Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/732801-6294-412b-955e-fefd37666741/1/KuXwmM2lQvdKIC2B0b3rsQo2KEo.roa
File:                     KuXwmM2lQvdKIC2B0b3rsQo2KEo.roa (raw, json)
Hash identifier:          est3JhVR619cOv4Uosy6GyDA6CD78dYPQN9NmwxN838=
Subject key identifier:   2A:E5:F0:98:CD:A5:42:F7:4A:20:2D:81:D1:BD:EB:B1:0A:36:28:4A
Certificate issuer:       /CN=c933481d3fa48710dcb973fdcd29340dedb6229a
Certificate serial:       019E733C38F79527B495F66D2AF173DF9C16
Authority key identifier: C9:33:48:1D:3F:A4:87:10:DC:B9:73:FD:CD:29:34:0D:ED:B6:22:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yTNIHT-khxDcuXP9zSk0De22Ipo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/732801-6294-412b-955e-fefd37666741/1/KuXwmM2lQvdKIC2B0b3rsQo2KEo.roa
Signing time:             Fri 29 May 2026 10:16:26 +0000
ROA not before:           Fri 29 May 2026 10:16:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14670
IP address blocks:        5.226.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/732801-6294-412b-955e-fefd37666741/1/yTNIHT-khxDcuXP9zSk0De22Ipo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/732801-6294-412b-955e-fefd37666741/1/yTNIHT-khxDcuXP9zSk0De22Ipo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yTNIHT-khxDcuXP9zSk0De22Ipo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 30 May 2026 10:16:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:73:3c:38:f7:95:27:b4:95:f6:6d:2a:f1:73:df:9c:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c933481d3fa48710dcb973fdcd29340dedb6229a
        Validity
            Not Before: May 29 10:16:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2ae5f098cda542f74a202d81d1bdebb10a36284a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:08:40:7d:ec:f9:d7:dd:44:63:92:9f:6a:ab:
                    44:7f:63:48:cf:57:24:e3:78:03:e0:72:d6:38:21:
                    e9:1b:89:46:42:f2:94:aa:48:1e:9a:77:7f:da:61:
                    d5:ca:6b:d8:6f:74:43:0f:06:0c:02:11:1e:89:bf:
                    a6:0b:2a:3c:19:26:df:62:7d:3c:d2:b1:1c:38:1f:
                    4a:b5:4c:7f:83:93:a0:33:ed:a4:a9:68:f8:27:76:
                    0a:ad:fb:d4:30:fb:83:81:56:42:bb:b8:d5:d9:5f:
                    cb:b4:13:7d:fc:32:bb:5d:9c:5b:75:23:72:5e:d7:
                    17:b5:eb:5d:c5:9c:3f:14:b8:3d:f3:78:23:fa:8f:
                    6d:7b:72:9b:f7:0d:d0:f1:f5:81:41:0c:1a:5b:61:
                    29:29:c0:fa:98:ca:09:81:ff:61:0f:b6:51:22:49:
                    41:f2:89:9c:81:82:7a:8b:61:f5:73:a2:25:fc:e5:
                    f3:77:a0:e6:54:3f:be:21:55:47:fa:19:be:ab:68:
                    f7:9a:7b:f7:50:f3:e8:5d:bf:b4:4c:66:5f:5e:0e:
                    04:d7:dc:b6:5d:86:a0:6c:63:d5:0a:83:d6:39:01:
                    ea:0b:03:2a:62:e2:af:73:48:83:de:d3:fa:4f:0c:
                    33:9f:51:1d:f1:71:e8:52:3b:28:f4:11:b2:e4:7d:
                    80:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:E5:F0:98:CD:A5:42:F7:4A:20:2D:81:D1:BD:EB:B1:0A:36:28:4A
            X509v3 Authority Key Identifier:
                keyid:C9:33:48:1D:3F:A4:87:10:DC:B9:73:FD:CD:29:34:0D:ED:B6:22:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yTNIHT-khxDcuXP9zSk0De22Ipo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/732801-6294-412b-955e-fefd37666741/1/KuXwmM2lQvdKIC2B0b3rsQo2KEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/732801-6294-412b-955e-fefd37666741/1/yTNIHT-khxDcuXP9zSk0De22Ipo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.226.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:36:ff:8e:54:25:31:ed:8e:23:6e:81:ef:48:b7:69:34:73:
         f7:f9:2a:a8:89:a9:fb:d1:ee:b7:a9:3d:02:5c:b2:ea:df:25:
         d5:20:a7:8b:f5:cb:fc:85:f6:5c:38:5a:91:e2:c6:2b:0a:6b:
         02:a1:77:34:2f:0e:52:9d:ab:16:73:8e:7e:b1:6e:1a:db:0d:
         cf:9c:af:5a:da:e0:50:be:30:20:0a:d0:15:b3:71:1f:01:f2:
         8f:a8:f1:eb:91:d9:2d:58:4c:0d:87:a6:71:45:86:54:4c:b7:
         32:37:ba:62:5a:d7:dc:08:05:fc:78:03:f3:fa:37:f9:1a:ef:
         26:cc:f4:52:1b:8f:ad:8f:1d:11:d8:76:f7:4d:7d:3d:2c:86:
         79:d5:df:0d:3d:2d:8d:2a:a7:c6:cc:1c:01:99:81:fe:a4:31:
         ca:24:17:48:ec:54:72:dd:25:4c:8e:47:af:e1:2a:d8:b6:4f:
         07:b4:11:67:84:b8:fe:4d:72:00:05:af:9f:c3:91:89:25:c3:
         03:a4:d0:77:f4:ce:47:d4:ef:93:60:d6:74:a0:15:a5:75:69:
         8a:81:6e:db:67:5a:5e:38:83:46:48:36:7d:79:8a:ba:53:6d:
         88:c0:89:32:1b:7f:40:a1:50:be:78:e6:b2:e0:25:41:07:20:
         56:0a:b1:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5zPDj3lSe0lfZtKvFz35wWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5MzM0ODFkM2ZhNDg3MTBkY2I5NzNmZGNkMjkzNDBkZWRi
NjIyOWEwHhcNMjYwNTI5MTAxNjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWU1ZjA5OGNkYTU0MmY3NGEyMDJkODFkMWJkZWJiMTBhMzYyODRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzQhAfez5191EY5KfaqtEf2NIz1ck
43gD4HLWOCHpG4lGQvKUqkgemnd/2mHVymvYb3RDDwYMAhEeib+mCyo8GSbfYn08
0rEcOB9KtUx/g5OgM+2kqWj4J3YKrfvUMPuDgVZCu7jV2V/LtBN9/DK7XZxbdSNy
XtcXtetdxZw/FLg983gj+o9te3Kb9w3Q8fWBQQwaW2EpKcD6mMoJgf9hD7ZRIklB
8omcgYJ6i2H1c6Il/OXzd6DmVD++IVVH+hm+q2j3mnv3UPPoXb+0TGZfXg4E19y2
XYagbGPVCoPWOQHqCwMqYuKvc0iD3tP6Twwzn1Ed8XHoUjso9BGy5H2AfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCrl8JjNpUL3SiAtgdG967EKNihKMB8GA1UdIwQY
MBaAFMkzSB0/pIcQ3Llz/c0pNA3ttiKaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVROSUhULWtoeERjdVhQOXpTazBEZTIySXBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS83MzI4MDEtNjI5NC00MTJiLTk1NWUt
ZmVmZDM3NjY2NzQxLzEvS3VYd21NMmxRdmRLSUMyQjBiM3JzUW8yS0VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS83MzI4MDEtNjI5NC00MTJiLTk1NWUtZmVmZDM3NjY2NzQx
LzEveVROSUhULWtoeERjdVhQOXpTazBEZTIySXBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABeKrMA0G
CSqGSIb3DQEBCwUAA4IBAQBrNv+OVCUx7Y4jboHvSLdpNHP3+Sqoian70e63qT0C
XLLq3yXVIKeL9cv8hfZcOFqR4sYrCmsCoXc0Lw5SnasWc45+sW4a2w3PnK9a2uBQ
vjAgCtAVs3EfAfKPqPHrkdktWEwNh6ZxRYZUTLcyN7piWtfcCAX8eAPz+jf5Gu8m
zPRSG4+tjx0R2Hb3TX09LIZ51d8NPS2NKqfGzBwBmYH+pDHKJBdI7FRy3SVMjkev
4SrYtk8HtBFnhLj+TXIABa+fw5GJJcMDpNB39M5H1O+TYNZ0oBWldWmKgW7bZ1pe
OINGSDZ9eYq6U22IwIkyG39AoVC+eOay4CVBByBWCrGR
-----END CERTIFICATE-----