Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/5c-tVeqgckJuAp6JbI43ZWb85Ik.roa
File:                     5c-tVeqgckJuAp6JbI43ZWb85Ik.roa (raw, json)
Hash identifier:          cjN5erR2DEEsrEuY7GbmW+pLwmDRQL+9OgSiLHhDtIc=
Subject key identifier:   E5:CF:AD:55:EA:A0:72:42:6E:02:9E:89:6C:8E:37:65:66:FC:E4:89
Certificate issuer:       /CN=f50bae60970a2dfc86dd607c5b915ad5c534b413
Certificate serial:       019D2FB2268EE083C4093E2340281309C047
Authority key identifier: F5:0B:AE:60:97:0A:2D:FC:86:DD:60:7C:5B:91:5A:D5:C5:34:B4:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/5c-tVeqgckJuAp6JbI43ZWb85Ik.roa
Signing time:             Fri 27 Mar 2026 14:28:17 +0000
ROA not before:           Fri 27 Mar 2026 14:28:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207152
IP address blocks:        94.142.227.0/24 maxlen: 24
                          94.142.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2f:b2:26:8e:e0:83:c4:09:3e:23:40:28:13:09:c0:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f50bae60970a2dfc86dd607c5b915ad5c534b413
        Validity
            Not Before: Mar 27 14:28:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e5cfad55eaa072426e029e896c8e376566fce489
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:3e:68:bf:14:6a:ca:4e:5c:1a:d3:45:3c:3b:
                    3b:da:84:a5:ef:2b:08:44:a2:5c:43:38:d3:b5:fc:
                    d6:97:ce:49:ab:c2:45:26:33:07:91:8a:54:e3:93:
                    da:c9:91:c2:56:1d:b2:65:8e:0e:9f:92:62:cb:28:
                    60:c1:1c:b8:8b:53:bb:87:e7:f2:1e:6b:67:e8:0d:
                    1f:08:2f:19:79:2c:12:12:78:40:9e:1f:17:ca:c2:
                    38:e5:60:5b:05:e9:42:c2:aa:30:20:ab:62:0b:32:
                    64:aa:31:b2:4d:f0:66:f1:a5:64:a9:1e:d3:28:d7:
                    ca:ac:0e:9c:79:17:77:df:ff:76:1d:c7:eb:c4:0b:
                    52:31:ca:00:8c:11:af:a2:40:17:2a:0d:ec:38:e9:
                    b5:be:95:ee:db:90:70:35:32:98:22:ae:b6:68:23:
                    85:d5:77:ca:d8:b5:e0:81:3d:bd:fa:b4:f3:5f:cf:
                    20:18:08:fd:bd:4e:90:46:c4:2a:55:1d:ac:cf:a6:
                    7e:08:a7:b3:c9:0f:4a:43:cc:f2:6f:ca:a5:9e:5c:
                    48:0d:2b:eb:f1:ff:1b:d7:d6:40:8e:2c:e5:1e:53:
                    19:dc:f5:2b:9c:db:9e:09:04:4c:cb:68:b2:fc:12:
                    88:b4:9c:d6:7b:00:3c:90:a4:4c:e2:c4:7d:2b:f0:
                    1e:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:CF:AD:55:EA:A0:72:42:6E:02:9E:89:6C:8E:37:65:66:FC:E4:89
            X509v3 Authority Key Identifier:
                keyid:F5:0B:AE:60:97:0A:2D:FC:86:DD:60:7C:5B:91:5A:D5:C5:34:B4:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/5c-tVeqgckJuAp6JbI43ZWb85Ik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.142.227.0-94.142.228.255

    Signature Algorithm: sha256WithRSAEncryption
         be:97:56:48:0e:25:2a:d1:c2:22:3a:3a:d1:52:76:09:e3:da:
         62:b4:3b:79:a2:64:69:cd:98:6f:c3:6e:1f:5a:50:8c:b7:47:
         4a:82:a8:38:81:ee:57:f0:3e:34:d2:1c:f9:eb:74:b7:6b:34:
         c5:3b:a2:da:0b:ad:1c:1a:20:15:d3:c1:f4:e5:c6:9e:ce:96:
         dc:16:32:40:bd:34:1b:1b:94:3f:a5:36:42:b0:4a:12:2d:76:
         96:ed:6f:8a:3e:b3:87:37:53:f8:5c:a2:63:ea:a9:53:18:32:
         70:b7:09:61:97:dd:15:d7:5e:88:a6:c5:9e:d9:e9:2e:f2:be:
         a0:2e:8e:ed:5b:94:4a:61:e7:8b:b3:d9:5f:6a:fa:d5:f1:6b:
         c8:da:b5:44:02:e4:91:9a:c9:9e:1b:a5:26:bb:bb:4f:7f:a4:
         86:d2:f4:50:cb:a9:74:1a:b2:20:d2:c1:0a:a9:0c:e0:0e:fc:
         f2:8f:f7:62:37:c6:24:ed:b1:6f:f9:23:c4:2e:4a:51:2f:b2:
         f7:a9:5b:9f:0a:d6:7c:e9:6f:bd:60:1c:50:d5:b8:c5:38:68:
         6e:d3:cb:1c:98:b0:db:f5:d6:ad:5c:21:7c:74:04:3c:bd:aa:
         05:7e:e9:e6:cd:d3:30:a2:70:98:35:21:3e:ca:3a:0a:f3:47:
         02:a2:40:db
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ0vsiaO4IPECT4jQCgTCcBHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MGJhZTYwOTcwYTJkZmM4NmRkNjA3YzViOTE1YWQ1YzUz
NGI0MTMwHhcNMjYwMzI3MTQyODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWNmYWQ1NWVhYTA3MjQyNmUwMjllODk2YzhlMzc2NTY2ZmNlNDg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvT5ovxRqyk5cGtNFPDs72oSl7ysI
RKJcQzjTtfzWl85Jq8JFJjMHkYpU45PayZHCVh2yZY4On5JiyyhgwRy4i1O7h+fy
Hmtn6A0fCC8ZeSwSEnhAnh8XysI45WBbBelCwqowIKtiCzJkqjGyTfBm8aVkqR7T
KNfKrA6ceRd33/92HcfrxAtSMcoAjBGvokAXKg3sOOm1vpXu25BwNTKYIq62aCOF
1XfK2LXggT29+rTzX88gGAj9vU6QRsQqVR2sz6Z+CKezyQ9KQ8zyb8qlnlxIDSvr
8f8b19ZAjizlHlMZ3PUrnNueCQRMy2iy/BKItJzWewA8kKRM4sR9K/AekQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFOXPrVXqoHJCbgKeiWyON2Vm/OSJMB8GA1UdIwQY
MBaAFPULrmCXCi38ht1gfFuRWtXFNLQTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVF1dVlKY0tMZnlHM1dCOFc1RmExY1UwdEJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS9mNzFkY2ItOWU5Mi00NGU3LWIwNDIt
MzY2NTA2N2RiMjU2LzEvNWMtdFZlcWdja0p1QXA2SmJJNDNaV2I4NUlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS9mNzFkY2ItOWU5Mi00NGU3LWIwNDItMzY2NTA2N2RiMjU2
LzEvOVF1dVlKY0tMZnlHM1dCOFc1RmExY1UwdEJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABejuMD
BABejuQwDQYJKoZIhvcNAQELBQADggEBAL6XVkgOJSrRwiI6OtFSdgnj2mK0O3mi
ZGnNmG/Dbh9aUIy3R0qCqDiB7lfwPjTSHPnrdLdrNMU7otoLrRwaIBXTwfTlxp7O
ltwWMkC9NBsblD+lNkKwShItdpbtb4o+s4c3U/hcomPqqVMYMnC3CWGX3RXXXoim
xZ7Z6S7yvqAuju1blEph54uz2V9q+tXxa8jatUQC5JGayZ4bpSa7u09/pIbS9FDL
qXQasiDSwQqpDOAO/PKP92I3xiTtsW/5I8QuSlEvsvepW58K1nzpb71gHFDVuMU4
aG7TyxyYsNv11q1cIXx0BDy9qgV+6ebN0zCicJg1IT7KOgrzRwKiQNs=
-----END CERTIFICATE-----