Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/0e7ed3-48cb-4afe-8d15-dffe17f3db54/1/p4r6oFVf_7adlAVGWXJxKf8EppM.roa
File:                     p4r6oFVf_7adlAVGWXJxKf8EppM.roa (raw, json)
Hash identifier:          owCMZC+EfEJsGbITAZGEtQMox//iXNzQga5JAwM4WlA=
Subject key identifier:   A7:8A:FA:A0:55:5F:FF:B6:9D:94:05:46:59:72:71:29:FF:04:A6:93
Certificate issuer:       /CN=9812e491aaa655b6324dbcc0cff00a8d63191076
Certificate serial:       019DCF5F718675AF2760C470CCD1BD705EFA
Authority key identifier: 98:12:E4:91:AA:A6:55:B6:32:4D:BC:C0:CF:F0:0A:8D:63:19:10:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mBLkkaqmVbYyTbzAz_AKjWMZEHY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/0e7ed3-48cb-4afe-8d15-dffe17f3db54/1/p4r6oFVf_7adlAVGWXJxKf8EppM.roa
Signing time:             Mon 27 Apr 2026 14:37:11 +0000
ROA not before:           Mon 27 Apr 2026 14:37:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16276
IP address blocks:        5.183.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/0e7ed3-48cb-4afe-8d15-dffe17f3db54/1/mBLkkaqmVbYyTbzAz_AKjWMZEHY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/0e7ed3-48cb-4afe-8d15-dffe17f3db54/1/mBLkkaqmVbYyTbzAz_AKjWMZEHY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mBLkkaqmVbYyTbzAz_AKjWMZEHY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 Apr 2026 08:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:cf:5f:71:86:75:af:27:60:c4:70:cc:d1:bd:70:5e:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9812e491aaa655b6324dbcc0cff00a8d63191076
        Validity
            Not Before: Apr 27 14:37:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a78afaa0555fffb69d94054659727129ff04a693
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:79:18:70:b4:28:cf:e1:3b:2b:a2:08:ea:3a:
                    6a:f7:2e:83:bb:81:d1:ef:af:df:0a:73:81:7e:a4:
                    db:45:64:14:14:c9:8a:bf:e8:80:1e:85:42:69:da:
                    2c:dd:3b:05:66:e8:23:b6:1c:7b:43:56:1f:f3:6b:
                    28:c1:1b:d9:0c:88:14:8d:63:b2:0e:70:75:cd:68:
                    17:32:7b:66:27:88:db:86:5c:7b:98:8e:fa:0c:51:
                    c2:7d:0e:8d:fb:6b:26:87:e0:1e:3e:9e:49:8e:44:
                    50:b7:62:14:84:f9:54:86:96:1e:52:0d:87:df:fb:
                    2d:9e:43:88:29:3d:13:f8:9f:30:00:45:04:6a:a1:
                    70:06:17:81:53:b2:04:22:02:b6:36:49:35:21:85:
                    bc:0a:50:d7:42:25:30:da:93:11:32:9d:97:1a:a3:
                    4a:ea:bd:be:57:4c:4f:19:b5:49:3a:a4:05:ad:41:
                    40:3e:15:25:a0:d1:0d:56:08:0b:90:77:6c:d7:82:
                    3e:f3:03:78:97:35:8f:75:96:2e:f0:55:1e:78:0e:
                    8a:2c:c4:cf:56:f3:ec:30:69:77:72:80:d7:69:af:
                    2f:1a:7c:54:88:80:98:89:fc:f7:55:41:ec:3b:12:
                    1a:6f:d7:21:00:cc:f2:ba:57:89:e1:b5:f2:10:0e:
                    27:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:8A:FA:A0:55:5F:FF:B6:9D:94:05:46:59:72:71:29:FF:04:A6:93
            X509v3 Authority Key Identifier:
                keyid:98:12:E4:91:AA:A6:55:B6:32:4D:BC:C0:CF:F0:0A:8D:63:19:10:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mBLkkaqmVbYyTbzAz_AKjWMZEHY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/0e7ed3-48cb-4afe-8d15-dffe17f3db54/1/p4r6oFVf_7adlAVGWXJxKf8EppM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/0e7ed3-48cb-4afe-8d15-dffe17f3db54/1/mBLkkaqmVbYyTbzAz_AKjWMZEHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:de:55:80:23:85:ae:a3:d8:8e:bb:d5:4a:f0:f4:5d:3a:09:
         88:b7:68:c5:e9:fa:bd:91:cd:ad:fa:8b:e0:c9:6e:ea:6c:bf:
         ca:0b:53:4a:fb:47:4d:17:f8:cc:13:d9:bd:9f:15:15:37:76:
         d7:5d:52:7b:5e:8e:62:7f:d3:ef:df:f1:1f:a1:6f:0a:9a:ba:
         23:8f:e4:d8:b4:62:ff:1c:ac:98:e7:aa:7a:a3:5c:af:25:08:
         85:7c:37:f7:2f:55:d7:8f:16:ec:41:2f:72:0d:e9:7d:6c:0b:
         8e:5c:90:cc:a9:1e:56:b3:b4:fb:47:89:ea:6d:76:2d:24:6c:
         b9:23:40:85:26:bb:a3:7e:61:65:c4:22:b4:5d:8d:bc:d1:f6:
         9f:46:cd:26:2d:44:d1:45:78:81:bf:de:9b:bf:65:6b:b3:8a:
         66:96:66:16:55:de:cb:20:a5:cb:c8:4a:0b:af:25:b3:cb:49:
         38:20:1d:b5:a6:a9:c3:f6:db:f7:6a:6a:1e:8c:1c:fb:ef:ce:
         02:b0:73:cc:af:ee:4c:59:c5:55:76:fa:45:cf:76:c2:14:70:
         57:62:47:61:38:f2:96:fb:63:0d:db:09:c0:a7:60:0c:08:29:
         42:a5:a3:15:a9:4c:9d:a3:1e:6d:04:b8:eb:d1:82:2d:fc:2a:
         9d:7a:8e:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3PX3GGda8nYMRwzNG9cF76MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MTJlNDkxYWFhNjU1YjYzMjRkYmNjMGNmZjAwYThkNjMx
OTEwNzYwHhcNMjYwNDI3MTQzNzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzhhZmFhMDU1NWZmZmI2OWQ5NDA1NDY1OTcyNzEyOWZmMDRhNjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA53kYcLQoz+E7K6II6jpq9y6Du4HR
76/fCnOBfqTbRWQUFMmKv+iAHoVCados3TsFZugjthx7Q1Yf82sowRvZDIgUjWOy
DnB1zWgXMntmJ4jbhlx7mI76DFHCfQ6N+2smh+AePp5JjkRQt2IUhPlUhpYeUg2H
3/stnkOIKT0T+J8wAEUEaqFwBheBU7IEIgK2Nkk1IYW8ClDXQiUw2pMRMp2XGqNK
6r2+V0xPGbVJOqQFrUFAPhUloNENVggLkHds14I+8wN4lzWPdZYu8FUeeA6KLMTP
VvPsMGl3coDXaa8vGnxUiICYifz3VUHsOxIab9chAMzyuleJ4bXyEA4n/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKeK+qBVX/+2nZQFRllycSn/BKaTMB8GA1UdIwQY
MBaAFJgS5JGqplW2Mk28wM/wCo1jGRB2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUJMa2thcW1WYll5VGJ6QXpfQUtqV01aRUhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni8wZTdlZDMtNDhjYi00YWZlLThkMTUt
ZGZmZTE3ZjNkYjU0LzEvcDRyNm9GVmZfN2FkbEFWR1dYSnhLZjhFcHBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni8wZTdlZDMtNDhjYi00YWZlLThkMTUtZGZmZTE3ZjNkYjU0
LzEvbUJMa2thcW1WYll5VGJ6QXpfQUtqV01aRUhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbfWMA0G
CSqGSIb3DQEBCwUAA4IBAQCd3lWAI4Wuo9iOu9VK8PRdOgmIt2jF6fq9kc2t+ovg
yW7qbL/KC1NK+0dNF/jME9m9nxUVN3bXXVJ7Xo5if9Pv3/EfoW8Kmrojj+TYtGL/
HKyY56p6o1yvJQiFfDf3L1XXjxbsQS9yDel9bAuOXJDMqR5Ws7T7R4nqbXYtJGy5
I0CFJrujfmFlxCK0XY280fafRs0mLUTRRXiBv96bv2Vrs4pmlmYWVd7LIKXLyEoL
ryWzy0k4IB21pqnD9tv3amoejBz7784CsHPMr+5MWcVVdvpFz3bCFHBXYkdhOPKW
+2MN2wnAp2AMCClCpaMVqUydox5tBLjr0YIt/Cqdeo7e
-----END CERTIFICATE-----