Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/29fb04-e07b-4e30-b8f5-54204ddd2ca6/1/OpYOp0A5IPKJ7jbcXskpSxQGlaQ.roa
File:                     OpYOp0A5IPKJ7jbcXskpSxQGlaQ.roa (raw, json)
Hash identifier:          rADmm3meTWoAJpb+yfOPFFjI2xZfTZaGcVmBPuOR9B8=
Subject key identifier:   3A:96:0E:A7:40:39:20:F2:89:EE:36:DC:5E:C9:29:4B:14:06:95:A4
Certificate issuer:       /CN=5ec1769d3ff042124698e31c472b63bbf1bbb5ad
Certificate serial:       019E74BDA87369A47890676234DC0111E288
Authority key identifier: 5E:C1:76:9D:3F:F0:42:12:46:98:E3:1C:47:2B:63:BB:F1:BB:B5:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XsF2nT_wQhJGmOMcRytju_G7ta0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/29fb04-e07b-4e30-b8f5-54204ddd2ca6/1/OpYOp0A5IPKJ7jbcXskpSxQGlaQ.roa
Signing time:             Fri 29 May 2026 17:17:26 +0000
ROA not before:           Fri 29 May 2026 17:17:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     24947
IP address blocks:        185.84.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/29fb04-e07b-4e30-b8f5-54204ddd2ca6/1/XsF2nT_wQhJGmOMcRytju_G7ta0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/29fb04-e07b-4e30-b8f5-54204ddd2ca6/1/XsF2nT_wQhJGmOMcRytju_G7ta0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XsF2nT_wQhJGmOMcRytju_G7ta0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:74:bd:a8:73:69:a4:78:90:67:62:34:dc:01:11:e2:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ec1769d3ff042124698e31c472b63bbf1bbb5ad
        Validity
            Not Before: May 29 17:17:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3a960ea7403920f289ee36dc5ec9294b140695a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:fe:97:84:6a:d4:69:74:77:38:20:dc:e7:ef:
                    60:d2:6c:d3:2c:39:1e:d5:56:0f:d0:60:d8:10:03:
                    52:df:af:e5:81:4c:98:a0:fd:b3:d0:cf:b4:0b:3e:
                    69:2a:a5:85:ee:25:e6:a1:fe:7c:f2:5d:a9:e7:03:
                    3c:6c:fa:df:1c:e6:41:38:a5:ff:aa:8b:dc:75:ed:
                    85:94:73:fc:5b:81:63:10:36:b0:1f:57:6d:9f:84:
                    d6:42:d3:18:c4:1f:4c:f1:79:27:a1:68:e0:ca:60:
                    6e:4d:db:b7:ae:a7:ee:c1:b5:77:eb:56:f8:d2:6c:
                    d7:45:e3:34:c1:6b:a5:d9:18:03:81:db:85:c8:0b:
                    68:6d:f0:df:e8:2b:43:27:27:27:87:ed:4f:23:0f:
                    02:01:9a:b8:2d:42:d0:a0:3e:ab:b0:28:bd:5c:96:
                    43:d8:48:fe:68:81:15:7f:7e:2c:4b:0a:d8:8f:e7:
                    35:60:92:cd:d6:95:6d:bf:65:0a:4c:56:2e:c8:b4:
                    5c:3b:eb:6e:19:a4:2e:a5:64:48:9b:55:9c:35:69:
                    76:09:87:09:df:5c:3a:b1:30:24:99:cf:33:a7:6c:
                    48:3f:c4:c2:59:fc:3a:68:73:06:db:55:d8:1e:42:
                    23:17:bb:88:6a:86:3d:84:71:3f:45:b7:fd:ed:b4:
                    c4:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:96:0E:A7:40:39:20:F2:89:EE:36:DC:5E:C9:29:4B:14:06:95:A4
            X509v3 Authority Key Identifier:
                keyid:5E:C1:76:9D:3F:F0:42:12:46:98:E3:1C:47:2B:63:BB:F1:BB:B5:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XsF2nT_wQhJGmOMcRytju_G7ta0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/29fb04-e07b-4e30-b8f5-54204ddd2ca6/1/OpYOp0A5IPKJ7jbcXskpSxQGlaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/29fb04-e07b-4e30-b8f5-54204ddd2ca6/1/XsF2nT_wQhJGmOMcRytju_G7ta0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.84.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:d7:e8:f0:d7:65:b6:a0:80:4f:e2:4c:df:c3:28:c9:13:09:
         27:5e:39:a1:b9:73:38:47:c0:d1:f6:d5:d1:5d:92:7d:84:89:
         6c:36:59:1c:e0:4e:c3:0c:00:cf:17:a9:98:f3:62:16:3e:61:
         62:7e:b1:ba:ba:1e:2a:aa:90:fc:9a:6c:dd:19:ea:7b:e3:83:
         67:af:74:da:8c:ad:af:fb:62:14:af:34:02:91:4b:98:80:f2:
         ba:93:73:87:bb:7a:da:63:44:36:9e:6f:6b:94:70:e1:df:69:
         62:74:6d:a3:8f:42:eb:26:ef:e9:f2:93:3a:5a:89:0a:8c:2c:
         d7:bc:37:ef:c3:da:26:8d:9a:68:21:34:58:98:a7:32:29:d3:
         61:a5:d2:5b:02:1c:a1:20:fa:c4:21:ac:93:bd:f8:8b:f2:57:
         82:df:9d:c3:55:c1:6d:9c:33:93:db:1b:60:38:21:5b:94:37:
         dc:2b:b8:a6:91:2e:f9:e3:50:c1:d7:39:95:c1:74:38:22:2e:
         62:d0:9c:60:9a:ee:c9:41:4d:6d:be:80:dd:19:86:6b:33:fa:
         86:9c:73:4f:84:52:7d:87:e9:09:84:32:67:6a:a0:8a:89:8d:
         47:84:0e:8a:b2:4b:42:4d:e7:b2:48:e0:7b:da:10:c8:7c:28:
         60:7e:a7:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ50vahzaaR4kGdiNNwBEeKIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlYzE3NjlkM2ZmMDQyMTI0Njk4ZTMxYzQ3MmI2M2JiZjFi
YmI1YWQwHhcNMjYwNTI5MTcxNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTk2MGVhNzQwMzkyMGYyODllZTM2ZGM1ZWM5Mjk0YjE0MDY5NWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoP6XhGrUaXR3OCDc5+9g0mzTLDke
1VYP0GDYEANS36/lgUyYoP2z0M+0Cz5pKqWF7iXmof588l2p5wM8bPrfHOZBOKX/
qovcde2FlHP8W4FjEDawH1dtn4TWQtMYxB9M8XknoWjgymBuTdu3rqfuwbV361b4
0mzXReM0wWul2RgDgduFyAtobfDf6CtDJycnh+1PIw8CAZq4LULQoD6rsCi9XJZD
2Ej+aIEVf34sSwrYj+c1YJLN1pVtv2UKTFYuyLRcO+tuGaQupWRIm1WcNWl2CYcJ
31w6sTAkmc8zp2xIP8TCWfw6aHMG21XYHkIjF7uIaoY9hHE/Rbf97bTErwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDqWDqdAOSDyie423F7JKUsUBpWkMB8GA1UdIwQY
MBaAFF7Bdp0/8EISRpjjHEcrY7vxu7WtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHNGMm5UX3dRaEpHbU9NY1J5dGp1X0c3dGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny8yOWZiMDQtZTA3Yi00ZTMwLWI4ZjUt
NTQyMDRkZGQyY2E2LzEvT3BZT3AwQTVJUEtKN2piY1hza3BTeFFHbGFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny8yOWZiMDQtZTA3Yi00ZTMwLWI4ZjUtNTQyMDRkZGQyY2E2
LzEvWHNGMm5UX3dRaEpHbU9NY1J5dGp1X0c3dGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVSfMA0G
CSqGSIb3DQEBCwUAA4IBAQBH1+jw12W2oIBP4kzfwyjJEwknXjmhuXM4R8DR9tXR
XZJ9hIlsNlkc4E7DDADPF6mY82IWPmFifrG6uh4qqpD8mmzdGep744Nnr3TajK2v
+2IUrzQCkUuYgPK6k3OHu3raY0Q2nm9rlHDh32lidG2jj0LrJu/p8pM6WokKjCzX
vDfvw9omjZpoITRYmKcyKdNhpdJbAhyhIPrEIayTvfiL8leC353DVcFtnDOT2xtg
OCFblDfcK7imkS7541DB1zmVwXQ4Ii5i0Jxgmu7JQU1tvoDdGYZrM/qGnHNPhFJ9
h+kJhDJnaqCKiY1HhA6KsktCTeeySOB72hDIfChgfqc0
-----END CERTIFICATE-----