Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/616924-93b2-4dcb-aeeb-f3fd64331709/1/sivMy5BBS6tJ9sCgHnWlisFnhLo.roa
File:                     sivMy5BBS6tJ9sCgHnWlisFnhLo.roa (raw, json)
Hash identifier:          xCUeJYhVUbo9aIK2zsPjwZyUTmFOjdc6FHzhpsmqqVM=
Subject key identifier:   B2:2B:CC:CB:90:41:4B:AB:49:F6:C0:A0:1E:75:A5:8A:C1:67:84:BA
Certificate issuer:       /CN=5dd69d9f749630f0256cf0ceab58836b491a58f6
Certificate serial:       019C7B1B34EA2B35C718594F58C70F9CF143
Authority key identifier: 5D:D6:9D:9F:74:96:30:F0:25:6C:F0:CE:AB:58:83:6B:49:1A:58:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xdadn3SWMPAlbPDOq1iDa0kaWPY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/616924-93b2-4dcb-aeeb-f3fd64331709/1/sivMy5BBS6tJ9sCgHnWlisFnhLo.roa
Signing time:             Fri 20 Feb 2026 12:51:46 +0000
ROA not before:           Fri 20 Feb 2026 12:51:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        5.181.81.0/24 maxlen: 24
                          5.181.82.0/23 maxlen: 24
                          147.78.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/616924-93b2-4dcb-aeeb-f3fd64331709/1/Xdadn3SWMPAlbPDOq1iDa0kaWPY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/616924-93b2-4dcb-aeeb-f3fd64331709/1/Xdadn3SWMPAlbPDOq1iDa0kaWPY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xdadn3SWMPAlbPDOq1iDa0kaWPY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Feb 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:7b:1b:34:ea:2b:35:c7:18:59:4f:58:c7:0f:9c:f1:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd69d9f749630f0256cf0ceab58836b491a58f6
        Validity
            Not Before: Feb 20 12:51:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b22bcccb90414bab49f6c0a01e75a58ac16784ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:e2:2f:d8:19:bb:04:40:ca:ff:eb:7d:8d:76:
                    03:ec:ab:17:2f:31:98:95:0b:5e:b6:44:8d:e7:01:
                    0f:82:6f:e2:08:26:13:99:15:02:89:57:0a:32:92:
                    a5:bb:1a:e5:f8:6a:eb:db:69:a5:26:63:1d:75:c2:
                    01:54:69:02:83:7f:ae:8c:16:2c:1f:a0:76:ff:9f:
                    50:34:cf:2f:db:0a:1a:a2:f9:39:42:6b:01:2a:85:
                    72:f6:a7:ad:19:d5:8f:91:a7:24:86:95:25:5c:73:
                    e2:bb:9e:93:a1:48:13:17:3d:b7:22:93:d9:2c:d3:
                    5b:7d:cd:10:78:96:38:19:b3:90:c9:9d:64:1d:52:
                    60:e8:b4:54:1c:a8:c0:ed:d5:58:e1:3d:7a:fa:c2:
                    46:32:08:5a:c3:5e:bc:e0:93:78:7f:15:d0:5e:1b:
                    ef:b8:9c:c1:63:70:82:73:2c:c6:ee:53:37:ff:01:
                    73:37:2f:40:7c:b8:bd:8b:1a:75:ab:7d:54:65:39:
                    8a:4b:c5:cf:63:ad:43:de:a6:77:f9:98:3a:62:82:
                    5f:17:c3:87:95:ae:a2:1f:7b:6b:00:b3:5d:c3:0c:
                    31:04:12:40:7b:d1:0a:e3:5d:ac:78:cb:81:78:ed:
                    81:11:e9:43:64:55:d7:83:5c:f9:9f:2f:67:c2:90:
                    00:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:2B:CC:CB:90:41:4B:AB:49:F6:C0:A0:1E:75:A5:8A:C1:67:84:BA
            X509v3 Authority Key Identifier:
                keyid:5D:D6:9D:9F:74:96:30:F0:25:6C:F0:CE:AB:58:83:6B:49:1A:58:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xdadn3SWMPAlbPDOq1iDa0kaWPY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/616924-93b2-4dcb-aeeb-f3fd64331709/1/sivMy5BBS6tJ9sCgHnWlisFnhLo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/616924-93b2-4dcb-aeeb-f3fd64331709/1/Xdadn3SWMPAlbPDOq1iDa0kaWPY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.81.0-5.181.83.255
                  147.78.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:5a:c4:b7:1b:15:44:65:8f:05:ec:49:7d:4e:6f:7f:15:39:
         3d:02:2b:e3:ad:26:f7:5a:cd:c8:16:29:c5:01:6e:ed:41:b4:
         3c:6d:15:ab:46:28:2f:ff:53:0b:66:62:68:ac:30:5f:c6:75:
         cd:07:b7:d9:5e:b2:17:e3:11:9b:c9:35:4b:64:18:5c:c2:81:
         aa:0e:71:77:4d:0b:5f:58:63:1d:ac:f6:15:94:e6:c9:5a:1c:
         1d:21:5a:60:1a:87:b2:5e:7c:6c:93:f7:9b:0e:92:f2:58:2b:
         b9:4f:bd:d4:c4:be:e6:a4:27:02:00:e2:76:d0:90:04:de:c1:
         9b:a0:99:ed:4b:64:9d:c2:c1:be:06:da:4c:46:b0:0c:38:77:
         e1:1a:01:b9:a1:19:87:bc:aa:50:41:34:be:0c:a1:9d:ba:75:
         68:2c:83:5d:47:2a:5a:92:cf:fc:0f:4f:c5:ba:e1:98:f8:77:
         8b:19:bd:82:c2:08:84:66:0f:ac:55:c0:73:e2:bd:f4:90:3d:
         e9:23:fa:53:3b:49:da:a8:8e:54:42:15:47:d4:56:19:ea:e0:
         a4:83:ea:4c:06:d5:61:f2:f0:6a:0f:0c:5d:0a:0c:71:82:58:
         f7:a3:10:08:09:1f:2f:84:2a:20:58:27:1f:8a:b6:86:5c:37:
         8a:14:ef:9c
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZx7GzTqKzXHGFlPWMcPnPFDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZDY5ZDlmNzQ5NjMwZjAyNTZjZjBjZWFiNTg4MzZiNDkx
YTU4ZjYwHhcNMjYwMjIwMTI1MTQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjJiY2NjYjkwNDE0YmFiNDlmNmMwYTAxZTc1YTU4YWMxNjc4NGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyuIv2Bm7BEDK/+t9jXYD7KsXLzGY
lQtetkSN5wEPgm/iCCYTmRUCiVcKMpKluxrl+Grr22mlJmMddcIBVGkCg3+ujBYs
H6B2/59QNM8v2woaovk5QmsBKoVy9qetGdWPkackhpUlXHPiu56ToUgTFz23IpPZ
LNNbfc0QeJY4GbOQyZ1kHVJg6LRUHKjA7dVY4T16+sJGMghaw1684JN4fxXQXhvv
uJzBY3CCcyzG7lM3/wFzNy9AfLi9ixp1q31UZTmKS8XPY61D3qZ3+Zg6YoJfF8OH
la6iH3trALNdwwwxBBJAe9EK412seMuBeO2BEelDZFXXg1z5ny9nwpAASQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFLIrzMuQQUurSfbAoB51pYrBZ4S6MB8GA1UdIwQY
MBaAFF3WnZ90ljDwJWzwzqtYg2tJGlj2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGRhZG4zU1dNUEFsYlBET3ExaURhMGthV1BZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC82MTY5MjQtOTNiMi00ZGNiLWFlZWIt
ZjNmZDY0MzMxNzA5LzEvc2l2TXk1QkJTNnRKOXNDZ0huV2xpc0ZuaExvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC82MTY5MjQtOTNiMi00ZGNiLWFlZWItZjNmZDY0MzMxNzA5
LzEvWGRhZG4zU1dNUEFsYlBET3ExaURhMGthV1BZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAAFtVED
BAIFtVADBACTTo0wDQYJKoZIhvcNAQELBQADggEBAIdaxLcbFURljwXsSX1Ob38V
OT0CK+OtJvdazcgWKcUBbu1BtDxtFatGKC//UwtmYmisMF/Gdc0Ht9leshfjEZvJ
NUtkGFzCgaoOcXdNC19YYx2s9hWU5slaHB0hWmAah7JefGyT95sOkvJYK7lPvdTE
vuakJwIA4nbQkATewZugme1LZJ3Cwb4G2kxGsAw4d+EaAbmhGYe8qlBBNL4MoZ26
dWgsg11HKlqSz/wPT8W64Zj4d4sZvYLCCIRmD6xVwHPivfSQPekj+lM7SdqojlRC
FUfUVhnq4KSD6kwG1WHy8GoPDF0KDHGCWPejEAgJHy+EKiBYJx+KtoZcN4oU75w=
-----END CERTIFICATE-----