Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/rCnxrQy543IX9UWlCq9zEIILRY8.roa
File:                     rCnxrQy543IX9UWlCq9zEIILRY8.roa (raw, json)
Hash identifier:          V66JP0ZcoIZffFcepMtfKVhAxP/YGkmY7H1hnJMgilM=
Subject key identifier:   AC:29:F1:AD:0C:B9:E3:72:17:F5:45:A5:0A:AF:73:10:82:0B:45:8F
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019E3D3A14089D32ECFB711005149FD5AE5B
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/rCnxrQy543IX9UWlCq9zEIILRY8.roa
Signing time:             Mon 18 May 2026 22:34:36 +0000
ROA not before:           Mon 18 May 2026 22:34:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43260
IP address blocks:        5.181.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 May 2026 14:33:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:3d:3a:14:08:9d:32:ec:fb:71:10:05:14:9f:d5:ae:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: May 18 22:34:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ac29f1ad0cb9e37217f545a50aaf7310820b458f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:08:18:c2:91:3f:fb:65:dc:ad:49:83:11:a0:
                    6e:c0:fb:8f:33:df:2a:6d:9d:91:f7:86:8c:fd:75:
                    1c:4b:16:1a:00:bd:d3:82:10:3d:62:f7:e2:32:de:
                    38:3a:9a:25:6d:ee:81:34:52:15:54:3f:83:84:76:
                    60:ee:60:84:b4:58:ba:0c:43:fc:4d:72:98:77:da:
                    61:75:31:f3:99:b1:b8:5a:13:bf:43:d5:cb:5a:af:
                    1d:8e:f7:1e:2f:8d:a0:27:35:12:c1:fa:7b:20:c8:
                    75:e4:fc:06:f8:39:7c:2f:22:df:92:2d:6f:38:e8:
                    4f:67:21:bb:d1:b1:7d:00:88:40:9d:55:84:7d:df:
                    2c:dd:f3:03:31:4e:c3:b5:43:f1:e3:ca:05:bd:ab:
                    75:df:a2:c8:aa:58:d6:8b:9f:0b:fc:40:8f:57:7c:
                    f3:76:27:0b:0f:61:b5:ad:4e:98:5b:eb:f6:fd:7f:
                    22:8c:b0:6a:36:73:46:4b:61:b0:67:bd:24:bb:29:
                    8b:4a:d3:6a:48:ce:2e:e5:dd:6e:d0:16:19:2b:20:
                    79:ad:38:3f:85:7e:2c:b5:1f:91:12:c2:2b:13:ed:
                    ac:07:da:25:1c:03:81:27:83:fc:a1:ac:87:a2:90:
                    69:aa:e7:75:0b:3f:c4:60:73:4a:7e:99:7a:eb:60:
                    87:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:29:F1:AD:0C:B9:E3:72:17:F5:45:A5:0A:AF:73:10:82:0B:45:8F
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/rCnxrQy543IX9UWlCq9zEIILRY8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:3e:91:b7:34:0e:e0:47:2c:02:16:68:e9:74:2e:53:1b:fc:
         97:f9:9d:f4:b5:ad:c3:3d:9f:1b:e1:31:ac:41:80:83:7e:57:
         6e:f8:f7:ba:6d:de:4e:a4:e9:eb:6c:91:3f:18:92:ed:7e:a1:
         16:de:85:55:ca:ed:45:d0:d2:e6:4d:8f:17:c9:a8:fe:e2:7f:
         ac:a7:7a:91:95:ce:9a:f9:11:c9:05:0a:33:70:e6:1a:a7:ef:
         a2:ff:41:ab:3f:62:a6:6a:30:c7:06:60:16:83:d6:af:eb:e2:
         52:42:8f:71:06:6d:59:e1:9f:2d:f0:57:3d:62:08:ef:0f:1f:
         b0:63:39:e3:9a:6d:81:7e:a8:ac:2b:d3:6f:d3:03:7d:39:15:
         a1:8e:37:f3:68:5f:61:e6:02:87:ff:48:b8:b3:ad:10:be:0a:
         1c:61:55:57:86:65:7f:52:c6:2d:a9:24:0b:18:4d:34:01:23:
         7f:97:f9:d5:47:7c:82:0a:34:6e:42:ad:dd:3f:2b:9f:b2:14:
         c9:13:f7:a8:0b:56:87:0f:44:98:88:d8:3d:86:69:45:2b:65:
         af:2f:ec:59:cd:08:32:39:59:8c:80:88:01:09:ff:a6:e9:cc:
         e2:d9:7b:fd:e2:6d:25:fd:9b:18:cd:48:a8:31:72:5c:35:79:
         9a:41:6f:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ49OhQInTLs+3EQBRSf1a5bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjYwNTE4MjIzNDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzI5ZjFhZDBjYjllMzcyMTdmNTQ1YTUwYWFmNzMxMDgyMGI0NThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0QgYwpE/+2XcrUmDEaBuwPuPM98q
bZ2R94aM/XUcSxYaAL3TghA9YvfiMt44Opolbe6BNFIVVD+DhHZg7mCEtFi6DEP8
TXKYd9phdTHzmbG4WhO/Q9XLWq8djvceL42gJzUSwfp7IMh15PwG+Dl8LyLfki1v
OOhPZyG70bF9AIhAnVWEfd8s3fMDMU7DtUPx48oFvat136LIqljWi58L/ECPV3zz
dicLD2G1rU6YW+v2/X8ijLBqNnNGS2GwZ70kuymLStNqSM4u5d1u0BYZKyB5rTg/
hX4stR+REsIrE+2sB9olHAOBJ4P8oayHopBpqud1Cz/EYHNKfpl662CHxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKwp8a0MueNyF/VFpQqvcxCCC0WPMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvckNueHJReTU0M0lYOVVXbENxOXpFSUlMUlk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbVUMA0G
CSqGSIb3DQEBCwUAA4IBAQBNPpG3NA7gRywCFmjpdC5TG/yX+Z30ta3DPZ8b4TGs
QYCDfldu+Pe6bd5OpOnrbJE/GJLtfqEW3oVVyu1F0NLmTY8Xyaj+4n+sp3qRlc6a
+RHJBQozcOYap++i/0GrP2KmajDHBmAWg9av6+JSQo9xBm1Z4Z8t8Fc9YgjvDx+w
Yznjmm2BfqisK9Nv0wN9ORWhjjfzaF9h5gKH/0i4s60QvgocYVVXhmV/UsYtqSQL
GE00ASN/l/nVR3yCCjRuQq3dPyufshTJE/eoC1aHD0SYiNg9hmlFK2WvL+xZzQgy
OVmMgIgBCf+m6czi2Xv94m0l/ZsYzUioMXJcNXmaQW9H
-----END CERTIFICATE-----