Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/Ty5DpdqPOmydyDg_bQAaBkoGLp8.roa
File:                     Ty5DpdqPOmydyDg_bQAaBkoGLp8.roa (raw, json)
Hash identifier:          akNfDUTh82avi6l8pVfNZIbM0Tw4axKISXdVg+zVbtA=
Subject key identifier:   4F:2E:43:A5:DA:8F:3A:6C:9D:C8:38:3F:6D:00:1A:06:4A:06:2E:9F
Certificate issuer:       /CN=9799140b42db6cb6bf8c6dd413747fcf4a6fd9b5
Certificate serial:       019DFC2FBBCF734EE4837628F6EDDF2577CD
Authority key identifier: 97:99:14:0B:42:DB:6C:B6:BF:8C:6D:D4:13:74:7F:CF:4A:6F:D9:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/Ty5DpdqPOmydyDg_bQAaBkoGLp8.roa
Signing time:             Wed 06 May 2026 07:27:59 +0000
ROA not before:           Wed 06 May 2026 07:27:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     4766
IP address blocks:        82.206.2.0/23 maxlen: 24
                          82.206.76.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fc:2f:bb:cf:73:4e:e4:83:76:28:f6:ed:df:25:77:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9799140b42db6cb6bf8c6dd413747fcf4a6fd9b5
        Validity
            Not Before: May  6 07:27:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4f2e43a5da8f3a6c9dc8383f6d001a064a062e9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:3e:58:7b:2c:a1:f1:45:19:8a:01:ba:0e:0c:
                    d7:3c:30:39:a0:5c:da:78:28:cb:17:ac:03:e9:88:
                    43:c8:50:0c:81:c1:93:bc:34:de:b6:14:ef:9c:5c:
                    d7:cc:96:2f:2c:85:da:9a:21:bc:7d:76:23:f3:ac:
                    a0:c4:89:e6:7a:c9:c4:84:09:7e:a5:66:cd:3f:7b:
                    a4:a3:c3:e0:4a:a0:5f:84:49:22:a4:92:d9:17:a7:
                    18:b2:f1:cd:03:9a:a6:9f:10:24:3f:8b:da:52:c1:
                    50:cd:9e:77:93:3b:ac:46:65:19:c5:3d:05:e9:54:
                    34:38:c8:e3:b5:1e:2b:80:de:1e:e0:56:25:b6:43:
                    12:a6:cf:29:ea:56:8e:c2:fd:42:7d:fc:5f:40:6d:
                    f6:aa:4a:ad:dd:16:12:28:71:99:6f:3b:d7:80:c4:
                    50:0d:03:06:17:a4:94:64:36:68:43:f8:04:32:3d:
                    d9:45:e9:7b:ce:8e:04:64:cf:8f:4c:68:d1:82:ba:
                    92:63:c0:42:b0:1f:f8:90:63:8c:e7:86:db:d6:55:
                    79:91:52:7e:5a:24:65:cb:5d:46:c1:50:94:dc:8e:
                    a9:0e:35:cd:14:a5:5a:9e:70:b7:ad:70:6f:aa:9b:
                    20:57:e7:6c:9e:b4:34:b0:66:73:ca:d4:5b:27:75:
                    64:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:2E:43:A5:DA:8F:3A:6C:9D:C8:38:3F:6D:00:1A:06:4A:06:2E:9F
            X509v3 Authority Key Identifier:
                keyid:97:99:14:0B:42:DB:6C:B6:BF:8C:6D:D4:13:74:7F:CF:4A:6F:D9:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/Ty5DpdqPOmydyDg_bQAaBkoGLp8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.206.2.0/23
                  82.206.76.0/23

    Signature Algorithm: sha256WithRSAEncryption
         76:35:d0:1f:b4:a3:f8:4f:d1:7a:c6:a4:0b:46:43:86:29:f5:
         13:aa:8d:78:61:0a:e3:91:49:0a:b6:e3:71:ec:d7:f1:ac:37:
         6e:ea:dc:e3:1b:a1:99:ea:95:34:06:a9:70:49:57:cf:68:16:
         bf:a5:a5:63:5c:ea:65:bc:52:0b:a6:e6:35:0e:7e:40:3e:30:
         31:63:91:6c:ec:d5:fe:f0:71:fb:e7:43:d1:57:0d:ec:0c:c4:
         7f:3b:19:cb:4b:45:ab:e6:96:c3:12:2d:d7:3b:b0:c9:7f:93:
         14:49:db:fb:6a:f8:13:a0:44:16:ea:a9:99:96:ad:1c:5a:9b:
         86:c6:8f:0a:3f:41:72:1e:c4:63:0d:82:63:10:44:95:57:d3:
         72:e2:41:91:20:6e:ff:3d:c6:21:5d:cd:7b:03:c6:d6:84:6d:
         33:5a:58:b5:1a:9c:4a:cf:3b:f8:48:4b:d8:9d:f9:4e:f9:a2:
         8c:bb:33:b2:3e:c5:64:e5:92:0a:34:06:db:59:96:a6:d7:34:
         98:5d:a2:4e:30:24:15:b2:3d:ed:ae:be:77:0e:8e:00:44:c9:
         50:de:7f:41:bf:50:22:2d:d1:1d:02:26:d9:06:89:29:61:6c:
         b1:5b:b2:c0:c0:c7:42:c3:0d:07:b2:97:12:2a:46:01:8e:2c:
         55:b4:5a:fa
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ38L7vPc07kg3Yo9u3fJXfNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3OTkxNDBiNDJkYjZjYjZiZjhjNmRkNDEzNzQ3ZmNmNGE2
ZmQ5YjUwHhcNMjYwNTA2MDcyNzU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjJlNDNhNWRhOGYzYTZjOWRjODM4M2Y2ZDAwMWEwNjRhMDYyZTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxj5Yeyyh8UUZigG6DgzXPDA5oFza
eCjLF6wD6YhDyFAMgcGTvDTethTvnFzXzJYvLIXamiG8fXYj86ygxInmesnEhAl+
pWbNP3uko8PgSqBfhEkipJLZF6cYsvHNA5qmnxAkP4vaUsFQzZ53kzusRmUZxT0F
6VQ0OMjjtR4rgN4e4FYltkMSps8p6laOwv1CffxfQG32qkqt3RYSKHGZbzvXgMRQ
DQMGF6SUZDZoQ/gEMj3ZRel7zo4EZM+PTGjRgrqSY8BCsB/4kGOM54bb1lV5kVJ+
WiRly11GwVCU3I6pDjXNFKVannC3rXBvqpsgV+dsnrQ0sGZzytRbJ3VkbwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE8uQ6Xajzpsncg4P20AGgZKBi6fMB8GA1UdIwQY
MBaAFJeZFAtC22y2v4xt1BN0f89Kb9m1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDVrVUMwTGJiTGFfakczVUUzUl96MHB2MmJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS80ZWVmMDMtOTFmZS00NDVhLWE3Y2Qt
NTk1OTE5YmUwZjUyLzEvVHk1RHBkcVBPbXlkeURnX2JRQWFCa29HTHA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS80ZWVmMDMtOTFmZS00NDVhLWE3Y2QtNTk1OTE5YmUwZjUy
LzEvbDVrVUMwTGJiTGFfakczVUUzUl96MHB2MmJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBUs4CAwQB
Us5MMA0GCSqGSIb3DQEBCwUAA4IBAQB2NdAftKP4T9F6xqQLRkOGKfUTqo14YQrj
kUkKtuNx7NfxrDdu6tzjG6GZ6pU0BqlwSVfPaBa/paVjXOplvFILpuY1Dn5APjAx
Y5Fs7NX+8HH750PRVw3sDMR/OxnLS0Wr5pbDEi3XO7DJf5MUSdv7avgToEQW6qmZ
lq0cWpuGxo8KP0FyHsRjDYJjEESVV9Ny4kGRIG7/PcYhXc17A8bWhG0zWli1GpxK
zzv4SEvYnflO+aKMuzOyPsVk5ZIKNAbbWZam1zSYXaJOMCQVsj3trr53Do4ARMlQ
3n9Bv1AiLdEdAibZBokpYWyxW7LAwMdCww0HspcSKkYBjixVtFr6
-----END CERTIFICATE-----