Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/ghsprZ41WyxRQ-ol28M31qcp1aU.roa
File:                     ghsprZ41WyxRQ-ol28M31qcp1aU.roa (raw, json)
Hash identifier:          n+mf9kFJAnYVlPra9nWPiJ2coU8wH/ngSaeM1sqZ6a0=
Subject key identifier:   82:1B:29:AD:9E:35:5B:2C:51:43:EA:25:DB:C3:37:D6:A7:29:D5:A5
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       019ED937B94D2AB83F382C61B5A0846EE181
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/ghsprZ41WyxRQ-ol28M31qcp1aU.roa
Signing time:             Thu 18 Jun 2026 05:32:48 +0000
ROA not before:           Thu 18 Jun 2026 05:32:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34346
IP address blocks:        5.56.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Jun 2026 17:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:d9:37:b9:4d:2a:b8:3f:38:2c:61:b5:a0:84:6e:e1:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: Jun 18 05:32:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=821b29ad9e355b2c5143ea25dbc337d6a729d5a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:d7:d9:dc:2b:7c:43:69:00:45:e3:e4:a8:fd:
                    51:ae:c5:39:4c:f6:90:b5:48:08:ac:ba:4d:50:b5:
                    30:fe:52:8e:5e:2f:77:5a:96:70:78:68:6b:ba:36:
                    d9:e6:e3:6a:cb:dd:6c:8a:4e:5c:51:63:31:ae:f5:
                    73:7a:87:6a:05:a3:63:19:4b:17:cf:a6:b2:44:92:
                    ef:3f:59:fe:77:b4:03:15:bd:d7:e6:7d:f8:b3:8d:
                    08:8f:59:ff:01:df:a3:bf:67:31:7f:72:5e:b9:45:
                    ef:59:df:b1:7e:07:be:57:fa:93:57:85:5b:3e:b8:
                    d0:0d:b7:3d:41:fc:8e:da:e0:c6:c6:a3:51:4e:5d:
                    e3:5a:fd:0c:95:1b:42:62:81:30:ea:5a:a3:f4:02:
                    08:d2:1c:a1:21:f8:7b:7d:a6:bb:a5:c1:d2:df:43:
                    97:c3:7a:5b:ed:77:8a:e4:d4:8c:b5:ae:4f:b1:87:
                    80:de:36:7e:da:a4:44:d9:67:69:8c:94:a5:60:28:
                    f5:9e:da:69:67:78:50:da:a2:8f:7d:ad:43:7f:17:
                    6b:06:04:7e:5c:49:61:00:f8:f6:73:16:e4:4a:84:
                    02:04:dd:73:bf:ef:d9:78:e2:4a:fb:0d:c5:b1:67:
                    17:52:eb:5f:11:fa:71:ab:28:4a:14:3e:10:c2:b1:
                    40:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:1B:29:AD:9E:35:5B:2C:51:43:EA:25:DB:C3:37:D6:A7:29:D5:A5
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/ghsprZ41WyxRQ-ol28M31qcp1aU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.56.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:fe:c4:00:f5:b0:ab:79:10:20:4a:83:9f:6a:7f:df:2e:6d:
         bd:90:9e:e1:90:68:cc:cc:ce:34:dd:9f:c6:fd:2d:d9:8a:d4:
         20:fc:5b:8a:36:e8:06:52:71:ee:6b:6a:b8:c7:06:ff:46:1f:
         0b:9b:8f:e3:11:50:df:96:6e:7b:20:b0:db:96:64:ad:2f:f2:
         4f:76:52:21:6b:4d:70:ba:ad:45:10:5d:c2:e0:22:d5:f5:8c:
         96:28:03:36:01:14:1a:35:65:53:5b:9f:91:c3:7c:2b:75:52:
         00:cb:0f:1f:c9:b1:2f:db:85:36:35:39:27:b1:b4:c8:b7:c1:
         0e:2b:f1:86:c5:1e:20:7d:e9:d5:b5:a0:1d:6c:eb:93:ee:c6:
         a1:11:e7:a7:39:53:34:c5:77:e6:29:f5:e6:31:87:4b:08:37:
         dc:bc:40:31:2e:8a:a7:df:cf:79:b7:31:bc:bc:16:4b:9c:f9:
         bc:0a:19:3d:21:66:33:77:a1:25:e5:b3:e6:b9:f3:a9:5c:33:
         d8:1c:01:64:75:13:0b:09:c5:2b:75:46:c7:9e:70:3a:47:61:
         5b:6e:38:ef:7e:06:fe:d9:7c:50:96:f2:a3:d3:7c:59:84:53:
         92:f0:e4:aa:dd:42:98:69:23:2b:40:f9:74:a9:c3:df:f4:c4:
         90:3a:98:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7ZN7lNKrg/OCxhtaCEbuGBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjYwNjE4MDUzMjQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjFiMjlhZDllMzU1YjJjNTE0M2VhMjVkYmMzMzdkNmE3MjlkNWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstfZ3Ct8Q2kARePkqP1RrsU5TPaQ
tUgIrLpNULUw/lKOXi93WpZweGhrujbZ5uNqy91sik5cUWMxrvVzeodqBaNjGUsX
z6ayRJLvP1n+d7QDFb3X5n34s40Ij1n/Ad+jv2cxf3JeuUXvWd+xfge+V/qTV4Vb
PrjQDbc9QfyO2uDGxqNRTl3jWv0MlRtCYoEw6lqj9AII0hyhIfh7faa7pcHS30OX
w3pb7XeK5NSMta5PsYeA3jZ+2qRE2WdpjJSlYCj1ntppZ3hQ2qKPfa1DfxdrBgR+
XElhAPj2cxbkSoQCBN1zv+/ZeOJK+w3FsWcXUutfEfpxqyhKFD4QwrFAQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIIbKa2eNVssUUPqJdvDN9anKdWlMB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvZ2hzcHJaNDFXeXhSUS1vbDI4TTMxcWNwMWFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABTgdMA0G
CSqGSIb3DQEBCwUAA4IBAQCh/sQA9bCreRAgSoOfan/fLm29kJ7hkGjMzM403Z/G
/S3ZitQg/FuKNugGUnHua2q4xwb/Rh8Lm4/jEVDflm57ILDblmStL/JPdlIha01w
uq1FEF3C4CLV9YyWKAM2ARQaNWVTW5+Rw3wrdVIAyw8fybEv24U2NTknsbTIt8EO
K/GGxR4gfenVtaAdbOuT7sahEeenOVM0xXfmKfXmMYdLCDfcvEAxLoqn3895tzG8
vBZLnPm8Chk9IWYzd6El5bPmufOpXDPYHAFkdRMLCcUrdUbHnnA6R2Fbbjjvfgb+
2XxQlvKj03xZhFOS8OSq3UKYaSMrQPl0qcPf9MSQOphf
-----END CERTIFICATE-----