Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/5a5e87-95dd-45b3-87c1-badd696cc986/1/BP5yGhcJXG9r0lMiv4L7Etmp26E.roa
File:                     BP5yGhcJXG9r0lMiv4L7Etmp26E.roa (raw, json)
Hash identifier:          6Sxk0HL0oTOArUlf31KZylLt+2Pj/BGdXVCipqveahM=
Subject key identifier:   04:FE:72:1A:17:09:5C:6F:6B:D2:53:22:BF:82:FB:12:D9:A9:DB:A1
Certificate issuer:       /CN=ac5d4cea41585a0a368401699280ac1b6bb73223
Certificate serial:       019B7910FAFE58EF4693A749130E0321640C
Authority key identifier: AC:5D:4C:EA:41:58:5A:0A:36:84:01:69:92:80:AC:1B:6B:B7:32:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rF1M6kFYWgo2hAFpkoCsG2u3MiM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/5a5e87-95dd-45b3-87c1-badd696cc986/1/BP5yGhcJXG9r0lMiv4L7Etmp26E.roa
Signing time:             Thu 01 Jan 2026 10:18:34 +0000
ROA not before:           Thu 01 Jan 2026 10:18:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31634
IP address blocks:        83.166.8.0/21 maxlen: 21
                          83.166.16.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/5a5e87-95dd-45b3-87c1-badd696cc986/1/rF1M6kFYWgo2hAFpkoCsG2u3MiM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/5a5e87-95dd-45b3-87c1-badd696cc986/1/rF1M6kFYWgo2hAFpkoCsG2u3MiM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rF1M6kFYWgo2hAFpkoCsG2u3MiM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:fa:fe:58:ef:46:93:a7:49:13:0e:03:21:64:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac5d4cea41585a0a368401699280ac1b6bb73223
        Validity
            Not Before: Jan  1 10:18:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=04fe721a17095c6f6bd25322bf82fb12d9a9dba1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:5b:2d:83:ad:c9:79:19:d2:76:e7:5d:f3:2c:
                    7d:fa:2c:6d:c1:04:59:3c:f2:54:a6:d1:03:6f:e9:
                    af:2e:7b:91:a1:34:7b:8c:51:e2:92:c9:04:38:b7:
                    c8:40:8a:33:03:7c:ce:ea:27:7c:ea:0e:4f:13:a6:
                    13:58:33:7f:ec:57:30:9e:91:74:ab:71:5a:8f:f9:
                    dd:68:3c:ef:66:f0:f2:e7:de:a3:b1:80:22:35:d4:
                    b0:0d:62:13:be:e9:49:ce:8b:ea:c5:b9:0c:e0:f3:
                    25:18:da:d4:ea:36:bc:93:6f:71:ed:d5:6c:6f:b5:
                    06:66:c4:9c:1d:b2:4e:31:f6:e3:ae:25:08:84:62:
                    b7:d6:d4:55:5c:7b:4f:0c:88:6f:19:8d:c8:88:70:
                    91:f4:53:b4:34:82:36:b5:02:ca:ee:c5:46:42:41:
                    8f:e4:83:32:d7:26:b4:39:7e:5a:e8:58:ae:7c:b6:
                    e7:0a:1c:15:70:13:1a:42:8f:89:a7:ba:b8:60:1f:
                    89:d7:79:a1:80:f7:fa:92:49:da:50:9a:52:d2:b6:
                    b2:ba:01:4f:67:0f:60:f9:5b:49:41:86:a3:be:e0:
                    e7:5a:f5:3c:a6:12:18:ec:22:2e:80:8e:3e:81:8f:
                    fc:9e:68:51:fa:82:3e:26:1b:6a:33:3e:7d:12:4a:
                    d5:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:FE:72:1A:17:09:5C:6F:6B:D2:53:22:BF:82:FB:12:D9:A9:DB:A1
            X509v3 Authority Key Identifier:
                keyid:AC:5D:4C:EA:41:58:5A:0A:36:84:01:69:92:80:AC:1B:6B:B7:32:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rF1M6kFYWgo2hAFpkoCsG2u3MiM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/5a5e87-95dd-45b3-87c1-badd696cc986/1/BP5yGhcJXG9r0lMiv4L7Etmp26E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/5a5e87-95dd-45b3-87c1-badd696cc986/1/rF1M6kFYWgo2hAFpkoCsG2u3MiM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.166.8.0-83.166.23.255

    Signature Algorithm: sha256WithRSAEncryption
         5d:3b:51:14:f3:ba:50:06:39:8d:15:b7:66:73:e7:e3:c1:64:
         d5:9e:98:9e:80:6f:e8:9a:0a:70:a2:f9:45:a7:4c:71:1a:5f:
         6e:85:fa:74:05:ad:9c:42:29:71:39:e3:3f:6a:c9:56:19:b2:
         94:fd:a4:0d:14:eb:5a:25:9f:c9:af:09:3b:9a:8d:6a:3c:71:
         cb:cc:fe:da:71:f4:dd:ba:9d:ce:aa:89:54:0e:5d:c2:69:b3:
         41:7a:71:52:87:ec:a4:0b:6f:1d:74:de:8e:89:75:6b:cb:7a:
         e2:1d:e6:c3:56:36:8c:9d:59:95:8d:a1:1c:cb:fd:48:83:96:
         4f:ad:64:62:9a:83:ef:c9:d7:58:6c:52:0f:52:dc:e4:80:b5:
         74:9e:00:f3:bc:54:2e:f7:8a:23:88:42:eb:68:64:80:a2:23:
         79:04:ef:e5:77:f8:d4:b5:ff:b6:b7:4c:b5:a4:61:76:79:5b:
         8d:66:bb:fa:25:3e:69:62:0c:9a:c2:f2:16:71:d9:bc:7c:cf:
         32:3e:7d:9b:13:e6:61:51:3b:ef:32:48:70:a0:ef:cf:df:d4:
         41:c2:57:97:c3:c5:52:34:18:49:57:7c:67:53:db:42:a4:ea:
         fe:50:46:c9:11:d3:9c:b4:0c:9a:f0:3d:1c:d3:89:8c:85:41:
         56:f5:8c:5e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZt5EPr+WO9Gk6dJEw4DIWQMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjNWQ0Y2VhNDE1ODVhMGEzNjg0MDE2OTkyODBhYzFiNmJi
NzMyMjMwHhcNMjYwMTAxMTAxODM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGZlNzIxYTE3MDk1YzZmNmJkMjUzMjJiZjgyZmIxMmQ5YTlkYmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqFstg63JeRnSdudd8yx9+ixtwQRZ
PPJUptEDb+mvLnuRoTR7jFHikskEOLfIQIozA3zO6id86g5PE6YTWDN/7FcwnpF0
q3Faj/ndaDzvZvDy596jsYAiNdSwDWITvulJzovqxbkM4PMlGNrU6ja8k29x7dVs
b7UGZsScHbJOMfbjriUIhGK31tRVXHtPDIhvGY3IiHCR9FO0NII2tQLK7sVGQkGP
5IMy1ya0OX5a6FiufLbnChwVcBMaQo+Jp7q4YB+J13mhgPf6kknaUJpS0rayugFP
Zw9g+VtJQYajvuDnWvU8phIY7CIugI4+gY/8nmhR+oI+JhtqMz59EkrVWQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFAT+choXCVxva9JTIr+C+xLZqduhMB8GA1UdIwQY
MBaAFKxdTOpBWFoKNoQBaZKArBtrtzIjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckYxTTZrRllXZ28yaEFGcGtvQ3NHMnUzTWlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS81YTVlODctOTVkZC00NWIzLTg3YzEt
YmFkZDY5NmNjOTg2LzEvQlA1eUdoY0pYRzlyMGxNaXY0TDdFdG1wMjZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS81YTVlODctOTVkZC00NWIzLTg3YzEtYmFkZDY5NmNjOTg2
LzEvckYxTTZrRllXZ28yaEFGcGtvQ3NHMnUzTWlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBANTpggD
BANTphAwDQYJKoZIhvcNAQELBQADggEBAF07URTzulAGOY0Vt2Zz5+PBZNWemJ6A
b+iaCnCi+UWnTHEaX26F+nQFrZxCKXE54z9qyVYZspT9pA0U61oln8mvCTuajWo8
ccvM/tpx9N26nc6qiVQOXcJps0F6cVKH7KQLbx103o6JdWvLeuId5sNWNoydWZWN
oRzL/UiDlk+tZGKag+/J11hsUg9S3OSAtXSeAPO8VC73iiOIQutoZICiI3kE7+V3
+NS1/7a3TLWkYXZ5W41mu/olPmliDJrC8hZx2bx8zzI+fZsT5mFRO+8ySHCg78/f
1EHCV5fDxVI0GElXfGdT20Kk6v5QRskR05y0DJrwPRzTiYyFQVb1jF4=
-----END CERTIFICATE-----