Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/7bdd07-6e55-4a05-9d1b-eeedd99b8cc4/1/vUk1yzbPE2A9Gnc0-jOrueIo8U8.roa
File:                     vUk1yzbPE2A9Gnc0-jOrueIo8U8.roa (raw, json)
Hash identifier:          wjQObjyuEr0IkcfHoRoWEyYlXC6f2flFY08zOUVyRWg=
Subject key identifier:   BD:49:35:CB:36:CF:13:60:3D:1A:77:34:FA:33:AB:B9:E2:28:F1:4F
Certificate issuer:       /CN=5e7c7736945c29a77bacd5b18b0ff58751117bad
Certificate serial:       019C992AD4E031DDFAE9D3097ED96EB94726
Authority key identifier: 5E:7C:77:36:94:5C:29:A7:7B:AC:D5:B1:8B:0F:F5:87:51:11:7B:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xnx3NpRcKad7rNWxiw_1h1ERe60.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/7bdd07-6e55-4a05-9d1b-eeedd99b8cc4/1/vUk1yzbPE2A9Gnc0-jOrueIo8U8.roa
Signing time:             Thu 26 Feb 2026 08:57:26 +0000
ROA not before:           Thu 26 Feb 2026 08:57:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48789
IP address blocks:        2.57.8.0/23 maxlen: 23
                          193.104.229.0/24 maxlen: 24
                          2a12:6cc0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/7bdd07-6e55-4a05-9d1b-eeedd99b8cc4/1/Xnx3NpRcKad7rNWxiw_1h1ERe60.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/7bdd07-6e55-4a05-9d1b-eeedd99b8cc4/1/Xnx3NpRcKad7rNWxiw_1h1ERe60.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xnx3NpRcKad7rNWxiw_1h1ERe60.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 17:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:99:2a:d4:e0:31:dd:fa:e9:d3:09:7e:d9:6e:b9:47:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e7c7736945c29a77bacd5b18b0ff58751117bad
        Validity
            Not Before: Feb 26 08:57:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bd4935cb36cf13603d1a7734fa33abb9e228f14f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:7f:d0:f9:d1:68:a2:7f:bd:3a:53:ec:c2:39:
                    a5:ce:70:4c:18:25:6f:ea:c4:ca:63:22:33:93:48:
                    26:7e:2b:36:c3:9d:d0:c5:0a:9d:13:26:b8:f2:9a:
                    31:24:3f:4c:7a:ed:2f:3b:2a:16:b6:17:e3:93:69:
                    36:f5:47:67:93:f3:b6:d4:e5:52:f1:4a:e2:d8:a9:
                    7c:39:c1:67:3c:f5:d2:f9:f0:70:db:28:25:63:67:
                    11:a2:62:80:ca:94:19:57:58:77:11:7a:6d:a2:34:
                    41:e1:dd:14:63:c7:11:1e:e6:e6:f7:f2:65:48:a6:
                    8f:ba:e1:2f:47:b0:d1:b0:af:67:9f:c7:00:81:aa:
                    9c:8d:04:5b:b6:f0:2b:1c:ed:57:fb:ef:29:52:68:
                    78:73:77:85:25:8d:7e:53:d9:23:6a:48:d4:dd:0b:
                    c3:d2:94:9d:a8:73:fa:39:b1:d5:87:c5:c7:18:74:
                    5d:a9:fc:ef:41:46:ad:e0:df:83:fd:46:52:80:0b:
                    81:d8:83:23:83:ec:25:28:07:88:a9:f6:44:31:e4:
                    2e:18:2f:95:f6:9b:70:e5:f6:7a:28:6a:4c:28:ff:
                    ab:ef:08:13:39:e4:ec:fe:4a:8d:b1:d6:2a:0f:5e:
                    a6:8d:cb:29:29:3f:3e:d4:e0:4d:34:02:2c:44:c0:
                    12:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:49:35:CB:36:CF:13:60:3D:1A:77:34:FA:33:AB:B9:E2:28:F1:4F
            X509v3 Authority Key Identifier:
                keyid:5E:7C:77:36:94:5C:29:A7:7B:AC:D5:B1:8B:0F:F5:87:51:11:7B:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xnx3NpRcKad7rNWxiw_1h1ERe60.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/7bdd07-6e55-4a05-9d1b-eeedd99b8cc4/1/vUk1yzbPE2A9Gnc0-jOrueIo8U8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/7bdd07-6e55-4a05-9d1b-eeedd99b8cc4/1/Xnx3NpRcKad7rNWxiw_1h1ERe60.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.8.0/23
                  193.104.229.0/24
                IPv6:
                  2a12:6cc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         aa:0b:a3:a3:41:27:36:ef:89:84:e5:13:57:2a:67:87:b1:b8:
         76:94:3f:3e:ce:fc:56:e9:ba:6a:9a:ee:3c:82:f8:ca:38:1d:
         82:38:ef:bf:5d:3e:f5:17:51:72:68:1a:99:bd:5c:35:c3:f9:
         1d:6f:43:44:de:9c:70:30:cc:60:b4:57:bd:8d:53:9c:fa:67:
         d2:e2:e6:c7:f5:9d:a7:6e:1e:01:1a:29:d9:d7:ab:3a:0e:e9:
         b1:cd:a5:69:69:7a:ff:de:c7:f2:12:7f:27:67:0c:7b:d2:ab:
         91:b1:e8:83:77:b7:67:20:51:b2:7f:1a:fc:bc:ab:a5:ed:4f:
         80:66:38:99:8a:ef:e7:18:32:fe:1f:78:f7:5a:a1:c7:b8:63:
         0b:18:0f:4d:f6:fe:19:10:c1:fa:68:ce:9c:0a:1b:51:8a:9e:
         5e:b5:07:70:17:d2:63:12:d7:58:e2:72:b4:97:e5:05:92:d0:
         f8:4c:c4:53:07:1a:f2:a1:f9:10:b9:04:76:82:a6:d8:7c:09:
         dc:56:bb:0c:f7:48:82:46:22:8f:10:ef:f8:9a:1f:84:49:28:
         e0:d1:a1:49:a5:d7:d9:1d:22:f3:50:70:08:ae:ac:14:5d:38:
         b6:a0:b5:b0:b8:cf:bb:34:24:8f:d1:c9:fa:0a:72:c0:59:29:
         6f:0c:01:b7
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZyZKtTgMd366dMJftluuUcmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlN2M3NzM2OTQ1YzI5YTc3YmFjZDViMThiMGZmNTg3NTEx
MTdiYWQwHhcNMjYwMjI2MDg1NzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDQ5MzVjYjM2Y2YxMzYwM2QxYTc3MzRmYTMzYWJiOWUyMjhmMTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArX/Q+dFoon+9OlPswjmlznBMGCVv
6sTKYyIzk0gmfis2w53QxQqdEya48poxJD9Meu0vOyoWthfjk2k29Udnk/O21OVS
8Uri2Kl8OcFnPPXS+fBw2yglY2cRomKAypQZV1h3EXptojRB4d0UY8cRHubm9/Jl
SKaPuuEvR7DRsK9nn8cAgaqcjQRbtvArHO1X++8pUmh4c3eFJY1+U9kjakjU3QvD
0pSdqHP6ObHVh8XHGHRdqfzvQUat4N+D/UZSgAuB2IMjg+wlKAeIqfZEMeQuGC+V
9ptw5fZ6KGpMKP+r7wgTOeTs/kqNsdYqD16mjcspKT8+1OBNNAIsRMASNQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFL1JNcs2zxNgPRp3NPozq7niKPFPMB8GA1UdIwQY
MBaAFF58dzaUXCmne6zVsYsP9YdREXutMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWG54M05wUmNLYWQ3ck5XeGl3XzFoMUVSZTYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS83YmRkMDctNmU1NS00YTA1LTlkMWIt
ZWVlZGQ5OWI4Y2M0LzEvdlVrMXl6YlBFMkE5R25jMC1qT3J1ZUlvOFU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS83YmRkMDctNmU1NS00YTA1LTlkMWItZWVlZGQ5OWI4Y2M0
LzEvWG54M05wUmNLYWQ3ck5XeGl3XzFoMUVSZTYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBAjkIAwQA
wWjlMA0EAgACMAcDBQAqEmzAMA0GCSqGSIb3DQEBCwUAA4IBAQCqC6OjQSc274mE
5RNXKmeHsbh2lD8+zvxW6bpqmu48gvjKOB2COO+/XT71F1FyaBqZvVw1w/kdb0NE
3pxwMMxgtFe9jVOc+mfS4ubH9Z2nbh4BGinZ16s6DumxzaVpaXr/3sfyEn8nZwx7
0quRseiDd7dnIFGyfxr8vKul7U+AZjiZiu/nGDL+H3j3WqHHuGMLGA9N9v4ZEMH6
aM6cChtRip5etQdwF9JjEtdY4nK0l+UFktD4TMRTBxryofkQuQR2gqbYfAncVrsM
90iCRiKPEO/4mh+ESSjg0aFJpdfZHSLzUHAIrqwUXTi2oLWwuM+7NCSP0cn6CnLA
WSlvDAG3
-----END CERTIFICATE-----