Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/pY6dEwMcS1gIOrRtGnBkqmpfKCk.roa
File:                     pY6dEwMcS1gIOrRtGnBkqmpfKCk.roa (raw, json)
Hash identifier:          JP24dMSjHqtH5tjJ36BZcsOHYGx6NJpMpZ/DQIeN1mg=
Subject key identifier:   A5:8E:9D:13:03:1C:4B:58:08:3A:B4:6D:1A:70:64:AA:6A:5F:28:29
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       019D24071BDFA7AC8ABEFACF06851B43D46B
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/pY6dEwMcS1gIOrRtGnBkqmpfKCk.roa
Signing time:             Wed 25 Mar 2026 08:05:38 +0000
ROA not before:           Wed 25 Mar 2026 08:05:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        185.81.28.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:24:07:1b:df:a7:ac:8a:be:fa:cf:06:85:1b:43:d4:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: Mar 25 08:05:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a58e9d13031c4b58083ab46d1a7064aa6a5f2829
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:f0:3e:0f:ca:25:c4:e3:37:0b:bc:b9:07:94:
                    80:f2:23:5e:87:9c:dc:82:c4:1c:07:ee:83:e3:13:
                    48:91:94:c2:6b:84:1e:2c:1f:25:f5:10:2e:7a:76:
                    71:9d:88:ca:a9:ae:4b:44:88:be:20:06:d3:ad:70:
                    a8:f8:ea:21:e8:7f:e0:8e:ce:4f:0c:d3:fc:1d:da:
                    4f:5d:87:33:dd:9d:45:d6:5e:c1:50:e3:b0:f2:b2:
                    d8:b5:6e:3a:ca:d5:a1:13:7e:25:eb:96:f4:ac:9c:
                    ba:93:9f:5c:00:73:1b:7e:0f:f1:3b:b3:a9:36:d4:
                    1f:a0:13:4a:bf:93:5c:99:c7:ab:8b:5e:12:61:52:
                    3e:6c:42:8f:5f:1f:2b:31:f0:2f:61:f4:96:fc:06:
                    42:f0:74:f7:08:32:3c:1b:2a:a2:7a:eb:57:96:f7:
                    9d:e6:d8:01:95:5d:1c:ba:e0:b9:d6:f3:78:51:09:
                    06:1c:98:1e:04:1e:e3:ab:79:89:d9:19:9c:f2:03:
                    f1:73:91:e4:67:c8:6a:4b:5e:0e:6b:0d:50:9d:a4:
                    ee:5f:68:91:d1:b4:ee:01:95:dc:07:e7:42:9b:79:
                    30:99:ab:fd:9f:58:75:5c:7e:2a:91:e1:7c:99:2c:
                    12:b8:c9:24:6d:39:28:84:f8:34:b0:89:23:8d:47:
                    78:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:8E:9D:13:03:1C:4B:58:08:3A:B4:6D:1A:70:64:AA:6A:5F:28:29
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/pY6dEwMcS1gIOrRtGnBkqmpfKCk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.81.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         30:58:e6:97:43:e2:57:d2:ae:86:6a:3b:86:07:37:d5:a2:69:
         a9:ca:ea:93:77:22:5e:a3:80:bb:ba:28:57:c5:ad:27:52:de:
         68:64:4d:55:8f:f1:c2:45:e2:c4:a6:6a:28:b8:3d:6f:35:92:
         8b:14:04:35:b9:b4:8b:85:89:4a:67:d4:80:d9:a0:e5:94:4c:
         61:21:d9:2f:69:37:5d:38:37:d6:0f:8e:c4:9c:41:68:ea:17:
         99:d9:17:0f:53:ed:e6:c0:3e:30:79:47:f8:03:3d:20:44:fc:
         90:0b:f1:a4:a3:a7:a6:31:b5:26:e1:d4:3b:10:a0:da:7d:8f:
         e4:b1:3f:f0:5a:14:82:6b:eb:e4:71:29:7b:4c:bf:23:9b:c5:
         aa:af:7f:15:d3:87:bd:e9:5e:0c:77:19:62:11:b1:9d:7f:f3:
         6e:c6:04:fd:bb:d4:fc:e9:26:f4:00:9a:6e:75:04:14:56:7d:
         f9:21:61:d6:5e:98:5a:27:06:a1:a1:41:ae:15:1b:fe:03:95:
         23:01:a1:6b:4e:fc:8e:12:c1:75:f1:bd:46:3f:30:ac:c5:22:
         dd:2a:f8:23:a2:d1:6a:bc:43:14:52:f7:55:fe:dc:36:64:61:
         2e:54:17:10:eb:3d:3e:b8:e4:2f:f5:d4:75:cf:ee:f4:2f:2a:
         b9:f5:6b:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0kBxvfp6yKvvrPBoUbQ9RrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjYwMzI1MDgwNTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNThlOWQxMzAzMWM0YjU4MDgzYWI0NmQxYTcwNjRhYTZhNWYyODI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsfA+D8olxOM3C7y5B5SA8iNeh5zc
gsQcB+6D4xNIkZTCa4QeLB8l9RAuenZxnYjKqa5LRIi+IAbTrXCo+Ooh6H/gjs5P
DNP8HdpPXYcz3Z1F1l7BUOOw8rLYtW46ytWhE34l65b0rJy6k59cAHMbfg/xO7Op
NtQfoBNKv5Ncmceri14SYVI+bEKPXx8rMfAvYfSW/AZC8HT3CDI8GyqieutXlved
5tgBlV0cuuC51vN4UQkGHJgeBB7jq3mJ2Rmc8gPxc5HkZ8hqS14Oaw1QnaTuX2iR
0bTuAZXcB+dCm3kwmav9n1h1XH4qkeF8mSwSuMkkbTkohPg0sIkjjUd4XQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKWOnRMDHEtYCDq0bRpwZKpqXygpMB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEvcFk2ZEV3TWNTMWdJT3JSdEduQmtxbXBmS0NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVEcMA0G
CSqGSIb3DQEBCwUAA4IBAQAwWOaXQ+JX0q6GajuGBzfVommpyuqTdyJeo4C7uihX
xa0nUt5oZE1Vj/HCReLEpmoouD1vNZKLFAQ1ubSLhYlKZ9SA2aDllExhIdkvaTdd
ODfWD47EnEFo6heZ2RcPU+3mwD4weUf4Az0gRPyQC/Gko6emMbUm4dQ7EKDafY/k
sT/wWhSCa+vkcSl7TL8jm8Wqr38V04e96V4MdxliEbGdf/NuxgT9u9T86Sb0AJpu
dQQUVn35IWHWXphaJwahoUGuFRv+A5UjAaFrTvyOEsF18b1GPzCsxSLdKvgjotFq
vEMUUvdV/tw2ZGEuVBcQ6z0+uOQv9dR1z+70Lyq59WvZ
-----END CERTIFICATE-----