Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/7US0tL5vzcpvHWkRtJDtHUixsJ0.roa
File:                     7US0tL5vzcpvHWkRtJDtHUixsJ0.roa (raw, json)
Hash identifier:          C4DkuWxcWZ7yK5uvnx9kDGRg0wPPqpUYpLVsufP4HbI=
Subject key identifier:   ED:44:B4:B4:BE:6F:CD:CA:6F:1D:69:11:B4:90:ED:1D:48:B1:B0:9D
Certificate issuer:       /CN=4456c14cd8724f9a909627b94e006cf69d12307b
Certificate serial:       019E54AE1B8D5ECB5C12E30E030EF1D70910
Authority key identifier: 44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/7US0tL5vzcpvHWkRtJDtHUixsJ0.roa
Signing time:             Sat 23 May 2026 11:52:36 +0000
ROA not before:           Sat 23 May 2026 11:52:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203380
IP address blocks:        185.36.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 May 2026 17:41:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:54:ae:1b:8d:5e:cb:5c:12:e3:0e:03:0e:f1:d7:09:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4456c14cd8724f9a909627b94e006cf69d12307b
        Validity
            Not Before: May 23 11:52:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ed44b4b4be6fcdca6f1d6911b490ed1d48b1b09d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:72:45:62:fb:79:24:9a:11:f4:9e:97:cf:6d:
                    06:2a:e7:2b:45:28:a1:83:af:dd:11:30:6f:94:d4:
                    f0:ba:59:bb:c4:50:9a:ff:8b:94:be:5d:1f:44:da:
                    fa:37:49:08:e3:45:63:62:5e:c2:b2:f2:c1:21:91:
                    ee:5d:e7:b6:b6:1b:4d:89:d2:30:f6:41:ec:7b:77:
                    c7:a2:3b:7e:85:1f:3d:30:cc:53:db:ff:d9:1d:ef:
                    93:37:d5:45:09:79:83:9a:29:6a:60:c1:0c:d4:aa:
                    80:ea:64:1f:62:79:c7:67:f7:04:b7:7c:2e:84:81:
                    1f:97:56:15:f1:70:5a:61:9a:72:e8:f8:f4:0a:d4:
                    14:54:3a:0c:da:8f:0d:b0:8f:d5:ca:79:01:3c:bb:
                    d0:68:da:65:91:8a:85:50:23:3e:8f:03:71:4c:4b:
                    a3:b8:dc:fa:34:17:34:07:fd:71:81:91:8e:29:dc:
                    a2:77:bc:a2:ee:fd:a1:d2:79:47:f6:08:c1:5e:27:
                    91:a5:77:89:98:bd:01:a5:79:6b:f5:03:5d:c1:de:
                    ce:97:f2:57:1a:40:a4:5b:93:c0:da:ed:7c:cd:d9:
                    c2:b9:39:97:ad:d6:0c:5a:ae:12:8e:4c:3c:59:13:
                    15:30:36:e2:00:d0:6c:d6:70:8d:43:3f:f9:d2:2d:
                    f5:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:44:B4:B4:BE:6F:CD:CA:6F:1D:69:11:B4:90:ED:1D:48:B1:B0:9D
            X509v3 Authority Key Identifier:
                keyid:44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/7US0tL5vzcpvHWkRtJDtHUixsJ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.36.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:76:c8:76:8a:21:0c:51:ab:73:be:29:08:78:c6:52:40:ea:
         69:70:bf:ee:ff:72:94:f3:ea:a1:ed:1d:01:ce:56:bb:20:7e:
         5f:76:10:99:f9:05:73:2e:95:e7:18:ae:8b:80:f3:35:3a:77:
         b2:1f:3f:55:db:dd:da:07:5b:54:84:51:ff:e7:ce:8b:f5:4d:
         ea:65:f7:7a:1c:27:5c:13:24:eb:e2:6b:55:65:98:79:82:6b:
         e5:ff:b1:14:c3:90:58:f3:0b:e6:6c:0a:bd:b5:78:42:a1:c5:
         54:52:ec:77:78:c4:60:72:e3:8f:35:70:28:08:0b:43:e6:3d:
         1c:1f:f7:ef:0c:26:be:86:49:6e:4f:0c:ca:5c:d4:38:08:83:
         f0:b8:a6:2e:a8:52:f6:7a:b5:07:3c:a5:69:6e:72:69:f7:01:
         7f:ba:be:20:86:09:3e:9a:bc:3b:f6:d5:77:a5:01:28:f4:49:
         24:f5:75:71:ff:c9:3c:13:66:24:b4:4a:b1:c1:48:b0:7b:70:
         25:4c:cd:a3:37:96:f2:0b:ea:2f:24:ed:e5:9f:ce:47:54:de:
         8b:12:7f:c6:87:66:7f:94:b1:5b:d2:65:d2:82:75:62:de:11:
         95:09:ae:e4:3d:b4:36:f8:69:5a:9e:52:2d:50:b9:3c:6c:e4:
         a5:4a:19:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5UrhuNXstcEuMOAw7x1wkQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTZjMTRjZDg3MjRmOWE5MDk2MjdiOTRlMDA2Y2Y2OWQx
MjMwN2IwHhcNMjYwNTIzMTE1MjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDQ0YjRiNGJlNmZjZGNhNmYxZDY5MTFiNDkwZWQxZDQ4YjFiMDlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwnJFYvt5JJoR9J6Xz20GKucrRSih
g6/dETBvlNTwulm7xFCa/4uUvl0fRNr6N0kI40VjYl7CsvLBIZHuXee2thtNidIw
9kHse3fHojt+hR89MMxT2//ZHe+TN9VFCXmDmilqYMEM1KqA6mQfYnnHZ/cEt3wu
hIEfl1YV8XBaYZpy6Pj0CtQUVDoM2o8NsI/VynkBPLvQaNplkYqFUCM+jwNxTEuj
uNz6NBc0B/1xgZGOKdyid7yi7v2h0nlH9gjBXieRpXeJmL0BpXlr9QNdwd7Ol/JX
GkCkW5PA2u18zdnCuTmXrdYMWq4Sjkw8WRMVMDbiANBs1nCNQz/50i31vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO1EtLS+b83Kbx1pEbSQ7R1IsbCdMB8GA1UdIwQY
MBaAFERWwUzYck+akJYnuU4AbPadEjB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYt
NWI4NzgyNWMwN2VlLzEvN1VTMHRMNXZ6Y3B2SFdrUnRKRHRIVWl4c0owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYtNWI4NzgyNWMwN2Vl
LzEvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSR/MA0G
CSqGSIb3DQEBCwUAA4IBAQAAdsh2iiEMUatzvikIeMZSQOppcL/u/3KU8+qh7R0B
zla7IH5fdhCZ+QVzLpXnGK6LgPM1OneyHz9V293aB1tUhFH/586L9U3qZfd6HCdc
EyTr4mtVZZh5gmvl/7EUw5BY8wvmbAq9tXhCocVUUux3eMRgcuOPNXAoCAtD5j0c
H/fvDCa+hkluTwzKXNQ4CIPwuKYuqFL2erUHPKVpbnJp9wF/ur4ghgk+mrw79tV3
pQEo9Ekk9XVx/8k8E2YktEqxwUiwe3AlTM2jN5byC+ovJO3ln85HVN6LEn/Gh2Z/
lLFb0mXSgnVi3hGVCa7kPbQ2+GlanlItULk8bOSlShlq
-----END CERTIFICATE-----