Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/59ea29-f288-468e-a33e-559e3d76c5b6/1/VWNgIO5a6ltfFRMqCyCyuXWF70k.roa
File:                     VWNgIO5a6ltfFRMqCyCyuXWF70k.roa (raw, json)
Hash identifier:          nMalNY2GnjwTTJHVXALs/jpFcjE0DSDMEqbXMmD9SK0=
Subject key identifier:   55:63:60:20:EE:5A:EA:5B:5F:15:13:2A:0B:20:B2:B9:75:85:EF:49
Certificate issuer:       /CN=729ca63e6d2b504449217dc0788c9d37489b4c45
Certificate serial:       019DB40038C6CA121CA6D9CA54D8C6624FFE
Authority key identifier: 72:9C:A6:3E:6D:2B:50:44:49:21:7D:C0:78:8C:9D:37:48:9B:4C:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cpymPm0rUERJIX3AeIydN0ibTEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/59ea29-f288-468e-a33e-559e3d76c5b6/1/VWNgIO5a6ltfFRMqCyCyuXWF70k.roa
Signing time:             Wed 22 Apr 2026 07:03:26 +0000
ROA not before:           Wed 22 Apr 2026 07:03:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208185
IP address blocks:        212.108.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/59ea29-f288-468e-a33e-559e3d76c5b6/1/cpymPm0rUERJIX3AeIydN0ibTEU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/59ea29-f288-468e-a33e-559e3d76c5b6/1/cpymPm0rUERJIX3AeIydN0ibTEU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cpymPm0rUERJIX3AeIydN0ibTEU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 18:48:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b4:00:38:c6:ca:12:1c:a6:d9:ca:54:d8:c6:62:4f:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=729ca63e6d2b504449217dc0788c9d37489b4c45
        Validity
            Not Before: Apr 22 07:03:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=55636020ee5aea5b5f15132a0b20b2b97585ef49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:fd:43:f7:36:ac:76:40:50:cc:39:88:25:83:
                    c1:54:8f:0b:9f:0e:2e:6b:73:b0:be:bd:08:4f:ea:
                    f8:e0:9f:cb:cc:64:23:22:11:53:21:b9:4c:f6:99:
                    79:0d:c1:7b:de:d2:23:a5:12:1e:f9:0f:8c:93:1d:
                    ba:67:55:6a:b4:31:1e:c6:aa:a2:49:6c:ab:ab:6c:
                    32:a6:a7:ae:1e:01:97:c2:7c:e9:db:86:e1:e8:e5:
                    80:89:41:1a:9a:3c:32:9d:ef:0e:fa:a3:fe:8f:06:
                    a7:28:6e:6d:fb:6c:71:1f:21:06:ad:36:3f:5a:da:
                    80:66:17:d8:dc:24:e8:c8:e6:18:40:e1:25:2b:29:
                    01:89:f9:a2:80:88:ae:28:1b:11:ce:02:5b:fb:70:
                    27:69:44:7a:9b:79:74:2e:7d:3e:e2:ae:0c:3c:c0:
                    0e:9d:1b:0e:12:30:ea:01:75:db:6b:44:09:e2:47:
                    66:75:08:15:71:f6:8c:dd:90:72:eb:40:bf:72:c8:
                    93:78:be:73:07:fd:dc:56:6d:0d:c9:2b:a6:72:65:
                    e3:eb:84:88:4b:80:fd:dc:f1:d1:c5:d6:62:7e:cb:
                    4e:74:e0:f8:63:15:f8:68:85:98:1c:9d:94:dd:4a:
                    6a:92:f4:30:fb:d2:a3:02:f8:a3:4d:73:71:92:4b:
                    0c:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:63:60:20:EE:5A:EA:5B:5F:15:13:2A:0B:20:B2:B9:75:85:EF:49
            X509v3 Authority Key Identifier:
                keyid:72:9C:A6:3E:6D:2B:50:44:49:21:7D:C0:78:8C:9D:37:48:9B:4C:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cpymPm0rUERJIX3AeIydN0ibTEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/59ea29-f288-468e-a33e-559e3d76c5b6/1/VWNgIO5a6ltfFRMqCyCyuXWF70k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/59ea29-f288-468e-a33e-559e3d76c5b6/1/cpymPm0rUERJIX3AeIydN0ibTEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.108.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:22:70:c7:3a:a6:72:3b:cd:4d:3f:2e:9a:89:49:27:32:61:
         bc:52:c6:0b:dd:e7:bc:65:7b:51:65:91:70:8e:42:d2:be:2c:
         3f:6f:b2:ba:13:8c:50:47:a8:b4:ca:85:f5:45:2a:86:c8:ed:
         75:37:0e:d5:6c:d0:c0:7a:fc:f8:5c:e0:a7:b2:a3:c8:de:1a:
         76:84:12:96:19:b5:1b:80:4d:a1:80:19:e4:62:b5:9c:28:23:
         da:51:24:0f:4f:9c:cc:1c:ad:e4:9e:85:83:d7:b9:f9:93:ce:
         66:a5:28:5d:74:31:4f:6c:a7:00:fd:34:fb:9c:bc:ef:df:91:
         f7:95:49:9d:28:16:d7:89:24:05:45:7b:18:ee:ab:80:52:46:
         aa:eb:48:3a:b3:cf:c1:46:6d:f8:c2:4d:d5:36:21:47:6f:9e:
         de:d9:75:c3:37:d5:5e:aa:5e:8d:05:43:06:62:96:dd:8e:ed:
         87:f9:92:b8:be:68:1c:a0:cc:43:b3:a6:41:b9:0f:2b:2e:82:
         9a:f9:e6:c3:3b:d0:d7:89:79:a6:cb:ed:d2:e0:e7:4c:b3:94:
         87:33:e2:3f:bc:74:4e:32:17:04:dc:4b:60:f6:fb:59:0d:f5:
         91:aa:0a:ce:70:66:b1:45:24:58:db:b4:a7:6d:5c:5e:cb:9c:
         95:a0:42:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ20ADjGyhIcptnKVNjGYk/+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyOWNhNjNlNmQyYjUwNDQ0OTIxN2RjMDc4OGM5ZDM3NDg5
YjRjNDUwHhcNMjYwNDIyMDcwMzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTYzNjAyMGVlNWFlYTViNWYxNTEzMmEwYjIwYjJiOTc1ODVlZjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1P1D9zasdkBQzDmIJYPBVI8Lnw4u
a3Owvr0IT+r44J/LzGQjIhFTIblM9pl5DcF73tIjpRIe+Q+Mkx26Z1VqtDEexqqi
SWyrq2wypqeuHgGXwnzp24bh6OWAiUEamjwyne8O+qP+jwanKG5t+2xxHyEGrTY/
WtqAZhfY3CToyOYYQOElKykBifmigIiuKBsRzgJb+3AnaUR6m3l0Ln0+4q4MPMAO
nRsOEjDqAXXba0QJ4kdmdQgVcfaM3ZBy60C/csiTeL5zB/3cVm0NySumcmXj64SI
S4D93PHRxdZifstOdOD4YxX4aIWYHJ2U3UpqkvQw+9KjAvijTXNxkksMRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFVjYCDuWupbXxUTKgsgsrl1he9JMB8GA1UdIwQY
MBaAFHKcpj5tK1BESSF9wHiMnTdIm0xFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3B5bVBtMHJVRVJKSVgzQWVJeWROMGliVEVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS81OWVhMjktZjI4OC00NjhlLWEzM2Ut
NTU5ZTNkNzZjNWI2LzEvVldOZ0lPNWE2bHRmRlJNcUN5Q3l1WFdGNzBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS81OWVhMjktZjI4OC00NjhlLWEzM2UtNTU5ZTNkNzZjNWI2
LzEvY3B5bVBtMHJVRVJKSVgzQWVJeWROMGliVEVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GxiMA0G
CSqGSIb3DQEBCwUAA4IBAQABInDHOqZyO81NPy6aiUknMmG8UsYL3ee8ZXtRZZFw
jkLSviw/b7K6E4xQR6i0yoX1RSqGyO11Nw7VbNDAevz4XOCnsqPI3hp2hBKWGbUb
gE2hgBnkYrWcKCPaUSQPT5zMHK3knoWD17n5k85mpShddDFPbKcA/TT7nLzv35H3
lUmdKBbXiSQFRXsY7quAUkaq60g6s8/BRm34wk3VNiFHb57e2XXDN9Veql6NBUMG
Ypbdju2H+ZK4vmgcoMxDs6ZBuQ8rLoKa+ebDO9DXiXmmy+3S4OdMs5SHM+I/vHRO
MhcE3Etg9vtZDfWRqgrOcGaxRSRY27SnbVxey5yVoEJ0
-----END CERTIFICATE-----