Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/x5SrbAjZFbdB6w5M55a69sLosmk.roa
File:                     x5SrbAjZFbdB6w5M55a69sLosmk.roa (raw, json)
Hash identifier:          FE67bVwUc7lNEUOq+r18u7T3FenYnKpS+bSln89Joz0=
Subject key identifier:   C7:94:AB:6C:08:D9:15:B7:41:EB:0E:4C:E7:96:BA:F6:C2:E8:B2:69
Certificate issuer:       /CN=ef57c2d9d93ac7cf9b2f17caa7859b6985b39b9d
Certificate serial:       019E8328266D908E68CE8F5D86860064FB02
Authority key identifier: EF:57:C2:D9:D9:3A:C7:CF:9B:2F:17:CA:A7:85:9B:69:85:B3:9B:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/x5SrbAjZFbdB6w5M55a69sLosmk.roa
Signing time:             Mon 01 Jun 2026 12:28:27 +0000
ROA not before:           Mon 01 Jun 2026 12:28:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44477
IP address blocks:        89.185.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 04:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:83:28:26:6d:90:8e:68:ce:8f:5d:86:86:00:64:fb:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef57c2d9d93ac7cf9b2f17caa7859b6985b39b9d
        Validity
            Not Before: Jun  1 12:28:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c794ab6c08d915b741eb0e4ce796baf6c2e8b269
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:e4:3d:ee:0a:5e:d6:f8:21:3f:4a:dd:c9:48:
                    85:df:fa:84:bf:84:24:97:ef:20:6b:ba:dc:29:03:
                    ce:2f:57:d5:60:6a:3b:38:4d:bf:ee:0d:62:f6:07:
                    20:e6:40:b3:ef:fd:4a:11:a1:ad:3e:3c:ce:6b:15:
                    ef:6e:af:c7:92:df:9f:d6:eb:84:a9:11:58:01:ce:
                    de:62:ff:33:51:7c:7d:6a:e9:31:e2:38:ca:e8:ed:
                    7e:67:eb:47:cd:77:d8:5a:3f:93:7e:ac:2e:89:ee:
                    1a:46:79:e9:d8:5d:09:ed:07:73:47:1a:0b:83:84:
                    58:ac:25:60:d7:86:8e:12:41:71:1d:0e:90:ba:41:
                    2a:2b:2e:bf:6b:52:2f:c8:a8:cb:42:a5:53:ce:33:
                    9d:6e:e2:c5:6c:d1:de:56:40:a1:e2:26:40:bb:23:
                    7b:ae:ec:fc:1f:ed:1c:45:43:3d:36:6d:db:ff:ad:
                    8d:1d:ee:03:f4:58:31:48:18:31:74:49:3e:6a:3b:
                    c1:83:3f:ad:46:26:b6:bf:7b:ed:7e:33:04:cc:ca:
                    56:1a:fe:30:ed:01:21:44:c8:dc:12:9a:a7:a3:b9:
                    4c:cf:e8:96:ac:ee:94:6b:76:3e:9a:a0:1d:29:88:
                    ac:be:f5:21:77:59:36:2e:1e:46:4c:e6:e0:e3:7a:
                    d0:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:94:AB:6C:08:D9:15:B7:41:EB:0E:4C:E7:96:BA:F6:C2:E8:B2:69
            X509v3 Authority Key Identifier:
                keyid:EF:57:C2:D9:D9:3A:C7:CF:9B:2F:17:CA:A7:85:9B:69:85:B3:9B:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/x5SrbAjZFbdB6w5M55a69sLosmk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.185.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:b2:82:f4:b8:ce:3b:bc:53:ab:59:3b:29:f3:bf:03:9c:3d:
         35:24:14:42:c2:72:b6:ba:92:1d:7e:cf:a7:92:d3:30:e9:45:
         83:c6:3a:37:f7:68:32:92:c8:47:a1:ac:9d:8f:e2:24:46:b5:
         f9:34:d1:8c:6d:b2:98:b3:e2:02:6e:79:73:51:b9:f0:db:59:
         9f:6a:60:83:48:2e:db:10:e9:9c:0f:30:bf:0f:0a:d5:b9:6b:
         ff:74:37:4d:f2:14:2c:99:00:1a:b0:da:0b:f4:88:ef:04:89:
         4f:78:ee:d6:80:27:3e:72:fa:30:74:75:a1:34:a1:7d:78:2a:
         52:52:aa:68:ac:23:51:2d:2b:df:28:21:71:6b:7a:33:92:7e:
         a2:6b:0e:65:8c:33:5d:23:8b:02:f3:78:e0:75:7f:69:e6:ee:
         a4:ec:68:c8:95:9c:23:58:ca:c2:28:35:26:67:ac:f5:06:83:
         af:03:f5:d7:49:b8:78:bb:7f:e8:93:53:36:a7:77:13:69:5a:
         61:bd:89:e4:77:8a:29:18:a6:dd:85:28:4b:81:12:e1:dc:be:
         bd:c7:75:46:df:92:10:bf:f2:83:2e:7c:ca:cd:19:19:83:16:
         8c:90:57:39:8c:eb:88:4c:82:09:b0:24:6f:4c:62:a9:ae:67:
         9b:e5:f8:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6DKCZtkI5ozo9dhoYAZPsCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNTdjMmQ5ZDkzYWM3Y2Y5YjJmMTdjYWE3ODU5YjY5ODVi
MzliOWQwHhcNMjYwNjAxMTIyODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzk0YWI2YzA4ZDkxNWI3NDFlYjBlNGNlNzk2YmFmNmMyZThiMjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyOQ97gpe1vghP0rdyUiF3/qEv4Qk
l+8ga7rcKQPOL1fVYGo7OE2/7g1i9gcg5kCz7/1KEaGtPjzOaxXvbq/Hkt+f1uuE
qRFYAc7eYv8zUXx9aukx4jjK6O1+Z+tHzXfYWj+Tfqwuie4aRnnp2F0J7QdzRxoL
g4RYrCVg14aOEkFxHQ6QukEqKy6/a1IvyKjLQqVTzjOdbuLFbNHeVkCh4iZAuyN7
ruz8H+0cRUM9Nm3b/62NHe4D9FgxSBgxdEk+ajvBgz+tRia2v3vtfjMEzMpWGv4w
7QEhRMjcEpqno7lMz+iWrO6Ua3Y+mqAdKYisvvUhd1k2Lh5GTObg43rQpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMeUq2wI2RW3QesOTOeWuvbC6LJpMB8GA1UdIwQY
MBaAFO9XwtnZOsfPmy8XyqeFm2mFs5udMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8xZTA0YjgtMTAzMS00M2Y5LTk2Njct
OGU2Zjg3OGRiNWY0LzEveDVTcmJBalpGYmRCNnc1TTU1YTY5c0xvc21rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8xZTA0YjgtMTAzMS00M2Y5LTk2NjctOGU2Zjg3OGRiNWY0
LzEvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWblOMA0G
CSqGSIb3DQEBCwUAA4IBAQBCsoL0uM47vFOrWTsp878DnD01JBRCwnK2upIdfs+n
ktMw6UWDxjo392gykshHoaydj+IkRrX5NNGMbbKYs+ICbnlzUbnw21mfamCDSC7b
EOmcDzC/DwrVuWv/dDdN8hQsmQAasNoL9IjvBIlPeO7WgCc+cvowdHWhNKF9eCpS
UqporCNRLSvfKCFxa3ozkn6iaw5ljDNdI4sC83jgdX9p5u6k7GjIlZwjWMrCKDUm
Z6z1BoOvA/XXSbh4u3/ok1M2p3cTaVphvYnkd4opGKbdhShLgRLh3L69x3VG35IQ
v/KDLnzKzRkZgxaMkFc5jOuITIIJsCRvTGKprmeb5fhS
-----END CERTIFICATE-----