Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/689816-6399-4325-9286-f13ae32c18f0/1/IR529NvnrXP81UBDnz8QdBrSyJ8.roa
File:                     IR529NvnrXP81UBDnz8QdBrSyJ8.roa (raw, json)
Hash identifier:          IkGeFcq/7XMWRAAEt9CdXpwX/GjXpCyZ2A9WTlqr/w4=
Subject key identifier:   21:1E:76:F4:DB:E7:AD:73:FC:D5:40:43:9F:3F:10:74:1A:D2:C8:9F
Certificate issuer:       /CN=877af274b731134ccbc26728f937da03058dd73b
Certificate serial:       019D91B7E05469B53F1D7CE5227EC7FB5EC8
Authority key identifier: 87:7A:F2:74:B7:31:13:4C:CB:C2:67:28:F9:37:DA:03:05:8D:D7:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h3rydLcxE0zLwmco-TfaAwWN1zs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/689816-6399-4325-9286-f13ae32c18f0/1/IR529NvnrXP81UBDnz8QdBrSyJ8.roa
Signing time:             Wed 15 Apr 2026 15:17:19 +0000
ROA not before:           Wed 15 Apr 2026 15:17:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5400
IP address blocks:        217.180.16.0/24 maxlen: 24
                          217.180.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/689816-6399-4325-9286-f13ae32c18f0/1/h3rydLcxE0zLwmco-TfaAwWN1zs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/689816-6399-4325-9286-f13ae32c18f0/1/h3rydLcxE0zLwmco-TfaAwWN1zs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h3rydLcxE0zLwmco-TfaAwWN1zs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:91:b7:e0:54:69:b5:3f:1d:7c:e5:22:7e:c7:fb:5e:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=877af274b731134ccbc26728f937da03058dd73b
        Validity
            Not Before: Apr 15 15:17:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=211e76f4dbe7ad73fcd540439f3f10741ad2c89f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:b1:3d:93:17:86:0b:43:1b:2c:1a:67:8f:d4:
                    fa:b9:fe:fc:29:84:ce:f9:00:83:c4:d7:fd:9b:24:
                    9c:aa:fb:5c:9b:bc:f3:09:9e:e9:15:ce:8a:a5:47:
                    00:9c:a9:26:f7:a8:7c:49:a5:02:95:17:22:e7:ef:
                    11:6f:d4:d3:ca:d0:12:72:00:e8:16:0d:41:9b:c5:
                    12:95:cc:ed:2d:b3:4a:0f:7b:14:88:e2:b5:9d:3a:
                    3e:73:da:5b:84:0d:3b:fc:74:27:30:f6:eb:5c:5f:
                    e5:54:74:0d:e3:d0:20:32:c5:42:2d:90:17:94:73:
                    68:1e:57:b8:a4:79:d2:de:61:dc:35:16:a8:5e:fb:
                    6f:34:5d:33:6b:d1:0f:1e:71:33:c5:55:32:cb:02:
                    4e:c1:4c:50:fa:9f:23:b5:93:ac:34:69:da:f9:f5:
                    93:ea:c9:7e:df:8c:35:ae:2d:90:fe:24:86:d4:56:
                    04:40:dd:4c:b4:b8:42:d4:c5:d2:c4:05:c5:a4:7a:
                    49:04:63:b0:cc:73:54:24:b5:f3:ce:fa:2d:e2:86:
                    2e:44:b5:6e:70:f3:2d:04:36:be:b8:b9:6e:5f:df:
                    6b:7b:cb:fd:cc:a3:3e:3b:f6:8d:4a:d8:7d:b8:65:
                    1e:26:bf:be:b2:e1:04:14:0b:82:76:ff:fb:9b:75:
                    0a:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:1E:76:F4:DB:E7:AD:73:FC:D5:40:43:9F:3F:10:74:1A:D2:C8:9F
            X509v3 Authority Key Identifier:
                keyid:87:7A:F2:74:B7:31:13:4C:CB:C2:67:28:F9:37:DA:03:05:8D:D7:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h3rydLcxE0zLwmco-TfaAwWN1zs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/689816-6399-4325-9286-f13ae32c18f0/1/IR529NvnrXP81UBDnz8QdBrSyJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/689816-6399-4325-9286-f13ae32c18f0/1/h3rydLcxE0zLwmco-TfaAwWN1zs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.180.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         73:cd:bb:b0:af:1b:63:72:d2:6b:6e:f8:1b:29:5b:13:e9:4b:
         c1:a4:09:73:f2:aa:15:07:8f:36:8b:0b:a2:04:38:54:b5:1b:
         1e:25:e2:1d:1f:01:70:0a:e5:11:08:10:b0:b8:bb:28:46:32:
         fb:f1:6e:93:1d:13:8f:db:53:4b:7d:fb:14:f3:89:3e:1a:b7:
         19:ec:fe:cd:d1:4c:72:2d:31:6b:cd:72:eb:00:8e:5d:45:45:
         c3:dc:98:45:3f:0e:44:44:56:6a:63:87:2d:31:6a:e9:7f:98:
         8f:17:95:cb:fa:76:05:08:56:20:cc:f3:1d:2b:8b:bb:d5:ba:
         36:e6:88:48:43:d9:26:b5:8b:b1:0c:93:c0:0c:ac:f9:c9:0e:
         50:3b:28:e8:8e:b7:bd:27:66:31:9e:9f:59:b5:0f:4d:2d:da:
         59:90:ee:d4:58:48:0d:89:0c:d4:00:30:16:3a:72:92:83:55:
         f8:bc:32:7f:ea:f6:47:8e:e2:53:6b:7d:30:24:b8:91:b5:f5:
         f6:25:28:12:31:40:9c:9f:6c:24:f1:e8:a3:b5:c2:fb:c8:26:
         0d:1b:e9:ce:42:c8:8e:d2:d0:a9:79:14:50:18:d5:e3:fb:2d:
         61:bc:d0:16:bc:7b:d2:00:b2:36:82:81:25:50:2b:ae:4a:61:
         c8:90:e9:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2Rt+BUabU/HXzlIn7H+17IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3N2FmMjc0YjczMTEzNGNjYmMyNjcyOGY5MzdkYTAzMDU4
ZGQ3M2IwHhcNMjYwNDE1MTUxNzE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTFlNzZmNGRiZTdhZDczZmNkNTQwNDM5ZjNmMTA3NDFhZDJjODlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu7E9kxeGC0MbLBpnj9T6uf78KYTO
+QCDxNf9myScqvtcm7zzCZ7pFc6KpUcAnKkm96h8SaUClRci5+8Rb9TTytAScgDo
Fg1Bm8USlcztLbNKD3sUiOK1nTo+c9pbhA07/HQnMPbrXF/lVHQN49AgMsVCLZAX
lHNoHle4pHnS3mHcNRaoXvtvNF0za9EPHnEzxVUyywJOwUxQ+p8jtZOsNGna+fWT
6sl+34w1ri2Q/iSG1FYEQN1MtLhC1MXSxAXFpHpJBGOwzHNUJLXzzvot4oYuRLVu
cPMtBDa+uLluX99re8v9zKM+O/aNSth9uGUeJr++suEEFAuCdv/7m3UKXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCEedvTb561z/NVAQ58/EHQa0sifMB8GA1UdIwQY
MBaAFId68nS3MRNMy8JnKPk32gMFjdc7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDNyeWRMY3hFMHpMd21jby1UZmFBd1dOMXpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy82ODk4MTYtNjM5OS00MzI1LTkyODYt
ZjEzYWUzMmMxOGYwLzEvSVI1MjlOdm5yWFA4MVVCRG56OFFkQnJTeUo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy82ODk4MTYtNjM5OS00MzI1LTkyODYtZjEzYWUzMmMxOGYw
LzEvaDNyeWRMY3hFMHpMd21jby1UZmFBd1dOMXpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2bQQMA0G
CSqGSIb3DQEBCwUAA4IBAQBzzbuwrxtjctJrbvgbKVsT6UvBpAlz8qoVB482iwui
BDhUtRseJeIdHwFwCuURCBCwuLsoRjL78W6THROP21NLffsU84k+GrcZ7P7N0Uxy
LTFrzXLrAI5dRUXD3JhFPw5ERFZqY4ctMWrpf5iPF5XL+nYFCFYgzPMdK4u71bo2
5ohIQ9kmtYuxDJPADKz5yQ5QOyjojre9J2Yxnp9ZtQ9NLdpZkO7UWEgNiQzUADAW
OnKSg1X4vDJ/6vZHjuJTa30wJLiRtfX2JSgSMUCcn2wk8eijtcL7yCYNG+nOQsiO
0tCpeRRQGNXj+y1hvNAWvHvSALI2goElUCuuSmHIkOlg
-----END CERTIFICATE-----