Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/1d5ad0-4785-4046-b8e6-a0e70e5056ef/1/V-4o9exXOxgnx9f1kUHxySkJ_mc.roa
File:                     V-4o9exXOxgnx9f1kUHxySkJ_mc.roa (raw, json)
Hash identifier:          tEGjsYNRh3AE6yXvsyEY0juLJUmlIK/5OgkjfZvSvbs=
Subject key identifier:   57:EE:28:F5:EC:57:3B:18:27:C7:D7:F5:91:41:F1:C9:29:09:FE:67
Certificate issuer:       /CN=794838864d6805162693bdf249f3b8ac31f680bd
Certificate serial:       019E898FDB6A8AB94137C8D8D93CC5364C0A
Authority key identifier: 79:48:38:86:4D:68:05:16:26:93:BD:F2:49:F3:B8:AC:31:F6:80:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eUg4hk1oBRYmk73ySfO4rDH2gL0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/1d5ad0-4785-4046-b8e6-a0e70e5056ef/1/V-4o9exXOxgnx9f1kUHxySkJ_mc.roa
Signing time:             Tue 02 Jun 2026 18:19:26 +0000
ROA not before:           Tue 02 Jun 2026 18:19:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     152586
IP address blocks:        201.78.128.0/24 maxlen: 24
                          201.78.129.0/24 maxlen: 24
                          201.78.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/1d5ad0-4785-4046-b8e6-a0e70e5056ef/1/eUg4hk1oBRYmk73ySfO4rDH2gL0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/1d5ad0-4785-4046-b8e6-a0e70e5056ef/1/eUg4hk1oBRYmk73ySfO4rDH2gL0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eUg4hk1oBRYmk73ySfO4rDH2gL0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:89:8f:db:6a:8a:b9:41:37:c8:d8:d9:3c:c5:36:4c:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=794838864d6805162693bdf249f3b8ac31f680bd
        Validity
            Not Before: Jun  2 18:19:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=57ee28f5ec573b1827c7d7f59141f1c92909fe67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:74:90:11:19:d7:7b:3c:87:27:d7:cb:c6:d5:
                    9c:5a:20:38:dd:76:a2:2d:75:fc:f6:7b:a1:37:7f:
                    76:5d:67:cf:50:e8:8d:61:49:a7:b1:36:1c:f4:51:
                    27:74:84:07:87:47:a3:7d:3e:a2:9b:2b:b1:69:68:
                    45:24:16:6e:ed:d7:c4:f7:fd:6f:05:79:42:08:2d:
                    c1:e1:b1:36:24:7f:39:c4:c9:53:57:db:63:45:71:
                    5c:5a:df:fb:fb:4c:7e:84:94:f0:2c:3d:6b:11:8d:
                    c0:85:af:85:0a:d9:2e:a7:1a:32:d4:02:ed:db:cd:
                    e2:f6:5d:90:ee:de:ad:69:9c:b7:3d:f6:28:87:da:
                    ab:e8:24:92:18:a3:69:1f:2a:ce:45:15:a3:62:b0:
                    e3:50:e5:ae:26:4e:e8:9d:f2:71:34:d9:35:fd:0c:
                    f9:89:d9:1c:49:e0:d5:4d:68:4a:c2:2d:7d:94:e5:
                    2c:6f:2a:41:fb:bf:d6:a4:ca:fb:0e:02:ee:67:a0:
                    54:93:c9:1a:ef:b3:3d:83:b5:1b:d0:63:70:7f:fa:
                    f0:4f:a6:f4:5e:89:bd:ae:93:f5:2c:55:12:48:7e:
                    62:9e:b3:35:30:fb:52:70:7b:c0:4d:27:88:fc:a8:
                    a1:79:b5:62:7d:a9:66:da:7c:79:29:97:9b:6b:48:
                    89:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:EE:28:F5:EC:57:3B:18:27:C7:D7:F5:91:41:F1:C9:29:09:FE:67
            X509v3 Authority Key Identifier:
                keyid:79:48:38:86:4D:68:05:16:26:93:BD:F2:49:F3:B8:AC:31:F6:80:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eUg4hk1oBRYmk73ySfO4rDH2gL0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/1d5ad0-4785-4046-b8e6-a0e70e5056ef/1/V-4o9exXOxgnx9f1kUHxySkJ_mc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/1d5ad0-4785-4046-b8e6-a0e70e5056ef/1/eUg4hk1oBRYmk73ySfO4rDH2gL0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  201.78.128.0/23
                  201.78.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:3b:2e:fd:b3:08:85:d7:87:c3:71:8d:2a:19:37:de:b5:88:
         9a:95:5b:17:03:ee:c3:29:e0:1b:7e:d0:a0:54:94:e7:3b:35:
         f3:f5:e1:4e:6b:e2:2b:8b:1e:ac:8a:6e:33:35:75:0d:38:20:
         cd:d2:ca:17:86:04:49:26:ec:6c:9a:f0:fc:de:40:41:3b:1a:
         7b:99:3b:5f:22:d6:0b:20:04:d7:92:9d:7f:82:89:61:f5:ca:
         3f:4d:77:67:47:f4:de:e1:b8:1d:1d:8f:00:d0:fd:b2:45:4a:
         5d:c4:b8:b5:27:07:5a:6f:a6:3c:50:74:46:59:61:6e:e9:75:
         3a:3f:ab:b4:c0:23:e1:11:45:f7:1f:de:10:93:47:c9:70:04:
         a8:6d:35:59:b9:dd:3c:c4:84:79:ec:56:56:c3:d2:76:1c:22:
         f3:cd:c9:6b:a3:34:86:19:68:d9:a5:16:0a:01:6d:0c:5f:70:
         a4:43:32:00:8f:65:f3:c6:1f:b1:65:c1:27:1d:81:30:df:7e:
         c6:2c:b4:a7:75:98:ab:f3:52:d1:8e:af:c1:09:0a:36:4b:a7:
         8b:74:84:f2:16:92:c5:62:37:80:f6:d3:6f:ce:e5:64:cb:84:
         c3:37:29:74:4b:65:3d:b6:ad:2d:7f:b5:f8:e9:3f:ce:3f:6a:
         df:51:b4:c1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6Jj9tqirlBN8jY2TzFNkwKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5NDgzODg2NGQ2ODA1MTYyNjkzYmRmMjQ5ZjNiOGFjMzFm
NjgwYmQwHhcNMjYwNjAyMTgxOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2VlMjhmNWVjNTczYjE4MjdjN2Q3ZjU5MTQxZjFjOTI5MDlmZTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3SQERnXezyHJ9fLxtWcWiA43Xai
LXX89nuhN392XWfPUOiNYUmnsTYc9FEndIQHh0ejfT6imyuxaWhFJBZu7dfE9/1v
BXlCCC3B4bE2JH85xMlTV9tjRXFcWt/7+0x+hJTwLD1rEY3Aha+FCtkupxoy1ALt
283i9l2Q7t6taZy3PfYoh9qr6CSSGKNpHyrORRWjYrDjUOWuJk7onfJxNNk1/Qz5
idkcSeDVTWhKwi19lOUsbypB+7/WpMr7DgLuZ6BUk8ka77M9g7Ub0GNwf/rwT6b0
Xom9rpP1LFUSSH5inrM1MPtScHvATSeI/KihebVifalm2nx5KZeba0iJ4QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFfuKPXsVzsYJ8fX9ZFB8ckpCf5nMB8GA1UdIwQY
MBaAFHlIOIZNaAUWJpO98knzuKwx9oC9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVVnNGhrMW9CUlltazczeVNmTzRyREgyZ0wwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS8xZDVhZDAtNDc4NS00MDQ2LWI4ZTYt
YTBlNzBlNTA1NmVmLzEvVi00bzlleFhPeGdueDlmMWtVSHh5U2tKX21jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS8xZDVhZDAtNDc4NS00MDQ2LWI4ZTYtYTBlNzBlNTA1NmVm
LzEvZVVnNGhrMW9CUlltazczeVNmTzRyREgyZ0wwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQByU6AAwQA
yU6DMA0GCSqGSIb3DQEBCwUAA4IBAQAYOy79swiF14fDcY0qGTfetYialVsXA+7D
KeAbftCgVJTnOzXz9eFOa+Irix6sim4zNXUNOCDN0soXhgRJJuxsmvD83kBBOxp7
mTtfItYLIATXkp1/golh9co/TXdnR/Te4bgdHY8A0P2yRUpdxLi1Jwdab6Y8UHRG
WWFu6XU6P6u0wCPhEUX3H94Qk0fJcASobTVZud08xIR57FZWw9J2HCLzzclrozSG
GWjZpRYKAW0MX3CkQzIAj2Xzxh+xZcEnHYEw337GLLSndZir81LRjq/BCQo2S6eL
dITyFpLFYjeA9tNvzuVky4TDNyl0S2U9tq0tf7X46T/OP2rfUbTB
-----END CERTIFICATE-----