Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/SfhXmPqo2TkF6qz1ZFtHiaQPNso.roa
File:                     SfhXmPqo2TkF6qz1ZFtHiaQPNso.roa (raw, json)
Hash identifier:          R4Cg09rYG8YgQq3VlbbRT6XTdxzKjoe3T18chTy2C1Y=
Subject key identifier:   49:F8:57:98:FA:A8:D9:39:05:EA:AC:F5:64:5B:47:89:A4:0F:36:CA
Certificate issuer:       /CN=95d108f0e85868c2bbe7db6d7377034c131eb224
Certificate serial:       019E6B3B467CE673B18AC0B4D6364A276A51
Authority key identifier: 95:D1:08:F0:E8:58:68:C2:BB:E7:DB:6D:73:77:03:4C:13:1E:B2:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ldEI8OhYaMK759ttc3cDTBMesiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/SfhXmPqo2TkF6qz1ZFtHiaQPNso.roa
Signing time:             Wed 27 May 2026 20:58:27 +0000
ROA not before:           Wed 27 May 2026 20:58:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57494
IP address blocks:        201.51.28.0/24 maxlen: 32
                          201.51.29.0/24 maxlen: 32
                          201.51.30.0/24 maxlen: 32
                          201.51.31.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/ldEI8OhYaMK759ttc3cDTBMesiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/ldEI8OhYaMK759ttc3cDTBMesiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ldEI8OhYaMK759ttc3cDTBMesiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:6b:3b:46:7c:e6:73:b1:8a:c0:b4:d6:36:4a:27:6a:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95d108f0e85868c2bbe7db6d7377034c131eb224
        Validity
            Not Before: May 27 20:58:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=49f85798faa8d93905eaacf5645b4789a40f36ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:27:bf:9a:ac:4f:fe:30:68:70:a6:68:e7:0b:
                    65:3f:37:21:41:66:c4:be:49:57:8a:e2:a7:59:8a:
                    e1:d2:d9:40:e7:65:c6:29:b9:d7:b3:37:59:a3:d8:
                    bb:54:ef:ac:73:84:f5:80:99:12:02:e2:88:6a:36:
                    6b:8a:39:f6:4d:01:fe:e6:b8:1d:26:fd:02:c4:ea:
                    92:81:55:df:92:6f:48:ba:1e:be:0f:8f:e5:32:7b:
                    50:33:98:b2:f0:4e:eb:da:44:d0:a3:1b:a5:f5:c5:
                    a2:6e:12:6f:37:ae:fe:6c:fc:e3:19:50:ee:28:2c:
                    b5:52:60:7a:ac:7c:ad:9e:38:27:aa:0a:19:31:79:
                    57:bb:c1:ee:ee:79:15:f7:09:1b:37:05:6c:27:57:
                    83:fb:75:b1:95:f4:ff:73:6b:6c:77:5a:15:d2:3a:
                    77:95:bc:9b:ad:0f:da:e6:8b:d8:30:a4:e0:e6:51:
                    11:0f:9b:5f:d3:22:d9:05:07:82:dc:b4:4b:14:c7:
                    e2:fb:11:d3:00:f6:65:1f:55:7c:ff:c8:d6:c8:68:
                    18:c8:11:15:46:34:5e:95:43:6b:92:d0:45:54:35:
                    79:02:9f:40:0d:17:c1:a9:46:2e:26:3f:0e:f2:ef:
                    c8:66:24:77:50:4c:5d:a5:1e:9f:49:e8:2b:68:81:
                    6c:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:F8:57:98:FA:A8:D9:39:05:EA:AC:F5:64:5B:47:89:A4:0F:36:CA
            X509v3 Authority Key Identifier:
                keyid:95:D1:08:F0:E8:58:68:C2:BB:E7:DB:6D:73:77:03:4C:13:1E:B2:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ldEI8OhYaMK759ttc3cDTBMesiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/SfhXmPqo2TkF6qz1ZFtHiaQPNso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/ddb424-7eb2-495e-8bb6-72fb97d59ce4/1/ldEI8OhYaMK759ttc3cDTBMesiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  201.51.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         97:8a:cf:1e:5a:aa:c2:ae:3c:b4:af:10:66:2a:62:1d:76:cb:
         fc:ab:62:39:2e:c1:00:d7:66:c1:91:b0:39:a1:f0:01:27:03:
         85:b8:c2:7d:7e:50:10:bb:5c:b7:20:4e:30:11:1b:ae:9d:0f:
         d4:e5:20:4a:29:84:4f:3c:d1:2e:1b:81:93:ee:05:a1:b2:f2:
         c0:bf:82:f8:2b:13:6d:2a:11:2d:50:b0:9d:c1:2c:74:b8:e0:
         f9:03:ed:f2:a4:f0:42:20:e4:91:34:93:5b:99:4e:e1:df:63:
         5d:0b:89:a5:47:62:6e:83:e2:6c:50:49:18:77:12:46:2c:59:
         e8:7b:7a:bb:2f:62:35:ea:ce:03:97:2c:68:87:9a:3c:67:7a:
         a9:7a:c8:8f:19:97:c8:78:c8:12:4b:50:94:5e:ae:9c:96:ad:
         fd:2c:21:ff:79:65:ab:2f:8b:3d:59:3b:2d:15:47:2e:3a:25:
         58:9d:11:53:17:90:2e:2c:d4:a0:4d:0f:da:ad:de:f2:1b:bd:
         1f:8a:7e:aa:cf:bd:66:20:24:c5:43:97:d2:3d:f3:c2:1a:e2:
         a7:e2:23:7a:80:36:1d:91:a6:49:2a:04:b7:aa:46:2f:99:0d:
         38:49:2d:48:8e:14:14:9c:f0:76:ff:46:53:c9:19:db:04:71:
         49:2b:fd:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5rO0Z85nOxisC01jZKJ2pRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1ZDEwOGYwZTg1ODY4YzJiYmU3ZGI2ZDczNzcwMzRjMTMx
ZWIyMjQwHhcNMjYwNTI3MjA1ODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWY4NTc5OGZhYThkOTM5MDVlYWFjZjU2NDViNDc4OWE0MGYzNmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwye/mqxP/jBocKZo5wtlPzchQWbE
vklXiuKnWYrh0tlA52XGKbnXszdZo9i7VO+sc4T1gJkSAuKIajZrijn2TQH+5rgd
Jv0CxOqSgVXfkm9Iuh6+D4/lMntQM5iy8E7r2kTQoxul9cWibhJvN67+bPzjGVDu
KCy1UmB6rHytnjgnqgoZMXlXu8Hu7nkV9wkbNwVsJ1eD+3WxlfT/c2tsd1oV0jp3
lbybrQ/a5ovYMKTg5lERD5tf0yLZBQeC3LRLFMfi+xHTAPZlH1V8/8jWyGgYyBEV
RjRelUNrktBFVDV5Ap9ADRfBqUYuJj8O8u/IZiR3UExdpR6fSegraIFsMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEn4V5j6qNk5Beqs9WRbR4mkDzbKMB8GA1UdIwQY
MBaAFJXRCPDoWGjCu+fbbXN3A0wTHrIkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGRFSThPaFlhTUs3NTl0dGMzY0RUQk1lc2lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9kZGI0MjQtN2ViMi00OTVlLThiYjYt
NzJmYjk3ZDU5Y2U0LzEvU2ZoWG1QcW8yVGtGNnF6MVpGdEhpYVFQTnNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9kZGI0MjQtN2ViMi00OTVlLThiYjYtNzJmYjk3ZDU5Y2U0
LzEvbGRFSThPaFlhTUs3NTl0dGMzY0RUQk1lc2lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCyTMcMA0G
CSqGSIb3DQEBCwUAA4IBAQCXis8eWqrCrjy0rxBmKmIddsv8q2I5LsEA12bBkbA5
ofABJwOFuMJ9flAQu1y3IE4wERuunQ/U5SBKKYRPPNEuG4GT7gWhsvLAv4L4KxNt
KhEtULCdwSx0uOD5A+3ypPBCIOSRNJNbmU7h32NdC4mlR2Jug+JsUEkYdxJGLFno
e3q7L2I16s4Dlyxoh5o8Z3qpesiPGZfIeMgSS1CUXq6clq39LCH/eWWrL4s9WTst
FUcuOiVYnRFTF5AuLNSgTQ/ard7yG70fin6qz71mICTFQ5fSPfPCGuKn4iN6gDYd
kaZJKgS3qkYvmQ04SS1IjhQUnPB2/0ZTyRnbBHFJK/3j
-----END CERTIFICATE-----