Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/suinLfANJgFl2aD6VthkzfYORbU.roa
File:                     suinLfANJgFl2aD6VthkzfYORbU.roa (raw, json)
Hash identifier:          wgZdOBvloOPDBBgT0TEn/a5cKIY6c1COxIXGiGiIsSw=
Subject key identifier:   B2:E8:A7:2D:F0:0D:26:01:65:D9:A0:FA:56:D8:64:CD:F6:0E:45:B5
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019A59BCD2AFCCAB76BDBFA2CF2F1CDF4EF0
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/suinLfANJgFl2aD6VthkzfYORbU.roa
Signing time:             Thu 06 Nov 2025 15:15:38 +0000
ROA not before:           Thu 06 Nov 2025 15:15:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     393406
IP address blocks:        5.180.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 07 Nov 2025 14:56:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:59:bc:d2:af:cc:ab:76:bd:bf:a2:cf:2f:1c:df:4e:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Nov  6 15:15:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b2e8a72df00d260165d9a0fa56d864cdf60e45b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:7c:32:e4:58:b2:2b:6f:07:7e:13:94:29:72:
                    a5:ec:48:34:08:e2:d4:1c:e9:f0:aa:ad:82:15:26:
                    a8:76:33:30:14:14:d9:f5:9d:16:ee:54:c4:84:be:
                    0b:5e:a3:db:40:c7:39:a2:ba:4b:28:45:79:df:53:
                    49:e6:3f:79:95:e0:30:d8:ef:66:43:d7:51:86:c1:
                    6b:b5:34:d1:fe:3d:8b:aa:36:a6:51:ff:89:27:37:
                    b8:a8:e3:28:87:47:46:75:60:95:5b:10:f2:07:fd:
                    b4:ee:a0:32:6d:ed:7e:32:81:9f:84:75:cf:21:9c:
                    e8:f9:8f:97:81:e3:0e:bb:54:f2:4d:75:22:39:7b:
                    62:c3:0a:36:68:87:15:4d:1d:62:94:b0:2c:5c:21:
                    e0:3b:f8:39:0f:ce:a1:ce:6c:30:21:7b:9d:61:cd:
                    ff:bc:02:5f:34:6a:ab:b0:60:c9:c1:54:e0:09:9e:
                    91:8a:2b:86:58:cf:59:7c:0a:e8:b7:52:b1:88:bc:
                    12:9d:34:86:5c:5f:e3:e6:2c:3f:de:60:d1:ab:e2:
                    16:b9:75:dc:e7:e2:b7:54:6d:ae:db:80:e3:ee:58:
                    73:9f:e3:4b:31:12:15:d6:fb:44:08:9d:95:ec:fb:
                    bd:ac:f8:7e:6f:18:8c:3d:47:60:ac:e3:43:93:28:
                    6e:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:E8:A7:2D:F0:0D:26:01:65:D9:A0:FA:56:D8:64:CD:F6:0E:45:B5
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/suinLfANJgFl2aD6VthkzfYORbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:4c:8f:69:f4:76:bb:4f:de:6b:b1:12:a8:61:e1:60:6e:fb:
         9e:e3:48:13:c1:fe:8b:f3:bf:a5:f2:4e:53:e6:16:a3:90:1a:
         f1:de:4c:e2:f2:a6:04:5e:a3:5f:54:a1:32:e4:66:91:82:22:
         51:a0:3d:00:d3:3b:b9:e4:ad:3c:a7:6f:fd:c4:a4:9b:09:f1:
         47:f0:c1:be:f1:6e:23:4f:2e:b8:85:7d:99:8e:1d:5c:b0:34:
         f0:a0:e9:4e:0d:c8:c2:8b:17:c6:0f:9b:d5:f7:42:b1:9b:be:
         ba:67:30:04:d5:cf:94:d5:1b:c9:09:de:4b:fd:cf:c2:1a:6f:
         53:ae:67:d5:db:c6:04:70:3e:a3:fb:1d:35:f4:04:1d:52:93:
         d9:2e:94:07:b7:8c:d5:cd:52:5b:05:bf:35:b6:79:02:c7:ad:
         c9:3d:9a:c9:50:43:82:d4:a9:29:65:43:b8:68:2c:09:04:52:
         1b:f3:6e:d8:04:d5:44:03:3d:9f:58:bc:7a:45:34:f4:d8:c7:
         64:9d:40:f1:33:db:66:b8:7c:65:58:67:21:d7:ba:05:c6:b2:
         ba:2a:67:13:9e:ac:be:47:f5:f2:4f:6f:f0:9b:6a:0a:0f:fa:
         2a:4b:4f:e0:ea:68:26:8b:e3:11:6c:63:99:43:3a:48:76:38:
         12:d1:6a:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpZvNKvzKt2vb+izy8c307wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjUxMTA2MTUxNTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmU4YTcyZGYwMGQyNjAxNjVkOWEwZmE1NmQ4NjRjZGY2MGU0NWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlHwy5FiyK28HfhOUKXKl7Eg0COLU
HOnwqq2CFSaodjMwFBTZ9Z0W7lTEhL4LXqPbQMc5orpLKEV531NJ5j95leAw2O9m
Q9dRhsFrtTTR/j2LqjamUf+JJze4qOMoh0dGdWCVWxDyB/207qAybe1+MoGfhHXP
IZzo+Y+XgeMOu1TyTXUiOXtiwwo2aIcVTR1ilLAsXCHgO/g5D86hzmwwIXudYc3/
vAJfNGqrsGDJwVTgCZ6RiiuGWM9ZfArot1KxiLwSnTSGXF/j5iw/3mDRq+IWuXXc
5+K3VG2u24Dj7lhzn+NLMRIV1vtECJ2V7Pu9rPh+bxiMPUdgrONDkyhubQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLLopy3wDSYBZdmg+lbYZM32DkW1MB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvc3VpbkxmQU5KZ0ZsMmFENlZ0aGt6ZllPUmJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbQjMA0G
CSqGSIb3DQEBCwUAA4IBAQAZTI9p9Ha7T95rsRKoYeFgbvue40gTwf6L87+l8k5T
5hajkBrx3kzi8qYEXqNfVKEy5GaRgiJRoD0A0zu55K08p2/9xKSbCfFH8MG+8W4j
Ty64hX2Zjh1csDTwoOlODcjCixfGD5vV90Kxm766ZzAE1c+U1RvJCd5L/c/CGm9T
rmfV28YEcD6j+x019AQdUpPZLpQHt4zVzVJbBb81tnkCx63JPZrJUEOC1KkpZUO4
aCwJBFIb827YBNVEAz2fWLx6RTT02MdknUDxM9tmuHxlWGch17oFxrK6KmcTnqy+
R/XyT2/wm2oKD/oqS0/g6mgmi+MRbGOZQzpIdjgS0Wrm
-----END CERTIFICATE-----