Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/d6a5e8-469f-4c27-87b3-3c6dd5e3e935/1/5AE7_O4mI7-H6Wv-ZhNYnselqaU.roa
File:                     5AE7_O4mI7-H6Wv-ZhNYnselqaU.roa (raw, json)
Hash identifier:          ZU8q9mKfymGsv/1D2pNr1VbfbTiFUrL0MjqiBD7DHmM=
Subject key identifier:   E4:01:3B:FC:EE:26:23:BF:87:E9:6B:FE:66:13:58:9E:C7:A5:A9:A5
Certificate issuer:       /CN=767bc364e63c7aa57953fb3e4a5178e3b43c1f6f
Certificate serial:       019DE396937A5C9EA506A0E5D1ECD0F6A3D4
Authority key identifier: 76:7B:C3:64:E6:3C:7A:A5:79:53:FB:3E:4A:51:78:E3:B4:3C:1F:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dnvDZOY8eqV5U_s-SlF447Q8H28.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/d6a5e8-469f-4c27-87b3-3c6dd5e3e935/1/5AE7_O4mI7-H6Wv-ZhNYnselqaU.roa
Signing time:             Fri 01 May 2026 12:49:49 +0000
ROA not before:           Fri 01 May 2026 12:49:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198798
IP address blocks:        2001:678:1250::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/d6a5e8-469f-4c27-87b3-3c6dd5e3e935/1/dnvDZOY8eqV5U_s-SlF447Q8H28.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/d6a5e8-469f-4c27-87b3-3c6dd5e3e935/1/dnvDZOY8eqV5U_s-SlF447Q8H28.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dnvDZOY8eqV5U_s-SlF447Q8H28.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 May 2026 21:44:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e3:96:93:7a:5c:9e:a5:06:a0:e5:d1:ec:d0:f6:a3:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=767bc364e63c7aa57953fb3e4a5178e3b43c1f6f
        Validity
            Not Before: May  1 12:49:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e4013bfcee2623bf87e96bfe6613589ec7a5a9a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:66:74:49:80:ee:2b:bd:19:fd:2a:73:0c:92:
                    eb:9c:3e:95:1c:eb:88:ac:4c:28:88:30:52:0b:1c:
                    d1:d8:bd:a0:60:3a:58:cc:e1:59:41:d2:2f:68:3d:
                    bc:95:62:dc:bc:2c:e6:3a:ee:e3:21:1c:29:aa:8e:
                    b0:c3:19:3f:c7:b1:6b:cc:c0:ef:3b:21:40:87:73:
                    21:67:52:62:75:61:64:fb:bb:c6:7b:f3:3f:3c:1c:
                    45:1f:08:83:90:9c:c8:0d:35:a2:8e:8f:24:8f:b5:
                    1a:88:7b:b1:6f:f8:4a:2d:95:1e:6a:4e:d8:7a:91:
                    9c:f6:96:97:fb:ba:5f:d7:b8:52:9a:f2:e8:c3:38:
                    04:28:9b:42:85:97:33:a5:bf:fc:9f:69:79:d7:a0:
                    48:eb:f8:92:82:dd:fd:ad:9c:5b:ee:40:ae:48:eb:
                    f5:67:ba:a6:a6:51:13:1b:7e:2e:95:b4:b3:ad:1d:
                    22:ac:06:89:4d:da:c3:f0:32:7b:d5:8a:6d:1a:6e:
                    03:18:a1:9d:fa:7f:ea:c3:da:52:94:6f:6d:d9:99:
                    3c:da:8e:a4:7e:98:fb:4e:2a:78:de:2e:87:e9:fa:
                    de:d1:81:81:50:ad:d6:c5:13:fc:68:ee:46:fa:c4:
                    f9:d1:e6:cf:8b:45:ee:94:2b:4d:41:65:19:7b:98:
                    ed:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:01:3B:FC:EE:26:23:BF:87:E9:6B:FE:66:13:58:9E:C7:A5:A9:A5
            X509v3 Authority Key Identifier:
                keyid:76:7B:C3:64:E6:3C:7A:A5:79:53:FB:3E:4A:51:78:E3:B4:3C:1F:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dnvDZOY8eqV5U_s-SlF447Q8H28.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/d6a5e8-469f-4c27-87b3-3c6dd5e3e935/1/5AE7_O4mI7-H6Wv-ZhNYnselqaU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/d6a5e8-469f-4c27-87b3-3c6dd5e3e935/1/dnvDZOY8eqV5U_s-SlF447Q8H28.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:1250::/48

    Signature Algorithm: sha256WithRSAEncryption
         72:68:8b:5e:89:2f:b8:31:1a:7e:81:58:c7:81:07:c5:f3:82:
         07:12:a3:e1:b4:50:ce:34:9f:21:87:85:33:eb:04:bc:3a:09:
         79:d0:3a:a0:df:16:bb:4d:4f:c4:48:1e:b3:6a:de:77:55:cc:
         63:31:e3:e9:78:43:87:9e:d3:7d:cd:88:8d:75:b5:1b:6e:c8:
         8f:6b:fb:64:d5:98:e9:c4:8c:e0:25:cc:46:15:08:c2:fb:1c:
         27:5d:7a:87:3c:62:1e:ab:f9:30:45:82:7f:e9:99:98:a6:d2:
         72:17:75:01:f1:24:cc:0e:8a:8a:0b:cf:09:39:ba:6c:bf:57:
         35:c6:a6:20:6d:9e:9a:cb:97:c9:23:59:14:ad:89:b6:36:b2:
         b5:a4:94:b1:89:5c:73:08:51:7d:ec:4c:47:53:ab:4b:d2:14:
         45:46:05:ce:b5:93:2a:a4:94:b7:49:e1:f4:7b:a7:bf:1f:36:
         81:3c:62:c4:ed:0e:e5:87:57:9a:4c:c8:69:66:f0:50:c1:d7:
         fc:95:79:94:67:e9:db:1e:a1:c3:2c:ec:cf:d5:df:15:86:67:
         f4:11:99:19:55:cb:56:5a:de:90:68:9c:bc:97:bc:dd:f8:12:
         45:e5:5d:b3:6d:06:2d:f0:51:44:c4:6a:61:51:5a:ec:db:86:
         d6:b9:10:0d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ3jlpN6XJ6lBqDl0ezQ9qPUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2N2JjMzY0ZTYzYzdhYTU3OTUzZmIzZTRhNTE3OGUzYjQz
YzFmNmYwHhcNMjYwNTAxMTI0OTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDAxM2JmY2VlMjYyM2JmODdlOTZiZmU2NjEzNTg5ZWM3YTVhOWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2Z0SYDuK70Z/SpzDJLrnD6VHOuI
rEwoiDBSCxzR2L2gYDpYzOFZQdIvaD28lWLcvCzmOu7jIRwpqo6wwxk/x7FrzMDv
OyFAh3MhZ1JidWFk+7vGe/M/PBxFHwiDkJzIDTWijo8kj7UaiHuxb/hKLZUeak7Y
epGc9paX+7pf17hSmvLowzgEKJtChZczpb/8n2l516BI6/iSgt39rZxb7kCuSOv1
Z7qmplETG34ulbSzrR0irAaJTdrD8DJ71YptGm4DGKGd+n/qw9pSlG9t2Zk82o6k
fpj7Tip43i6H6fre0YGBUK3WxRP8aO5G+sT50ebPi0XulCtNQWUZe5jtZwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOQBO/zuJiO/h+lr/mYTWJ7HpamlMB8GA1UdIwQY
MBaAFHZ7w2TmPHqleVP7PkpReOO0PB9vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG52RFpPWThlcVY1VV9zLVNsRjQ0N1E4SDI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9kNmE1ZTgtNDY5Zi00YzI3LTg3YjMt
M2M2ZGQ1ZTNlOTM1LzEvNUFFN19PNG1JNy1INld2LVpoTlluc2VscWFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9kNmE1ZTgtNDY5Zi00YzI3LTg3YjMtM2M2ZGQ1ZTNlOTM1
LzEvZG52RFpPWThlcVY1VV9zLVNsRjQ0N1E4SDI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeBJQ
MA0GCSqGSIb3DQEBCwUAA4IBAQByaIteiS+4MRp+gVjHgQfF84IHEqPhtFDONJ8h
h4Uz6wS8Ogl50Dqg3xa7TU/ESB6zat53VcxjMePpeEOHntN9zYiNdbUbbsiPa/tk
1ZjpxIzgJcxGFQjC+xwnXXqHPGIeq/kwRYJ/6ZmYptJyF3UB8STMDoqKC88JObps
v1c1xqYgbZ6ay5fJI1kUrYm2NrK1pJSxiVxzCFF97ExHU6tL0hRFRgXOtZMqpJS3
SeH0e6e/HzaBPGLE7Q7lh1eaTMhpZvBQwdf8lXmUZ+nbHqHDLOzP1d8Vhmf0EZkZ
VctWWt6QaJy8l7zd+BJF5V2zbQYt8FFExGphUVrs24bWuRAN
-----END CERTIFICATE-----