Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/f0dd5f-b972-410b-9907-166fb9db6db3/1/BtjheHtMrVrls5cRXqprBV_cY_E.roa
File:                     BtjheHtMrVrls5cRXqprBV_cY_E.roa (raw, json)
Hash identifier:          0/bLQWtIHEPcsIkY5+SuruKHSF6pye9PcBvY10R3rFA=
Subject key identifier:   06:D8:E1:78:7B:4C:AD:5A:E5:B3:97:11:5E:AA:6B:05:5F:DC:63:F1
Certificate issuer:       /CN=4d302a2dd517a61a3b952746f2ee9fbe436d6349
Certificate serial:       019EE1687E85D84F8B1CD928FCCF85E888DF
Authority key identifier: 4D:30:2A:2D:D5:17:A6:1A:3B:95:27:46:F2:EE:9F:BE:43:6D:63:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TTAqLdUXpho7lSdG8u6fvkNtY0k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/f0dd5f-b972-410b-9907-166fb9db6db3/1/BtjheHtMrVrls5cRXqprBV_cY_E.roa
Signing time:             Fri 19 Jun 2026 19:43:02 +0000
ROA not before:           Fri 19 Jun 2026 19:43:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50049
IP address blocks:        5.252.157.0/24 maxlen: 24
                          5.252.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/f0dd5f-b972-410b-9907-166fb9db6db3/1/TTAqLdUXpho7lSdG8u6fvkNtY0k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/f0dd5f-b972-410b-9907-166fb9db6db3/1/TTAqLdUXpho7lSdG8u6fvkNtY0k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TTAqLdUXpho7lSdG8u6fvkNtY0k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:e1:68:7e:85:d8:4f:8b:1c:d9:28:fc:cf:85:e8:88:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d302a2dd517a61a3b952746f2ee9fbe436d6349
        Validity
            Not Before: Jun 19 19:43:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=06d8e1787b4cad5ae5b397115eaa6b055fdc63f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:25:50:ce:f0:b8:69:57:20:d3:af:e6:a1:7c:
                    95:f6:bf:80:e6:c5:e3:c8:a4:a8:db:67:69:6e:3e:
                    69:09:de:74:46:09:d9:20:b4:fa:9e:34:3a:41:8d:
                    89:f1:f5:29:f3:b2:02:9c:e0:94:98:d0:9f:bc:0d:
                    0b:be:d4:15:85:c2:e3:54:d8:63:56:73:12:d4:fa:
                    ef:0e:87:5b:d1:88:49:10:32:a7:36:a4:2a:05:1c:
                    d6:73:12:8d:83:63:99:5e:1e:4e:4f:f0:3e:17:1a:
                    fa:90:a0:94:79:4c:7b:bd:63:4c:20:8d:ec:32:8e:
                    f6:1e:cb:5a:c1:82:ad:66:3b:8f:a0:78:ae:6c:75:
                    b9:46:f1:f1:c7:6e:0e:5b:aa:2b:b5:0c:95:26:ee:
                    67:81:db:9a:c3:a4:1a:8f:bb:df:8f:62:5c:9f:d4:
                    66:25:1d:7a:5c:60:52:49:f9:5a:bc:3c:3f:34:09:
                    59:26:62:13:35:7e:97:75:ed:47:af:28:b1:b1:25:
                    69:fa:ce:94:ae:1b:86:b5:bf:57:b2:15:78:56:a0:
                    a8:3d:87:8e:56:96:34:0b:c4:ea:64:45:18:d4:68:
                    11:21:5d:10:62:c9:0f:54:a2:1d:b9:b8:06:4c:79:
                    4d:ee:94:3a:3c:84:3e:19:fe:69:a9:b8:33:39:5f:
                    a4:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:D8:E1:78:7B:4C:AD:5A:E5:B3:97:11:5E:AA:6B:05:5F:DC:63:F1
            X509v3 Authority Key Identifier:
                keyid:4D:30:2A:2D:D5:17:A6:1A:3B:95:27:46:F2:EE:9F:BE:43:6D:63:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TTAqLdUXpho7lSdG8u6fvkNtY0k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/f0dd5f-b972-410b-9907-166fb9db6db3/1/BtjheHtMrVrls5cRXqprBV_cY_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/f0dd5f-b972-410b-9907-166fb9db6db3/1/TTAqLdUXpho7lSdG8u6fvkNtY0k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.157.0/24
                  5.252.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:02:70:2e:66:92:db:3e:b9:30:20:3b:1b:38:17:0a:a0:0c:
         d0:bb:93:dc:83:40:bd:cd:74:62:d0:aa:0b:62:bc:49:45:72:
         da:43:c6:46:83:95:3d:bd:86:88:fd:92:48:11:2d:39:5c:26:
         f9:e1:84:44:28:ba:4e:98:4e:a5:89:ab:8b:19:c8:ab:a3:69:
         44:bc:95:b3:92:7a:f0:42:ea:4e:29:3f:95:cf:c5:ae:be:d1:
         64:21:84:9a:f5:bd:32:e4:19:39:6b:ab:14:d9:f0:2a:52:3e:
         d8:87:f1:30:3d:26:1c:ac:ac:a2:53:1c:b6:7d:c0:8b:d1:45:
         b9:05:97:91:77:11:04:3a:89:83:04:b3:15:00:a4:3e:ff:b7:
         35:58:c3:50:9c:74:65:16:1b:69:06:ef:0d:90:6d:29:11:fd:
         86:60:de:fe:c6:a8:35:60:72:2a:ac:a7:84:1e:d1:93:87:79:
         31:f6:b8:14:44:47:ea:87:51:f3:39:71:15:fa:66:d4:df:d9:
         91:21:68:0e:2b:da:85:8c:3c:fa:5d:57:2a:9e:f8:c2:e8:06:
         bc:eb:84:3a:5b:55:9a:e1:ec:8a:12:eb:17:79:0a:e5:f3:49:
         5f:90:09:46:78:f7:b8:ad:64:e2:f9:9b:9f:72:06:42:92:d8:
         5f:66:f2:88
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ7haH6F2E+LHNko/M+F6IjfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkMzAyYTJkZDUxN2E2MWEzYjk1Mjc0NmYyZWU5ZmJlNDM2
ZDYzNDkwHhcNMjYwNjE5MTk0MzAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmQ4ZTE3ODdiNGNhZDVhZTViMzk3MTE1ZWFhNmIwNTVmZGM2M2YxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8iVQzvC4aVcg06/moXyV9r+A5sXj
yKSo22dpbj5pCd50RgnZILT6njQ6QY2J8fUp87ICnOCUmNCfvA0LvtQVhcLjVNhj
VnMS1PrvDodb0YhJEDKnNqQqBRzWcxKNg2OZXh5OT/A+Fxr6kKCUeUx7vWNMII3s
Mo72HstawYKtZjuPoHiubHW5RvHxx24OW6ortQyVJu5ngduaw6Qaj7vfj2Jcn9Rm
JR16XGBSSflavDw/NAlZJmITNX6Xde1HryixsSVp+s6UrhuGtb9XshV4VqCoPYeO
VpY0C8TqZEUY1GgRIV0QYskPVKIdubgGTHlN7pQ6PIQ+Gf5pqbgzOV+kJwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAbY4Xh7TK1a5bOXEV6qawVf3GPxMB8GA1UdIwQY
MBaAFE0wKi3VF6YaO5UnRvLun75DbWNJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFRBcUxkVVhwaG83bFNkRzh1NmZ2a050WTBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9mMGRkNWYtYjk3Mi00MTBiLTk5MDct
MTY2ZmI5ZGI2ZGIzLzEvQnRqaGVIdE1yVnJsczVjUlhxcHJCVl9jWV9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9mMGRkNWYtYjk3Mi00MTBiLTk5MDctMTY2ZmI5ZGI2ZGIz
LzEvVFRBcUxkVVhwaG83bFNkRzh1NmZ2a050WTBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABfydAwQA
BfyfMA0GCSqGSIb3DQEBCwUAA4IBAQBvAnAuZpLbPrkwIDsbOBcKoAzQu5Pcg0C9
zXRi0KoLYrxJRXLaQ8ZGg5U9vYaI/ZJIES05XCb54YREKLpOmE6liauLGciro2lE
vJWzknrwQupOKT+Vz8WuvtFkIYSa9b0y5Bk5a6sU2fAqUj7Yh/EwPSYcrKyiUxy2
fcCL0UW5BZeRdxEEOomDBLMVAKQ+/7c1WMNQnHRlFhtpBu8NkG0pEf2GYN7+xqg1
YHIqrKeEHtGTh3kx9rgUREfqh1HzOXEV+mbU39mRIWgOK9qFjDz6XVcqnvjC6Aa8
64Q6W1Wa4eyKEusXeQrl80lfkAlGePe4rWTi+ZufcgZCkthfZvKI
-----END CERTIFICATE-----