Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/hJaLz83PxtYypjNW8C5dkk8VBJs.roa
File:                     hJaLz83PxtYypjNW8C5dkk8VBJs.roa (raw, json)
Hash identifier:          q0uEXqE8jpJfVPLm1gkSJMfUPK4v9evWWQci4udPlNo=
Subject key identifier:   84:96:8B:CF:CD:CF:C6:D6:32:A6:33:56:F0:2E:5D:92:4F:15:04:9B
Certificate issuer:       /CN=2f2a0fa20383332a3f414f054753a0b60b25ba10
Certificate serial:       019E1CD3578FE8F7923144F530F2D506FBA6
Authority key identifier: 2F:2A:0F:A2:03:83:33:2A:3F:41:4F:05:47:53:A0:B6:0B:25:BA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LyoPogODMyo_QU8FR1OgtgsluhA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/hJaLz83PxtYypjNW8C5dkk8VBJs.roa
Signing time:             Tue 12 May 2026 15:34:33 +0000
ROA not before:           Tue 12 May 2026 15:34:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44955
IP address blocks:        91.224.109.0/24 maxlen: 32
                          91.241.78.0/24 maxlen: 24
                          109.70.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/LyoPogODMyo_QU8FR1OgtgsluhA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/LyoPogODMyo_QU8FR1OgtgsluhA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LyoPogODMyo_QU8FR1OgtgsluhA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:1c:d3:57:8f:e8:f7:92:31:44:f5:30:f2:d5:06:fb:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f2a0fa20383332a3f414f054753a0b60b25ba10
        Validity
            Not Before: May 12 15:34:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=84968bcfcdcfc6d632a63356f02e5d924f15049b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:df:32:c9:88:d0:79:a8:27:10:54:d4:d9:0b:
                    f8:00:17:d2:14:61:92:9f:8c:f9:8a:35:ff:e0:46:
                    7e:86:f1:7d:fa:27:c8:17:cf:98:2a:83:a0:84:95:
                    c9:e1:45:fe:52:98:7d:04:5d:41:79:cf:56:60:e3:
                    39:67:9f:c8:94:6a:0b:5f:c5:6e:f4:4e:a5:e6:fc:
                    b9:32:9f:84:9d:de:d8:4f:92:cc:d7:a2:46:f0:70:
                    18:f7:96:8f:31:9f:39:c9:f8:c8:a0:a8:09:ac:ee:
                    58:c8:cc:33:d3:8c:9f:9d:46:74:67:cf:20:12:69:
                    8b:68:3a:2d:ae:4b:67:65:95:84:c8:89:93:19:19:
                    cd:d0:26:ed:68:56:f6:98:fa:05:d0:a7:0a:97:f6:
                    7e:12:c1:0d:45:03:94:e8:00:67:25:69:bf:58:6f:
                    93:b6:e2:80:0d:57:4e:3a:c0:68:95:65:6c:7e:d8:
                    78:d8:88:e2:b4:e7:a4:f7:0c:e9:9e:51:1b:6d:66:
                    40:d9:c8:e1:f2:67:24:a7:14:32:82:7a:80:81:3c:
                    5e:34:ae:8a:93:b4:83:0b:7b:e1:37:41:1e:17:24:
                    45:8e:ae:05:b0:e6:49:47:35:6d:5d:17:75:da:27:
                    e9:cb:71:7c:eb:b0:29:fa:1d:99:d2:35:a1:d7:6f:
                    8d:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:96:8B:CF:CD:CF:C6:D6:32:A6:33:56:F0:2E:5D:92:4F:15:04:9B
            X509v3 Authority Key Identifier:
                keyid:2F:2A:0F:A2:03:83:33:2A:3F:41:4F:05:47:53:A0:B6:0B:25:BA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LyoPogODMyo_QU8FR1OgtgsluhA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/hJaLz83PxtYypjNW8C5dkk8VBJs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/LyoPogODMyo_QU8FR1OgtgsluhA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.109.0/24
                  91.241.78.0/24
                  109.70.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:ca:3c:c0:9b:83:b6:49:2a:84:fd:59:52:55:ee:42:95:1d:
         99:51:41:e2:25:d8:d5:8c:0e:5b:85:6b:6c:34:a3:fc:9b:fa:
         12:47:52:fd:ae:d6:18:18:11:d9:3a:39:b1:1f:ce:26:f1:b8:
         e9:1e:d3:1b:4c:3f:b1:e2:c1:87:56:b1:70:7c:3b:09:1b:03:
         0f:94:df:2d:88:41:41:b8:77:e9:be:bd:26:dc:0d:b0:a3:74:
         b5:05:11:85:2d:e4:af:25:c6:7e:60:ed:3a:9d:ec:3d:d0:40:
         36:17:5e:da:63:fb:da:ab:e7:cc:76:c0:48:ec:17:d4:a4:a4:
         c1:99:cf:61:f5:80:26:88:7d:ac:ae:d3:e0:4e:ee:a5:d6:c6:
         d3:d7:08:cc:16:fb:c1:87:84:23:6e:ea:9b:83:aa:58:09:47:
         39:73:db:b4:f4:ab:70:e1:75:9a:e5:56:ee:ec:46:af:85:cf:
         b8:26:44:0a:de:3b:6a:8a:84:8f:56:97:f5:3d:01:b3:1f:ad:
         fb:a2:48:91:c8:7b:9d:56:fd:02:5d:a7:87:50:fa:2f:a8:7f:
         3f:9f:fc:a9:e7:33:1d:5d:c5:1f:37:da:26:4e:fd:26:fc:b4:
         91:fe:26:67:8f:ca:db:00:20:ba:44:37:2c:b3:19:71:ef:0c:
         b5:9d:72:68
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ4c01eP6PeSMUT1MPLVBvumMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmMmEwZmEyMDM4MzMzMmEzZjQxNGYwNTQ3NTNhMGI2MGIy
NWJhMTAwHhcNMjYwNTEyMTUzNDMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDk2OGJjZmNkY2ZjNmQ2MzJhNjMzNTZmMDJlNWQ5MjRmMTUwNDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq98yyYjQeagnEFTU2Qv4ABfSFGGS
n4z5ijX/4EZ+hvF9+ifIF8+YKoOghJXJ4UX+Uph9BF1Bec9WYOM5Z5/IlGoLX8Vu
9E6l5vy5Mp+End7YT5LM16JG8HAY95aPMZ85yfjIoKgJrO5YyMwz04yfnUZ0Z88g
EmmLaDotrktnZZWEyImTGRnN0CbtaFb2mPoF0KcKl/Z+EsENRQOU6ABnJWm/WG+T
tuKADVdOOsBolWVsfth42IjitOek9wzpnlEbbWZA2cjh8mckpxQygnqAgTxeNK6K
k7SDC3vhN0EeFyRFjq4FsOZJRzVtXRd12ifpy3F867Ap+h2Z0jWh12+NxwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFISWi8/Nz8bWMqYzVvAuXZJPFQSbMB8GA1UdIwQY
MBaAFC8qD6IDgzMqP0FPBUdToLYLJboQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHlvUG9nT0RNeW9fUVU4RlIxT2d0Z3NsdWhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9kNmQzMGItMGI5Yi00MjllLTg0MTMt
NTVhOTMwZmMwYzcxLzEvaEphTHo4M1B4dFl5cGpOVzhDNWRrazhWQkpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9kNmQzMGItMGI5Yi00MjllLTg0MTMtNTVhOTMwZmMwYzcx
LzEvTHlvUG9nT0RNeW9fUVU4RlIxT2d0Z3NsdWhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW+BtAwQA
W/FOAwQAbUZIMA0GCSqGSIb3DQEBCwUAA4IBAQAdyjzAm4O2SSqE/VlSVe5ClR2Z
UUHiJdjVjA5bhWtsNKP8m/oSR1L9rtYYGBHZOjmxH84m8bjpHtMbTD+x4sGHVrFw
fDsJGwMPlN8tiEFBuHfpvr0m3A2wo3S1BRGFLeSvJcZ+YO06new90EA2F17aY/va
q+fMdsBI7BfUpKTBmc9h9YAmiH2srtPgTu6l1sbT1wjMFvvBh4Qjbuqbg6pYCUc5
c9u09Ktw4XWa5Vbu7Eavhc+4JkQK3jtqioSPVpf1PQGzH637okiRyHudVv0CXaeH
UPovqH8/n/yp5zMdXcUfN9omTv0m/LSR/iZnj8rbACC6RDcssxlx7wy1nXJo
-----END CERTIFICATE-----