Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/r9y41Nj6MlRtt-vC8nFHlqjdjQQ.roa
File:                     r9y41Nj6MlRtt-vC8nFHlqjdjQQ.roa (raw, json)
Hash identifier:          uOsnHyH2H4g7kLAzvSZvnS20N5EGtd5aRfjLLqNZZ1o=
Subject key identifier:   AF:DC:B8:D4:D8:FA:32:54:6D:B7:EB:C2:F2:71:47:96:A8:DD:8D:04
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       019DA4CA6533C4CF6A76456F3CC4FE21CD47
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/r9y41Nj6MlRtt-vC8nFHlqjdjQQ.roa
Signing time:             Sun 19 Apr 2026 08:10:20 +0000
ROA not before:           Sun 19 Apr 2026 08:10:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215787
IP address blocks:        5.1.67.0/24 maxlen: 24
                          5.1.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Apr 2026 14:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:a4:ca:65:33:c4:cf:6a:76:45:6f:3c:c4:fe:21:cd:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Apr 19 08:10:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=afdcb8d4d8fa32546db7ebc2f2714796a8dd8d04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:ab:f7:ae:00:0e:cc:cf:93:14:52:4d:74:b3:
                    e8:65:23:d3:74:91:42:1d:90:42:4e:fc:a6:0e:0d:
                    25:c7:bb:0b:25:61:eb:3d:fc:5e:3a:05:a7:80:ee:
                    50:78:bd:3e:4f:1f:7c:82:58:45:58:cb:92:dc:ff:
                    9d:01:30:ac:d5:82:57:69:73:e7:c5:11:d2:b3:89:
                    1e:1c:3b:8b:84:27:21:4c:57:f7:8d:62:6a:ab:78:
                    1d:b9:1a:6b:02:9d:64:ff:52:70:a3:2f:6a:9d:fb:
                    83:fe:9c:13:c1:73:f7:ac:4b:14:0a:ef:86:c4:c0:
                    f7:05:81:ec:9e:9d:d5:f7:8c:2b:f6:40:32:eb:0b:
                    1a:7e:ac:00:07:9a:02:3b:df:f0:ed:99:8b:1d:83:
                    d6:94:5b:59:87:a2:be:6a:4c:59:99:cb:e7:da:7c:
                    e5:1d:10:6b:66:e9:b6:4a:f3:85:9e:28:8a:f4:50:
                    46:4d:cc:ae:17:be:d7:bf:38:fb:65:90:34:f2:40:
                    67:f0:be:b0:67:cc:79:d6:2d:48:f0:4b:63:8d:c5:
                    3b:40:24:0c:42:32:93:3f:bd:b5:d3:1b:4e:e9:70:
                    50:e7:c6:63:e3:a8:94:93:c5:de:3d:5b:1a:a4:27:
                    15:3a:24:c6:e5:fb:a4:68:2e:55:9b:f3:b6:3c:2c:
                    7a:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:DC:B8:D4:D8:FA:32:54:6D:B7:EB:C2:F2:71:47:96:A8:DD:8D:04
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/r9y41Nj6MlRtt-vC8nFHlqjdjQQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.1.67.0/24
                  5.1.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:7a:36:8b:c9:f1:65:20:23:3f:cf:5a:1b:54:17:db:c1:12:
         1f:e1:79:ee:61:f0:8f:03:0e:51:8e:25:1d:47:7a:c2:90:10:
         fa:fa:04:87:45:a8:2e:66:23:79:fc:0c:dc:25:6f:74:96:35:
         9b:ea:fd:e1:72:77:5e:41:93:98:07:f5:97:6c:a2:bf:4b:3b:
         2f:a6:89:18:6a:05:6d:96:ed:b9:dd:cf:a1:ca:6f:cc:fc:3b:
         7a:b8:30:e9:d2:01:b2:21:d6:57:83:d8:46:10:5d:fe:21:ed:
         99:89:4f:46:dc:a0:c7:64:22:df:91:c8:40:30:44:7e:de:0a:
         e2:a9:41:82:58:b4:c3:a4:12:26:f4:21:0d:c1:68:42:30:32:
         3f:98:e9:fe:d3:55:02:b5:e5:79:2e:15:97:eb:40:2e:fb:05:
         c6:34:d8:c1:ee:d6:be:6a:c0:6f:12:f4:a3:14:5d:51:f6:7e:
         e4:49:45:3d:4e:13:81:91:6c:35:58:b9:e2:60:3b:44:54:29:
         cf:66:01:86:4e:e6:cb:25:ef:bc:d8:fe:cd:d5:c9:c3:11:9d:
         ed:77:3f:c8:a0:ed:b6:d4:1a:50:1a:ea:d0:da:99:68:c8:4b:
         77:70:17:44:2b:3e:e8:0a:17:3c:9c:55:61:f2:a4:0c:28:8e:
         5c:61:91:64
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2kymUzxM9qdkVvPMT+Ic1HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjYwNDE5MDgxMDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmRjYjhkNGQ4ZmEzMjU0NmRiN2ViYzJmMjcxNDc5NmE4ZGQ4ZDA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqv3rgAOzM+TFFJNdLPoZSPTdJFC
HZBCTvymDg0lx7sLJWHrPfxeOgWngO5QeL0+Tx98glhFWMuS3P+dATCs1YJXaXPn
xRHSs4keHDuLhCchTFf3jWJqq3gduRprAp1k/1Jwoy9qnfuD/pwTwXP3rEsUCu+G
xMD3BYHsnp3V94wr9kAy6wsafqwAB5oCO9/w7ZmLHYPWlFtZh6K+akxZmcvn2nzl
HRBrZum2SvOFniiK9FBGTcyuF77Xvzj7ZZA08kBn8L6wZ8x51i1I8EtjjcU7QCQM
QjKTP7210xtO6XBQ58Zj46iUk8XePVsapCcVOiTG5fukaC5Vm/O2PCx63wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK/cuNTY+jJUbbfrwvJxR5ao3Y0EMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvcjl5NDFOajZNbFJ0dC12QzhuRkhscWpkalFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABQFDAwQA
BQFVMA0GCSqGSIb3DQEBCwUAA4IBAQCIejaLyfFlICM/z1obVBfbwRIf4XnuYfCP
Aw5RjiUdR3rCkBD6+gSHRaguZiN5/AzcJW90ljWb6v3hcndeQZOYB/WXbKK/Szsv
pokYagVtlu253c+hym/M/Dt6uDDp0gGyIdZXg9hGEF3+Ie2ZiU9G3KDHZCLfkchA
MER+3griqUGCWLTDpBIm9CENwWhCMDI/mOn+01UCteV5LhWX60Au+wXGNNjB7ta+
asBvEvSjFF1R9n7kSUU9ThOBkWw1WLniYDtEVCnPZgGGTubLJe+82P7N1cnDEZ3t
dz/IoO221BpQGurQ2ployEt3cBdEKz7oChc8nFVh8qQMKI5cYZFk
-----END CERTIFICATE-----