a:7c:47:2e:48:57:74:db:ad:
                    fc:e5:b8:25:3b:9e:16:da:66:39:02:ff:fa:1c:07:
                    18:72:34:0e:91:d9:a9:21:f9:b8:8e:95:f1:a2:bf:
                    5e:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:D8:E6:07:B4:D0:88:B6:49:E7:5D:B0:5E:AD:AD:FA:E9:3B:44:A5
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/a9jmB7TQiLZJ512wXq2t-uk7RKU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:d2:2f:27:e0:fe:e4:e0:df:25:75:86:b6:60:82:e0:82:14:
         8d:55:d6:03:72:60:1e:35:a2:47:27:96:3b:01:a3:bd:07:6c:
         0f:d8:b4:c7:89:cb:2a:83:ea:d6:fb:4d:01:bb:23:d4:1d:c9:
         81:e2:b2:c8:6b:7a:e2:ba:d0:8f:ce:2b:72:31:ce:2c:81:66:
         49:20:37:63:cf:5d:7e:57:e6:89:2d:ec:5b:df:ac:67:db:27:
         3b:ed:df:c8:7a:78:0f:fb:19:75:0b:08:7e:45:e2:25:c7:a8:
         75:b3:52:0b:41:5d:c2:bf:47:cd:47:b2:8e:89:19:2d:d5:ed:
         73:cd:14:ad:ff:c7:2e:ee:b5:0a:2c:e9:df:ed:f2:c0:72:e4:
         1a:b4:e0:85:3a:6b:29:cd:fe:10:69:7f:ad:e7:e7:c4:7d:cd:
         6a:85:b0:8b:24:c2:f3:7c:c9:2b:9c:8c:ef:87:35:32:4c:a1:
         89:89:14:8b:97:b8:49:c8:f1:2b:ac:81:ea:f9:c8:e9:6b:ed:
         e6:55:e4:b7:71:d8:39:e5:c5:79:ac:b2:58:7e:55:e1:d1:2a:
         fc:6e:2f:96:e4:12:bf:9c:b4:a2:ca:6d:4d:1a:45:42:49:8b:
         b7:be:ca:34:1f:ca:b8:8d:d6:89:1f:fa:7c:17:b4:7f:40:64:
         33:86:4f:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2QCKuQxJDdluC08tpcE+/NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjYwNDE1MDcyNjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmQ4ZTYwN2I0ZDA4OGI2NDllNzVkYjA1ZWFkYWRmYWU5M2I0NGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXeqHtcoaTxl4M6DP2eVso00blnC
Jq98ZVYVARuj39FHws5cdD7AA+weGr9o08iQecPyL9xgSq+0Ds9zEvONuGLLz9IT
Ek6bPg05162DOg1KX9h3LyITQvqlo6o+rTgy2Qmr3qdbiBlF2c0V87vQiWZj9CTc
2wEjQChA/3zjtWFa2iPEx37iZF9ajKBXqpCYkV/i2Qom3Nc7XRXMnjyAq5G7thN+
dtco72I4Z+HRRaVrf6Ez6dRw6E/p9pumiHDC/++Rgojavjag2ypG4qXuFSvhJHsS
gud6fEcuSFd026385bglO54W2mY5Av/6HAcYcjQOkdmpIfm4jpXxor9eWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGvY5ge00Ii2SeddsF6trfrpO0SlMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvYTlqbUI3VFFpTFpKNTEyd1hxMnQtdWs3UktVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbToMA0G
CSqGSIb3DQEBCwUAA4IBAQCY0i8n4P7k4N8ldYa2YILgghSNVdYDcmAeNaJHJ5Y7
AaO9B2wP2LTHicsqg+rW+00BuyPUHcmB4rLIa3riutCPzityMc4sgWZJIDdjz11+
V+aJLexb36xn2yc77d/IengP+xl1Cwh+ReIlx6h1s1ILQV3Cv0fNR7KOiRkt1e1z
zRSt/8cu7rUKLOnf7fLAcuQatOCFOmspzf4QaX+t5+fEfc1qhbCLJMLzfMkrnIzv
hzUyTKGJiRSLl7hJyPErrIHq+cjpa+3mVeS3cdg55cV5rLJYflXh0Sr8bi+W5BK/
nLSiym1NGkVCSYu3vso0H8q4jdaJH/p8F7R/QGQzhk/n
-----END CERTIFICATE-----