Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/ee09f1-7d0b-431f-aaee-bb8debc00388/1/5Qm3w6W4KV4G70UEua6vpofuK3w.roa
File:                     5Qm3w6W4KV4G70UEua6vpofuK3w.roa (raw, json)
Hash identifier:          7gjCA6HtXiqMWysrEHmsQXBLEFr30GX2eXmg9EbiYCA=
Subject key identifier:   E5:09:B7:C3:A5:B8:29:5E:06:EF:45:04:B9:AE:AF:A6:87:EE:2B:7C
Certificate issuer:       /CN=c61850173c8d28d5afbf91091ca63e5da3c75ed4
Certificate serial:       019CBC9CA07BA8210D9C62AF88EFC52136A7
Authority key identifier: C6:18:50:17:3C:8D:28:D5:AF:BF:91:09:1C:A6:3E:5D:A3:C7:5E:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhhQFzyNKNWvv5EJHKY-XaPHXtQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/ee09f1-7d0b-431f-aaee-bb8debc00388/1/5Qm3w6W4KV4G70UEua6vpofuK3w.roa
Signing time:             Thu 05 Mar 2026 06:08:26 +0000
ROA not before:           Thu 05 Mar 2026 06:08:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29684
IP address blocks:        194.32.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/ee09f1-7d0b-431f-aaee-bb8debc00388/1/xhhQFzyNKNWvv5EJHKY-XaPHXtQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/ee09f1-7d0b-431f-aaee-bb8debc00388/1/xhhQFzyNKNWvv5EJHKY-XaPHXtQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhhQFzyNKNWvv5EJHKY-XaPHXtQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Mar 2026 20:09:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:bc:9c:a0:7b:a8:21:0d:9c:62:af:88:ef:c5:21:36:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c61850173c8d28d5afbf91091ca63e5da3c75ed4
        Validity
            Not Before: Mar  5 06:08:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e509b7c3a5b8295e06ef4504b9aeafa687ee2b7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:79:89:d6:97:2d:64:3a:d0:3e:36:a7:75:61:
                    fd:b1:9c:06:c8:60:50:1a:c4:0f:31:9f:da:b4:dd:
                    dd:9c:e1:22:2a:b4:eb:c6:5c:d6:b7:c9:9b:4b:d1:
                    a4:18:5b:34:0b:fe:38:18:a3:35:61:dd:10:b1:ba:
                    26:2b:db:7a:82:3f:58:f8:c2:13:eb:df:8d:9e:9c:
                    d3:a1:b8:56:2b:80:80:68:27:02:38:66:b3:ce:20:
                    c2:c9:6d:33:ea:7f:f2:dd:21:76:f6:90:d5:61:80:
                    3c:8a:57:01:7a:f5:70:96:b7:dc:44:77:d1:68:0a:
                    d4:b1:e7:31:42:fe:36:8c:2f:16:79:e3:57:36:7f:
                    e2:91:8e:c7:a7:78:2f:b0:2d:57:eb:67:88:f5:bb:
                    bc:55:73:01:46:5b:31:34:a0:a6:9d:bc:4a:b9:7b:
                    bc:ca:71:10:4a:30:dc:bd:60:29:0e:9e:77:97:d0:
                    19:4b:2d:25:e8:99:8f:56:6c:60:cc:62:0a:5d:39:
                    28:bb:43:9b:85:f3:aa:d1:45:1f:7b:50:48:10:b7:
                    56:b8:0d:36:27:5a:c3:2f:bc:91:c5:dc:cf:35:36:
                    5d:85:2f:9a:0b:46:a8:dd:a9:73:5b:e4:ab:0d:0f:
                    cc:c3:cb:b9:aa:56:23:23:f9:01:64:74:b3:bc:cb:
                    52:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:09:B7:C3:A5:B8:29:5E:06:EF:45:04:B9:AE:AF:A6:87:EE:2B:7C
            X509v3 Authority Key Identifier:
                keyid:C6:18:50:17:3C:8D:28:D5:AF:BF:91:09:1C:A6:3E:5D:A3:C7:5E:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhhQFzyNKNWvv5EJHKY-XaPHXtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/ee09f1-7d0b-431f-aaee-bb8debc00388/1/5Qm3w6W4KV4G70UEua6vpofuK3w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/ee09f1-7d0b-431f-aaee-bb8debc00388/1/xhhQFzyNKNWvv5EJHKY-XaPHXtQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.32.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:bd:37:08:6a:69:72:55:44:26:0e:c6:a3:44:5a:86:79:dd:
         a9:88:1c:3e:bb:a6:aa:77:03:47:b8:f4:1a:b8:eb:56:14:d8:
         ae:b8:12:96:f4:b6:78:ed:ac:11:b4:bf:4e:b8:1e:b0:3c:7d:
         e2:83:7d:90:d8:2d:99:a8:02:66:e7:7d:94:5e:0c:09:c2:bf:
         02:60:ca:c3:4b:58:5f:20:29:9c:5e:da:1b:ff:d3:39:e0:2a:
         0d:e6:69:dc:4b:08:58:4f:8e:cc:0d:a5:50:9b:c9:8a:6c:2e:
         25:2b:6d:00:ec:3e:73:b6:e7:d3:60:ff:39:c2:8f:e1:3a:55:
         cd:db:6c:60:25:6b:89:d0:a6:09:50:29:5a:3e:ef:ed:86:e3:
         03:45:6b:7a:04:b7:ef:0f:77:6f:78:14:ef:28:89:74:b4:b2:
         81:16:59:a8:c9:b3:a2:de:0c:05:a5:b3:ff:53:c8:10:ae:c2:
         b1:e8:ec:45:36:a9:34:48:d6:49:a6:b0:85:b3:53:a9:25:33:
         f2:19:e8:ba:73:ef:c5:8c:ac:de:fd:a7:3b:4e:4a:3d:da:b6:
         82:33:e8:a4:fa:c3:fd:2d:84:dd:66:85:1f:68:cf:e4:ca:bf:
         54:57:94:97:34:18:7a:e7:29:90:fa:ab:55:fa:01:48:15:c8:
         d8:8e:17:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy8nKB7qCENnGKviO/FITanMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTg1MDE3M2M4ZDI4ZDVhZmJmOTEwOTFjYTYzZTVkYTNj
NzVlZDQwHhcNMjYwMzA1MDYwODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTA5YjdjM2E1YjgyOTVlMDZlZjQ1MDRiOWFlYWZhNjg3ZWUyYjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwnmJ1pctZDrQPjandWH9sZwGyGBQ
GsQPMZ/atN3dnOEiKrTrxlzWt8mbS9GkGFs0C/44GKM1Yd0QsbomK9t6gj9Y+MIT
69+NnpzTobhWK4CAaCcCOGazziDCyW0z6n/y3SF29pDVYYA8ilcBevVwlrfcRHfR
aArUsecxQv42jC8WeeNXNn/ikY7Hp3gvsC1X62eI9bu8VXMBRlsxNKCmnbxKuXu8
ynEQSjDcvWApDp53l9AZSy0l6JmPVmxgzGIKXTkou0ObhfOq0UUfe1BIELdWuA02
J1rDL7yRxdzPNTZdhS+aC0ao3alzW+SrDQ/Mw8u5qlYjI/kBZHSzvMtSKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOUJt8OluCleBu9FBLmur6aH7it8MB8GA1UdIwQY
MBaAFMYYUBc8jSjVr7+RCRymPl2jx17UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhoUUZ6eU5LTld2djVFSkhLWS1YYVBIWHRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9lZTA5ZjEtN2QwYi00MzFmLWFhZWUt
YmI4ZGViYzAwMzg4LzEvNVFtM3c2VzRLVjRHNzBVRXVhNnZwb2Z1SzN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9lZTA5ZjEtN2QwYi00MzFmLWFhZWUtYmI4ZGViYzAwMzg4
LzEveGhoUUZ6eU5LTld2djVFSkhLWS1YYVBIWHRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiCjMA0G
CSqGSIb3DQEBCwUAA4IBAQAGvTcIamlyVUQmDsajRFqGed2piBw+u6aqdwNHuPQa
uOtWFNiuuBKW9LZ47awRtL9OuB6wPH3ig32Q2C2ZqAJm532UXgwJwr8CYMrDS1hf
ICmcXtob/9M54CoN5mncSwhYT47MDaVQm8mKbC4lK20A7D5ztufTYP85wo/hOlXN
22xgJWuJ0KYJUClaPu/thuMDRWt6BLfvD3dveBTvKIl0tLKBFlmoybOi3gwFpbP/
U8gQrsKx6OxFNqk0SNZJprCFs1OpJTPyGei6c+/FjKze/ac7Tko92raCM+ik+sP9
LYTdZoUfaM/kyr9UV5SXNBh65ymQ+qtV+gFIFcjYjhfd
-----END CERTIFICATE-----