Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/X9PhdYm3cU2xqHBhnAPbju75a5E.roa
File:                     X9PhdYm3cU2xqHBhnAPbju75a5E.roa (raw, json)
Hash identifier:          t6eqgGoHBtyYMFMOQpDHiu5ZIGINQ/XOCXPww6urBS0=
Subject key identifier:   5F:D3:E1:75:89:B7:71:4D:B1:A8:70:61:9C:03:DB:8E:EE:F9:6B:91
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       019E6DB790B2E720A0D2965DBE3015E5EEF5
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/X9PhdYm3cU2xqHBhnAPbju75a5E.roa
Signing time:             Thu 28 May 2026 08:33:27 +0000
ROA not before:           Thu 28 May 2026 08:33:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401776
IP address blocks:        5.56.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 15:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:6d:b7:90:b2:e7:20:a0:d2:96:5d:be:30:15:e5:ee:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: May 28 08:33:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5fd3e17589b7714db1a870619c03db8eeef96b91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:a4:8d:b6:bc:74:28:a3:e9:ea:8d:7d:de:47:
                    67:09:87:6b:a2:4f:d4:3e:d0:24:f4:0c:dc:8c:54:
                    6b:81:21:f0:35:56:6c:e7:57:f1:94:c2:0f:a4:f1:
                    f5:75:c8:29:b5:07:37:ee:d8:c2:a3:e1:a3:27:ef:
                    c7:ba:0a:69:a0:f6:67:a6:51:b6:bf:b8:a3:5b:d7:
                    5a:c8:97:dd:02:b5:42:16:94:40:d0:20:a5:68:3e:
                    08:ac:b6:08:eb:df:7d:9e:8a:f6:55:48:12:15:fd:
                    75:58:73:fc:b3:82:d7:36:c9:0e:ec:4b:72:d9:d7:
                    87:5a:88:06:38:d6:2b:63:f5:07:46:1d:45:bd:e1:
                    86:b9:e2:a3:e2:cc:f4:a4:b0:60:ce:63:64:47:3d:
                    a1:b6:7a:92:71:8a:b1:79:02:0a:78:fe:49:50:df:
                    6b:ab:af:cb:86:89:66:11:e4:c9:9c:68:ca:0f:c3:
                    e7:8d:eb:57:34:ef:9a:f8:53:a1:65:b1:66:54:7c:
                    3f:3f:e1:ea:ae:57:89:62:c8:87:c3:60:9a:9f:d0:
                    68:f9:47:92:db:d4:15:f2:8f:25:f1:c1:75:1e:b5:
                    db:4f:58:1c:33:c5:b7:a4:be:72:6f:34:5f:af:f0:
                    11:86:c7:09:72:a0:04:dc:d2:1b:59:25:65:1c:40:
                    74:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:D3:E1:75:89:B7:71:4D:B1:A8:70:61:9C:03:DB:8E:EE:F9:6B:91
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/X9PhdYm3cU2xqHBhnAPbju75a5E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.56.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cb:41:49:33:63:80:e9:42:d2:56:15:18:7b:46:99:0e:5a:0f:
         39:94:90:f6:c7:32:93:42:ee:cf:91:e0:c2:1d:82:48:61:7e:
         6d:f0:af:1f:8d:41:56:dd:e0:0b:4d:57:71:c4:4a:5d:ed:10:
         10:37:15:ae:cb:52:85:e9:af:fc:66:59:8b:a2:62:51:1d:27:
         26:ef:ed:13:6b:5b:2f:11:7f:14:bb:b4:b0:94:97:d3:f0:92:
         7b:a4:42:85:04:a9:6d:2d:ab:ea:ec:1f:ef:ce:f2:52:8c:21:
         f7:f5:02:03:f4:78:9d:88:d7:08:b6:74:20:06:76:44:a4:09:
         69:ea:22:6e:c7:cd:e6:25:72:0d:44:23:f2:0d:9e:80:2e:20:
         d8:13:ed:d3:b7:2a:ad:1a:5a:7f:83:96:90:b1:8b:88:4f:a9:
         25:0f:48:25:dd:4b:ea:2d:7d:dd:f9:0c:6e:f7:22:49:76:d7:
         9f:24:ee:7a:1a:51:dc:26:36:4b:c5:67:ce:89:b6:71:d8:50:
         d4:1e:f3:a6:36:03:9b:9c:33:a5:bc:80:61:14:56:cd:70:e4:
         0e:9a:81:eb:1f:1d:fb:b1:5c:e9:0c:b3:26:a7:64:35:ce:61:
         40:43:98:f6:3f:3d:bc:c5:d1:a5:97:01:99:84:cc:72:b4:4f:
         c9:43:6a:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5tt5Cy5yCg0pZdvjAV5e71MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjYwNTI4MDgzMzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmQzZTE3NTg5Yjc3MTRkYjFhODcwNjE5YzAzZGI4ZWVlZjk2YjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvKSNtrx0KKPp6o193kdnCYdrok/U
PtAk9AzcjFRrgSHwNVZs51fxlMIPpPH1dcgptQc37tjCo+GjJ+/HugppoPZnplG2
v7ijW9dayJfdArVCFpRA0CClaD4IrLYI6999nor2VUgSFf11WHP8s4LXNskO7Ety
2deHWogGONYrY/UHRh1FveGGueKj4sz0pLBgzmNkRz2htnqScYqxeQIKeP5JUN9r
q6/LholmEeTJnGjKD8PnjetXNO+a+FOhZbFmVHw/P+HqrleJYsiHw2Can9Bo+UeS
29QV8o8l8cF1HrXbT1gcM8W3pL5ybzRfr/ARhscJcqAE3NIbWSVlHEB0mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF/T4XWJt3FNsahwYZwD247u+WuRMB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvWDlQaGRZbTNjVTJ4cUhCaG5BUGJqdTc1YTVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABTgaMA0G
CSqGSIb3DQEBCwUAA4IBAQDLQUkzY4DpQtJWFRh7RpkOWg85lJD2xzKTQu7PkeDC
HYJIYX5t8K8fjUFW3eALTVdxxEpd7RAQNxWuy1KF6a/8ZlmLomJRHScm7+0Ta1sv
EX8Uu7SwlJfT8JJ7pEKFBKltLavq7B/vzvJSjCH39QID9HidiNcItnQgBnZEpAlp
6iJux83mJXINRCPyDZ6ALiDYE+3TtyqtGlp/g5aQsYuIT6klD0gl3UvqLX3d+Qxu
9yJJdtefJO56GlHcJjZLxWfOibZx2FDUHvOmNgObnDOlvIBhFFbNcOQOmoHrHx37
sVzpDLMmp2Q1zmFAQ5j2Pz28xdGllwGZhMxytE/JQ2pm
-----END CERTIFICATE-----