Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/4d3b8c-7239-483c-a48c-7d608bee3167/1/s5dMXiTv6K6_nOOjsZQiBMbdI10.roa
File:                     s5dMXiTv6K6_nOOjsZQiBMbdI10.roa (raw, json)
Hash identifier:          gwoW7rGe7x9sbCUBo3rs5nC2U41QfRj68YW36KMIWg8=
Subject key identifier:   B3:97:4C:5E:24:EF:E8:AE:BF:9C:E3:A3:B1:94:22:04:C6:DD:23:5D
Certificate issuer:       /CN=3de4598e21736501a73944c107114c850c7d8b09
Certificate serial:       019E27B9036E67FD5B15610EA9EA1244B082
Authority key identifier: 3D:E4:59:8E:21:73:65:01:A7:39:44:C1:07:11:4C:85:0C:7D:8B:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PeRZjiFzZQGnOUTBBxFMhQx9iwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/4d3b8c-7239-483c-a48c-7d608bee3167/1/s5dMXiTv6K6_nOOjsZQiBMbdI10.roa
Signing time:             Thu 14 May 2026 18:21:36 +0000
ROA not before:           Thu 14 May 2026 18:21:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43362
IP address blocks:        37.153.64.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/4d3b8c-7239-483c-a48c-7d608bee3167/1/PeRZjiFzZQGnOUTBBxFMhQx9iwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/4d3b8c-7239-483c-a48c-7d608bee3167/1/PeRZjiFzZQGnOUTBBxFMhQx9iwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PeRZjiFzZQGnOUTBBxFMhQx9iwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 15 May 2026 17:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:27:b9:03:6e:67:fd:5b:15:61:0e:a9:ea:12:44:b0:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3de4598e21736501a73944c107114c850c7d8b09
        Validity
            Not Before: May 14 18:21:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b3974c5e24efe8aebf9ce3a3b1942204c6dd235d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:47:0d:07:41:e0:e3:d2:f4:d3:70:e4:0e:0f:
                    03:b3:b3:03:49:ae:24:cb:f2:e6:22:43:77:06:70:
                    11:3a:18:eb:d7:91:36:42:90:4a:ed:be:6d:1d:7b:
                    b1:ae:09:f6:57:e2:0e:0a:8c:1f:4a:9a:fa:af:ae:
                    f0:47:22:dd:9f:1f:60:21:89:73:7a:f5:dd:59:d5:
                    65:63:e8:6c:2b:ed:2d:a3:e3:a6:54:bc:16:40:98:
                    30:34:11:ba:49:07:b9:d4:7d:cd:ab:0d:3a:d1:3d:
                    1a:ce:35:9e:63:a1:d2:4d:71:88:aa:07:d3:e8:a4:
                    da:3f:36:13:c6:3c:bb:67:cc:88:68:ac:8a:8b:5f:
                    df:6c:ea:62:60:7f:3a:a2:81:04:e1:4e:eb:aa:04:
                    10:75:ff:c8:76:5f:73:59:35:40:c4:31:82:7e:f7:
                    fa:79:d2:d7:0c:a3:92:9a:63:a0:ab:79:9a:4b:fa:
                    ee:6c:63:99:9c:5a:36:15:77:b2:cb:de:1f:12:c7:
                    fc:1f:c5:a0:fb:60:27:b8:7e:e5:d0:7f:27:a8:d3:
                    f0:8f:34:3c:32:c5:ef:2d:82:f3:ef:84:13:08:55:
                    19:cb:9c:b7:65:1f:18:c8:56:f6:66:cd:8b:d0:1b:
                    2a:31:aa:13:e5:b5:33:16:52:67:a6:8b:f5:67:9c:
                    67:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:97:4C:5E:24:EF:E8:AE:BF:9C:E3:A3:B1:94:22:04:C6:DD:23:5D
            X509v3 Authority Key Identifier:
                keyid:3D:E4:59:8E:21:73:65:01:A7:39:44:C1:07:11:4C:85:0C:7D:8B:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PeRZjiFzZQGnOUTBBxFMhQx9iwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/4d3b8c-7239-483c-a48c-7d608bee3167/1/s5dMXiTv6K6_nOOjsZQiBMbdI10.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/4d3b8c-7239-483c-a48c-7d608bee3167/1/PeRZjiFzZQGnOUTBBxFMhQx9iwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.153.64.0/21

    Signature Algorithm: sha256WithRSAEncryption
         77:96:f1:5e:0e:60:66:a1:7b:6d:e4:76:cd:0f:44:33:45:72:
         6a:f8:f5:de:2e:99:84:71:fa:d5:96:88:87:17:73:1c:94:9b:
         19:34:22:68:85:25:1a:ff:fe:d4:36:f2:9b:d2:3d:4b:b3:20:
         a3:ba:60:2b:c4:8e:48:32:0b:f6:4f:23:49:74:1c:3c:e8:2b:
         e4:41:8d:ec:60:ae:4f:37:c6:4b:5a:1a:07:2b:98:83:34:98:
         cf:c2:cc:66:54:a8:98:43:e5:55:f7:83:0a:54:8a:85:a7:92:
         6d:fb:23:93:3d:b1:7b:16:05:8d:5c:f8:d3:8b:4d:4f:aa:72:
         16:80:72:57:81:e5:a9:0b:e3:24:7d:e5:01:33:d3:b7:36:d7:
         8c:fb:a4:24:df:f0:90:90:67:5b:41:d1:b4:21:b7:46:22:e0:
         15:77:d9:07:d1:45:a4:42:e4:d6:f0:82:02:e3:04:52:0f:24:
         0b:e1:9f:74:4a:00:c0:13:51:6d:6c:03:65:d5:ef:7d:4e:a3:
         d4:b9:cc:86:97:81:c7:91:92:50:b8:9a:71:b6:1a:df:41:64:
         10:ea:99:3c:bf:bc:ed:6a:ff:48:c2:f8:f7:1c:6b:b5:1c:e4:
         b6:21:80:11:f4:69:89:78:bd:91:07:3b:d8:91:e6:fc:76:9d:
         98:09:8b:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4nuQNuZ/1bFWEOqeoSRLCCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkZTQ1OThlMjE3MzY1MDFhNzM5NDRjMTA3MTE0Yzg1MGM3
ZDhiMDkwHhcNMjYwNTE0MTgyMTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzk3NGM1ZTI0ZWZlOGFlYmY5Y2UzYTNiMTk0MjIwNGM2ZGQyMzVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyEcNB0Hg49L003DkDg8Ds7MDSa4k
y/LmIkN3BnAROhjr15E2QpBK7b5tHXuxrgn2V+IOCowfSpr6r67wRyLdnx9gIYlz
evXdWdVlY+hsK+0to+OmVLwWQJgwNBG6SQe51H3Nqw060T0azjWeY6HSTXGIqgfT
6KTaPzYTxjy7Z8yIaKyKi1/fbOpiYH86ooEE4U7rqgQQdf/Idl9zWTVAxDGCfvf6
edLXDKOSmmOgq3maS/rubGOZnFo2FXeyy94fEsf8H8Wg+2AnuH7l0H8nqNPwjzQ8
MsXvLYLz74QTCFUZy5y3ZR8YyFb2Zs2L0BsqMaoT5bUzFlJnpov1Z5xnsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLOXTF4k7+iuv5zjo7GUIgTG3SNdMB8GA1UdIwQY
MBaAFD3kWY4hc2UBpzlEwQcRTIUMfYsJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGVSWmppRnpaUUduT1VUQkJ4Rk1oUXg5aXdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi80ZDNiOGMtNzIzOS00ODNjLWE0OGMt
N2Q2MDhiZWUzMTY3LzEvczVkTVhpVHY2SzZfbk9PanNaUWlCTWJkSTEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi80ZDNiOGMtNzIzOS00ODNjLWE0OGMtN2Q2MDhiZWUzMTY3
LzEvUGVSWmppRnpaUUduT1VUQkJ4Rk1oUXg5aXdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDJZlAMA0G
CSqGSIb3DQEBCwUAA4IBAQB3lvFeDmBmoXtt5HbND0QzRXJq+PXeLpmEcfrVloiH
F3MclJsZNCJohSUa//7UNvKb0j1LsyCjumArxI5IMgv2TyNJdBw86CvkQY3sYK5P
N8ZLWhoHK5iDNJjPwsxmVKiYQ+VV94MKVIqFp5Jt+yOTPbF7FgWNXPjTi01PqnIW
gHJXgeWpC+MkfeUBM9O3NteM+6Qk3/CQkGdbQdG0IbdGIuAVd9kH0UWkQuTW8IIC
4wRSDyQL4Z90SgDAE1FtbANl1e99TqPUucyGl4HHkZJQuJpxthrfQWQQ6pk8v7zt
av9Iwvj3HGu1HOS2IYAR9GmJeL2RBzvYkeb8dp2YCYt5
-----END CERTIFICATE-----