Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/5KW5u0IohO9UHRbyESQokgmeEhI.roa
File:                     5KW5u0IohO9UHRbyESQokgmeEhI.roa (raw, json)
Hash identifier:          xeKUd4gqIl7oZumWd6XAAqxnxj1vOuGFTrUOs8nECQQ=
Subject key identifier:   E4:A5:B9:BB:42:28:84:EF:54:1D:16:F2:11:24:28:92:09:9E:12:12
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019E4432724083C421DA0E34568DD2623C46
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/5KW5u0IohO9UHRbyESQokgmeEhI.roa
Signing time:             Wed 20 May 2026 07:03:37 +0000
ROA not before:           Wed 20 May 2026 07:03:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     153622
IP address blocks:        212.134.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 May 2026 08:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:44:32:72:40:83:c4:21:da:0e:34:56:8d:d2:62:3c:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: May 20 07:03:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e4a5b9bb422884ef541d16f211242892099e1212
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:31:aa:18:de:9a:ec:2b:1e:d0:90:3f:dd:89:
                    35:e7:9c:9e:92:e5:be:1d:93:9c:73:50:41:e2:5b:
                    c4:f7:12:22:47:a2:89:38:56:18:74:8e:d6:34:5a:
                    94:f3:5b:0e:55:c4:16:14:a7:a1:54:f4:a9:10:ea:
                    63:6d:30:bd:e0:95:0f:fc:5f:55:2f:2e:ee:2d:c9:
                    c9:d7:f0:9c:56:59:02:dd:d1:12:d6:e0:35:42:b5:
                    fc:c9:3f:b9:ea:c2:41:17:2d:f6:0b:c3:d9:04:1b:
                    00:17:36:21:78:c4:f8:ce:cd:9a:5e:92:79:6b:20:
                    9e:82:45:c0:31:f1:20:64:5a:5e:dc:da:83:64:5f:
                    f2:f9:53:6a:e4:5d:3e:11:e2:c1:eb:73:cf:1f:f6:
                    11:aa:e8:58:52:ad:60:48:a5:65:3f:00:19:f2:98:
                    bd:c1:ce:01:ad:ad:00:40:aa:78:4d:d0:f3:15:1e:
                    4f:2e:4a:a8:7d:57:3a:e0:5c:4b:62:34:e5:18:40:
                    4f:ed:1a:bb:6c:c2:d7:ee:47:97:b3:54:49:98:31:
                    3f:51:35:35:95:8d:81:80:1b:0a:c1:69:30:68:5c:
                    f9:df:cb:b8:66:a8:b6:19:be:9e:9d:61:6b:e1:b1:
                    c3:e6:78:ce:0c:f3:f8:52:a9:e8:d7:d9:fb:ed:ec:
                    c3:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:A5:B9:BB:42:28:84:EF:54:1D:16:F2:11:24:28:92:09:9E:12:12
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/5KW5u0IohO9UHRbyESQokgmeEhI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:cc:46:c0:81:2f:06:63:07:e4:aa:0e:6d:f4:b3:31:94:b6:
         cc:3d:68:d4:3b:03:34:49:03:07:e9:ed:7c:76:15:c4:e3:9d:
         46:ee:e9:be:00:b6:31:c6:7f:a1:9c:c2:c5:9b:4e:99:2b:b5:
         78:28:b5:da:59:31:69:c9:63:e8:3b:83:0c:70:86:af:0b:7b:
         9f:aa:65:97:14:2b:a7:34:49:df:32:8f:06:05:76:2a:fd:96:
         74:76:50:27:e9:d1:58:b6:c5:0c:ec:98:ae:5b:00:38:cb:52:
         bd:24:b3:bb:8f:ee:9b:44:7d:4d:c3:98:d1:0f:ad:92:e8:8d:
         5c:92:b2:dc:84:e7:8a:02:6f:84:da:9a:51:dc:c2:d0:ff:d4:
         78:f2:33:01:3d:f2:2d:f5:ca:d6:d8:02:da:d5:4a:99:64:a0:
         8c:5f:46:1b:19:d6:c1:68:5a:9a:bd:c2:d4:86:6d:4b:21:70:
         b5:72:5a:88:c4:56:f1:bd:1d:e4:bb:d3:92:1e:60:6e:41:6b:
         c4:cd:2a:05:ad:83:1d:95:ce:d0:a4:97:91:28:f7:b0:33:a6:
         a2:76:c4:d5:96:59:7d:30:6a:5a:a1:d4:78:85:48:ca:21:fe:
         65:7b:14:51:bb:7d:26:ed:be:67:a7:1b:86:26:1e:29:6f:fb:
         a3:a0:09:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5EMnJAg8Qh2g40Vo3SYjxGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNTIwMDcwMzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGE1YjliYjQyMjg4NGVmNTQxZDE2ZjIxMTI0Mjg5MjA5OWUxMjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApTGqGN6a7Cse0JA/3Yk155yekuW+
HZOcc1BB4lvE9xIiR6KJOFYYdI7WNFqU81sOVcQWFKehVPSpEOpjbTC94JUP/F9V
Ly7uLcnJ1/CcVlkC3dES1uA1QrX8yT+56sJBFy32C8PZBBsAFzYheMT4zs2aXpJ5
ayCegkXAMfEgZFpe3NqDZF/y+VNq5F0+EeLB63PPH/YRquhYUq1gSKVlPwAZ8pi9
wc4Bra0AQKp4TdDzFR5PLkqofVc64FxLYjTlGEBP7Rq7bMLX7keXs1RJmDE/UTU1
lY2BgBsKwWkwaFz538u4Zqi2Gb6enWFr4bHD5njODPP4Uqno19n77ezDkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOSlubtCKITvVB0W8hEkKJIJnhISMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvNUtXNXUwSW9oTzlVSFJieUVTUW9rZ21lRWhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1IYZMA0G
CSqGSIb3DQEBCwUAA4IBAQCYzEbAgS8GYwfkqg5t9LMxlLbMPWjUOwM0SQMH6e18
dhXE451G7um+ALYxxn+hnMLFm06ZK7V4KLXaWTFpyWPoO4MMcIavC3ufqmWXFCun
NEnfMo8GBXYq/ZZ0dlAn6dFYtsUM7JiuWwA4y1K9JLO7j+6bRH1Nw5jRD62S6I1c
krLchOeKAm+E2ppR3MLQ/9R48jMBPfIt9crW2ALa1UqZZKCMX0YbGdbBaFqavcLU
hm1LIXC1clqIxFbxvR3ku9OSHmBuQWvEzSoFrYMdlc7QpJeRKPewM6aidsTVlll9
MGpaodR4hUjKIf5lexRRu30m7b5npxuGJh4pb/ujoAmY
-----END CERTIFICATE-----