Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/81e242-e7d3-491f-ba65-57d15843f7f0/1/B5aZs_fb6H9CA7D2dUNN42FgKrA.roa
File:                     B5aZs_fb6H9CA7D2dUNN42FgKrA.roa (raw, json)
Hash identifier:          vl+jWifF6DSv9Cx+Cj/2gMjcAyX+Gy1sgrTxm4Q+GFs=
Subject key identifier:   07:96:99:B3:F7:DB:E8:7F:42:03:B0:F6:75:43:4D:E3:61:60:2A:B0
Certificate issuer:       /CN=9514d5a840049d442df377445394df719201a773
Certificate serial:       019B797E224D9FC4076B9D0A98F3957DD54A
Authority key identifier: 95:14:D5:A8:40:04:9D:44:2D:F3:77:44:53:94:DF:71:92:01:A7:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lRTVqEAEnUQt83dEU5TfcZIBp3M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/81e242-e7d3-491f-ba65-57d15843f7f0/1/B5aZs_fb6H9CA7D2dUNN42FgKrA.roa
Signing time:             Thu 01 Jan 2026 12:17:48 +0000
ROA not before:           Thu 01 Jan 2026 12:17:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51636
IP address blocks:        178.213.160.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/81e242-e7d3-491f-ba65-57d15843f7f0/1/lRTVqEAEnUQt83dEU5TfcZIBp3M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/81e242-e7d3-491f-ba65-57d15843f7f0/1/lRTVqEAEnUQt83dEU5TfcZIBp3M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lRTVqEAEnUQt83dEU5TfcZIBp3M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:22:4d:9f:c4:07:6b:9d:0a:98:f3:95:7d:d5:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9514d5a840049d442df377445394df719201a773
        Validity
            Not Before: Jan  1 12:17:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=079699b3f7dbe87f4203b0f675434de361602ab0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:d7:c4:38:fc:52:92:05:12:a2:08:ba:18:4f:
                    64:7e:ba:f6:1c:98:25:24:8a:07:ea:e1:5f:b1:24:
                    a6:bc:7c:9c:f0:55:fe:46:1e:c9:fc:8d:b7:d1:f4:
                    7b:5a:f5:50:6c:12:17:76:a0:3f:9e:40:4c:09:0d:
                    c2:eb:fd:cc:91:be:d6:a6:1b:fe:4e:42:b1:8c:12:
                    c4:ee:90:4d:0e:61:b4:83:5d:9f:1b:92:e4:31:ea:
                    36:d1:fc:09:ef:b0:db:83:93:5d:10:4f:90:b5:18:
                    e6:32:29:79:2f:28:8b:91:20:a5:b1:31:8a:c8:44:
                    5a:61:76:ec:c0:4c:99:5b:8e:0d:d9:b7:9b:e4:58:
                    b3:49:c7:a2:f4:1f:cf:75:70:66:90:27:0a:8a:93:
                    24:39:e4:5a:1d:fc:78:cd:02:a1:fd:09:af:a0:b8:
                    4d:b5:20:9c:b2:ab:7a:c8:d4:a5:f5:0a:41:95:e9:
                    b0:2b:33:37:02:16:61:b8:c4:39:69:9c:20:1c:ea:
                    30:c9:cd:83:06:a2:f3:c3:6c:2c:1f:19:85:a7:dd:
                    e7:86:df:f4:17:59:74:12:af:2c:d4:6a:5b:d1:f7:
                    de:2e:51:86:d7:9f:c0:0e:64:84:94:9d:aa:c9:fb:
                    65:bf:a9:f4:84:d8:72:ff:8d:02:b1:34:c3:ec:2b:
                    98:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:96:99:B3:F7:DB:E8:7F:42:03:B0:F6:75:43:4D:E3:61:60:2A:B0
            X509v3 Authority Key Identifier:
                keyid:95:14:D5:A8:40:04:9D:44:2D:F3:77:44:53:94:DF:71:92:01:A7:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lRTVqEAEnUQt83dEU5TfcZIBp3M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/81e242-e7d3-491f-ba65-57d15843f7f0/1/B5aZs_fb6H9CA7D2dUNN42FgKrA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/81e242-e7d3-491f-ba65-57d15843f7f0/1/lRTVqEAEnUQt83dEU5TfcZIBp3M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.213.160.0/21

    Signature Algorithm: sha256WithRSAEncryption
         4a:82:33:bd:48:d2:14:76:21:c2:bf:c6:f3:27:93:03:e8:8b:
         80:55:35:6d:d5:13:57:dd:c0:5f:ea:7a:17:4f:25:81:47:1e:
         6d:46:ed:94:cd:f3:8d:dd:9e:e2:fd:70:1d:eb:4d:18:4b:8d:
         dc:fe:dc:36:70:b8:45:12:ee:8c:49:0c:f6:5a:24:60:e3:13:
         74:fb:71:46:47:5e:43:f5:21:c8:d8:f3:25:2d:3e:ba:52:73:
         d4:b2:e3:a6:9c:ea:4c:eb:4a:fa:0d:a9:78:a3:92:d9:35:fe:
         b2:66:dc:15:c9:97:be:20:84:ca:0e:06:fc:a6:28:6a:78:87:
         08:b4:03:59:6d:e0:8e:7a:db:76:07:66:65:28:09:93:ee:3c:
         85:24:5d:4d:85:7b:26:21:aa:55:89:73:2d:02:f3:45:9b:15:
         de:59:5a:f8:20:1e:29:f2:93:bd:72:67:d3:c1:89:48:4b:b2:
         98:77:a6:51:f2:af:39:8a:ac:2a:80:a2:83:18:27:d6:a9:59:
         7f:3f:df:60:4d:fc:bb:5d:91:a8:11:45:3e:10:b3:f9:ad:cc:
         07:6c:fb:0b:51:d4:f2:ae:7c:b7:76:8a:13:ba:91:34:5e:8a:
         c0:9c:69:f1:af:a7:08:09:6c:71:08:ed:26:c5:27:ca:ea:a5:
         7c:95:b6:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fiJNn8QHa50KmPOVfdVKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MTRkNWE4NDAwNDlkNDQyZGYzNzc0NDUzOTRkZjcxOTIw
MWE3NzMwHhcNMjYwMTAxMTIxNzQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzk2OTliM2Y3ZGJlODdmNDIwM2IwZjY3NTQzNGRlMzYxNjAyYWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9tfEOPxSkgUSogi6GE9kfrr2HJgl
JIoH6uFfsSSmvHyc8FX+Rh7J/I230fR7WvVQbBIXdqA/nkBMCQ3C6/3Mkb7Wphv+
TkKxjBLE7pBNDmG0g12fG5LkMeo20fwJ77Dbg5NdEE+QtRjmMil5LyiLkSClsTGK
yERaYXbswEyZW44N2beb5FizScei9B/PdXBmkCcKipMkOeRaHfx4zQKh/QmvoLhN
tSCcsqt6yNSl9QpBlemwKzM3AhZhuMQ5aZwgHOowyc2DBqLzw2wsHxmFp93nht/0
F1l0Eq8s1Gpb0ffeLlGG15/ADmSElJ2qyftlv6n0hNhy/40CsTTD7CuYGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAeWmbP32+h/QgOw9nVDTeNhYCqwMB8GA1UdIwQY
MBaAFJUU1ahABJ1ELfN3RFOU33GSAadzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFJUVnFFQUVuVVF0ODNkRVU1VGZjWklCcDNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS84MWUyNDItZTdkMy00OTFmLWJhNjUt
NTdkMTU4NDNmN2YwLzEvQjVhWnNfZmI2SDlDQTdEMmRVTk40MkZnS3JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS84MWUyNDItZTdkMy00OTFmLWJhNjUtNTdkMTU4NDNmN2Yw
LzEvbFJUVnFFQUVuVVF0ODNkRVU1VGZjWklCcDNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDstWgMA0G
CSqGSIb3DQEBCwUAA4IBAQBKgjO9SNIUdiHCv8bzJ5MD6IuAVTVt1RNX3cBf6noX
TyWBRx5tRu2UzfON3Z7i/XAd600YS43c/tw2cLhFEu6MSQz2WiRg4xN0+3FGR15D
9SHI2PMlLT66UnPUsuOmnOpM60r6Dal4o5LZNf6yZtwVyZe+IITKDgb8pihqeIcI
tANZbeCOett2B2ZlKAmT7jyFJF1NhXsmIapViXMtAvNFmxXeWVr4IB4p8pO9cmfT
wYlIS7KYd6ZR8q85iqwqgKKDGCfWqVl/P99gTfy7XZGoEUU+ELP5rcwHbPsLUdTy
rny3dooTupE0XorAnGnxr6cICWxxCO0mxSfK6qV8lbbX
-----END CERTIFICATE-----