Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/b7a249-1552-4f10-b008-1f66faab4ab5/1/osvG5e1YigFoLoa__yzX-J5l27E.roa
File:                     osvG5e1YigFoLoa__yzX-J5l27E.roa (raw, json)
Hash identifier:          SlrGXFD11o+sZzla3/g1JmWekd8M1LFWjbdkdCRUg50=
Subject key identifier:   A2:CB:C6:E5:ED:58:8A:01:68:2E:86:BF:FF:2C:D7:F8:9E:65:DB:B1
Certificate issuer:       /CN=30d8a64903cfa217379749f18b7fdcea1dab6db4
Certificate serial:       019E08CB885DC0E82D40E8FDFFF6831A5548
Authority key identifier: 30:D8:A6:49:03:CF:A2:17:37:97:49:F1:8B:7F:DC:EA:1D:AB:6D:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MNimSQPPohc3l0nxi3_c6h2rbbQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/b7a249-1552-4f10-b008-1f66faab4ab5/1/osvG5e1YigFoLoa__yzX-J5l27E.roa
Signing time:             Fri 08 May 2026 18:13:36 +0000
ROA not before:           Fri 08 May 2026 18:13:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202032
IP address blocks:        185.54.80.0/22 maxlen: 32
                          2a02:4460::/32 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/b7a249-1552-4f10-b008-1f66faab4ab5/1/MNimSQPPohc3l0nxi3_c6h2rbbQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/b7a249-1552-4f10-b008-1f66faab4ab5/1/MNimSQPPohc3l0nxi3_c6h2rbbQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MNimSQPPohc3l0nxi3_c6h2rbbQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 21:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:08:cb:88:5d:c0:e8:2d:40:e8:fd:ff:f6:83:1a:55:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30d8a64903cfa217379749f18b7fdcea1dab6db4
        Validity
            Not Before: May  8 18:13:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a2cbc6e5ed588a01682e86bfff2cd7f89e65dbb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:02:b7:52:c9:f8:75:c4:69:be:b5:c5:86:40:
                    f8:77:b9:db:45:c6:ef:9a:19:d4:1c:ec:cf:4b:38:
                    91:4c:49:b5:9e:94:d4:25:1a:b5:ea:50:0a:50:52:
                    a2:ea:cb:e1:55:52:1c:ae:a0:57:12:49:4c:8f:74:
                    68:a0:91:3e:2c:4f:13:57:e8:5c:39:f0:17:2a:b0:
                    42:e7:55:b5:2d:5d:78:44:c1:b5:97:f8:5e:1b:f2:
                    2d:c8:52:41:7f:3f:a2:6a:be:84:d4:e4:8b:8d:3d:
                    fa:9f:69:a4:87:17:f9:1d:17:b1:3c:0a:73:52:86:
                    7c:69:c2:75:97:c2:8e:43:22:30:00:9a:ab:c2:de:
                    f3:39:ef:d0:46:a2:8c:70:c9:3a:20:2b:65:82:f0:
                    08:bb:2e:66:0d:7a:e1:c3:d8:c5:cf:3e:ab:8b:80:
                    6d:15:77:39:77:c0:8e:7d:24:ec:de:4f:9e:fa:75:
                    5b:3b:c3:fd:ef:46:72:55:d0:04:cb:dc:ec:14:fc:
                    8b:d9:a9:a0:19:0b:99:82:30:0a:87:0a:4c:ec:46:
                    30:86:f0:a0:2b:7a:ea:6f:86:a8:9f:8b:93:ed:fc:
                    fa:d3:96:28:82:16:87:6e:33:02:2a:e0:af:0f:cb:
                    ab:d3:19:1e:39:17:75:3a:35:7c:7d:72:3f:a4:fc:
                    87:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:CB:C6:E5:ED:58:8A:01:68:2E:86:BF:FF:2C:D7:F8:9E:65:DB:B1
            X509v3 Authority Key Identifier:
                keyid:30:D8:A6:49:03:CF:A2:17:37:97:49:F1:8B:7F:DC:EA:1D:AB:6D:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MNimSQPPohc3l0nxi3_c6h2rbbQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b7a249-1552-4f10-b008-1f66faab4ab5/1/osvG5e1YigFoLoa__yzX-J5l27E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b7a249-1552-4f10-b008-1f66faab4ab5/1/MNimSQPPohc3l0nxi3_c6h2rbbQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.54.80.0/22
                IPv6:
                  2a02:4460::/32

    Signature Algorithm: sha256WithRSAEncryption
         3a:9f:8c:0e:48:c8:de:17:6c:d9:e6:ea:3b:7c:ee:e2:20:ba:
         85:92:e8:9a:ac:ce:51:34:0d:6c:80:a5:2d:90:ae:79:3f:c2:
         42:93:f5:c3:36:3d:94:39:f8:14:65:24:09:c9:d4:c2:6f:b8:
         22:f2:f6:98:bf:70:2c:4d:c3:46:cc:ed:96:ab:eb:c4:6b:2d:
         49:ac:6a:5c:1e:fd:84:60:97:00:1d:fb:cb:bc:a2:f7:0d:02:
         bb:f8:e2:95:67:9a:c4:4f:de:f3:49:79:18:3a:3e:e4:5a:69:
         40:32:94:6f:eb:6b:19:29:97:3f:25:ba:c2:30:86:b2:96:ec:
         ae:f3:ef:19:0b:c9:cc:3c:9c:b9:fd:cd:42:e9:37:b6:ed:e8:
         0d:f3:c0:77:5c:0a:19:b1:5d:aa:88:93:85:ba:45:d8:b0:17:
         8c:ec:02:a0:5a:16:e3:96:ec:ba:83:b6:2e:5a:b3:13:48:35:
         51:1d:80:02:1e:9a:74:78:c7:b3:c9:f9:3c:ad:ea:81:d3:97:
         6d:e0:0b:25:c0:30:b9:db:90:22:aa:92:74:47:f0:18:8d:10:
         af:56:ca:51:b1:2f:40:13:4e:b4:b8:39:01:69:a4:c8:ae:69:
         96:c1:be:90:0d:d0:55:ac:75:0e:35:58:dd:47:87:19:fc:9c:
         03:9f:a9:9f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ4Iy4hdwOgtQOj9//aDGlVIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwZDhhNjQ5MDNjZmEyMTczNzk3NDlmMThiN2ZkY2VhMWRh
YjZkYjQwHhcNMjYwNTA4MTgxMzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmNiYzZlNWVkNTg4YTAxNjgyZTg2YmZmZjJjZDdmODllNjVkYmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9AK3Usn4dcRpvrXFhkD4d7nbRcbv
mhnUHOzPSziRTEm1npTUJRq16lAKUFKi6svhVVIcrqBXEklMj3RooJE+LE8TV+hc
OfAXKrBC51W1LV14RMG1l/heG/ItyFJBfz+iar6E1OSLjT36n2mkhxf5HRexPApz
UoZ8acJ1l8KOQyIwAJqrwt7zOe/QRqKMcMk6ICtlgvAIuy5mDXrhw9jFzz6ri4Bt
FXc5d8COfSTs3k+e+nVbO8P970ZyVdAEy9zsFPyL2amgGQuZgjAKhwpM7EYwhvCg
K3rqb4aon4uT7fz605YoghaHbjMCKuCvD8ur0xkeORd1OjV8fXI/pPyHJQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKLLxuXtWIoBaC6Gv/8s1/ieZduxMB8GA1UdIwQY
MBaAFDDYpkkDz6IXN5dJ8Yt/3Oodq220MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU5pbVNRUFBvaGMzbDBueGkzX2M2aDJyYmJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iN2EyNDktMTU1Mi00ZjEwLWIwMDgt
MWY2NmZhYWI0YWI1LzEvb3N2RzVlMVlpZ0ZvTG9hX195elgtSjVsMjdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iN2EyNDktMTU1Mi00ZjEwLWIwMDgtMWY2NmZhYWI0YWI1
LzEvTU5pbVNRUFBvaGMzbDBueGkzX2M2aDJyYmJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuTZQMA0E
AgACMAcDBQAqAkRgMA0GCSqGSIb3DQEBCwUAA4IBAQA6n4wOSMjeF2zZ5uo7fO7i
ILqFkuiarM5RNA1sgKUtkK55P8JCk/XDNj2UOfgUZSQJydTCb7gi8vaYv3AsTcNG
zO2Wq+vEay1JrGpcHv2EYJcAHfvLvKL3DQK7+OKVZ5rET97zSXkYOj7kWmlAMpRv
62sZKZc/JbrCMIayluyu8+8ZC8nMPJy5/c1C6Te27egN88B3XAoZsV2qiJOFukXY
sBeM7AKgWhbjluy6g7YuWrMTSDVRHYACHpp0eMezyfk8reqB05dt4AslwDC525Ai
qpJ0R/AYjRCvVspRsS9AE060uDkBaaTIrmmWwb6QDdBVrHUONVjdR4cZ/JwDn6mf
-----END CERTIFICATE-----