Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/5-abRyH_JaKYBL_nyBgesOW4Sjo.roa
File:                     5-abRyH_JaKYBL_nyBgesOW4Sjo.roa (raw, json)
Hash identifier:          VhUyEWf+7JivdwQQLOX+pnyqdQ+3cld06Ksk8mnz15c=
Subject key identifier:   E7:E6:9B:47:21:FF:25:A2:98:04:BF:E7:C8:18:1E:B0:E5:B8:4A:3A
Certificate issuer:       /CN=6f5e0230be799e44829c8720ca38347045494e20
Certificate serial:       019E399AA6C9F202ABA0065178508DAE21F4
Authority key identifier: 6F:5E:02:30:BE:79:9E:44:82:9C:87:20:CA:38:34:70:45:49:4E:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/5-abRyH_JaKYBL_nyBgesOW4Sjo.roa
Signing time:             Mon 18 May 2026 05:41:36 +0000
ROA not before:           Mon 18 May 2026 05:41:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        85.232.178.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 14:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:39:9a:a6:c9:f2:02:ab:a0:06:51:78:50:8d:ae:21:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f5e0230be799e44829c8720ca38347045494e20
        Validity
            Not Before: May 18 05:41:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e7e69b4721ff25a29804bfe7c8181eb0e5b84a3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:90:c5:cd:90:f0:f8:de:da:36:42:2d:28:c3:
                    6c:db:3f:fc:13:61:06:78:36:8f:99:3a:14:d0:cf:
                    a1:8b:87:5c:99:43:37:40:3f:34:c6:82:32:8c:5a:
                    af:b6:0c:00:96:71:dc:e0:d5:27:47:9a:e5:3f:d5:
                    ee:16:fe:1c:23:c9:b0:21:69:2f:5d:a4:ff:a4:d4:
                    17:5f:07:d5:b8:f7:be:52:ac:62:d9:87:61:4f:1a:
                    51:20:ad:49:49:54:d0:0d:0c:d7:e4:ee:cd:88:3c:
                    30:44:3c:7f:c4:3c:63:ee:c0:a2:0b:e2:4b:c0:0f:
                    43:99:41:d2:c3:c2:58:7a:ca:65:fa:0a:ae:9f:bc:
                    21:53:86:d9:44:7c:8f:d7:23:21:74:93:6c:76:be:
                    91:08:24:4d:aa:ae:20:1f:84:64:2a:c4:63:5e:92:
                    13:64:e9:27:e5:4d:d4:df:b8:e9:7c:63:6e:9a:a1:
                    fe:28:aa:3b:8f:98:f3:8f:50:a8:92:46:a1:49:e1:
                    a8:a7:a3:97:a1:8b:29:56:f3:87:34:c0:4c:ac:fe:
                    cd:95:27:d3:50:8d:b3:b7:0a:1e:a8:bf:f5:e2:75:
                    cd:2b:c0:be:4b:c3:7a:e9:fe:3c:95:4b:d0:9f:68:
                    ec:a9:b9:8e:b2:23:64:40:6b:ae:97:e4:1c:91:26:
                    15:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:E6:9B:47:21:FF:25:A2:98:04:BF:E7:C8:18:1E:B0:E5:B8:4A:3A
            X509v3 Authority Key Identifier:
                keyid:6F:5E:02:30:BE:79:9E:44:82:9C:87:20:CA:38:34:70:45:49:4E:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b14CML55nkSCnIcgyjg0cEVJTiA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/5-abRyH_JaKYBL_nyBgesOW4Sjo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/70ccef-17f3-4928-9c0b-ba7c7d8190ca/1/b14CML55nkSCnIcgyjg0cEVJTiA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.232.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:1d:49:1b:4f:c0:00:cc:23:8e:ed:06:1b:70:96:4b:83:be:
         20:8a:6c:c1:1d:da:97:8d:49:84:43:de:86:08:49:d0:4d:af:
         aa:86:b6:c1:d7:c5:cd:7c:d4:49:f6:07:27:5c:e5:ab:5f:4e:
         eb:9d:d9:bc:28:56:0c:d4:b6:f1:8f:a8:d6:86:92:cd:11:bd:
         d8:2c:cf:20:d8:a1:df:73:8c:6a:3a:89:1e:1d:bb:3f:d7:09:
         59:25:a7:58:dd:9a:df:00:ff:e5:69:75:1d:d7:ad:d3:77:70:
         5a:c4:ea:a3:c2:95:00:32:f2:2c:41:f8:34:bc:5b:a6:a7:2b:
         5c:61:8f:9e:08:24:46:0a:34:6e:2f:f5:18:a7:85:d0:a4:05:
         06:2b:fc:aa:50:c8:df:53:8c:b7:77:77:52:5e:63:92:5c:89:
         78:77:ff:af:79:74:1b:ab:d2:09:ca:76:06:c3:10:33:48:20:
         86:74:b5:cb:ea:53:30:0c:92:66:c9:e1:70:30:a2:dc:c4:4f:
         6c:64:72:94:a6:5f:bf:0c:24:b5:8d:9e:1c:ea:80:2d:ae:02:
         01:69:15:4f:63:f2:48:aa:48:4e:8d:f9:fb:f0:75:05:ed:7c:
         58:49:84:ea:30:ca:fe:15:72:96:3e:2c:5f:d3:92:cd:10:d5:
         40:a1:84:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ45mqbJ8gKroAZReFCNriH0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNWUwMjMwYmU3OTllNDQ4MjljODcyMGNhMzgzNDcwNDU0
OTRlMjAwHhcNMjYwNTE4MDU0MTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2U2OWI0NzIxZmYyNWEyOTgwNGJmZTdjODE4MWViMGU1Yjg0YTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ZDFzZDw+N7aNkItKMNs2z/8E2EG
eDaPmToU0M+hi4dcmUM3QD80xoIyjFqvtgwAlnHc4NUnR5rlP9XuFv4cI8mwIWkv
XaT/pNQXXwfVuPe+Uqxi2YdhTxpRIK1JSVTQDQzX5O7NiDwwRDx/xDxj7sCiC+JL
wA9DmUHSw8JYespl+gqun7whU4bZRHyP1yMhdJNsdr6RCCRNqq4gH4RkKsRjXpIT
ZOkn5U3U37jpfGNumqH+KKo7j5jzj1CokkahSeGop6OXoYspVvOHNMBMrP7NlSfT
UI2ztwoeqL/14nXNK8C+S8N66f48lUvQn2jsqbmOsiNkQGuul+QckSYV1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOfmm0ch/yWimAS/58gYHrDluEo6MB8GA1UdIwQY
MBaAFG9eAjC+eZ5EgpyHIMo4NHBFSU4gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjE0Q01MNTVua1NDbkljZ3lqZzBjRVZKVGlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny83MGNjZWYtMTdmMy00OTI4LTljMGIt
YmE3YzdkODE5MGNhLzEvNS1hYlJ5SF9KYUtZQkxfbnlCZ2VzT1c0U2pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny83MGNjZWYtMTdmMy00OTI4LTljMGItYmE3YzdkODE5MGNh
LzEvYjE0Q01MNTVua1NDbkljZ3lqZzBjRVZKVGlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVeiyMA0G
CSqGSIb3DQEBCwUAA4IBAQBxHUkbT8AAzCOO7QYbcJZLg74gimzBHdqXjUmEQ96G
CEnQTa+qhrbB18XNfNRJ9gcnXOWrX07rndm8KFYM1Lbxj6jWhpLNEb3YLM8g2KHf
c4xqOokeHbs/1wlZJadY3ZrfAP/laXUd163Td3BaxOqjwpUAMvIsQfg0vFumpytc
YY+eCCRGCjRuL/UYp4XQpAUGK/yqUMjfU4y3d3dSXmOSXIl4d/+veXQbq9IJynYG
wxAzSCCGdLXL6lMwDJJmyeFwMKLcxE9sZHKUpl+/DCS1jZ4c6oAtrgIBaRVPY/JI
qkhOjfn78HUF7XxYSYTqMMr+FXKWPixf05LNENVAoYTP
-----END CERTIFICATE-----