Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/a6dda1-1b87-4ec3-938f-dd5ddd05db0b/1/C4F5FfMfgWqyacqGzJ3BIqWeq0I.roa
File:                     C4F5FfMfgWqyacqGzJ3BIqWeq0I.roa (raw, json)
Hash identifier:          AVJL10DYaSQMbWBrbtscpA6ZeIDEl5faz3P30tjrXbc=
Subject key identifier:   0B:81:79:15:F3:1F:81:6A:B2:69:CA:86:CC:9D:C1:22:A5:9E:AB:42
Certificate issuer:       /CN=0e3f31c9eace6f0a5eccdb8df2b01c7351568686
Certificate serial:       019EAC0CF7B1CED6B20DFBC75BC6735CA18A
Authority key identifier: 0E:3F:31:C9:EA:CE:6F:0A:5E:CC:DB:8D:F2:B0:1C:73:51:56:86:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dj8xyerObwpezNuN8rAcc1FWhoY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/a6dda1-1b87-4ec3-938f-dd5ddd05db0b/1/C4F5FfMfgWqyacqGzJ3BIqWeq0I.roa
Signing time:             Tue 09 Jun 2026 11:03:11 +0000
ROA not before:           Tue 09 Jun 2026 11:03:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199412
IP address blocks:        5.145.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/a6dda1-1b87-4ec3-938f-dd5ddd05db0b/1/Dj8xyerObwpezNuN8rAcc1FWhoY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/a6dda1-1b87-4ec3-938f-dd5ddd05db0b/1/Dj8xyerObwpezNuN8rAcc1FWhoY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Dj8xyerObwpezNuN8rAcc1FWhoY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ac:0c:f7:b1:ce:d6:b2:0d:fb:c7:5b:c6:73:5c:a1:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e3f31c9eace6f0a5eccdb8df2b01c7351568686
        Validity
            Not Before: Jun  9 11:03:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0b817915f31f816ab269ca86cc9dc122a59eab42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:81:fe:5d:d3:56:b0:99:fb:b0:7d:37:29:df:
                    8b:d4:e7:35:ba:c3:aa:0f:b3:b9:01:3d:25:bc:dd:
                    5b:1d:d2:ed:a8:92:59:bf:b7:e0:3b:db:1c:9b:ff:
                    f2:fd:5a:6b:ed:47:7e:7a:2c:24:25:36:e7:f7:27:
                    a6:91:2e:0f:fb:ff:56:de:85:2b:93:8c:af:95:d2:
                    63:a9:be:db:be:26:a1:1f:be:37:a7:b8:5d:af:9f:
                    28:26:24:f0:db:8c:5e:2e:3d:f3:13:d7:c1:d1:64:
                    62:f9:4c:b6:99:9e:97:87:68:7a:1e:67:e8:d4:75:
                    7c:ce:5c:25:e8:05:fc:09:20:ec:d7:6e:ce:9b:4d:
                    12:4a:24:d9:6c:9b:81:1a:89:84:a2:99:b3:43:a7:
                    88:a3:34:37:be:92:ad:91:cb:c8:55:aa:4e:e1:61:
                    f2:f0:2a:a6:da:47:3e:32:70:33:4e:1a:35:58:13:
                    2d:57:de:f1:d5:4b:ed:9a:61:e3:42:6a:15:34:32:
                    8c:f9:cc:05:ab:17:64:cf:11:fb:65:ec:9e:4a:d7:
                    7f:44:c4:20:79:c2:df:5d:67:47:12:e6:59:07:81:
                    f9:35:de:0c:81:66:64:bc:8c:9d:1d:b7:0a:cf:dd:
                    95:eb:90:d0:6d:2c:a6:18:20:ca:1e:8e:75:61:b6:
                    7c:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:81:79:15:F3:1F:81:6A:B2:69:CA:86:CC:9D:C1:22:A5:9E:AB:42
            X509v3 Authority Key Identifier:
                keyid:0E:3F:31:C9:EA:CE:6F:0A:5E:CC:DB:8D:F2:B0:1C:73:51:56:86:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dj8xyerObwpezNuN8rAcc1FWhoY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/a6dda1-1b87-4ec3-938f-dd5ddd05db0b/1/C4F5FfMfgWqyacqGzJ3BIqWeq0I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/a6dda1-1b87-4ec3-938f-dd5ddd05db0b/1/Dj8xyerObwpezNuN8rAcc1FWhoY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.145.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:55:20:ac:e0:64:19:7d:e3:30:e4:00:36:42:2a:5a:75:64:
         87:3a:f9:28:85:1f:34:ea:9d:3e:bd:13:8f:7e:05:0c:7e:83:
         19:bd:30:d0:67:be:3a:5f:d7:b7:7f:28:35:a8:16:a1:f1:d8:
         25:06:34:47:08:0b:8a:46:15:40:34:b9:25:cd:16:ca:72:43:
         36:5a:23:51:0d:5d:0c:54:83:45:18:d8:55:5c:9a:e2:31:7c:
         a8:28:bb:9a:20:f8:0e:df:b2:15:49:66:6d:7f:4e:34:ff:ae:
         f6:5c:e0:e8:b7:6b:f2:08:4c:97:3a:81:45:3e:9a:45:2a:94:
         34:4d:55:7a:08:5c:39:0c:26:bc:bc:30:01:2c:7b:b7:d4:0c:
         65:ff:4a:11:b6:9b:2c:79:31:70:f0:bb:c7:c8:6f:95:97:f3:
         38:0a:9c:dd:eb:89:4b:2c:65:b7:79:0a:cc:13:f8:3b:05:9d:
         8e:e0:bf:85:43:1a:07:8d:bc:ba:06:ea:6b:bf:bf:37:a5:d8:
         7f:55:7e:f9:a8:9e:4d:06:a5:61:f0:df:d0:26:80:0a:96:06:
         8d:b4:6a:99:33:6f:f1:77:6a:50:5b:31:2e:01:13:2d:0f:7b:
         b7:2e:a0:e6:53:23:ef:de:f2:6f:d8:eb:a2:2a:28:3f:80:7e:
         35:c8:3a:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6sDPexztayDfvHW8ZzXKGKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlM2YzMWM5ZWFjZTZmMGE1ZWNjZGI4ZGYyYjAxYzczNTE1
Njg2ODYwHhcNMjYwNjA5MTEwMzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjgxNzkxNWYzMWY4MTZhYjI2OWNhODZjYzlkYzEyMmE1OWVhYjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsIH+XdNWsJn7sH03Kd+L1Oc1usOq
D7O5AT0lvN1bHdLtqJJZv7fgO9scm//y/Vpr7Ud+eiwkJTbn9yemkS4P+/9W3oUr
k4yvldJjqb7bviahH743p7hdr58oJiTw24xeLj3zE9fB0WRi+Uy2mZ6Xh2h6Hmfo
1HV8zlwl6AX8CSDs127Om00SSiTZbJuBGomEopmzQ6eIozQ3vpKtkcvIVapO4WHy
8Cqm2kc+MnAzTho1WBMtV97x1UvtmmHjQmoVNDKM+cwFqxdkzxH7ZeyeStd/RMQg
ecLfXWdHEuZZB4H5Nd4MgWZkvIydHbcKz92V65DQbSymGCDKHo51YbZ8awIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAuBeRXzH4FqsmnKhsydwSKlnqtCMB8GA1UdIwQY
MBaAFA4/Mcnqzm8KXszbjfKwHHNRVoaGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGo4eHllck9id3Blek51TjhyQWNjMUZXaG9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9hNmRkYTEtMWI4Ny00ZWMzLTkzOGYt
ZGQ1ZGRkMDVkYjBiLzEvQzRGNUZmTWZnV3F5YWNxR3pKM0JJcVdlcTBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9hNmRkYTEtMWI4Ny00ZWMzLTkzOGYtZGQ1ZGRkMDVkYjBi
LzEvRGo4eHllck9id3Blek51TjhyQWNjMUZXaG9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABZGxMA0G
CSqGSIb3DQEBCwUAA4IBAQACVSCs4GQZfeMw5AA2QipadWSHOvkohR806p0+vROP
fgUMfoMZvTDQZ746X9e3fyg1qBah8dglBjRHCAuKRhVANLklzRbKckM2WiNRDV0M
VINFGNhVXJriMXyoKLuaIPgO37IVSWZtf040/672XODot2vyCEyXOoFFPppFKpQ0
TVV6CFw5DCa8vDABLHu31Axl/0oRtpsseTFw8LvHyG+Vl/M4Cpzd64lLLGW3eQrM
E/g7BZ2O4L+FQxoHjby6Buprv783pdh/VX75qJ5NBqVh8N/QJoAKlgaNtGqZM2/x
d2pQWzEuARMtD3u3LqDmUyPv3vJv2OuiKig/gH41yDpo
-----END CERTIFICATE-----