Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/e23969-ffb0-4e57-a36a-760f6b6aabc1/1/5hq20ZEzfqPUd8jJerdhQ6lvpnQ.roa
File:                     5hq20ZEzfqPUd8jJerdhQ6lvpnQ.roa (raw, json)
Hash identifier:          QttHQD+33asdEv7t7iqO8hCmG2Lg/3s4dda2hulSCvo=
Subject key identifier:   E6:1A:B6:D1:91:33:7E:A3:D4:77:C8:C9:7A:B7:61:43:A9:6F:A6:74
Certificate issuer:       /CN=1d10e38ed55e3185aed6f079f8bb9bf12d4448db
Certificate serial:       019B79ECF83D8D9F24733871552DE3155F63
Authority key identifier: 1D:10:E3:8E:D5:5E:31:85:AE:D6:F0:79:F8:BB:9B:F1:2D:44:48:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HRDjjtVeMYWu1vB5-Lub8S1ESNs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/e23969-ffb0-4e57-a36a-760f6b6aabc1/1/5hq20ZEzfqPUd8jJerdhQ6lvpnQ.roa
Signing time:             Thu 01 Jan 2026 14:18:51 +0000
ROA not before:           Thu 01 Jan 2026 14:18:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     64443
IP address blocks:        185.164.104.0/24 maxlen: 24
                          185.164.105.0/24 maxlen: 24
                          185.164.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/e23969-ffb0-4e57-a36a-760f6b6aabc1/1/HRDjjtVeMYWu1vB5-Lub8S1ESNs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/e23969-ffb0-4e57-a36a-760f6b6aabc1/1/HRDjjtVeMYWu1vB5-Lub8S1ESNs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HRDjjtVeMYWu1vB5-Lub8S1ESNs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 14:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:f8:3d:8d:9f:24:73:38:71:55:2d:e3:15:5f:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d10e38ed55e3185aed6f079f8bb9bf12d4448db
        Validity
            Not Before: Jan  1 14:18:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e61ab6d191337ea3d477c8c97ab76143a96fa674
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:2a:52:1f:2e:40:95:88:c9:7b:26:aa:5b:c3:
                    fa:92:20:45:bb:88:2c:8c:b5:d5:32:32:52:ea:c8:
                    4d:6d:74:47:44:6d:5c:aa:50:3c:78:b4:2c:e6:96:
                    e9:57:b3:67:be:88:66:ab:11:5d:1c:f4:b2:e2:0c:
                    a2:6a:a9:f6:f6:1f:4a:38:a3:da:33:78:18:04:a5:
                    b4:76:b2:a9:01:1e:8a:d5:76:8c:35:2d:60:e9:37:
                    7f:d9:3d:8b:6a:6e:91:22:9e:0c:57:74:ed:c7:a7:
                    b6:25:02:54:ad:5a:17:03:68:34:9e:b4:79:79:53:
                    08:cb:f4:3d:ae:fd:09:95:af:27:ac:11:bf:80:d3:
                    35:da:3a:89:f2:8c:b6:83:23:3e:b1:0a:6a:7f:81:
                    c4:9c:d0:eb:80:c4:09:76:71:52:a2:d0:3a:8f:7a:
                    24:87:5e:26:fa:c3:a2:5f:7d:04:62:67:b0:55:10:
                    2e:59:52:61:4d:db:bb:a4:01:1a:55:4c:90:a9:c2:
                    4d:29:af:47:5c:84:2a:65:bc:42:ce:22:d0:3a:a5:
                    81:ee:c4:1d:3f:a2:c9:1d:1e:f8:b6:ec:1f:69:2d:
                    ee:71:c1:9d:ee:07:5c:72:db:e7:f1:71:10:38:0e:
                    47:d1:e7:e3:7a:d5:ae:bc:d8:79:57:d6:bd:1f:1b:
                    96:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:1A:B6:D1:91:33:7E:A3:D4:77:C8:C9:7A:B7:61:43:A9:6F:A6:74
            X509v3 Authority Key Identifier:
                keyid:1D:10:E3:8E:D5:5E:31:85:AE:D6:F0:79:F8:BB:9B:F1:2D:44:48:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HRDjjtVeMYWu1vB5-Lub8S1ESNs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/e23969-ffb0-4e57-a36a-760f6b6aabc1/1/5hq20ZEzfqPUd8jJerdhQ6lvpnQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/e23969-ffb0-4e57-a36a-760f6b6aabc1/1/HRDjjtVeMYWu1vB5-Lub8S1ESNs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.164.104.0/23
                  185.164.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:ee:2c:15:8d:95:d0:a4:de:74:4d:ef:a0:44:3a:6c:dc:b3:
         d4:54:50:71:23:d0:fe:c4:25:7b:fd:4f:7e:31:1f:5f:34:0e:
         70:3d:89:e5:dc:65:b8:d9:75:31:04:f1:39:af:4c:01:88:f9:
         69:cc:5a:d2:38:51:4a:d0:83:25:b3:17:ae:41:bc:56:3d:48:
         4c:76:8a:5f:8a:bc:c6:03:ef:29:28:13:01:51:04:99:59:88:
         cb:a9:51:fa:96:31:e5:98:21:c9:98:b0:f2:44:85:fc:cc:5d:
         8f:69:4e:17:cb:38:2d:b3:e8:20:4c:49:91:64:6b:bd:48:83:
         60:c4:68:a9:53:a0:5d:cb:b1:00:7b:ef:29:09:46:31:f7:f2:
         67:16:85:17:3f:a3:47:a4:9d:7b:f1:60:e5:bd:fb:17:ec:1e:
         e2:79:f8:cc:1d:2f:16:dd:b2:bd:b4:7b:f3:f2:0e:ea:fa:94:
         01:6a:89:f2:db:4f:81:d2:95:3a:8b:73:4b:c3:1e:be:57:db:
         df:21:96:99:48:a1:26:43:f1:07:ae:51:15:43:be:17:69:c1:
         94:b0:52:c4:3a:de:da:d9:31:f6:e7:5f:ff:7d:a6:36:7f:2f:
         97:d6:01:0a:3e:35:34:5d:55:fa:71:9a:29:5a:45:1c:75:bd:
         23:1e:07:1c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZt57Pg9jZ8kczhxVS3jFV9jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMTBlMzhlZDU1ZTMxODVhZWQ2ZjA3OWY4YmI5YmYxMmQ0
NDQ4ZGIwHhcNMjYwMTAxMTQxODUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjFhYjZkMTkxMzM3ZWEzZDQ3N2M4Yzk3YWI3NjE0M2E5NmZhNjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxypSHy5AlYjJeyaqW8P6kiBFu4gs
jLXVMjJS6shNbXRHRG1cqlA8eLQs5pbpV7NnvohmqxFdHPSy4gyiaqn29h9KOKPa
M3gYBKW0drKpAR6K1XaMNS1g6Td/2T2Lam6RIp4MV3Ttx6e2JQJUrVoXA2g0nrR5
eVMIy/Q9rv0Jla8nrBG/gNM12jqJ8oy2gyM+sQpqf4HEnNDrgMQJdnFSotA6j3ok
h14m+sOiX30EYmewVRAuWVJhTdu7pAEaVUyQqcJNKa9HXIQqZbxCziLQOqWB7sQd
P6LJHR74tuwfaS3uccGd7gdcctvn8XEQOA5H0efjetWuvNh5V9a9HxuWWwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOYattGRM36j1HfIyXq3YUOpb6Z0MB8GA1UdIwQY
MBaAFB0Q447VXjGFrtbwefi7m/EtREjbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFJEamp0VmVNWVd1MXZCNS1MdWI4UzFFU05zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9lMjM5NjktZmZiMC00ZTU3LWEzNmEt
NzYwZjZiNmFhYmMxLzEvNWhxMjBaRXpmcVBVZDhqSmVyZGhRNmx2cG5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9lMjM5NjktZmZiMC00ZTU3LWEzNmEtNzYwZjZiNmFhYmMx
LzEvSFJEamp0VmVNWVd1MXZCNS1MdWI4UzFFU05zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuaRoAwQA
uaRrMA0GCSqGSIb3DQEBCwUAA4IBAQAK7iwVjZXQpN50Te+gRDps3LPUVFBxI9D+
xCV7/U9+MR9fNA5wPYnl3GW42XUxBPE5r0wBiPlpzFrSOFFK0IMlsxeuQbxWPUhM
dopfirzGA+8pKBMBUQSZWYjLqVH6ljHlmCHJmLDyRIX8zF2PaU4Xyzgts+ggTEmR
ZGu9SINgxGipU6Bdy7EAe+8pCUYx9/JnFoUXP6NHpJ178WDlvfsX7B7iefjMHS8W
3bK9tHvz8g7q+pQBaony20+B0pU6i3NLwx6+V9vfIZaZSKEmQ/EHrlEVQ74XacGU
sFLEOt7a2TH251//faY2fy+X1gEKPjU0XVX6cZopWkUcdb0jHgcc
-----END CERTIFICATE-----