Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/XSfH6TkOWLKUaJiwEVKslm53W7k.roa
File:                     XSfH6TkOWLKUaJiwEVKslm53W7k.roa (raw, json)
Hash identifier:          R4rmSWlYOJP+yHbi/praA3gZ9kPC7hWIxosq032+G6I=
Subject key identifier:   5D:27:C7:E9:39:0E:58:B2:94:68:98:B0:11:52:AC:96:6E:77:5B:B9
Certificate issuer:       /CN=16055801b775e774306321455fd463fbd9273c4c
Certificate serial:       019E62B2F8C192DAEBEB2ECEE2DF06360C93
Authority key identifier: 16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/XSfH6TkOWLKUaJiwEVKslm53W7k.roa
Signing time:             Tue 26 May 2026 05:12:36 +0000
ROA not before:           Tue 26 May 2026 05:12:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5065
IP address blocks:        144.56.22.0/24 maxlen: 24
                          144.56.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 20:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:62:b2:f8:c1:92:da:eb:eb:2e:ce:e2:df:06:36:0c:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16055801b775e774306321455fd463fbd9273c4c
        Validity
            Not Before: May 26 05:12:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5d27c7e9390e58b2946898b01152ac966e775bb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:ae:1c:93:48:a0:88:ef:07:1d:cf:2b:9c:7d:
                    fa:f8:ed:b9:1b:e4:fa:99:b7:af:07:f5:6b:26:3a:
                    7a:4f:ac:f1:fa:19:c6:cb:d3:c6:f3:eb:2f:0e:2d:
                    df:dd:42:e3:06:8d:2a:1c:ca:0f:03:32:49:44:57:
                    73:53:f0:31:c4:c1:d0:5f:39:16:51:60:e1:f3:4f:
                    d3:25:12:75:25:89:c5:79:63:17:f2:e8:13:a3:8f:
                    7c:55:ff:d9:f6:a9:52:60:93:76:7b:c1:f9:88:11:
                    18:5a:22:63:c2:68:98:79:e8:96:46:0b:e2:a9:79:
                    ac:b8:2a:aa:62:6e:bf:be:90:80:41:eb:72:2f:92:
                    3c:43:a4:a1:00:d1:4c:09:92:14:3c:ac:2e:36:14:
                    33:cd:84:76:46:27:3d:f3:96:1a:72:59:ec:17:2c:
                    85:62:25:59:f5:3f:78:1c:fe:9d:43:d5:ee:40:29:
                    6e:48:28:22:50:ed:4a:5a:2f:01:31:54:3f:e5:18:
                    16:36:96:14:33:7f:1a:2a:18:27:f6:64:a8:68:52:
                    c6:ce:23:9d:82:e6:aa:d9:19:5e:53:15:1b:63:b9:
                    36:ce:e2:c7:0f:c1:52:e3:8e:39:d9:a9:19:81:fb:
                    82:41:28:76:d7:4c:39:40:70:de:3a:76:e4:f7:f8:
                    3a:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:27:C7:E9:39:0E:58:B2:94:68:98:B0:11:52:AC:96:6E:77:5B:B9
            X509v3 Authority Key Identifier:
                keyid:16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/XSfH6TkOWLKUaJiwEVKslm53W7k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.56.22.0/24
                  144.56.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:56:d1:da:d8:27:e1:5a:e2:17:4f:12:49:42:69:f6:2d:57:
         65:2a:8c:bc:7f:57:5c:35:71:6b:d0:36:8a:6e:d3:44:ea:00:
         16:45:ca:8c:d1:50:13:9f:48:ec:fb:da:a9:12:93:aa:ff:2c:
         31:a7:a2:17:1c:cf:6e:28:94:ec:de:4c:96:b7:3e:db:21:48:
         78:bd:a7:b7:a4:db:58:f7:1d:68:51:02:2f:a4:cd:09:a0:94:
         5a:94:f0:49:6f:c7:76:b1:54:6f:46:85:7f:36:3e:77:e8:c4:
         56:0a:15:22:82:5c:53:bb:72:54:d1:9b:6b:6f:52:a7:33:84:
         83:5c:b4:2a:03:05:ab:26:ab:56:cf:4f:47:ac:c5:d0:e6:10:
         69:11:1c:ef:03:a6:28:aa:96:f4:9b:07:dc:1c:74:6d:31:3c:
         4a:86:8e:22:4c:d4:c2:7a:bd:58:68:4f:01:78:11:f6:81:90:
         10:e3:8c:d8:0b:a7:02:aa:4c:92:c2:01:79:ef:77:42:d0:7b:
         e5:fc:75:81:13:a4:a2:14:6b:bc:68:50:ba:ce:ee:a0:cb:34:
         81:af:39:5e:3d:9a:fc:fb:ea:3d:de:bd:de:26:83:23:aa:41:
         1b:c7:65:1b:f6:38:5e:6a:8a:7d:4d:ff:32:fc:bb:0a:93:41:
         bf:82:39:94
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5isvjBktrr6y7O4t8GNgyTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2MDU1ODAxYjc3NWU3NzQzMDYzMjE0NTVmZDQ2M2ZiZDky
NzNjNGMwHhcNMjYwNTI2MDUxMjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDI3YzdlOTM5MGU1OGIyOTQ2ODk4YjAxMTUyYWM5NjZlNzc1YmI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwK4ck0igiO8HHc8rnH36+O25G+T6
mbevB/VrJjp6T6zx+hnGy9PG8+svDi3f3ULjBo0qHMoPAzJJRFdzU/AxxMHQXzkW
UWDh80/TJRJ1JYnFeWMX8ugTo498Vf/Z9qlSYJN2e8H5iBEYWiJjwmiYeeiWRgvi
qXmsuCqqYm6/vpCAQetyL5I8Q6ShANFMCZIUPKwuNhQzzYR2Ric985YaclnsFyyF
YiVZ9T94HP6dQ9XuQCluSCgiUO1KWi8BMVQ/5RgWNpYUM38aKhgn9mSoaFLGziOd
guaq2RleUxUbY7k2zuLHD8FS44452akZgfuCQSh210w5QHDeOnbk9/g6hQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF0nx+k5DliylGiYsBFSrJZud1u5MB8GA1UdIwQY
MBaAFBYFWAG3ded0MGMhRV/UY/vZJzxMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgt
MTM1NzE3ZWYzODhhLzEvWFNmSDZUa09XTEtVYUppd0VWS3NsbTUzVzdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgtMTM1NzE3ZWYzODhh
LzEvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAkDgWAwQA
kDhPMA0GCSqGSIb3DQEBCwUAA4IBAQA8VtHa2CfhWuIXTxJJQmn2LVdlKoy8f1dc
NXFr0DaKbtNE6gAWRcqM0VATn0js+9qpEpOq/ywxp6IXHM9uKJTs3kyWtz7bIUh4
vae3pNtY9x1oUQIvpM0JoJRalPBJb8d2sVRvRoV/Nj536MRWChUiglxTu3JU0Ztr
b1KnM4SDXLQqAwWrJqtWz09HrMXQ5hBpERzvA6Yoqpb0mwfcHHRtMTxKho4iTNTC
er1YaE8BeBH2gZAQ44zYC6cCqkySwgF573dC0Hvl/HWBE6SiFGu8aFC6zu6gyzSB
rzlePZr8++o93r3eJoMjqkEbx2Ub9jheaop9Tf8y/LsKk0G/gjmU
-----END CERTIFICATE-----