Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/t-GIxGZO3m0jU0ae25HmKyrqhnE.roa
File:                     t-GIxGZO3m0jU0ae25HmKyrqhnE.roa (raw, json)
Hash identifier:          GdTstEXSP/Kphyh8x1w4VQw2WlFMp7zXyyytN2i0A08=
Subject key identifier:   B7:E1:88:C4:66:4E:DE:6D:23:53:46:9E:DB:91:E6:2B:2A:EA:86:71
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019DBCAE37410AAC430D540451C95A212F7B
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/t-GIxGZO3m0jU0ae25HmKyrqhnE.roa
Signing time:             Thu 23 Apr 2026 23:30:27 +0000
ROA not before:           Thu 23 Apr 2026 23:30:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214848
IP address blocks:        5.253.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 04 May 2026 11:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:bc:ae:37:41:0a:ac:43:0d:54:04:51:c9:5a:21:2f:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Apr 23 23:30:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b7e188c4664ede6d2353469edb91e62b2aea8671
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:a5:5b:f2:4a:c0:3e:8a:21:92:51:ea:32:ed:
                    8a:19:40:d5:f4:ff:74:aa:b5:18:26:92:e1:18:91:
                    04:37:9b:cf:1b:cb:20:46:6c:c0:3d:66:a8:61:e6:
                    6a:0b:0e:be:c1:f7:8b:cc:7e:49:16:a9:5f:ce:65:
                    e9:e2:c6:b7:3c:d0:fc:0e:49:9c:53:b4:fc:89:24:
                    7f:55:6e:17:d9:7f:6d:5d:5d:56:d7:3d:b2:2f:57:
                    f3:53:de:44:46:0c:aa:df:a8:fb:27:3b:7c:9f:a7:
                    2c:4b:ba:be:98:5f:ce:53:e3:f9:51:6d:a1:c9:04:
                    17:15:c3:96:0c:1e:24:3a:88:11:de:ff:bd:6c:59:
                    f9:5b:cc:47:bb:15:bc:74:da:3e:e1:05:88:50:d3:
                    2f:5c:50:e8:b4:7b:85:91:3a:9d:60:6f:3d:10:03:
                    cb:ba:bc:4d:56:aa:d9:ff:4a:a7:2e:66:cb:f4:89:
                    64:9b:a9:a0:14:e6:cc:9b:a3:a8:79:37:c6:d9:04:
                    24:e3:57:4f:72:ec:3d:e4:e0:79:f3:ce:3d:3c:d2:
                    64:f4:78:db:c7:f1:87:09:4b:b1:88:14:01:75:44:
                    0e:ce:33:6c:d8:6a:64:dc:79:69:a1:63:6e:33:a2:
                    3f:67:ff:b7:45:c1:6c:74:93:ef:d3:80:81:26:99:
                    f1:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:E1:88:C4:66:4E:DE:6D:23:53:46:9E:DB:91:E6:2B:2A:EA:86:71
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/t-GIxGZO3m0jU0ae25HmKyrqhnE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:bc:c2:82:bf:7a:4e:3c:67:b2:fb:d9:01:77:10:21:75:22:
         b5:69:e1:9a:cf:fe:b0:3e:f2:f1:19:da:d6:07:d8:3a:3b:53:
         f5:7a:42:f1:67:15:a0:dd:62:42:f3:9b:5f:61:ed:eb:dc:c6:
         ea:15:c9:2d:fd:30:32:80:1d:a7:f2:a3:15:06:66:5e:1f:40:
         ce:b4:32:92:e6:77:34:fc:f6:6f:eb:a1:3c:8d:96:05:d3:0f:
         54:6e:29:51:cd:b0:b0:26:46:79:3e:35:fc:46:6a:95:39:be:
         16:41:d6:6e:7b:44:69:f2:eb:d6:7b:df:35:db:46:4f:6d:54:
         72:09:be:92:37:34:a5:06:3b:7d:be:d9:67:05:08:09:b5:39:
         bb:12:a7:de:7d:7c:45:82:9b:5e:77:c5:f6:3c:20:4a:8f:b9:
         c6:40:a3:5c:80:53:8f:53:42:b5:1d:5a:dd:be:9d:ab:34:f9:
         60:d2:28:7d:99:7f:c1:6f:31:b0:83:55:ce:38:97:d1:bd:51:
         e4:99:26:22:c1:4f:07:20:06:5b:c3:fd:60:08:7e:f1:21:8d:
         c9:09:39:76:cf:74:42:fd:59:71:87:3e:4b:be:3c:8e:19:d9:
         06:26:c9:6d:e9:f1:9a:3b:60:9e:f1:08:99:da:19:d8:5a:ea:
         19:92:27:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ28rjdBCqxDDVQEUclaIS97MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjYwNDIzMjMzMDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2UxODhjNDY2NGVkZTZkMjM1MzQ2OWVkYjkxZTYyYjJhZWE4NjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6Vb8krAPoohklHqMu2KGUDV9P90
qrUYJpLhGJEEN5vPG8sgRmzAPWaoYeZqCw6+wfeLzH5JFqlfzmXp4sa3PND8Dkmc
U7T8iSR/VW4X2X9tXV1W1z2yL1fzU95ERgyq36j7Jzt8n6csS7q+mF/OU+P5UW2h
yQQXFcOWDB4kOogR3v+9bFn5W8xHuxW8dNo+4QWIUNMvXFDotHuFkTqdYG89EAPL
urxNVqrZ/0qnLmbL9Ilkm6mgFObMm6OoeTfG2QQk41dPcuw95OB58849PNJk9Hjb
x/GHCUuxiBQBdUQOzjNs2Gpk3HlpoWNuM6I/Z/+3RcFsdJPv04CBJpnxAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLfhiMRmTt5tI1NGntuR5isq6oZxMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvdC1HSXhHWk8zbTBqVTBhZTI1SG1LeXJxaG5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABf0nMA0G
CSqGSIb3DQEBCwUAA4IBAQBlvMKCv3pOPGey+9kBdxAhdSK1aeGaz/6wPvLxGdrW
B9g6O1P1ekLxZxWg3WJC85tfYe3r3MbqFckt/TAygB2n8qMVBmZeH0DOtDKS5nc0
/PZv66E8jZYF0w9UbilRzbCwJkZ5PjX8RmqVOb4WQdZue0Rp8uvWe98120ZPbVRy
Cb6SNzSlBjt9vtlnBQgJtTm7EqfefXxFgpted8X2PCBKj7nGQKNcgFOPU0K1HVrd
vp2rNPlg0ih9mX/BbzGwg1XOOJfRvVHkmSYiwU8HIAZbw/1gCH7xIY3JCTl2z3RC
/Vlxhz5LvjyOGdkGJslt6fGaO2Ce8QiZ2hnYWuoZkidy
-----END CERTIFICATE-----