Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/c913dc-770f-4bd0-978f-46162786f8e1/1/r176ZTDmas0yhldLsprRh3VkXas.roa
File:                     r176ZTDmas0yhldLsprRh3VkXas.roa (raw, json)
Hash identifier:          VzMucYLj37iS+6RZ2k4df7JyYSsoQm5cThupVotFxBg=
Subject key identifier:   AF:5E:FA:65:30:E6:6A:CD:32:86:57:4B:B2:9A:D1:87:75:64:5D:AB
Certificate issuer:       /CN=1942a41559426b2f5a877c039eeda17b6b9e1d89
Certificate serial:       019B7CEDD8257B6B43C1AA2145725068A3B4
Authority key identifier: 19:42:A4:15:59:42:6B:2F:5A:87:7C:03:9E:ED:A1:7B:6B:9E:1D:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUKkFVlCay9ah3wDnu2he2ueHYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/c913dc-770f-4bd0-978f-46162786f8e1/1/r176ZTDmas0yhldLsprRh3VkXas.roa
Signing time:             Fri 02 Jan 2026 04:18:40 +0000
ROA not before:           Fri 02 Jan 2026 04:18:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41109
IP address blocks:        81.200.80.0/21 maxlen: 21
                          81.200.88.0/23 maxlen: 23
                          81.200.90.0/24 maxlen: 24
                          81.200.92.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/c913dc-770f-4bd0-978f-46162786f8e1/1/GUKkFVlCay9ah3wDnu2he2ueHYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/c913dc-770f-4bd0-978f-46162786f8e1/1/GUKkFVlCay9ah3wDnu2he2ueHYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUKkFVlCay9ah3wDnu2he2ueHYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:d8:25:7b:6b:43:c1:aa:21:45:72:50:68:a3:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1942a41559426b2f5a877c039eeda17b6b9e1d89
        Validity
            Not Before: Jan  2 04:18:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=af5efa6530e66acd3286574bb29ad18775645dab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:89:23:de:22:62:80:ba:21:08:fb:43:0d:bc:
                    f7:96:ad:0f:64:cb:04:62:39:56:9e:1f:c9:95:82:
                    c6:53:e8:51:b9:a1:8a:38:2c:e0:4f:d6:a9:5f:2a:
                    49:9d:52:c4:ed:ed:d6:77:fd:d4:11:20:29:14:3a:
                    19:47:ca:76:e3:90:31:66:dd:34:de:6c:e3:aa:f4:
                    e4:e6:a0:23:fd:77:0b:26:46:a1:a0:cd:3d:c5:99:
                    4b:49:ae:c5:11:ad:d2:9c:52:3f:0a:5b:45:69:80:
                    b4:e0:7a:5e:03:b4:4e:7e:8b:87:9a:87:0e:87:8d:
                    f2:03:34:a0:cb:77:49:e5:7d:6c:3d:79:5a:14:b5:
                    f9:b5:26:6a:00:08:0b:68:a1:e2:65:1f:d4:1d:3b:
                    48:3b:ad:30:3e:9d:e9:c2:48:2b:c9:43:16:92:03:
                    b7:fb:48:04:db:27:11:7b:f5:64:95:c4:f7:ef:a7:
                    2c:c3:38:31:31:3e:bd:13:c8:fe:d9:02:cc:7b:8d:
                    af:5b:4d:76:10:70:6d:f5:9a:98:44:07:c7:7c:b8:
                    7f:a0:9e:c4:3c:07:68:c2:d8:52:be:14:23:53:20:
                    a4:9d:2f:f2:e2:17:b9:e1:dc:4e:c9:86:89:ca:0e:
                    7d:59:da:08:d1:9b:ac:64:da:f7:82:c2:ec:a8:89:
                    4b:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:5E:FA:65:30:E6:6A:CD:32:86:57:4B:B2:9A:D1:87:75:64:5D:AB
            X509v3 Authority Key Identifier:
                keyid:19:42:A4:15:59:42:6B:2F:5A:87:7C:03:9E:ED:A1:7B:6B:9E:1D:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUKkFVlCay9ah3wDnu2he2ueHYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/c913dc-770f-4bd0-978f-46162786f8e1/1/r176ZTDmas0yhldLsprRh3VkXas.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/c913dc-770f-4bd0-978f-46162786f8e1/1/GUKkFVlCay9ah3wDnu2he2ueHYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.200.80.0-81.200.90.255
                  81.200.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         55:55:4b:a4:64:8c:78:3a:cb:76:12:ea:62:a0:d4:c3:5f:fc:
         de:92:9e:39:58:26:ef:2d:31:62:84:57:51:ef:28:8b:fe:e0:
         54:54:0e:5a:01:da:32:92:66:64:31:8e:bb:ff:5b:a4:b2:0c:
         c3:da:65:c9:10:1c:c8:98:63:86:fd:40:96:82:6e:c8:87:00:
         79:f6:da:5c:9a:5b:48:74:a6:21:3c:14:75:7a:74:08:5a:cf:
         f3:5e:e2:fa:e2:66:62:0d:88:ec:bf:23:29:a0:b2:3b:24:ce:
         df:e4:06:cc:12:06:3f:22:41:d5:5e:a7:f0:70:18:20:21:d4:
         74:5d:e2:15:06:82:4c:4d:58:7a:e6:c5:d7:62:ca:1d:93:a9:
         7a:df:71:a7:72:12:c9:b0:fa:32:56:ce:8a:50:8b:54:27:28:
         fd:73:71:8a:e9:ea:d9:ce:45:ed:7f:cd:e8:38:5e:5a:7b:bc:
         d9:11:73:69:7b:8e:8d:9b:02:c2:64:b7:fd:1d:a7:34:62:c7:
         b9:58:64:80:11:4b:81:bf:e8:49:5e:c3:00:5f:81:1c:e1:7c:
         25:41:46:fa:75:10:43:ee:32:10:ba:22:2c:f8:38:fd:21:5f:
         8e:a2:a4:ba:69:a0:d8:44:4c:9c:2c:32:f9:fa:73:d6:0e:14:
         ee:5f:fa:ef
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZt87dgle2tDwaohRXJQaKO0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDJhNDE1NTk0MjZiMmY1YTg3N2MwMzllZWRhMTdiNmI5
ZTFkODkwHhcNMjYwMTAyMDQxODQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjVlZmE2NTMwZTY2YWNkMzI4NjU3NGJiMjlhZDE4Nzc1NjQ1ZGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2okj3iJigLohCPtDDbz3lq0PZMsE
YjlWnh/JlYLGU+hRuaGKOCzgT9apXypJnVLE7e3Wd/3UESApFDoZR8p245AxZt00
3mzjqvTk5qAj/XcLJkahoM09xZlLSa7FEa3SnFI/CltFaYC04HpeA7ROfouHmocO
h43yAzSgy3dJ5X1sPXlaFLX5tSZqAAgLaKHiZR/UHTtIO60wPp3pwkgryUMWkgO3
+0gE2ycRe/VklcT376cswzgxMT69E8j+2QLMe42vW012EHBt9ZqYRAfHfLh/oJ7E
PAdowthSvhQjUyCknS/y4he54dxOyYaJyg59WdoI0ZusZNr3gsLsqIlLtQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFK9e+mUw5mrNMoZXS7Ka0Yd1ZF2rMB8GA1UdIwQY
MBaAFBlCpBVZQmsvWod8A57toXtrnh2JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VLa0ZWbENheTlhaDN3RG51MmhlMnVlSFlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9jOTEzZGMtNzcwZi00YmQwLTk3OGYt
NDYxNjI3ODZmOGUxLzEvcjE3NlpURG1hczB5aGxkTHNwclJoM1ZrWGFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9jOTEzZGMtNzcwZi00YmQwLTk3OGYtNDYxNjI3ODZmOGUx
LzEvR1VLa0ZWbENheTlhaDN3RG51MmhlMnVlSFlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBARRyFAD
BABRyFoDBAJRyFwwDQYJKoZIhvcNAQELBQADggEBAFVVS6RkjHg6y3YS6mKg1MNf
/N6SnjlYJu8tMWKEV1HvKIv+4FRUDloB2jKSZmQxjrv/W6SyDMPaZckQHMiYY4b9
QJaCbsiHAHn22lyaW0h0piE8FHV6dAhaz/Ne4vriZmINiOy/Iymgsjskzt/kBswS
Bj8iQdVep/BwGCAh1HRd4hUGgkxNWHrmxddiyh2TqXrfcadyEsmw+jJWzopQi1Qn
KP1zcYrp6tnORe1/zeg4Xlp7vNkRc2l7jo2bAsJkt/0dpzRix7lYZIARS4G/6Ele
wwBfgRzhfCVBRvp1EEPuMhC6Iiz4OP0hX46ipLppoNhETJwsMvn6c9YOFO5f+u8=
-----END CERTIFICATE-----