Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/b9J7bQ4Z1Ab2CNdlaPzCzljdmhI.roa
File:                     b9J7bQ4Z1Ab2CNdlaPzCzljdmhI.roa (raw, json)
Hash identifier:          ce5fAEHTXQn3EdjmRh0Ch02wKt/m7S+dXbIIgayHFbc=
Subject key identifier:   6F:D2:7B:6D:0E:19:D4:06:F6:08:D7:65:68:FC:C2:CE:58:DD:9A:12
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019DFB748FF1F1C241D7FE54E8844D3FAADB
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/b9J7bQ4Z1Ab2CNdlaPzCzljdmhI.roa
Signing time:             Wed 06 May 2026 04:03:33 +0000
ROA not before:           Wed 06 May 2026 04:03:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     393406
IP address blocks:        5.253.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 May 2026 07:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fb:74:8f:f1:f1:c2:41:d7:fe:54:e8:84:4d:3f:aa:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: May  6 04:03:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6fd27b6d0e19d406f608d76568fcc2ce58dd9a12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b0:60:17:7d:64:8d:05:87:81:58:23:82:a1:
                    5b:f9:e2:24:00:ba:04:ab:fb:99:a6:fa:9d:cd:14:
                    0a:0f:91:9d:21:40:e3:5f:fc:cc:78:be:a9:bb:f7:
                    40:cb:b1:74:98:b7:72:34:21:89:09:1b:7c:ba:9f:
                    49:20:ec:b2:7b:18:f1:88:99:2b:43:c6:56:f1:40:
                    7e:c3:15:b1:07:bf:9e:a3:21:b0:39:38:92:ea:b9:
                    e5:76:b1:14:d7:52:35:34:f4:6c:ce:8e:79:b7:85:
                    5e:01:4e:90:d7:f1:01:29:d4:dd:1b:35:6e:14:80:
                    22:0d:ff:b5:fe:15:81:c6:2c:57:79:56:9c:b1:82:
                    18:0f:5d:31:72:92:54:42:9f:1e:1b:56:6f:16:96:
                    fb:ef:3f:86:87:b0:03:5c:15:ed:c6:ed:2c:27:ef:
                    de:16:cb:f7:b2:0a:6e:15:b1:34:38:59:f1:9b:b4:
                    04:32:0a:60:dd:8b:e0:92:eb:5c:6d:ab:f2:a9:31:
                    48:90:eb:a5:bc:e7:cd:b9:a5:b4:5a:94:4c:28:a4:
                    40:c1:8c:f2:af:8f:11:a2:4d:11:d0:f6:c5:36:a2:
                    c4:a1:1f:7d:93:fa:5d:09:0d:a9:31:92:2d:c8:eb:
                    86:89:e9:86:46:dd:da:0b:1e:60:26:92:60:6b:23:
                    d9:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:D2:7B:6D:0E:19:D4:06:F6:08:D7:65:68:FC:C2:CE:58:DD:9A:12
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/b9J7bQ4Z1Ab2CNdlaPzCzljdmhI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:c6:20:af:f9:01:4b:92:7d:87:d0:74:a8:60:ff:e7:47:eb:
         bc:f1:5d:a7:98:8c:00:9f:ef:e3:49:7a:ab:c3:6a:69:75:5a:
         d9:5e:1b:c9:8a:19:d4:22:f0:1f:09:33:fc:f4:10:7a:50:1c:
         69:a0:9f:e7:90:71:3f:e9:ba:5f:73:85:3c:88:40:5f:f6:88:
         19:e8:48:59:4b:5f:79:8c:25:14:92:4a:c7:f3:8d:71:80:92:
         e4:c9:79:39:10:bb:3c:09:b4:2e:f5:a8:f6:c3:4e:54:bf:b6:
         18:64:0c:d8:f9:cf:e4:5f:c1:76:16:e7:c2:f9:e4:4e:f7:60:
         ce:4f:a8:89:88:12:1e:fe:44:62:69:f7:dc:7d:61:3c:19:e6:
         83:0a:f2:3f:20:b2:da:9c:a8:ea:34:55:02:bb:ed:48:c3:98:
         fa:52:bc:6f:fd:9e:df:b6:19:4c:c6:6b:31:6e:73:73:66:80:
         e9:a7:be:2f:99:dd:1a:99:e7:cc:14:5e:0f:15:f4:7a:2f:ab:
         31:4a:e5:85:6c:c3:27:ef:4a:62:48:e5:73:a1:d8:65:4e:84:
         92:97:84:13:14:da:b3:78:35:35:42:80:ec:72:46:97:95:eb:
         42:f5:ee:5f:c0:de:c0:36:d9:5a:4c:3c:58:9d:43:5e:8e:f3:
         aa:73:e3:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ37dI/x8cJB1/5U6IRNP6rbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjYwNTA2MDQwMzMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmQyN2I2ZDBlMTlkNDA2ZjYwOGQ3NjU2OGZjYzJjZTU4ZGQ5YTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLBgF31kjQWHgVgjgqFb+eIkALoE
q/uZpvqdzRQKD5GdIUDjX/zMeL6pu/dAy7F0mLdyNCGJCRt8up9JIOyyexjxiJkr
Q8ZW8UB+wxWxB7+eoyGwOTiS6rnldrEU11I1NPRszo55t4VeAU6Q1/EBKdTdGzVu
FIAiDf+1/hWBxixXeVacsYIYD10xcpJUQp8eG1ZvFpb77z+Gh7ADXBXtxu0sJ+/e
Fsv3sgpuFbE0OFnxm7QEMgpg3YvgkutcbavyqTFIkOulvOfNuaW0WpRMKKRAwYzy
r48Rok0R0PbFNqLEoR99k/pdCQ2pMZItyOuGiemGRt3aCx5gJpJgayPZKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG/Se20OGdQG9gjXZWj8ws5Y3ZoSMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvYjlKN2JRNFoxQWIyQ05kbGFQekN6bGpkbWhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABf1DMA0G
CSqGSIb3DQEBCwUAA4IBAQAuxiCv+QFLkn2H0HSoYP/nR+u88V2nmIwAn+/jSXqr
w2ppdVrZXhvJihnUIvAfCTP89BB6UBxpoJ/nkHE/6bpfc4U8iEBf9ogZ6EhZS195
jCUUkkrH841xgJLkyXk5ELs8CbQu9aj2w05Uv7YYZAzY+c/kX8F2FufC+eRO92DO
T6iJiBIe/kRiaffcfWE8GeaDCvI/ILLanKjqNFUCu+1Iw5j6Urxv/Z7fthlMxmsx
bnNzZoDpp74vmd0amefMFF4PFfR6L6sxSuWFbMMn70piSOVzodhlToSSl4QTFNqz
eDU1QoDsckaXletC9e5fwN7ANtlaTDxYnUNejvOqc+N1
-----END CERTIFICATE-----