Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/c5018c-fdc6-414b-beef-02de0124228e/1/5vMOlypxAuZaUa1lT4Du6NofTRw.roa
File:                     5vMOlypxAuZaUa1lT4Du6NofTRw.roa (raw, json)
Hash identifier:          Heh90tPajbdP88sWjEmlLRjVC7DS8RROOo/9jXV4mgM=
Subject key identifier:   E6:F3:0E:97:2A:71:02:E6:5A:51:AD:65:4F:80:EE:E8:DA:1F:4D:1C
Certificate issuer:       /CN=544a82aa5e2eb71719b7f9f049a307b12454497e
Certificate serial:       019EFFB73138D65597C7A5CABBB4A4EC3E7E
Authority key identifier: 54:4A:82:AA:5E:2E:B7:17:19:B7:F9:F0:49:A3:07:B1:24:54:49:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VEqCql4utxcZt_nwSaMHsSRUSX4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/c5018c-fdc6-414b-beef-02de0124228e/1/5vMOlypxAuZaUa1lT4Du6NofTRw.roa
Signing time:             Thu 25 Jun 2026 16:57:36 +0000
ROA not before:           Thu 25 Jun 2026 16:57:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210895
IP address blocks:        145.63.134.0/24 maxlen: 24
                          188.137.178.0/24 maxlen: 24
                          188.137.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/c5018c-fdc6-414b-beef-02de0124228e/1/VEqCql4utxcZt_nwSaMHsSRUSX4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/c5018c-fdc6-414b-beef-02de0124228e/1/VEqCql4utxcZt_nwSaMHsSRUSX4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VEqCql4utxcZt_nwSaMHsSRUSX4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 13:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ff:b7:31:38:d6:55:97:c7:a5:ca:bb:b4:a4:ec:3e:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=544a82aa5e2eb71719b7f9f049a307b12454497e
        Validity
            Not Before: Jun 25 16:57:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e6f30e972a7102e65a51ad654f80eee8da1f4d1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:56:b7:25:32:4b:38:73:25:fc:26:5f:b6:7f:
                    fb:7b:87:51:39:c4:a9:71:50:51:7f:66:12:5b:86:
                    d3:7b:37:87:30:2a:19:a8:5d:a4:c0:3f:7f:ed:75:
                    95:44:37:50:3a:53:15:a0:2a:5e:4b:d1:d3:d3:9a:
                    48:6d:09:a1:45:06:b1:e7:59:02:cd:2f:d0:08:9c:
                    fb:83:48:8f:50:9b:e0:00:7f:f0:26:9d:68:74:82:
                    26:1f:ec:4d:96:ad:e7:4e:48:63:1e:d0:79:c0:cf:
                    c2:b3:43:1d:e3:c4:2e:2b:b0:4f:94:08:ea:e5:45:
                    d4:a7:7f:2b:77:80:e6:d5:26:cd:52:36:e4:a8:31:
                    78:46:23:0a:fd:08:bc:98:5c:2d:17:4e:ea:f9:27:
                    ef:a2:4a:9c:8d:4a:5a:2e:00:54:fe:57:7a:ff:0a:
                    d1:cb:c8:94:55:08:8b:cd:f9:5f:68:90:70:da:dd:
                    54:c5:45:15:31:94:ce:8d:b0:a0:4b:18:8d:7b:ac:
                    fb:5e:87:c8:fb:29:fc:f1:cd:4b:59:90:da:f9:46:
                    ca:18:b2:fb:19:9d:c7:d0:c7:ef:cd:1a:e4:1e:2c:
                    61:eb:cb:04:ac:7d:a3:8a:e3:51:7b:c2:b2:54:b1:
                    96:ff:0f:d8:93:56:96:f0:f2:2c:de:f9:07:e0:73:
                    57:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:F3:0E:97:2A:71:02:E6:5A:51:AD:65:4F:80:EE:E8:DA:1F:4D:1C
            X509v3 Authority Key Identifier:
                keyid:54:4A:82:AA:5E:2E:B7:17:19:B7:F9:F0:49:A3:07:B1:24:54:49:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VEqCql4utxcZt_nwSaMHsSRUSX4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/c5018c-fdc6-414b-beef-02de0124228e/1/5vMOlypxAuZaUa1lT4Du6NofTRw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/c5018c-fdc6-414b-beef-02de0124228e/1/VEqCql4utxcZt_nwSaMHsSRUSX4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.63.134.0/24
                  188.137.178.0/24
                  188.137.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:02:5b:56:a9:15:e8:4e:51:bf:72:c3:f8:b2:77:01:b4:07:
         db:3f:d8:47:89:91:94:5f:d6:d1:51:42:ea:b7:55:09:a3:1a:
         42:d0:34:e9:a7:99:0a:73:e5:cc:59:e6:99:24:ff:86:32:67:
         44:65:a8:14:a9:8e:8e:96:47:c1:d3:d6:d3:81:75:c9:68:c9:
         85:3f:24:59:90:69:c0:b9:33:94:d2:dc:81:1a:c1:56:9e:83:
         6f:1b:38:9c:e6:92:3c:d3:3a:36:ff:da:e4:af:35:25:f5:c8:
         f6:75:3d:b2:92:63:f8:db:50:b5:18:1a:20:3c:1f:3d:2b:83:
         1f:7a:6f:84:19:84:f8:3d:1d:c4:ee:f4:f0:2a:f1:0c:e4:13:
         0b:14:19:e7:48:38:26:6a:58:c2:15:d5:47:8e:06:9b:af:a3:
         dc:cd:e1:3e:ca:18:8c:50:fd:07:b0:94:cc:b1:98:eb:8f:19:
         f8:57:8a:df:7d:c4:f0:74:35:46:f0:9e:1e:8d:6d:18:01:a2:
         d9:7d:ed:14:e7:99:8b:ff:fa:6c:5c:bd:42:0b:41:74:33:a9:
         d2:59:db:3f:da:c6:ef:68:75:32:63:27:fe:18:35:07:5b:92:
         89:12:bd:56:4c:bf:e4:be:dd:1b:54:46:57:ab:81:34:31:c2:
         9a:a0:ae:6f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ7/tzE41lWXx6XKu7Sk7D5+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NGE4MmFhNWUyZWI3MTcxOWI3ZjlmMDQ5YTMwN2IxMjQ1
NDQ5N2UwHhcNMjYwNjI1MTY1NzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmYzMGU5NzJhNzEwMmU2NWE1MWFkNjU0ZjgwZWVlOGRhMWY0ZDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnla3JTJLOHMl/CZftn/7e4dROcSp
cVBRf2YSW4bTezeHMCoZqF2kwD9/7XWVRDdQOlMVoCpeS9HT05pIbQmhRQax51kC
zS/QCJz7g0iPUJvgAH/wJp1odIImH+xNlq3nTkhjHtB5wM/Cs0Md48QuK7BPlAjq
5UXUp38rd4Dm1SbNUjbkqDF4RiMK/Qi8mFwtF07q+SfvokqcjUpaLgBU/ld6/wrR
y8iUVQiLzflfaJBw2t1UxUUVMZTOjbCgSxiNe6z7XofI+yn88c1LWZDa+UbKGLL7
GZ3H0MfvzRrkHixh68sErH2jiuNRe8KyVLGW/w/Yk1aW8PIs3vkH4HNXwwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFObzDpcqcQLmWlGtZU+A7ujaH00cMB8GA1UdIwQY
MBaAFFRKgqpeLrcXGbf58EmjB7EkVEl+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkVxQ3FsNHV0eGNadF9ud1NhTUhzU1JVU1g0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC9jNTAxOGMtZmRjNi00MTRiLWJlZWYt
MDJkZTAxMjQyMjhlLzEvNXZNT2x5cHhBdVphVWExbFQ0RHU2Tm9mVFJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC9jNTAxOGMtZmRjNi00MTRiLWJlZWYtMDJkZTAxMjQyMjhl
LzEvVkVxQ3FsNHV0eGNadF9ud1NhTUhzU1JVU1g0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAkT+GAwQA
vImyAwQAvIn0MA0GCSqGSIb3DQEBCwUAA4IBAQAMAltWqRXoTlG/csP4sncBtAfb
P9hHiZGUX9bRUULqt1UJoxpC0DTpp5kKc+XMWeaZJP+GMmdEZagUqY6OlkfB09bT
gXXJaMmFPyRZkGnAuTOU0tyBGsFWnoNvGzic5pI80zo2/9rkrzUl9cj2dT2ykmP4
21C1GBogPB89K4Mfem+EGYT4PR3E7vTwKvEM5BMLFBnnSDgmaljCFdVHjgabr6Pc
zeE+yhiMUP0HsJTMsZjrjxn4V4rffcTwdDVG8J4ejW0YAaLZfe0U55mL//psXL1C
C0F0M6nSWds/2sbvaHUyYyf+GDUHW5KJEr1WTL/kvt0bVEZXq4E0McKaoK5v
-----END CERTIFICATE-----