Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/45fee7-6985-4abe-afab-0142fef672ec/1/mqyazNOfM1ZVPm3cOVRYyNHDwpA.roa
File:                     mqyazNOfM1ZVPm3cOVRYyNHDwpA.roa (raw, json)
Hash identifier:          C7VZbHKV6HPYsBlX1X4bgcS+0xR52AiRYn6dtHpeMwc=
Subject key identifier:   9A:AC:9A:CC:D3:9F:33:56:55:3E:6D:DC:39:54:58:C8:D1:C3:C2:90
Certificate issuer:       /CN=f5d6b1d90ed4bf1651aa2270e6ecbac2d87922ac
Certificate serial:       019CBD216190E07CC1D79BD9F5B581E1DE1F
Authority key identifier: F5:D6:B1:D9:0E:D4:BF:16:51:AA:22:70:E6:EC:BA:C2:D8:79:22:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9dax2Q7UvxZRqiJw5uy6wth5Iqw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/45fee7-6985-4abe-afab-0142fef672ec/1/mqyazNOfM1ZVPm3cOVRYyNHDwpA.roa
Signing time:             Thu 05 Mar 2026 08:33:27 +0000
ROA not before:           Thu 05 Mar 2026 08:33:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216041
IP address blocks:        81.85.80.0/22 maxlen: 24
                          2a0c:fc80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/45fee7-6985-4abe-afab-0142fef672ec/1/9dax2Q7UvxZRqiJw5uy6wth5Iqw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/45fee7-6985-4abe-afab-0142fef672ec/1/9dax2Q7UvxZRqiJw5uy6wth5Iqw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9dax2Q7UvxZRqiJw5uy6wth5Iqw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 13:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:bd:21:61:90:e0:7c:c1:d7:9b:d9:f5:b5:81:e1:de:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5d6b1d90ed4bf1651aa2270e6ecbac2d87922ac
        Validity
            Not Before: Mar  5 08:33:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9aac9accd39f3356553e6ddc395458c8d1c3c290
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:c7:ff:b7:fd:4b:2f:5b:99:ce:c3:33:41:50:
                    2b:27:3d:29:41:13:15:e4:4e:4e:b4:63:42:0b:13:
                    ec:6a:3e:a4:15:aa:84:57:00:07:84:58:00:5b:d8:
                    e2:3b:2e:20:b1:2b:53:e0:83:59:65:b6:84:78:fb:
                    43:f4:5a:ec:81:51:ad:72:f1:d3:7a:d1:40:df:cc:
                    5c:46:df:c9:63:fd:6d:24:51:a8:5a:a4:18:75:a6:
                    f8:5e:aa:9d:0e:6f:fa:b1:c6:fb:df:39:8e:c7:d4:
                    b7:7f:e0:ba:db:7f:8f:f6:25:f7:e5:a8:db:58:7f:
                    ff:db:f4:a9:3a:c3:b6:75:a7:74:56:00:07:04:23:
                    13:c2:b6:b6:61:eb:c6:1b:6e:96:5d:54:b7:3e:63:
                    21:fd:03:b0:cc:c7:fa:35:5e:4e:ff:35:b9:d3:cf:
                    cf:ec:01:9e:be:d9:82:d0:a4:5b:24:77:62:85:07:
                    46:6a:c6:3f:e7:12:d1:40:f8:40:d5:9c:c0:11:b6:
                    4e:49:b6:74:a1:14:d2:21:37:6e:3c:8a:f5:76:c2:
                    35:95:64:98:55:37:c6:83:da:c3:90:bb:2b:10:e7:
                    ac:e1:b1:15:a8:60:13:0e:09:5c:10:ca:e6:35:d3:
                    b7:24:66:f2:f4:82:65:97:9f:87:d3:23:a9:37:36:
                    1f:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:AC:9A:CC:D3:9F:33:56:55:3E:6D:DC:39:54:58:C8:D1:C3:C2:90
            X509v3 Authority Key Identifier:
                keyid:F5:D6:B1:D9:0E:D4:BF:16:51:AA:22:70:E6:EC:BA:C2:D8:79:22:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9dax2Q7UvxZRqiJw5uy6wth5Iqw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/45fee7-6985-4abe-afab-0142fef672ec/1/mqyazNOfM1ZVPm3cOVRYyNHDwpA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/45fee7-6985-4abe-afab-0142fef672ec/1/9dax2Q7UvxZRqiJw5uy6wth5Iqw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.85.80.0/22
                IPv6:
                  2a0c:fc80::/29

    Signature Algorithm: sha256WithRSAEncryption
         49:4e:81:06:96:d4:92:29:8c:f3:c4:b1:0b:af:5e:5b:9f:e2:
         a5:21:a4:ee:29:af:d6:87:f4:eb:95:c5:bb:61:d7:d7:3f:dd:
         04:07:52:c1:fa:83:75:33:4c:c2:ad:29:da:f8:38:54:d8:e8:
         6e:b4:91:e5:10:db:30:5e:46:b4:41:d0:31:12:99:f3:a3:31:
         28:1a:57:cb:cc:4e:22:7e:8b:b9:1a:69:8e:20:47:2d:5e:ea:
         82:21:8a:58:ef:1f:74:55:9e:42:72:a7:60:3a:bb:05:4f:49:
         0e:db:68:12:c5:f5:90:12:e3:65:91:7a:01:12:60:fe:07:56:
         60:f1:68:98:c3:67:c4:7f:e3:75:bf:b9:77:94:71:11:af:c8:
         9b:4d:8a:13:63:45:7f:43:96:d6:40:98:fe:70:81:b3:08:e6:
         f7:6b:c6:1d:82:2f:d0:24:54:5e:a6:bb:e3:89:4c:b8:b7:fc:
         40:0d:18:0f:4f:17:f1:b0:37:97:48:aa:1e:bb:a8:c6:0f:80:
         71:7b:f3:66:9a:e9:1e:47:06:bf:fe:cc:c5:5d:49:74:ee:aa:
         35:24:dc:39:6b:be:89:8a:12:c6:1a:ee:66:47:d5:fa:8e:10:
         d7:4b:9e:fc:74:9e:f0:59:f1:1d:2c:82:73:f9:e6:28:5e:84:
         61:c7:f0:47
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZy9IWGQ4HzB15vZ9bWB4d4fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1ZDZiMWQ5MGVkNGJmMTY1MWFhMjI3MGU2ZWNiYWMyZDg3
OTIyYWMwHhcNMjYwMzA1MDgzMzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWFjOWFjY2QzOWYzMzU2NTUzZTZkZGMzOTU0NThjOGQxYzNjMjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1cf/t/1LL1uZzsMzQVArJz0pQRMV
5E5OtGNCCxPsaj6kFaqEVwAHhFgAW9jiOy4gsStT4INZZbaEePtD9FrsgVGtcvHT
etFA38xcRt/JY/1tJFGoWqQYdab4XqqdDm/6scb73zmOx9S3f+C623+P9iX35ajb
WH//2/SpOsO2dad0VgAHBCMTwra2YevGG26WXVS3PmMh/QOwzMf6NV5O/zW508/P
7AGevtmC0KRbJHdihQdGasY/5xLRQPhA1ZzAEbZOSbZ0oRTSITduPIr1dsI1lWSY
VTfGg9rDkLsrEOes4bEVqGATDglcEMrmNdO3JGby9IJll5+H0yOpNzYfgwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJqsmszTnzNWVT5t3DlUWMjRw8KQMB8GA1UdIwQY
MBaAFPXWsdkO1L8WUaoicObsusLYeSKsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWRheDJRN1V2eFpScWlKdzV1eTZ3dGg1SXF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS80NWZlZTctNjk4NS00YWJlLWFmYWIt
MDE0MmZlZjY3MmVjLzEvbXF5YXpOT2ZNMVpWUG0zY09WUll5TkhEd3BBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS80NWZlZTctNjk4NS00YWJlLWFmYWItMDE0MmZlZjY3MmVj
LzEvOWRheDJRN1V2eFpScWlKdzV1eTZ3dGg1SXF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCUVVQMA0E
AgACMAcDBQMqDPyAMA0GCSqGSIb3DQEBCwUAA4IBAQBJToEGltSSKYzzxLELr15b
n+KlIaTuKa/Wh/TrlcW7YdfXP90EB1LB+oN1M0zCrSna+DhU2OhutJHlENswXka0
QdAxEpnzozEoGlfLzE4ifou5GmmOIEctXuqCIYpY7x90VZ5CcqdgOrsFT0kO22gS
xfWQEuNlkXoBEmD+B1Zg8WiYw2fEf+N1v7l3lHERr8ibTYoTY0V/Q5bWQJj+cIGz
COb3a8Ydgi/QJFReprvjiUy4t/xADRgPTxfxsDeXSKoeu6jGD4Bxe/NmmukeRwa/
/szFXUl07qo1JNw5a76JihLGGu5mR9X6jhDXS578dJ7wWfEdLIJz+eYoXoRhx/BH
-----END CERTIFICATE-----