Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/5ea2ff-8d66-4a11-93f8-2e2908588865/1/cHSnTM0TIgMVZV_Pq7Op9CcRxNw.roa
File:                     cHSnTM0TIgMVZV_Pq7Op9CcRxNw.roa (raw, json)
Hash identifier:          AyIttbsE/zYFTDAmxKD+ND4Xjn5eOSnndB3Dk5UaIJg=
Subject key identifier:   70:74:A7:4C:CD:13:22:03:15:65:5F:CF:AB:B3:A9:F4:27:11:C4:DC
Certificate issuer:       /CN=e47ee5bee3ed23f943761e58f0eea97c7c5bf87c
Certificate serial:       019B7CED1EAC66FC94445BE7144B4939AA88
Authority key identifier: E4:7E:E5:BE:E3:ED:23:F9:43:76:1E:58:F0:EE:A9:7C:7C:5B:F8:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5H7lvuPtI_lDdh5Y8O6pfHxb-Hw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/5ea2ff-8d66-4a11-93f8-2e2908588865/1/cHSnTM0TIgMVZV_Pq7Op9CcRxNw.roa
Signing time:             Fri 02 Jan 2026 04:17:53 +0000
ROA not before:           Fri 02 Jan 2026 04:17:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41114
IP address blocks:        176.111.240.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/5ea2ff-8d66-4a11-93f8-2e2908588865/1/5H7lvuPtI_lDdh5Y8O6pfHxb-Hw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/5ea2ff-8d66-4a11-93f8-2e2908588865/1/5H7lvuPtI_lDdh5Y8O6pfHxb-Hw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5H7lvuPtI_lDdh5Y8O6pfHxb-Hw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:1e:ac:66:fc:94:44:5b:e7:14:4b:49:39:aa:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e47ee5bee3ed23f943761e58f0eea97c7c5bf87c
        Validity
            Not Before: Jan  2 04:17:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7074a74ccd13220315655fcfabb3a9f42711c4dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:48:4c:5d:9b:97:89:ae:2e:56:5b:3a:ce:ec:
                    77:a1:00:8a:aa:ac:43:fe:f2:7e:ac:89:f2:19:fb:
                    fb:45:56:c6:73:85:76:60:60:0a:80:43:00:5d:4e:
                    0d:df:3e:6c:df:2c:dd:12:3d:95:81:51:f6:12:1c:
                    f8:b4:10:73:65:7b:c8:08:2d:71:6a:f9:e4:d4:10:
                    52:19:12:4c:70:31:5a:2d:3d:82:45:8c:c1:1f:68:
                    f2:80:af:a2:78:e0:35:85:6a:5a:ef:38:43:10:b9:
                    50:da:3e:07:72:94:2d:0d:61:9a:22:9a:37:ce:94:
                    7c:56:97:cb:fa:88:b7:5b:0e:5b:bd:a9:c1:5c:96:
                    75:d9:bb:92:7f:45:cc:86:df:b2:88:f1:69:96:f6:
                    dd:a0:a8:b6:6d:02:7e:27:9e:23:b8:d2:7c:97:e7:
                    21:16:c8:a7:e6:e4:c3:59:c2:d8:dd:c3:8d:9a:b0:
                    fe:bd:75:f0:f3:97:4c:04:b6:ae:ce:2a:5b:0f:5e:
                    0e:e8:7b:3c:bd:c6:df:d1:77:d4:b5:9a:b8:1f:4e:
                    76:60:b0:c9:f2:d7:08:ab:78:d2:af:03:0a:ff:1a:
                    bf:47:2f:70:b1:b6:bb:19:f5:71:8b:a4:dc:65:fa:
                    64:7e:16:60:b1:4d:37:f0:a4:d0:4a:7c:2f:51:a4:
                    80:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:74:A7:4C:CD:13:22:03:15:65:5F:CF:AB:B3:A9:F4:27:11:C4:DC
            X509v3 Authority Key Identifier:
                keyid:E4:7E:E5:BE:E3:ED:23:F9:43:76:1E:58:F0:EE:A9:7C:7C:5B:F8:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5H7lvuPtI_lDdh5Y8O6pfHxb-Hw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/5ea2ff-8d66-4a11-93f8-2e2908588865/1/cHSnTM0TIgMVZV_Pq7Op9CcRxNw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/5ea2ff-8d66-4a11-93f8-2e2908588865/1/5H7lvuPtI_lDdh5Y8O6pfHxb-Hw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.111.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0b:16:ed:ea:73:aa:cd:6e:65:f5:11:76:ad:e9:1e:89:0f:e3:
         87:56:b5:82:24:8a:4e:7d:66:5e:c7:9d:ed:82:cf:98:b2:96:
         72:8d:83:d5:57:4c:b6:3e:7d:d6:10:0f:75:07:c8:ea:b3:c5:
         ca:a5:4c:9a:95:b2:61:db:13:2c:20:f6:55:25:a5:98:3e:ae:
         a9:00:bf:e2:9b:ae:4f:dd:2d:ca:24:66:a1:bc:db:ec:ef:51:
         f3:a9:1f:1e:75:95:04:b1:8a:8f:cc:e8:a8:10:53:c5:16:0d:
         dc:30:59:2d:b8:5c:d5:e9:16:08:90:2b:23:ab:46:f9:c3:f0:
         39:b2:eb:e5:ab:ac:61:34:6d:94:ef:a6:9b:68:cb:c5:6f:a8:
         9d:3f:cd:cb:05:91:14:b9:b3:b3:c2:86:49:c3:d3:6c:7f:a6:
         c5:93:b3:5f:59:5a:a0:5a:aa:e0:0a:b2:98:9d:f2:07:d4:f1:
         19:a5:76:ef:5b:bf:bc:f5:2b:bc:2f:25:b0:7f:09:d1:aa:b7:
         44:e1:eb:9c:b0:e2:cc:9f:fd:47:0d:c6:af:d2:6b:db:93:98:
         f9:00:e1:9b:68:a6:c8:77:56:76:ec:25:04:1c:09:18:19:70:
         08:a3:83:a4:51:11:e5:83:dc:11:96:71:d9:0a:1e:8c:f6:d0:
         47:2b:0b:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87R6sZvyURFvnFEtJOaqIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0N2VlNWJlZTNlZDIzZjk0Mzc2MWU1OGYwZWVhOTdjN2M1
YmY4N2MwHhcNMjYwMTAyMDQxNzUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDc0YTc0Y2NkMTMyMjAzMTU2NTVmY2ZhYmIzYTlmNDI3MTFjNGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5UhMXZuXia4uVls6zux3oQCKqqxD
/vJ+rInyGfv7RVbGc4V2YGAKgEMAXU4N3z5s3yzdEj2VgVH2Ehz4tBBzZXvICC1x
avnk1BBSGRJMcDFaLT2CRYzBH2jygK+ieOA1hWpa7zhDELlQ2j4HcpQtDWGaIpo3
zpR8VpfL+oi3Ww5bvanBXJZ12buSf0XMht+yiPFplvbdoKi2bQJ+J54juNJ8l+ch
Fsin5uTDWcLY3cONmrD+vXXw85dMBLauzipbD14O6Hs8vcbf0XfUtZq4H052YLDJ
8tcIq3jSrwMK/xq/Ry9wsba7GfVxi6TcZfpkfhZgsU038KTQSnwvUaSA+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHB0p0zNEyIDFWVfz6uzqfQnEcTcMB8GA1UdIwQY
MBaAFOR+5b7j7SP5Q3YeWPDuqXx8W/h8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUg3bHZ1UHRJX2xEZGg1WThPNnBmSHhiLUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy81ZWEyZmYtOGQ2Ni00YTExLTkzZjgt
MmUyOTA4NTg4ODY1LzEvY0hTblRNMFRJZ01WWlZfUHE3T3A5Q2NSeE53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy81ZWEyZmYtOGQ2Ni00YTExLTkzZjgtMmUyOTA4NTg4ODY1
LzEvNUg3bHZ1UHRJX2xEZGg1WThPNnBmSHhiLUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCsG/wMA0G
CSqGSIb3DQEBCwUAA4IBAQALFu3qc6rNbmX1EXat6R6JD+OHVrWCJIpOfWZex53t
gs+YspZyjYPVV0y2Pn3WEA91B8jqs8XKpUyalbJh2xMsIPZVJaWYPq6pAL/im65P
3S3KJGahvNvs71HzqR8edZUEsYqPzOioEFPFFg3cMFktuFzV6RYIkCsjq0b5w/A5
suvlq6xhNG2U76abaMvFb6idP83LBZEUubOzwoZJw9Nsf6bFk7NfWVqgWqrgCrKY
nfIH1PEZpXbvW7+89Su8LyWwfwnRqrdE4eucsOLMn/1HDcav0mvbk5j5AOGbaKbI
d1Z27CUEHAkYGXAIo4OkURHlg9wRlnHZCh6M9tBHKwvb
-----END CERTIFICATE-----