Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/5TW1-RHQm4FAzR3L-yPs31ke668.roa
File:                     5TW1-RHQm4FAzR3L-yPs31ke668.roa (raw, json)
Hash identifier:          Ab2oMLAK094MAx+hNb74w6xahOePcSAsadvqQgcFj6M=
Subject key identifier:   E5:35:B5:F9:11:D0:9B:81:40:CD:1D:CB:FB:23:EC:DF:59:1E:EB:AF
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       019DDF01CB4C528B5BE0518B02D3F549AC97
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/5TW1-RHQm4FAzR3L-yPs31ke668.roa
Signing time:             Thu 30 Apr 2026 15:28:49 +0000
ROA not before:           Thu 30 Apr 2026 15:28:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6079
IP address blocks:        94.229.216.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 03 May 2026 02:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:df:01:cb:4c:52:8b:5b:e0:51:8b:02:d3:f5:49:ac:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Apr 30 15:28:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e535b5f911d09b8140cd1dcbfb23ecdf591eebaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:45:43:e0:77:1d:c9:ec:71:79:20:f8:32:8d:
                    b1:e1:b7:62:d0:ff:d1:1c:08:0a:17:46:b5:38:0a:
                    d3:35:9e:5a:e7:34:e6:ff:17:b0:a9:00:05:02:04:
                    50:4d:95:e4:31:f1:68:14:0a:74:75:76:66:f5:43:
                    e9:82:32:e0:63:a3:72:66:16:df:51:cf:02:e0:dc:
                    05:69:69:be:7d:9c:bb:52:27:a1:a3:24:72:f5:30:
                    45:a3:fa:30:0d:fd:15:dd:52:05:ea:a2:b8:ec:12:
                    fc:08:d0:5d:e2:5d:31:43:1a:3b:7a:6e:ca:b7:0d:
                    9c:a8:6d:cf:ae:96:6f:0f:a1:f9:ea:a9:7d:6c:94:
                    07:88:7d:e4:93:94:b4:78:39:95:4e:b5:6c:62:13:
                    eb:7e:6c:05:f6:cb:8e:65:6a:f7:57:d9:af:b7:cb:
                    6f:14:cc:e2:54:46:58:92:62:e9:5d:3d:b9:f2:40:
                    69:55:bb:37:ed:4e:b5:35:8f:d7:86:f2:2b:b5:a0:
                    83:e8:68:d5:d8:fd:85:88:b6:6c:4d:cc:be:6a:28:
                    b5:ca:31:5b:cb:06:17:0e:75:b8:9b:38:1a:32:e7:
                    e3:73:6d:54:c7:9f:da:02:a8:25:0d:a9:ae:58:59:
                    63:74:75:5d:a3:fe:a2:a1:d5:0f:26:21:d3:8c:83:
                    22:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:35:B5:F9:11:D0:9B:81:40:CD:1D:CB:FB:23:EC:DF:59:1E:EB:AF
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/5TW1-RHQm4FAzR3L-yPs31ke668.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.229.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c1:8b:e9:1d:68:fa:48:b1:9a:4c:0e:b8:42:10:0b:1c:09:3e:
         ab:f1:1c:82:50:36:c5:46:34:ed:cd:95:f7:20:3d:44:cf:33:
         36:83:86:92:15:ae:72:d1:32:27:a5:97:db:c2:1f:14:4e:06:
         43:88:00:84:10:c4:1d:10:7e:6b:00:43:fb:af:c7:42:a5:a9:
         b9:b8:7b:4b:38:3d:35:87:4f:2b:3b:3b:07:1e:76:1c:27:e4:
         2a:c0:43:c8:06:ab:0f:56:84:2d:44:74:79:ef:af:a9:33:da:
         11:f5:ee:2e:03:4c:81:73:a0:69:70:dd:ba:61:eb:3e:73:5d:
         81:a8:62:f3:7e:0e:38:3a:4c:5a:50:2f:86:24:97:43:32:0e:
         f9:c5:c3:c9:78:f9:16:64:4c:85:24:56:d2:7b:df:cc:bb:ae:
         3b:44:7a:6e:63:8d:33:32:9e:3c:d6:a4:d5:e8:af:07:5c:75:
         db:47:a7:6d:3d:0c:5b:89:fa:08:79:31:b6:00:37:d4:2b:49:
         7c:84:28:d7:fd:41:31:ad:d0:33:ae:76:35:46:f7:fa:57:32:
         f8:20:2b:ec:d3:a4:19:39:74:a2:0c:06:31:63:06:e3:ee:01:
         d8:df:d4:ec:10:53:d9:57:f4:5c:8b:52:63:60:ee:e1:ab:89:
         0d:32:21:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3fActMUotb4FGLAtP1SayXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjYwNDMwMTUyODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTM1YjVmOTExZDA5YjgxNDBjZDFkY2JmYjIzZWNkZjU5MWVlYmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+EVD4HcdyexxeSD4Mo2x4bdi0P/R
HAgKF0a1OArTNZ5a5zTm/xewqQAFAgRQTZXkMfFoFAp0dXZm9UPpgjLgY6NyZhbf
Uc8C4NwFaWm+fZy7UiehoyRy9TBFo/owDf0V3VIF6qK47BL8CNBd4l0xQxo7em7K
tw2cqG3PrpZvD6H56ql9bJQHiH3kk5S0eDmVTrVsYhPrfmwF9suOZWr3V9mvt8tv
FMziVEZYkmLpXT258kBpVbs37U61NY/XhvIrtaCD6GjV2P2FiLZsTcy+aii1yjFb
ywYXDnW4mzgaMufjc21Ux5/aAqglDamuWFljdHVdo/6iodUPJiHTjIMiwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOU1tfkR0JuBQM0dy/sj7N9ZHuuvMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvNVRXMS1SSFFtNEZBelIzTC15UHMzMWtlNjY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXuXYMA0G
CSqGSIb3DQEBCwUAA4IBAQDBi+kdaPpIsZpMDrhCEAscCT6r8RyCUDbFRjTtzZX3
ID1EzzM2g4aSFa5y0TInpZfbwh8UTgZDiACEEMQdEH5rAEP7r8dCpam5uHtLOD01
h08rOzsHHnYcJ+QqwEPIBqsPVoQtRHR576+pM9oR9e4uA0yBc6BpcN26Yes+c12B
qGLzfg44OkxaUC+GJJdDMg75xcPJePkWZEyFJFbSe9/Mu647RHpuY40zMp481qTV
6K8HXHXbR6dtPQxbifoIeTG2ADfUK0l8hCjX/UExrdAzrnY1Rvf6VzL4ICvs06QZ
OXSiDAYxYwbj7gHY39TsEFPZV/Rci1JjYO7hq4kNMiFV
-----END CERTIFICATE-----