Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/lNVkvr6-ogdEY01jslt1MrwYXUI.roa
File:                     lNVkvr6-ogdEY01jslt1MrwYXUI.roa (raw, json)
Hash identifier:          A/1nfqsXnYCHjdOju/OrbXKsnpCK1Jp5Tf+yna6/EPU=
Subject key identifier:   94:D5:64:BE:BE:BE:A2:07:44:63:4D:63:B2:5B:75:32:BC:18:5D:42
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019E7459DF9EAECD81E39026204646BB3CAB
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/lNVkvr6-ogdEY01jslt1MrwYXUI.roa
Signing time:             Fri 29 May 2026 15:28:27 +0000
ROA not before:           Fri 29 May 2026 15:28:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     273267
IP address blocks:        153.51.244.0/22 maxlen: 22
                          185.225.246.0/23 maxlen: 23
                          185.225.246.0/24 maxlen: 24
                          185.225.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Jun 2026 23:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:74:59:df:9e:ae:cd:81:e3:90:26:20:46:46:bb:3c:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: May 29 15:28:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=94d564bebebea20744634d63b25b7532bc185d42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:28:c0:4e:25:c8:f4:c1:ae:f0:5b:40:b5:67:
                    71:f8:50:69:4f:11:c4:36:eb:73:d1:7e:7b:18:c9:
                    95:8d:91:d8:85:4f:10:b6:30:bd:6f:ef:6b:70:b1:
                    4c:82:56:20:5c:27:0b:72:e6:b7:77:93:ff:14:8e:
                    99:23:2e:ac:6b:c4:b7:6c:5b:9c:15:3a:8f:29:db:
                    85:e1:be:56:4d:9a:8a:6b:84:4c:d5:62:1f:ec:07:
                    a7:2e:5b:c6:a1:d7:9f:76:6e:fa:b1:89:1b:9e:f6:
                    3b:7c:2c:c7:ff:21:1e:d9:54:15:56:c2:0b:72:00:
                    30:32:53:3d:5c:0d:1a:52:82:55:37:a5:8b:06:7f:
                    8d:21:4a:1c:0c:41:fd:5c:74:e8:6f:cf:a0:e3:24:
                    57:36:cd:d3:cc:be:35:83:cd:69:cb:dc:a8:d4:83:
                    bb:b4:5f:25:02:e4:ae:d2:92:0d:37:83:29:e0:4f:
                    7e:76:9d:63:04:47:62:ae:2b:b3:fc:e9:ad:c0:ab:
                    16:81:d9:8d:e9:bb:dd:13:b0:3e:9b:38:c8:00:35:
                    71:35:51:de:f5:7d:00:68:bf:68:f2:1b:5a:39:19:
                    74:5d:08:8a:a9:5e:65:7d:6d:b9:c8:40:72:2c:7f:
                    5f:28:80:bf:ef:b5:5f:69:65:4e:06:88:be:0c:59:
                    32:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:D5:64:BE:BE:BE:A2:07:44:63:4D:63:B2:5B:75:32:BC:18:5D:42
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/lNVkvr6-ogdEY01jslt1MrwYXUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.51.244.0/22
                  185.225.246.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6b:68:2c:56:78:14:c1:06:00:e6:04:78:5b:8d:3f:f5:61:88:
         d3:43:ef:88:0a:0f:c1:4c:de:53:4b:cd:1e:af:f7:cd:34:c8:
         71:2e:22:21:45:d4:08:a1:04:dc:56:bd:03:a9:5c:80:7d:ba:
         80:d2:7b:fd:f6:a9:ce:ae:33:99:0d:c6:87:8b:18:b4:97:a1:
         a5:5f:9f:99:d3:f0:db:bd:99:31:c9:ac:28:c4:92:b2:23:a2:
         4a:aa:9f:82:a3:ee:b7:7a:08:0e:4d:5f:94:45:a1:9a:45:fd:
         99:cb:41:b7:5b:4d:b6:68:72:c1:d3:9d:fe:d9:fc:80:c7:0f:
         5d:89:2d:c0:af:f8:66:0b:ab:84:75:d4:e7:90:d7:3f:99:97:
         3e:39:14:46:5c:37:69:78:a3:e7:1d:4b:71:2d:8d:fe:cc:00:
         00:ca:21:07:5e:f3:b8:1c:e0:e0:09:90:28:75:b0:81:e7:95:
         53:cd:ae:24:1d:da:d0:c2:a8:5f:e4:75:0f:2c:a0:96:32:3d:
         4c:5b:c1:98:24:53:cd:35:0b:2b:66:68:71:1b:5a:87:4a:09:
         f0:40:fa:b7:43:a3:c5:0c:ac:e1:d9:6b:dd:43:5e:33:b9:ab:
         3d:0e:52:cf:82:58:4e:04:8f:a3:d7:e9:10:8c:89:0e:1d:f8:
         1d:37:02:8d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ50Wd+ers2B45AmIEZGuzyrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjYwNTI5MTUyODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGQ1NjRiZWJlYmVhMjA3NDQ2MzRkNjNiMjViNzUzMmJjMTg1ZDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzyjATiXI9MGu8FtAtWdx+FBpTxHE
Nutz0X57GMmVjZHYhU8QtjC9b+9rcLFMglYgXCcLcua3d5P/FI6ZIy6sa8S3bFuc
FTqPKduF4b5WTZqKa4RM1WIf7AenLlvGodefdm76sYkbnvY7fCzH/yEe2VQVVsIL
cgAwMlM9XA0aUoJVN6WLBn+NIUocDEH9XHTob8+g4yRXNs3TzL41g81py9yo1IO7
tF8lAuSu0pINN4Mp4E9+dp1jBEdiriuz/OmtwKsWgdmN6bvdE7A+mzjIADVxNVHe
9X0AaL9o8htaORl0XQiKqV5lfW25yEByLH9fKIC/77VfaWVOBoi+DFkyEwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJTVZL6+vqIHRGNNY7JbdTK8GF1CMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvbE5Wa3ZyNi1vZ2RFWTAxanNsdDFNcndZWFVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCmTP0AwQB
ueH2MA0GCSqGSIb3DQEBCwUAA4IBAQBraCxWeBTBBgDmBHhbjT/1YYjTQ++ICg/B
TN5TS80er/fNNMhxLiIhRdQIoQTcVr0DqVyAfbqA0nv99qnOrjOZDcaHixi0l6Gl
X5+Z0/DbvZkxyawoxJKyI6JKqp+Co+63eggOTV+URaGaRf2Zy0G3W022aHLB053+
2fyAxw9diS3Ar/hmC6uEddTnkNc/mZc+ORRGXDdpeKPnHUtxLY3+zAAAyiEHXvO4
HODgCZAodbCB55VTza4kHdrQwqhf5HUPLKCWMj1MW8GYJFPNNQsrZmhxG1qHSgnw
QPq3Q6PFDKzh2WvdQ14zuas9DlLPglhOBI+j1+kQjIkOHfgdNwKN
-----END CERTIFICATE-----