Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/59cf8e-dc67-43fb-bd37-0870e659645b/1/Q7NY4EuKh73yFJKmMgChWTXBirE.roa
File:                     Q7NY4EuKh73yFJKmMgChWTXBirE.roa (raw, json)
Hash identifier:          9Iy6hZU4K15U+TrOsDJ5y2e1gzxrEUFWmnU91YlaOBQ=
Subject key identifier:   43:B3:58:E0:4B:8A:87:BD:F2:14:92:A6:32:00:A1:59:35:C1:8A:B1
Certificate issuer:       /CN=ef9d763b49e024a7b6a19eaf7dfb98911a9c94c8
Certificate serial:       019D8AB65CE7366DD1A559AF0B9B4041AF75
Authority key identifier: EF:9D:76:3B:49:E0:24:A7:B6:A1:9E:AF:7D:FB:98:91:1A:9C:94:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7512O0ngJKe2oZ6vffuYkRqclMg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/59cf8e-dc67-43fb-bd37-0870e659645b/1/Q7NY4EuKh73yFJKmMgChWTXBirE.roa
Signing time:             Tue 14 Apr 2026 06:38:20 +0000
ROA not before:           Tue 14 Apr 2026 06:38:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205489
IP address blocks:        5.182.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/59cf8e-dc67-43fb-bd37-0870e659645b/1/7512O0ngJKe2oZ6vffuYkRqclMg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/59cf8e-dc67-43fb-bd37-0870e659645b/1/7512O0ngJKe2oZ6vffuYkRqclMg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7512O0ngJKe2oZ6vffuYkRqclMg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 08:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8a:b6:5c:e7:36:6d:d1:a5:59:af:0b:9b:40:41:af:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef9d763b49e024a7b6a19eaf7dfb98911a9c94c8
        Validity
            Not Before: Apr 14 06:38:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=43b358e04b8a87bdf21492a63200a15935c18ab1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c3:96:d8:f0:b8:60:3c:0c:3c:72:46:cd:22:
                    71:7a:80:db:eb:ce:6d:03:4c:44:98:87:96:ed:3e:
                    df:aa:c9:d9:2d:02:5e:a2:f8:ed:07:43:07:83:6d:
                    7f:41:e7:cc:3c:31:07:a2:0e:da:68:73:17:d6:ee:
                    37:79:13:c5:75:fc:e4:f6:06:73:0a:28:f7:a7:e9:
                    e1:88:8d:ef:f4:d4:42:99:bc:62:b6:d0:f6:98:c1:
                    b5:85:84:3d:81:88:36:b1:66:e8:34:4c:aa:87:b1:
                    99:b8:94:a6:b8:59:47:09:b0:80:4f:ea:86:ed:de:
                    b0:3a:1b:d0:da:08:6c:10:84:8b:63:95:97:2d:3c:
                    8f:ef:6c:dc:e5:b2:0e:0d:22:a2:c1:aa:d3:b8:46:
                    89:fe:98:43:12:d2:16:44:cd:88:0b:ce:31:7c:33:
                    2f:b0:43:d2:2f:93:7f:28:5d:00:b0:d4:09:14:1e:
                    60:b7:da:f7:19:52:4d:81:15:b0:d9:0b:45:a9:24:
                    8c:1e:d7:a3:3a:ad:b7:b8:6a:3f:22:e5:2a:e1:2a:
                    30:a7:fd:e0:12:96:71:83:b7:59:fa:e0:6c:7d:ec:
                    87:3b:45:6b:8b:eb:76:61:d8:77:de:4a:36:31:fa:
                    64:33:d1:ea:e9:11:1d:58:c7:68:90:7c:bb:aa:c4:
                    e4:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:B3:58:E0:4B:8A:87:BD:F2:14:92:A6:32:00:A1:59:35:C1:8A:B1
            X509v3 Authority Key Identifier:
                keyid:EF:9D:76:3B:49:E0:24:A7:B6:A1:9E:AF:7D:FB:98:91:1A:9C:94:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7512O0ngJKe2oZ6vffuYkRqclMg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/59cf8e-dc67-43fb-bd37-0870e659645b/1/Q7NY4EuKh73yFJKmMgChWTXBirE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/59cf8e-dc67-43fb-bd37-0870e659645b/1/7512O0ngJKe2oZ6vffuYkRqclMg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:f7:27:77:fe:da:f3:0a:1d:55:d9:90:87:4c:fc:fe:80:46:
         db:7e:d0:08:ce:e6:c2:97:02:ae:bd:59:f4:0d:63:ec:cd:83:
         50:63:c6:e4:68:ae:fe:e8:09:60:4f:a2:4e:95:12:7c:59:68:
         ce:8f:37:1a:cd:a2:3f:be:28:fa:de:dd:14:c2:05:53:c2:f2:
         15:cf:ff:54:f4:f6:17:91:2b:27:7f:77:3f:ec:ca:8d:91:12:
         b5:75:5f:5f:a8:10:28:4c:04:77:d7:71:7e:3a:d8:44:1e:d6:
         82:54:48:f7:97:a0:ae:7c:3a:a8:50:46:3a:62:a9:7b:32:cc:
         d3:17:ef:10:db:de:92:1c:aa:70:b1:a1:4d:16:1c:a4:0e:5e:
         e4:58:e7:13:39:66:a2:67:f2:40:dd:bf:2c:9e:cf:bd:b4:01:
         2f:8d:3f:29:80:ec:ca:18:50:0f:0d:9a:a3:8d:a1:c7:51:1c:
         bb:08:61:01:22:d3:63:5f:fd:19:43:08:44:73:a6:bf:97:15:
         45:fc:b9:df:c5:f6:6d:6b:6a:5b:24:02:4f:84:b0:c3:75:b4:
         0e:ea:6c:d1:be:4f:8c:f3:2e:ca:5f:28:fd:46:e7:b0:d3:81:
         01:2d:97:10:d2:db:9b:b6:b2:9c:69:c8:d3:0b:f9:b6:79:be:
         d6:43:a6:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2KtlznNm3RpVmvC5tAQa91MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmOWQ3NjNiNDllMDI0YTdiNmExOWVhZjdkZmI5ODkxMWE5
Yzk0YzgwHhcNMjYwNDE0MDYzODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2IzNThlMDRiOGE4N2JkZjIxNDkyYTYzMjAwYTE1OTM1YzE4YWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqcOW2PC4YDwMPHJGzSJxeoDb685t
A0xEmIeW7T7fqsnZLQJeovjtB0MHg21/QefMPDEHog7aaHMX1u43eRPFdfzk9gZz
Cij3p+nhiI3v9NRCmbxittD2mMG1hYQ9gYg2sWboNEyqh7GZuJSmuFlHCbCAT+qG
7d6wOhvQ2ghsEISLY5WXLTyP72zc5bIODSKiwarTuEaJ/phDEtIWRM2IC84xfDMv
sEPSL5N/KF0AsNQJFB5gt9r3GVJNgRWw2QtFqSSMHtejOq23uGo/IuUq4Sowp/3g
EpZxg7dZ+uBsfeyHO0Vri+t2Ydh33ko2MfpkM9Hq6REdWMdokHy7qsTkgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEOzWOBLioe98hSSpjIAoVk1wYqxMB8GA1UdIwQY
MBaAFO+ddjtJ4CSntqGer337mJEanJTIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzUxMk8wbmdKS2Uyb1o2dmZmdVlrUnFjbE1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS81OWNmOGUtZGM2Ny00M2ZiLWJkMzct
MDg3MGU2NTk2NDViLzEvUTdOWTRFdUtoNzN5RkpLbU1nQ2hXVFhCaXJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS81OWNmOGUtZGM2Ny00M2ZiLWJkMzctMDg3MGU2NTk2NDVi
LzEvNzUxMk8wbmdKS2Uyb1o2dmZmdVlrUnFjbE1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbYUMA0G
CSqGSIb3DQEBCwUAA4IBAQAR9yd3/trzCh1V2ZCHTPz+gEbbftAIzubClwKuvVn0
DWPszYNQY8bkaK7+6AlgT6JOlRJ8WWjOjzcazaI/vij63t0UwgVTwvIVz/9U9PYX
kSsnf3c/7MqNkRK1dV9fqBAoTAR313F+OthEHtaCVEj3l6CufDqoUEY6Yql7MszT
F+8Q296SHKpwsaFNFhykDl7kWOcTOWaiZ/JA3b8sns+9tAEvjT8pgOzKGFAPDZqj
jaHHURy7CGEBItNjX/0ZQwhEc6a/lxVF/LnfxfZta2pbJAJPhLDDdbQO6mzRvk+M
8y7KXyj9Ruew04EBLZcQ0tubtrKcacjTC/m2eb7WQ6bS
-----END CERTIFICATE-----