Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/K5-HQlYAX4oy7vAiFIPQp2y58OE.roa
File:                     K5-HQlYAX4oy7vAiFIPQp2y58OE.roa (raw, json)
Hash identifier:          KMjrZv68U4KYEtaNT6Lm6jMdckEPHP0Z26nnJoe9+oA=
Subject key identifier:   2B:9F:87:42:56:00:5F:8A:32:EE:F0:22:14:83:D0:A7:6C:B9:F0:E1
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       019D2E0958A48014FF60947776AA1B55F636
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/K5-HQlYAX4oy7vAiFIPQp2y58OE.roa
Signing time:             Fri 27 Mar 2026 06:44:17 +0000
ROA not before:           Fri 27 Mar 2026 06:44:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58232
IP address blocks:        45.159.148.0/24 maxlen: 24
                          185.113.10.0/24 maxlen: 24
                          2a05:9080:5::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Mar 2026 10:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2e:09:58:a4:80:14:ff:60:94:77:76:aa:1b:55:f6:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: Mar 27 06:44:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2b9f874256005f8a32eef0221483d0a76cb9f0e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:b9:76:bd:90:72:43:77:2c:8c:a5:f5:89:ce:
                    da:7e:1a:75:42:f2:d5:94:ea:29:03:52:80:ea:63:
                    9f:1f:1c:a8:18:e4:7f:a4:80:63:d5:37:d9:2b:c2:
                    bd:5f:bb:e7:8c:9f:cc:b9:9c:29:44:72:0e:fa:c3:
                    31:5d:11:a0:41:a2:6b:eb:c2:e8:82:d9:e5:68:54:
                    e5:01:e7:f7:63:81:c6:19:e0:29:cd:47:2f:65:85:
                    45:cf:ed:f6:5d:c2:48:df:a1:7e:fb:14:31:02:ff:
                    0c:d3:bb:01:12:97:e4:7e:49:bc:ea:de:a1:be:17:
                    48:de:ba:08:29:ae:f7:98:d9:88:23:35:88:cd:ed:
                    4b:63:29:c7:4a:c6:a7:f6:53:a5:58:dc:02:2c:f1:
                    6d:91:41:f6:67:df:df:bd:5b:69:3a:e7:a1:62:37:
                    2e:2f:01:20:82:a6:28:74:c7:c5:74:bf:d0:e4:fb:
                    26:b7:34:1d:03:e2:38:ba:57:47:b2:f6:cc:b2:b6:
                    38:ef:6e:f9:e4:31:ff:6f:39:cd:6c:f6:19:b9:90:
                    ea:15:80:34:26:90:7c:a7:e2:0f:e8:9e:47:20:55:
                    27:14:24:dc:89:4d:bd:cd:e0:39:69:df:a0:28:e6:
                    5a:a8:38:20:a5:35:0b:43:e3:0e:28:a8:62:23:7d:
                    dc:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:9F:87:42:56:00:5F:8A:32:EE:F0:22:14:83:D0:A7:6C:B9:F0:E1
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/K5-HQlYAX4oy7vAiFIPQp2y58OE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.148.0/24
                  185.113.10.0/24
                IPv6:
                  2a05:9080:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         6a:2c:b6:7c:3f:b7:9d:18:24:6c:d7:c8:ce:9f:e5:6b:f2:24:
         f3:42:ef:69:a5:94:c8:69:6e:c0:2c:24:c6:a9:53:8f:c9:92:
         5f:3e:d1:57:f9:6c:90:76:2a:c3:97:f7:aa:47:2d:4b:dd:4b:
         03:e4:a9:3f:08:ff:9b:a9:91:54:ac:dd:8e:07:e9:5c:90:83:
         e8:4a:ac:d4:38:03:43:f2:6d:c4:16:3d:43:2f:f4:19:52:1b:
         08:d9:c8:90:89:27:a9:42:9e:86:e2:87:f9:d1:15:7c:5f:09:
         36:64:86:2b:63:bf:f2:46:71:a4:a6:3e:e4:cc:76:9e:61:ca:
         99:37:31:a5:aa:5c:c5:1a:49:00:4f:68:45:6a:f2:40:8c:1e:
         90:df:03:fb:e6:ed:56:5d:42:1c:6c:64:a4:f0:61:5e:d8:f4:
         b2:83:27:b1:90:3d:1d:b8:0a:4b:6c:69:1f:25:22:70:ef:6d:
         e4:4b:14:52:1c:88:70:28:51:55:49:fa:60:85:7e:7c:10:77:
         02:d4:65:5a:fd:47:7a:46:af:99:7d:38:4e:90:cf:3c:05:7e:
         3d:1b:2b:b9:55:ee:5a:23:83:ec:86:92:82:d0:a2:19:1b:f5:
         12:a1:71:07:cc:4d:94:38:05:be:b3:94:83:20:53:3d:ec:10:
         0c:31:6c:36
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZ0uCVikgBT/YJR3dqobVfY2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjYwMzI3MDY0NDE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjlmODc0MjU2MDA1ZjhhMzJlZWYwMjIxNDgzZDBhNzZjYjlmMGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8Ll2vZByQ3csjKX1ic7afhp1QvLV
lOopA1KA6mOfHxyoGOR/pIBj1TfZK8K9X7vnjJ/MuZwpRHIO+sMxXRGgQaJr68Lo
gtnlaFTlAef3Y4HGGeApzUcvZYVFz+32XcJI36F++xQxAv8M07sBEpfkfkm86t6h
vhdI3roIKa73mNmIIzWIze1LYynHSsan9lOlWNwCLPFtkUH2Z9/fvVtpOuehYjcu
LwEggqYodMfFdL/Q5PsmtzQdA+I4uldHsvbMsrY472755DH/bznNbPYZuZDqFYA0
JpB8p+IP6J5HIFUnFCTciU29zeA5ad+gKOZaqDggpTULQ+MOKKhiI33cXwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFCufh0JWAF+KMu7wIhSD0KdsufDhMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvSzUtSFFsWUFYNG95N3ZBaUZJUFFwMnk1OE9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQALZ+UAwQA
uXEKMA8EAgACMAkDBwAqBZCAAAUwDQYJKoZIhvcNAQELBQADggEBAGostnw/t50Y
JGzXyM6f5WvyJPNC72mllMhpbsAsJMapU4/Jkl8+0Vf5bJB2KsOX96pHLUvdSwPk
qT8I/5upkVSs3Y4H6VyQg+hKrNQ4A0PybcQWPUMv9BlSGwjZyJCJJ6lCnobih/nR
FXxfCTZkhitjv/JGcaSmPuTMdp5hypk3MaWqXMUaSQBPaEVq8kCMHpDfA/vm7VZd
QhxsZKTwYV7Y9LKDJ7GQPR24CktsaR8lInDvbeRLFFIciHAoUVVJ+mCFfnwQdwLU
ZVr9R3pGr5l9OE6QzzwFfj0bK7lV7lojg+yGkoLQohkb9RKhcQfMTZQ4Bb6zlIMg
Uz3sEAwxbDY=
-----END CERTIFICATE-----