Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/oJ2ks5YNwiHAq9WzT5_4e1nkYaE.roa
File:                     oJ2ks5YNwiHAq9WzT5_4e1nkYaE.roa (raw, json)
Hash identifier:          bo5UpeN+wQ6nH/bLCuevf6K58UPiHvne75tCF8e9eKo=
Subject key identifier:   A0:9D:A4:B3:96:0D:C2:21:C0:AB:D5:B3:4F:9F:F8:7B:59:E4:61:A1
Certificate issuer:       /CN=3545a7200164912041bb931efb1feac123b43a18
Certificate serial:       019C9FE230B82B2CF695B56FBE2FCACD1CDC
Authority key identifier: 35:45:A7:20:01:64:91:20:41:BB:93:1E:FB:1F:EA:C1:23:B4:3A:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/oJ2ks5YNwiHAq9WzT5_4e1nkYaE.roa
Signing time:             Fri 27 Feb 2026 16:15:26 +0000
ROA not before:           Fri 27 Feb 2026 16:15:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5533
IP address blocks:        5.253.180.0/24 maxlen: 24
                          2a09:58c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9f:e2:30:b8:2b:2c:f6:95:b5:6f:be:2f:ca:cd:1c:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3545a7200164912041bb931efb1feac123b43a18
        Validity
            Not Before: Feb 27 16:15:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a09da4b3960dc221c0abd5b34f9ff87b59e461a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:44:11:25:ee:c9:09:7a:ff:e8:1c:14:ea:46:
                    cf:6e:f8:9f:2a:9d:9d:75:27:50:4a:ff:bb:3f:25:
                    eb:d8:d3:a7:38:18:c5:24:b3:e0:0a:d7:2b:34:6c:
                    37:51:dd:88:4e:ac:72:73:d3:9f:b0:b3:9e:ed:33:
                    38:6d:22:81:a2:3b:ce:ea:e5:88:28:fd:4d:64:97:
                    b2:a5:be:4b:73:81:ce:93:08:fa:3e:8e:d2:e3:6d:
                    2a:3a:3c:96:7e:33:0e:47:05:8d:d5:df:c2:1f:15:
                    d0:8b:3e:75:c5:af:f5:eb:75:b4:08:ef:e9:7b:31:
                    61:29:c4:d5:e7:d2:ee:8d:cc:8a:53:ef:c4:d1:de:
                    5b:e0:9f:ed:c3:06:de:06:8e:43:c4:f3:c3:4f:c4:
                    37:94:c7:60:ea:6a:c3:18:b0:bb:6f:ad:ad:9e:39:
                    6d:d3:d1:6c:74:88:3e:df:b3:71:a6:78:fd:aa:82:
                    0b:22:2c:5d:17:8a:b7:83:87:50:ca:e8:e9:6a:e7:
                    ff:7b:ff:ff:67:b6:37:b5:2f:8a:19:06:ce:de:d4:
                    f5:65:94:0c:40:0d:af:67:4e:5b:e8:7c:27:93:a7:
                    8c:8c:99:b9:e9:ef:90:3e:37:bc:d8:51:3e:8d:fc:
                    26:f7:23:57:a0:f9:2d:d2:16:72:d9:a9:87:85:ec:
                    08:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:9D:A4:B3:96:0D:C2:21:C0:AB:D5:B3:4F:9F:F8:7B:59:E4:61:A1
            X509v3 Authority Key Identifier:
                keyid:35:45:A7:20:01:64:91:20:41:BB:93:1E:FB:1F:EA:C1:23:B4:3A:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/oJ2ks5YNwiHAq9WzT5_4e1nkYaE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/59c4b8-87f4-4f2f-a449-aabb062e40db/1/NUWnIAFkkSBBu5Me-x_qwSO0Ohg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.180.0/24
                IPv6:
                  2a09:58c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:2e:64:68:12:ef:8a:90:a6:02:b2:3b:96:63:60:96:0d:12:
         cf:45:89:c8:63:93:44:58:e1:df:47:fd:2a:d4:33:3d:a7:80:
         4d:ec:cd:3e:cb:0b:84:d6:70:1d:f1:b9:a0:80:a9:f7:6d:d9:
         3b:78:c4:b0:f7:53:2e:82:7f:dd:0a:d4:87:93:95:1b:13:4f:
         fa:26:4f:a7:cf:ac:b3:a3:35:72:b4:a7:38:fb:ea:5e:80:6a:
         c3:af:7e:2d:d6:8e:6f:41:ad:26:f2:b9:ff:90:15:8d:19:9e:
         1e:96:40:2a:56:0e:c8:7b:d7:8a:f0:8c:99:62:b9:60:dc:70:
         63:01:a6:f8:b2:79:c4:f4:eb:32:6b:d6:2d:d5:ed:f8:ca:e6:
         76:32:80:8f:51:5e:7b:88:7e:66:30:2f:78:c1:b6:aa:82:2a:
         e6:e9:c1:be:77:a8:da:d2:bf:41:32:7c:d7:9d:cd:25:a8:3e:
         73:a0:a6:1f:10:0a:2c:d6:71:f0:7d:c4:4a:bf:1d:7c:6a:6a:
         ab:28:be:e7:a5:ad:0a:fd:8e:f0:aa:6a:7a:51:3c:48:14:eb:
         0b:29:7f:81:05:73:17:da:c9:d6:bc:f5:3c:55:97:92:5c:83:
         ac:dd:b1:d6:ee:07:29:00:bb:f9:4d:14:5d:3b:1a:96:54:6d:
         29:e5:44:2e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZyf4jC4Kyz2lbVvvi/KzRzcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NDVhNzIwMDE2NDkxMjA0MWJiOTMxZWZiMWZlYWMxMjNi
NDNhMTgwHhcNMjYwMjI3MTYxNTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDlkYTRiMzk2MGRjMjIxYzBhYmQ1YjM0ZjlmZjg3YjU5ZTQ2MWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAykQRJe7JCXr/6BwU6kbPbvifKp2d
dSdQSv+7PyXr2NOnOBjFJLPgCtcrNGw3Ud2ITqxyc9OfsLOe7TM4bSKBojvO6uWI
KP1NZJeypb5Lc4HOkwj6Po7S420qOjyWfjMORwWN1d/CHxXQiz51xa/163W0CO/p
ezFhKcTV59LujcyKU+/E0d5b4J/twwbeBo5DxPPDT8Q3lMdg6mrDGLC7b62tnjlt
09FsdIg+37Nxpnj9qoILIixdF4q3g4dQyujpauf/e///Z7Y3tS+KGQbO3tT1ZZQM
QA2vZ05b6Hwnk6eMjJm56e+QPje82FE+jfwm9yNXoPkt0hZy2amHhewI8wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKCdpLOWDcIhwKvVs0+f+HtZ5GGhMB8GA1UdIwQY
MBaAFDVFpyABZJEgQbuTHvsf6sEjtDoYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlVXbklBRmtrU0JCdTVNZS14X3F3U08wT2hnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy81OWM0YjgtODdmNC00ZjJmLWE0NDkt
YWFiYjA2MmU0MGRiLzEvb0oya3M1WU53aUhBcTlXelQ1XzRlMW5rWWFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy81OWM0YjgtODdmNC00ZjJmLWE0NDktYWFiYjA2MmU0MGRi
LzEvTlVXbklBRmtrU0JCdTVNZS14X3F3U08wT2hnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQABf20MA8E
AgACMAkDBwAqCVjAAAAwDQYJKoZIhvcNAQELBQADggEBAC4uZGgS74qQpgKyO5Zj
YJYNEs9Fichjk0RY4d9H/SrUMz2ngE3szT7LC4TWcB3xuaCAqfdt2Tt4xLD3Uy6C
f90K1IeTlRsTT/omT6fPrLOjNXK0pzj76l6AasOvfi3Wjm9BrSbyuf+QFY0Znh6W
QCpWDsh714rwjJliuWDccGMBpviyecT06zJr1i3V7fjK5nYygI9RXnuIfmYwL3jB
tqqCKubpwb53qNrSv0EyfNedzSWoPnOgph8QCizWcfB9xEq/HXxqaqsovuelrQr9
jvCqanpRPEgU6wspf4EFcxfayda89TxVl5Jcg6zdsdbuBykAu/lNFF07GpZUbSnl
RC4=
-----END CERTIFICATE-----