Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/5FTWO4rRhBT0cfqhfsl0QS5Ic3w.roa
File:                     5FTWO4rRhBT0cfqhfsl0QS5Ic3w.roa (raw, json)
Hash identifier:          SyX983LkKEmm8/DYLtdzHN/WoHWl44uXdL+hTa/3YJ8=
Subject key identifier:   E4:54:D6:3B:8A:D1:84:14:F4:71:FA:A1:7E:C9:74:41:2E:48:73:7C
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019D238175FB5E4CF1DE111F3F723B23A354
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/5FTWO4rRhBT0cfqhfsl0QS5Ic3w.roa
Signing time:             Wed 25 Mar 2026 05:39:40 +0000
ROA not before:           Wed 25 Mar 2026 05:39:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207567
IP address blocks:        45.128.235.0/24 maxlen: 24
                          178.215.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:23:81:75:fb:5e:4c:f1:de:11:1f:3f:72:3b:23:a3:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Mar 25 05:39:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e454d63b8ad18414f471faa17ec974412e48737c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:ef:fc:58:9e:5e:31:31:e4:2c:c3:83:fe:b2:
                    53:1a:34:77:ec:ec:36:d9:81:2c:49:92:33:17:98:
                    8e:91:d0:bc:89:83:29:91:04:a4:3e:1a:37:dc:ca:
                    6d:d2:b3:b9:03:81:d9:f3:47:94:bc:01:f1:f2:c8:
                    92:27:ef:7a:64:6f:14:09:ac:75:56:9b:69:43:f0:
                    4a:e5:78:9d:f5:78:ce:e6:2c:5e:bf:71:66:e7:42:
                    4d:97:34:11:d4:04:6b:0f:76:e4:61:c3:4f:0e:04:
                    e8:6a:e5:a0:cb:ce:af:5e:b7:e2:18:f0:92:a0:27:
                    00:fb:fa:31:9c:c7:0d:72:d0:97:c0:1e:67:8f:ed:
                    2d:b0:7e:9d:45:a8:ff:d3:1f:d8:61:36:b9:71:df:
                    ca:c0:ce:ee:f0:70:29:54:70:7c:a8:e3:1e:da:4b:
                    d8:b4:30:e2:7e:ea:a8:c9:d8:5f:24:45:4e:28:f3:
                    b9:3e:f1:e8:23:2f:ad:1e:3f:fc:13:24:36:5b:e4:
                    73:3e:d8:04:af:92:8f:8d:cf:15:a2:f7:85:c6:33:
                    4e:a2:e3:c5:58:06:9a:8a:5f:b0:55:8f:fd:8a:d3:
                    b7:43:26:49:db:09:f0:c1:ca:bd:92:57:b8:77:4d:
                    e1:ff:b4:f7:b5:e9:63:88:a2:04:2d:ad:1e:b5:78:
                    f9:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:54:D6:3B:8A:D1:84:14:F4:71:FA:A1:7E:C9:74:41:2E:48:73:7C
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/5FTWO4rRhBT0cfqhfsl0QS5Ic3w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.235.0/24
                  178.215.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:d2:e7:e1:b7:94:6a:d3:4d:ec:44:ab:a4:9f:43:34:1f:bd:
         81:e5:70:ee:19:58:48:d1:db:c5:3b:dd:45:24:99:7b:98:ca:
         e0:76:a9:b4:44:3d:4a:bb:04:bc:a3:71:e7:af:37:ac:e4:55:
         00:59:1f:5d:ce:83:b0:c4:8d:3f:9d:4c:97:bd:d9:65:5e:3e:
         71:57:7b:7d:8c:f9:be:3f:02:7d:a5:55:5e:46:08:de:2b:79:
         bf:5a:b8:fc:08:89:93:37:82:a0:48:3a:a4:93:4b:de:b7:28:
         9d:14:ab:0c:93:46:29:df:da:7e:1a:87:6e:0e:61:82:ee:5f:
         ab:44:b9:9b:05:0c:cb:bc:33:0b:62:55:e1:6d:ac:85:db:80:
         88:3d:3d:b3:8b:b7:b6:8d:95:73:85:63:da:cd:7e:a9:db:18:
         27:85:17:66:53:d0:85:4f:7e:71:39:f0:5f:be:e4:bb:cb:7f:
         3a:30:8d:40:04:72:eb:9a:49:d9:af:d5:df:d4:21:cd:d3:59:
         74:a3:a5:d3:50:be:b7:7c:f4:b6:ba:da:a3:24:e1:0e:95:c8:
         8c:a4:32:68:71:59:ef:6b:69:1f:66:cf:2e:5b:50:33:0c:a4:
         f4:bb:55:47:59:b3:a2:7b:44:22:fa:04:6c:71:4a:00:04:c7:
         50:50:ee:e5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0jgXX7Xkzx3hEfP3I7I6NUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjYwMzI1MDUzOTQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDU0ZDYzYjhhZDE4NDE0ZjQ3MWZhYTE3ZWM5NzQ0MTJlNDg3MzdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApe/8WJ5eMTHkLMOD/rJTGjR37Ow2
2YEsSZIzF5iOkdC8iYMpkQSkPho33Mpt0rO5A4HZ80eUvAHx8siSJ+96ZG8UCax1
VptpQ/BK5Xid9XjO5ixev3Fm50JNlzQR1ARrD3bkYcNPDgToauWgy86vXrfiGPCS
oCcA+/oxnMcNctCXwB5nj+0tsH6dRaj/0x/YYTa5cd/KwM7u8HApVHB8qOMe2kvY
tDDifuqoydhfJEVOKPO5PvHoIy+tHj/8EyQ2W+RzPtgEr5KPjc8VoveFxjNOouPF
WAaail+wVY/9itO3QyZJ2wnwwcq9kle4d03h/7T3teljiKIELa0etXj5oQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFORU1juK0YQU9HH6oX7JdEEuSHN8MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvNUZUV080clJoQlQwY2ZxaGZzbDBRUzVJYzN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYDrAwQA
stfvMA0GCSqGSIb3DQEBCwUAA4IBAQBf0ufht5Rq003sRKukn0M0H72B5XDuGVhI
0dvFO91FJJl7mMrgdqm0RD1KuwS8o3Hnrzes5FUAWR9dzoOwxI0/nUyXvdllXj5x
V3t9jPm+PwJ9pVVeRgjeK3m/Wrj8CImTN4KgSDqkk0vetyidFKsMk0Yp39p+Godu
DmGC7l+rRLmbBQzLvDMLYlXhbayF24CIPT2zi7e2jZVzhWPazX6p2xgnhRdmU9CF
T35xOfBfvuS7y386MI1ABHLrmknZr9Xf1CHN01l0o6XTUL63fPS2utqjJOEOlciM
pDJocVnva2kfZs8uW1AzDKT0u1VHWbOie0Qi+gRscUoABMdQUO7l
-----END CERTIFICATE-----