Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/3ff027-33d4-419d-aa6b-4b983f1b84a2/1/_osGDzZycVvwVO8jk7tST0-kMuc.roa
File:                     _osGDzZycVvwVO8jk7tST0-kMuc.roa (raw, json)
Hash identifier:          V5At1uVjWkeBJy6WzVu631/zeJQGqErhpfeeQ5kY2uw=
Subject key identifier:   FE:8B:06:0F:36:72:71:5B:F0:54:EF:23:93:BB:52:4F:4F:A4:32:E7
Certificate issuer:       /CN=ee2c487b6b6bdda22179072d92a8f01e8e736634
Certificate serial:       019B7B36F3B26651EDA529822D4C0564B53D
Authority key identifier: EE:2C:48:7B:6B:6B:DD:A2:21:79:07:2D:92:A8:F0:1E:8E:73:66:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7ixIe2tr3aIheQctkqjwHo5zZjQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/3ff027-33d4-419d-aa6b-4b983f1b84a2/1/_osGDzZycVvwVO8jk7tST0-kMuc.roa
Signing time:             Thu 01 Jan 2026 20:19:17 +0000
ROA not before:           Thu 01 Jan 2026 20:19:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57376
IP address blocks:        149.232.252.0/22 maxlen: 24
                          185.232.0.0/22 maxlen: 24
                          2a0c:9700::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/3ff027-33d4-419d-aa6b-4b983f1b84a2/1/7ixIe2tr3aIheQctkqjwHo5zZjQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/3ff027-33d4-419d-aa6b-4b983f1b84a2/1/7ixIe2tr3aIheQctkqjwHo5zZjQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7ixIe2tr3aIheQctkqjwHo5zZjQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:f3:b2:66:51:ed:a5:29:82:2d:4c:05:64:b5:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee2c487b6b6bdda22179072d92a8f01e8e736634
        Validity
            Not Before: Jan  1 20:19:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fe8b060f3672715bf054ef2393bb524f4fa432e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:0f:8b:84:25:60:58:72:95:10:f8:1d:34:fd:
                    99:50:b9:af:77:50:73:9f:a6:b4:96:6f:19:be:50:
                    ea:4a:bd:3d:54:97:12:b0:b6:bc:17:43:58:6f:26:
                    29:08:fe:ca:30:73:58:bc:3f:ad:90:38:e5:41:8f:
                    80:d0:a7:e9:b4:18:f2:c7:ca:9c:2c:7d:c7:ff:fe:
                    1e:f3:b3:cf:c4:23:a1:12:a6:ee:e8:ba:dd:ee:a2:
                    6d:e4:f8:c6:6a:fe:1c:7a:38:32:60:13:4a:27:7d:
                    2d:c4:63:4e:dd:d4:65:90:98:a3:bb:3c:9b:45:3c:
                    22:12:24:cf:ac:bc:52:9a:f7:a7:90:03:6c:4e:99:
                    19:9c:b0:7b:56:aa:ee:01:22:55:2d:ee:b4:fb:1b:
                    18:51:16:47:6a:a6:53:30:b1:36:08:c1:8c:91:e1:
                    f2:64:0e:ca:30:fe:5f:e2:de:a1:90:2b:59:d8:c3:
                    7d:26:40:6e:ac:57:4f:4e:6d:9f:24:aa:57:34:98:
                    1d:93:35:94:b4:b2:27:85:f0:db:7e:8c:f6:b6:7d:
                    2f:82:49:8d:cb:87:da:b1:78:1e:f7:94:83:bb:5e:
                    bf:b5:36:75:d3:f4:36:2b:bd:36:be:00:c3:95:94:
                    51:9b:1e:ce:fa:b6:2d:ca:5d:5d:64:f5:57:b9:9c:
                    1a:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:8B:06:0F:36:72:71:5B:F0:54:EF:23:93:BB:52:4F:4F:A4:32:E7
            X509v3 Authority Key Identifier:
                keyid:EE:2C:48:7B:6B:6B:DD:A2:21:79:07:2D:92:A8:F0:1E:8E:73:66:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7ixIe2tr3aIheQctkqjwHo5zZjQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/3ff027-33d4-419d-aa6b-4b983f1b84a2/1/_osGDzZycVvwVO8jk7tST0-kMuc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/3ff027-33d4-419d-aa6b-4b983f1b84a2/1/7ixIe2tr3aIheQctkqjwHo5zZjQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.232.252.0/22
                  185.232.0.0/22
                IPv6:
                  2a0c:9700::/29

    Signature Algorithm: sha256WithRSAEncryption
         c9:30:29:ff:5d:4e:31:c2:28:6f:ad:d2:3b:35:aa:54:41:53:
         5c:5a:82:c1:e2:cf:f4:4e:fe:49:d6:3d:98:c5:0f:6f:9a:49:
         29:34:80:53:35:d5:13:9b:56:9d:d8:64:ea:18:59:c0:05:c6:
         3c:9f:91:f1:13:8d:25:11:00:52:41:1e:e4:4a:f3:ef:23:1d:
         9f:1b:6d:4a:57:25:c8:1b:b3:21:f1:33:2d:f6:fe:83:19:fd:
         94:ae:fd:84:da:e1:06:83:d4:1e:84:56:b1:f9:00:56:eb:0b:
         3e:e8:52:96:28:86:89:c1:9d:ea:0c:ca:b5:d6:a9:12:71:3a:
         3c:73:d5:61:61:d9:68:78:13:32:40:7c:02:37:13:06:4b:fe:
         2f:3a:30:bc:66:98:79:40:5a:5d:7e:d9:f2:f5:5d:74:76:8c:
         6e:88:ef:9b:2f:ed:d5:5e:87:1f:13:9b:3c:c1:10:c5:c1:b5:
         fd:c3:7f:56:3b:c6:46:88:0b:d4:9e:7e:4b:88:13:ee:7a:81:
         3d:6d:b3:0f:01:d3:d1:55:4e:3f:a3:8a:f9:54:58:a1:7b:c9:
         e7:4d:f9:ca:7b:dd:70:22:57:8e:a5:8e:87:ed:84:42:df:13:
         db:9b:1b:2e:1b:61:f0:0d:af:3e:af:9d:de:16:26:14:5b:5b:
         2b:bd:a4:2e
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZt7NvOyZlHtpSmCLUwFZLU9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMmM0ODdiNmI2YmRkYTIyMTc5MDcyZDkyYThmMDFlOGU3
MzY2MzQwHhcNMjYwMTAxMjAxOTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZThiMDYwZjM2NzI3MTViZjA1NGVmMjM5M2JiNTI0ZjRmYTQzMmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuQ+LhCVgWHKVEPgdNP2ZULmvd1Bz
n6a0lm8ZvlDqSr09VJcSsLa8F0NYbyYpCP7KMHNYvD+tkDjlQY+A0KfptBjyx8qc
LH3H//4e87PPxCOhEqbu6Lrd7qJt5PjGav4cejgyYBNKJ30txGNO3dRlkJijuzyb
RTwiEiTPrLxSmvenkANsTpkZnLB7VqruASJVLe60+xsYURZHaqZTMLE2CMGMkeHy
ZA7KMP5f4t6hkCtZ2MN9JkBurFdPTm2fJKpXNJgdkzWUtLInhfDbfoz2tn0vgkmN
y4fasXge95SDu16/tTZ10/Q2K702vgDDlZRRmx7O+rYtyl1dZPVXuZwafwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFP6LBg82cnFb8FTvI5O7Uk9PpDLnMB8GA1UdIwQY
MBaAFO4sSHtra92iIXkHLZKo8B6Oc2Y0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2l4SWUydHIzYUloZVFjdGtxandIbzV6WmpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS8zZmYwMjctMzNkNC00MTlkLWFhNmIt
NGI5ODNmMWI4NGEyLzEvX29zR0R6WnljVnZ3Vk84ams3dFNUMC1rTXVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS8zZmYwMjctMzNkNC00MTlkLWFhNmItNGI5ODNmMWI4NGEy
LzEvN2l4SWUydHIzYUloZVFjdGtxandIbzV6WmpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQClej8AwQC
uegAMA0EAgACMAcDBQMqDJcAMA0GCSqGSIb3DQEBCwUAA4IBAQDJMCn/XU4xwihv
rdI7NapUQVNcWoLB4s/0Tv5J1j2YxQ9vmkkpNIBTNdUTm1ad2GTqGFnABcY8n5Hx
E40lEQBSQR7kSvPvIx2fG21KVyXIG7Mh8TMt9v6DGf2Urv2E2uEGg9QehFax+QBW
6ws+6FKWKIaJwZ3qDMq11qkScTo8c9VhYdloeBMyQHwCNxMGS/4vOjC8Zph5QFpd
ftny9V10doxuiO+bL+3VXocfE5s8wRDFwbX9w39WO8ZGiAvUnn5LiBPueoE9bbMP
AdPRVU4/o4r5VFihe8nnTfnKe91wIleOpY6H7YRC3xPbmxsuG2HwDa8+r53eFiYU
W1srvaQu
-----END CERTIFICATE-----