Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/enaK7yDWcng12bzjDsbSHvB5vrI.roa
File:                     enaK7yDWcng12bzjDsbSHvB5vrI.roa (raw, json)
Hash identifier:          tlCH/8SO8GIL9pHuX1opp8780KXXMRRlRkttMF80hYs=
Subject key identifier:   7A:76:8A:EF:20:D6:72:78:35:D9:BC:E3:0E:C6:D2:1E:F0:79:BE:B2
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019CE7148F678C928C9A0A86BFBDC347D5DE
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/enaK7yDWcng12bzjDsbSHvB5vrI.roa
Signing time:             Fri 13 Mar 2026 12:03:30 +0000
ROA not before:           Fri 13 Mar 2026 12:03:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63199
IP address blocks:        5.180.232.0/24 maxlen: 24
                          85.208.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Mar 2026 23:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e7:14:8f:67:8c:92:8c:9a:0a:86:bf:bd:c3:47:d5:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Mar 13 12:03:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7a768aef20d6727835d9bce30ec6d21ef079beb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:ca:6a:3f:9f:5f:cf:a2:49:c2:c6:26:7f:3c:
                    37:c6:73:d2:67:cc:06:cd:d4:57:57:45:46:49:63:
                    0b:a3:c7:f4:e1:cc:ef:00:00:61:6a:ba:7a:18:e1:
                    f8:3e:94:e3:c6:3a:35:cd:54:c7:bf:ed:52:fe:f2:
                    88:9d:f2:e5:fd:00:3a:0e:69:5f:76:14:7c:b1:7a:
                    56:37:e7:04:26:26:b8:9f:bf:d4:67:e6:06:d8:bd:
                    d6:f1:25:31:17:b1:60:58:a8:f4:25:44:0f:51:3f:
                    69:16:aa:b2:4e:7a:82:11:e0:82:0f:21:47:a0:e4:
                    df:d2:79:a2:10:4d:5a:ab:b6:90:0e:cf:1c:a3:9e:
                    6c:6c:a9:a2:05:88:fc:98:b9:23:6d:47:ea:a7:51:
                    19:e6:fc:29:44:b6:83:d3:aa:be:f8:55:d1:79:8e:
                    ab:0d:98:b7:c9:c4:be:88:8b:e6:a7:84:26:12:fa:
                    ed:17:aa:04:9e:37:67:f3:b0:b8:72:6f:4c:9d:2e:
                    13:c3:b2:c7:af:bc:0f:fb:63:b2:91:3d:7e:59:5f:
                    64:8c:30:0b:35:e0:f3:89:22:97:cb:03:18:c3:e0:
                    43:e5:2b:45:75:c0:5b:9f:bc:d7:4f:6f:5f:28:f0:
                    c5:e4:59:61:85:91:ad:d2:dd:29:27:20:47:63:a6:
                    c0:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:76:8A:EF:20:D6:72:78:35:D9:BC:E3:0E:C6:D2:1E:F0:79:BE:B2
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/enaK7yDWcng12bzjDsbSHvB5vrI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.232.0/24
                  85.208.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:6f:7e:c7:8d:80:c5:45:6e:53:f3:e3:e5:a5:59:36:15:d8:
         ca:ae:06:22:6b:81:24:b6:e8:fe:11:09:98:1b:3d:60:f1:1b:
         e4:63:6a:e0:a2:14:d6:26:2f:e5:aa:55:2e:8a:f7:35:52:f1:
         f3:73:d6:ad:cb:87:8b:0a:1a:be:87:3a:3f:62:bc:74:45:fd:
         9f:a9:83:21:4d:e3:c5:47:16:45:2d:98:c2:5f:91:af:f0:9b:
         e6:48:ba:ff:37:5e:bd:2b:1f:34:a8:7a:03:47:1b:a3:8f:3e:
         6b:35:42:9f:e5:33:5a:2f:16:71:85:58:c9:c6:73:5d:c4:eb:
         69:63:7a:be:5f:88:10:aa:bd:12:0d:c2:3a:3a:75:fe:84:1d:
         68:e1:5c:da:15:3a:7b:15:5a:5b:8a:72:02:40:3a:4b:d3:8c:
         4d:90:9f:70:eb:da:09:ab:e3:c2:32:95:ef:ca:13:29:51:05:
         bd:ca:36:74:2b:c9:5c:c2:d2:ad:cd:70:1d:1b:7e:9b:9d:e6:
         df:a1:c5:e4:be:fd:b0:d6:07:59:45:48:cc:3c:db:31:23:fa:
         b6:ac:ea:6f:88:67:0e:1a:c6:69:50:6e:b0:4d:18:d7:25:76:
         9b:e3:53:84:e5:45:d4:45:86:95:6b:a8:e8:16:b0:39:cb:25:
         e8:16:89:bd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZznFI9njJKMmgqGv73DR9XeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjYwMzEzMTIwMzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTc2OGFlZjIwZDY3Mjc4MzVkOWJjZTMwZWM2ZDIxZWYwNzliZWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA08pqP59fz6JJwsYmfzw3xnPSZ8wG
zdRXV0VGSWMLo8f04czvAABharp6GOH4PpTjxjo1zVTHv+1S/vKInfLl/QA6Dmlf
dhR8sXpWN+cEJia4n7/UZ+YG2L3W8SUxF7FgWKj0JUQPUT9pFqqyTnqCEeCCDyFH
oOTf0nmiEE1aq7aQDs8co55sbKmiBYj8mLkjbUfqp1EZ5vwpRLaD06q++FXReY6r
DZi3ycS+iIvmp4QmEvrtF6oEnjdn87C4cm9MnS4Tw7LHr7wP+2OykT1+WV9kjDAL
NeDziSKXywMYw+BD5StFdcBbn7zXT29fKPDF5FlhhZGt0t0pJyBHY6bAuQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHp2iu8g1nJ4Ndm84w7G0h7web6yMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvZW5hSzd5RFdjbmcxMmJ6akRzYlNIdkI1dnJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABbToAwQA
VdBrMA0GCSqGSIb3DQEBCwUAA4IBAQAOb37HjYDFRW5T8+PlpVk2FdjKrgYia4Ek
tuj+EQmYGz1g8RvkY2rgohTWJi/lqlUuivc1UvHzc9aty4eLChq+hzo/Yrx0Rf2f
qYMhTePFRxZFLZjCX5Gv8JvmSLr/N169Kx80qHoDRxujjz5rNUKf5TNaLxZxhVjJ
xnNdxOtpY3q+X4gQqr0SDcI6OnX+hB1o4VzaFTp7FVpbinICQDpL04xNkJ9w69oJ
q+PCMpXvyhMpUQW9yjZ0K8lcwtKtzXAdG36bnebfocXkvv2w1gdZRUjMPNsxI/q2
rOpviGcOGsZpUG6wTRjXJXab41OE5UXURYaVa6joFrA5yyXoFom9
-----END CERTIFICATE-----