Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/f75cf3-1f7f-43f9-a5be-bc5cb963de5d/1/jq5WfSeP2pDPT2hiFBZeXrNo_gA.roa
File:                     jq5WfSeP2pDPT2hiFBZeXrNo_gA.roa (raw, json)
Hash identifier:          8UIQ/f3+ilI0mGQboCjy2Gm2Iv4nHmZ9Nb2yvR4gYaI=
Subject key identifier:   8E:AE:56:7D:27:8F:DA:90:CF:4F:68:62:14:16:5E:5E:B3:68:FE:00
Certificate issuer:       /CN=5af547b7706fcdb18af5a2efc787416db08a1ebd
Certificate serial:       019EDA59076D7394CEB70BFCD8F5C28F4B36
Authority key identifier: 5A:F5:47:B7:70:6F:CD:B1:8A:F5:A2:EF:C7:87:41:6D:B0:8A:1E:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WvVHt3BvzbGK9aLvx4dBbbCKHr0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/f75cf3-1f7f-43f9-a5be-bc5cb963de5d/1/jq5WfSeP2pDPT2hiFBZeXrNo_gA.roa
Signing time:             Thu 18 Jun 2026 10:48:48 +0000
ROA not before:           Thu 18 Jun 2026 10:48:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     28852
IP address blocks:        217.180.40.0/24 maxlen: 24
                          217.180.41.0/24 maxlen: 24
                          217.180.42.0/24 maxlen: 24
                          217.180.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/f75cf3-1f7f-43f9-a5be-bc5cb963de5d/1/WvVHt3BvzbGK9aLvx4dBbbCKHr0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/f75cf3-1f7f-43f9-a5be-bc5cb963de5d/1/WvVHt3BvzbGK9aLvx4dBbbCKHr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WvVHt3BvzbGK9aLvx4dBbbCKHr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Jun 2026 04:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:da:59:07:6d:73:94:ce:b7:0b:fc:d8:f5:c2:8f:4b:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5af547b7706fcdb18af5a2efc787416db08a1ebd
        Validity
            Not Before: Jun 18 10:48:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8eae567d278fda90cf4f686214165e5eb368fe00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:72:c0:86:7d:7e:b2:a5:49:d3:04:90:fb:7d:
                    77:04:63:f3:23:cf:4f:06:ce:73:f0:60:69:93:c1:
                    91:28:22:c3:c9:7b:60:80:b6:b8:56:04:f8:c8:db:
                    96:1e:65:00:70:13:16:92:48:cc:2d:c3:e9:c9:55:
                    e8:bd:fe:fa:08:84:d6:34:94:2e:40:9f:c0:68:10:
                    87:c2:ec:c5:9b:d3:d3:8d:58:c1:e6:35:c3:44:26:
                    73:2f:fc:d4:99:43:a2:cf:c6:25:e1:7e:13:08:94:
                    2b:af:d9:a6:1f:72:fe:88:72:cd:27:04:10:f2:40:
                    76:bf:a5:00:26:5e:69:f5:af:8b:9a:1f:ff:10:51:
                    e5:a7:3b:48:c6:70:b7:b8:4b:2a:2d:b6:f4:42:8b:
                    ee:86:18:18:de:b7:bb:f8:50:e7:a8:ad:fe:68:22:
                    93:8f:98:1b:f2:55:19:b8:97:1c:5f:63:2c:cc:58:
                    ee:e2:47:61:c4:a4:4b:a8:f3:e7:03:d8:77:d4:29:
                    49:6a:01:22:d7:af:53:b0:b8:01:7d:4d:a3:6e:28:
                    db:bd:19:fb:c9:4f:a0:12:de:d3:39:bd:1e:ed:83:
                    a6:c6:0a:27:06:52:bd:06:68:1c:82:01:f5:ba:4c:
                    d8:3e:2e:4d:6b:54:06:a8:91:74:de:81:a2:08:83:
                    23:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:AE:56:7D:27:8F:DA:90:CF:4F:68:62:14:16:5E:5E:B3:68:FE:00
            X509v3 Authority Key Identifier:
                keyid:5A:F5:47:B7:70:6F:CD:B1:8A:F5:A2:EF:C7:87:41:6D:B0:8A:1E:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WvVHt3BvzbGK9aLvx4dBbbCKHr0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/f75cf3-1f7f-43f9-a5be-bc5cb963de5d/1/jq5WfSeP2pDPT2hiFBZeXrNo_gA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/f75cf3-1f7f-43f9-a5be-bc5cb963de5d/1/WvVHt3BvzbGK9aLvx4dBbbCKHr0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.180.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6e:85:22:b6:d6:b6:7e:c7:fd:12:d7:b8:b9:c7:02:01:be:5d:
         c5:43:a2:12:63:78:f8:cc:29:be:17:72:e3:6d:8c:b8:0c:58:
         43:58:4a:9f:22:34:e5:88:ca:39:af:9f:f7:26:03:81:e4:7a:
         59:61:99:b0:02:36:71:69:c1:80:97:9f:89:06:33:0f:4c:70:
         5e:74:30:43:84:fb:c3:23:4e:ee:c9:d2:59:3a:4c:d5:eb:c9:
         51:ea:18:ec:11:6c:96:5f:ae:b2:48:92:1e:61:2e:4c:3a:94:
         76:77:08:74:ca:ca:60:81:be:b4:2e:80:bd:17:8c:41:72:a5:
         31:9f:40:91:20:c3:62:6a:2a:96:7c:77:6b:93:63:6f:85:19:
         46:91:30:11:34:55:e8:ae:7b:fb:40:4c:4e:b8:38:3a:c7:a9:
         4a:5f:1a:38:2b:1c:11:2b:e9:7f:6a:22:3b:2a:9d:a0:a0:a6:
         65:6e:00:c5:81:00:f6:2a:63:c3:54:2e:25:a2:cb:62:32:70:
         6e:02:15:7b:53:b9:12:c8:1d:b9:66:14:59:80:d4:e5:f8:02:
         7f:fd:1c:c1:1f:fe:dd:c8:a6:ac:c6:be:8a:29:32:c0:05:aa:
         f5:ec:e6:da:0b:20:72:f9:ab:a4:9c:c9:34:7f:59:7a:93:ef:
         06:6c:42:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7aWQdtc5TOtwv82PXCj0s2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhZjU0N2I3NzA2ZmNkYjE4YWY1YTJlZmM3ODc0MTZkYjA4
YTFlYmQwHhcNMjYwNjE4MTA0ODQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWFlNTY3ZDI3OGZkYTkwY2Y0ZjY4NjIxNDE2NWU1ZWIzNjhmZTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAunLAhn1+sqVJ0wSQ+313BGPzI89P
Bs5z8GBpk8GRKCLDyXtggLa4VgT4yNuWHmUAcBMWkkjMLcPpyVXovf76CITWNJQu
QJ/AaBCHwuzFm9PTjVjB5jXDRCZzL/zUmUOiz8Yl4X4TCJQrr9mmH3L+iHLNJwQQ
8kB2v6UAJl5p9a+Lmh//EFHlpztIxnC3uEsqLbb0QovuhhgY3re7+FDnqK3+aCKT
j5gb8lUZuJccX2MszFju4kdhxKRLqPPnA9h31ClJagEi169TsLgBfU2jbijbvRn7
yU+gEt7TOb0e7YOmxgonBlK9BmgcggH1ukzYPi5Na1QGqJF03oGiCIMjqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI6uVn0nj9qQz09oYhQWXl6zaP4AMB8GA1UdIwQY
MBaAFFr1R7dwb82xivWi78eHQW2wih69MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3ZWSHQzQnZ6YkdLOWFMdng0ZEJiYkNLSHIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS9mNzVjZjMtMWY3Zi00M2Y5LWE1YmUt
YmM1Y2I5NjNkZTVkLzEvanE1V2ZTZVAycERQVDJoaUZCWmVYck5vX2dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS9mNzVjZjMtMWY3Zi00M2Y5LWE1YmUtYmM1Y2I5NjNkZTVk
LzEvV3ZWSHQzQnZ6YkdLOWFMdng0ZEJiYkNLSHIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2bQoMA0G
CSqGSIb3DQEBCwUAA4IBAQBuhSK21rZ+x/0S17i5xwIBvl3FQ6ISY3j4zCm+F3Lj
bYy4DFhDWEqfIjTliMo5r5/3JgOB5HpZYZmwAjZxacGAl5+JBjMPTHBedDBDhPvD
I07uydJZOkzV68lR6hjsEWyWX66ySJIeYS5MOpR2dwh0yspggb60LoC9F4xBcqUx
n0CRIMNiaiqWfHdrk2NvhRlGkTARNFXornv7QExOuDg6x6lKXxo4KxwRK+l/aiI7
Kp2goKZlbgDFgQD2KmPDVC4lostiMnBuAhV7U7kSyB25ZhRZgNTl+AJ//RzBH/7d
yKasxr6KKTLABar17ObaCyBy+auknMk0f1l6k+8GbEL+
-----END CERTIFICATE-----