Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/j5qed-uRfJCx2rAtrWGIrTPIEsE.roa
File:                     j5qed-uRfJCx2rAtrWGIrTPIEsE.roa (raw, json)
Hash identifier:          AD18jZKE+OgG63KmHJRaAkTlImZeg1Ip+WeV3XaHoSs=
Subject key identifier:   8F:9A:9E:77:EB:91:7C:90:B1:DA:B0:2D:AD:61:88:AD:33:C8:12:C1
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       019E4031F831CAE83C91CE05276AD44E3A5F
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/j5qed-uRfJCx2rAtrWGIrTPIEsE.roa
Signing time:             Tue 19 May 2026 12:24:37 +0000
ROA not before:           Tue 19 May 2026 12:24:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204490
IP address blocks:        2a0e:19c5::/32 maxlen: 32
                          2a11:9040::/32 maxlen: 32
                          2a12:8783::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 03:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:40:31:f8:31:ca:e8:3c:91:ce:05:27:6a:d4:4e:3a:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: May 19 12:24:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8f9a9e77eb917c90b1dab02dad6188ad33c812c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:4d:82:3a:5d:c2:48:a8:e4:94:3e:63:f3:b4:
                    39:ae:7a:71:98:58:01:f1:7f:fc:23:a0:71:ef:4a:
                    4c:7a:ba:d3:63:08:3f:92:78:ff:41:db:40:35:16:
                    cd:5b:ee:3e:c3:3e:15:d5:d1:60:ea:0e:90:aa:19:
                    e9:d2:53:04:1f:e2:3a:05:74:c3:71:0c:db:3e:ff:
                    ea:40:1f:30:91:4a:80:25:a8:b0:d1:c4:f8:06:31:
                    47:49:38:6f:33:da:25:ca:81:97:db:d5:69:6a:2b:
                    70:d7:3c:e2:75:e5:91:24:b1:9d:02:7f:e5:6c:fc:
                    8f:ed:dc:7b:7f:cf:6e:e9:a3:cc:fa:b1:ab:97:55:
                    c5:b8:7f:b8:17:07:34:55:fa:43:59:12:b2:00:aa:
                    b4:f5:1b:de:c2:22:af:0d:d9:52:2e:1f:94:9f:64:
                    b2:8e:1c:00:38:8c:16:10:33:7d:7c:2c:f1:96:93:
                    91:64:7d:47:2a:51:81:a0:a0:79:b0:4b:51:66:22:
                    3d:98:73:c7:ef:c1:7c:ed:c1:49:aa:ae:24:76:eb:
                    e9:3a:51:15:77:16:3b:03:70:fa:c5:83:72:b0:17:
                    d9:d2:8d:18:61:48:52:34:79:18:9c:f0:8e:26:ab:
                    62:5c:39:01:98:e9:3d:83:b0:b1:60:ba:ab:93:cc:
                    08:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:9A:9E:77:EB:91:7C:90:B1:DA:B0:2D:AD:61:88:AD:33:C8:12:C1
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/j5qed-uRfJCx2rAtrWGIrTPIEsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:19c5::/32
                  2a11:9040::/32
                  2a12:8783::/32

    Signature Algorithm: sha256WithRSAEncryption
         0f:eb:04:b0:45:a4:3e:61:c9:a1:50:ad:a8:f6:9f:4b:cb:ee:
         f2:71:b5:ce:70:a8:8c:35:d6:b6:a1:a6:ca:18:e2:06:63:27:
         4b:a1:7a:88:f6:03:42:85:3f:82:6d:53:af:08:3d:22:71:18:
         e3:21:24:ba:27:f4:cf:e5:de:6d:45:af:df:b0:7f:2f:87:b6:
         11:76:0f:3d:1a:e0:5d:31:f0:16:4b:76:76:74:e0:34:49:5d:
         8f:ff:d1:bb:7f:e8:25:31:71:79:90:97:86:57:d6:06:28:55:
         09:68:f2:db:3d:63:d1:16:be:bf:a9:b7:2c:d8:da:0c:d6:9c:
         98:34:59:39:55:89:c5:7a:5e:71:bf:96:7c:69:cc:7f:8f:b0:
         70:c5:28:2a:bf:6d:64:9f:d8:16:00:fa:d3:dc:14:66:47:3a:
         60:b2:d2:00:89:66:ab:06:8b:f9:bc:f5:21:5e:26:31:69:99:
         81:84:11:2f:1c:b8:d6:5e:c7:2c:f2:4d:4f:93:6d:97:f2:c3:
         76:70:74:b5:91:0c:2e:1c:db:7d:b8:d5:c2:a2:59:43:51:37:
         92:e0:e1:68:42:d1:4b:eb:35:cc:4b:48:e9:ae:4e:f4:20:5b:
         9a:4a:d6:34:90:0b:69:a9:7a:4d:2f:c8:19:3d:2d:1c:55:bd:
         b5:6b:db:06
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ5AMfgxyug8kc4FJ2rUTjpfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjYwNTE5MTIyNDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjlhOWU3N2ViOTE3YzkwYjFkYWIwMmRhZDYxODhhZDMzYzgxMmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqk2COl3CSKjklD5j87Q5rnpxmFgB
8X/8I6Bx70pMerrTYwg/knj/QdtANRbNW+4+wz4V1dFg6g6Qqhnp0lMEH+I6BXTD
cQzbPv/qQB8wkUqAJaiw0cT4BjFHSThvM9olyoGX29Vpaitw1zzideWRJLGdAn/l
bPyP7dx7f89u6aPM+rGrl1XFuH+4Fwc0VfpDWRKyAKq09RvewiKvDdlSLh+Un2Sy
jhwAOIwWEDN9fCzxlpORZH1HKlGBoKB5sEtRZiI9mHPH78F87cFJqq4kduvpOlEV
dxY7A3D6xYNysBfZ0o0YYUhSNHkYnPCOJqtiXDkBmOk9g7CxYLqrk8wIUwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFI+annfrkXyQsdqwLa1hiK0zyBLBMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvajVxZWQtdVJmSkN4MnJBdHJXR0lyVFBJRXNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKg4ZxQMF
ACoRkEADBQAqEoeDMA0GCSqGSIb3DQEBCwUAA4IBAQAP6wSwRaQ+YcmhUK2o9p9L
y+7ycbXOcKiMNda2oabKGOIGYydLoXqI9gNChT+CbVOvCD0icRjjISS6J/TP5d5t
Ra/fsH8vh7YRdg89GuBdMfAWS3Z2dOA0SV2P/9G7f+glMXF5kJeGV9YGKFUJaPLb
PWPRFr6/qbcs2NoM1pyYNFk5VYnFel5xv5Z8acx/j7BwxSgqv21kn9gWAPrT3BRm
RzpgstIAiWarBov5vPUhXiYxaZmBhBEvHLjWXscs8k1Pk22X8sN2cHS1kQwuHNt9
uNXCollDUTeS4OFoQtFL6zXMS0jprk70IFuaStY0kAtpqXpNL8gZPS0cVb21a9sG
-----END CERTIFICATE-----