Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/64dabb-7a01-40d5-a587-ee27cbca747e/1/LYW2fplHFaYQiPqvAdr_sKehM90.roa
File:                     LYW2fplHFaYQiPqvAdr_sKehM90.roa (raw, json)
Hash identifier:          8MK6zJkVz5x6OyzTFZpsWSxtzB4SrLx4cMMtXCGfh10=
Subject key identifier:   2D:85:B6:7E:99:47:15:A6:10:88:FA:AF:01:DA:FF:B0:A7:A1:33:DD
Certificate issuer:       /CN=66306e3acf3eb903cc73973fb62860b663516c93
Certificate serial:       019CDC00E1B3034C797CCF0E0850CB2BCA5F
Authority key identifier: 66:30:6E:3A:CF:3E:B9:03:CC:73:97:3F:B6:28:60:B6:63:51:6C:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZjBuOs8-uQPMc5c_tihgtmNRbJM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/64dabb-7a01-40d5-a587-ee27cbca747e/1/LYW2fplHFaYQiPqvAdr_sKehM90.roa
Signing time:             Wed 11 Mar 2026 08:26:11 +0000
ROA not before:           Wed 11 Mar 2026 08:26:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203979
IP address blocks:        80.173.204.0/24 maxlen: 24
                          80.173.205.0/24 maxlen: 24
                          80.173.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/64dabb-7a01-40d5-a587-ee27cbca747e/1/ZjBuOs8-uQPMc5c_tihgtmNRbJM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/64dabb-7a01-40d5-a587-ee27cbca747e/1/ZjBuOs8-uQPMc5c_tihgtmNRbJM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZjBuOs8-uQPMc5c_tihgtmNRbJM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:dc:00:e1:b3:03:4c:79:7c:cf:0e:08:50:cb:2b:ca:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66306e3acf3eb903cc73973fb62860b663516c93
        Validity
            Not Before: Mar 11 08:26:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2d85b67e994715a61088faaf01daffb0a7a133dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:52:b9:d2:b4:e3:a9:55:eb:50:1d:eb:32:ea:
                    16:ba:9a:59:a1:e9:61:43:b8:a2:45:90:e4:f6:f9:
                    53:d9:7e:9e:f1:c8:5a:3c:68:fa:01:9a:7e:4b:f0:
                    aa:ae:8c:54:83:61:c6:c5:5e:90:a3:94:09:ff:7d:
                    a8:21:7d:d7:df:89:07:12:2d:59:4d:88:41:19:c9:
                    c9:cb:2f:a1:1d:f3:f8:94:1e:8e:fd:32:e4:3e:90:
                    8b:18:59:81:8a:a3:be:6d:35:07:73:e0:88:5e:2b:
                    d2:fa:f5:00:29:85:53:bd:5e:eb:99:7a:fe:81:e4:
                    67:5b:4e:14:f1:94:de:ca:39:fd:db:47:42:19:38:
                    de:5d:0c:ca:6c:d7:41:51:4a:c2:db:46:2d:ca:d1:
                    ad:ef:51:61:8b:44:2d:7b:43:b8:52:e3:3e:a3:a5:
                    4e:6f:1a:c6:ea:fb:0d:be:7c:f3:44:d3:e6:df:33:
                    ec:90:9f:66:c8:5c:29:fc:03:71:64:12:83:18:73:
                    cd:01:d9:52:4a:91:d4:c1:70:63:65:52:eb:98:fd:
                    1f:84:fd:4c:30:09:c8:ab:b6:95:aa:9a:d8:dc:4e:
                    d1:60:31:11:76:2a:f6:46:f1:0b:ab:44:47:e0:12:
                    4d:1c:c3:5b:4a:e7:3f:04:83:2e:19:c8:70:39:b3:
                    1e:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:85:B6:7E:99:47:15:A6:10:88:FA:AF:01:DA:FF:B0:A7:A1:33:DD
            X509v3 Authority Key Identifier:
                keyid:66:30:6E:3A:CF:3E:B9:03:CC:73:97:3F:B6:28:60:B6:63:51:6C:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZjBuOs8-uQPMc5c_tihgtmNRbJM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/64dabb-7a01-40d5-a587-ee27cbca747e/1/LYW2fplHFaYQiPqvAdr_sKehM90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/64dabb-7a01-40d5-a587-ee27cbca747e/1/ZjBuOs8-uQPMc5c_tihgtmNRbJM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.173.204.0-80.173.206.255

    Signature Algorithm: sha256WithRSAEncryption
         63:77:08:fe:33:1a:a7:55:4e:c1:c2:9a:92:77:92:fe:bb:d8:
         6c:a9:e6:33:33:01:9a:a5:a9:13:f0:00:f7:53:19:0b:64:f0:
         83:c2:59:c0:cf:af:d6:b3:b1:64:d2:28:4c:de:c7:f7:15:22:
         2e:a9:44:00:95:47:39:5f:19:54:e0:82:43:d1:3b:ee:bb:1c:
         a0:94:a5:42:5e:13:8a:64:a2:53:ac:5a:bf:f3:d8:fd:dd:38:
         aa:04:cf:b5:27:ba:e8:42:67:73:59:5c:ba:05:b1:75:73:50:
         b6:27:fd:b2:34:06:96:56:8d:13:a8:e1:b7:7e:de:41:55:c6:
         ac:24:31:43:70:3c:54:0b:58:dc:4b:87:33:fc:94:14:4d:12:
         07:1f:ef:9b:0f:b1:aa:54:2c:e0:ce:ef:ef:12:7f:43:af:ca:
         9d:e1:e9:2f:ed:4f:1e:5f:2c:9b:59:97:9f:3f:fc:bd:e7:8c:
         b5:28:6b:ab:4e:29:7f:5d:49:a4:20:a4:67:f7:8f:07:ae:1c:
         87:e9:34:8e:f1:24:1b:03:81:04:be:7f:1d:69:77:85:30:8e:
         f7:20:90:43:74:c2:1a:a0:14:dc:08:60:a3:30:e2:1d:66:23:
         67:1d:35:09:78:30:79:e4:27:4b:53:40:0c:6e:6e:88:02:63:
         1e:d1:67:b6
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZzcAOGzA0x5fM8OCFDLK8pfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2MzA2ZTNhY2YzZWI5MDNjYzczOTczZmI2Mjg2MGI2NjM1
MTZjOTMwHhcNMjYwMzExMDgyNjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDg1YjY3ZTk5NDcxNWE2MTA4OGZhYWYwMWRhZmZiMGE3YTEzM2RkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFK50rTjqVXrUB3rMuoWuppZoelh
Q7iiRZDk9vlT2X6e8chaPGj6AZp+S/CqroxUg2HGxV6Qo5QJ/32oIX3X34kHEi1Z
TYhBGcnJyy+hHfP4lB6O/TLkPpCLGFmBiqO+bTUHc+CIXivS+vUAKYVTvV7rmXr+
geRnW04U8ZTeyjn920dCGTjeXQzKbNdBUUrC20YtytGt71Fhi0Qte0O4UuM+o6VO
bxrG6vsNvnzzRNPm3zPskJ9myFwp/ANxZBKDGHPNAdlSSpHUwXBjZVLrmP0fhP1M
MAnIq7aVqprY3E7RYDERdir2RvELq0RH4BJNHMNbSuc/BIMuGchwObMewQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFC2Ftn6ZRxWmEIj6rwHa/7CnoTPdMB8GA1UdIwQY
MBaAFGYwbjrPPrkDzHOXP7YoYLZjUWyTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmpCdU9zOC11UVBNYzVjX3RpaGd0bU5SYkpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS82NGRhYmItN2EwMS00MGQ1LWE1ODct
ZWUyN2NiY2E3NDdlLzEvTFlXMmZwbEhGYVlRaVBxdkFkcl9zS2VoTTkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS82NGRhYmItN2EwMS00MGQ1LWE1ODctZWUyN2NiY2E3NDdl
LzEvWmpCdU9zOC11UVBNYzVjX3RpaGd0bU5SYkpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAJQrcwD
BABQrc4wDQYJKoZIhvcNAQELBQADggEBAGN3CP4zGqdVTsHCmpJ3kv672Gyp5jMz
AZqlqRPwAPdTGQtk8IPCWcDPr9azsWTSKEzex/cVIi6pRACVRzlfGVTggkPRO+67
HKCUpUJeE4pkolOsWr/z2P3dOKoEz7UnuuhCZ3NZXLoFsXVzULYn/bI0BpZWjROo
4bd+3kFVxqwkMUNwPFQLWNxLhzP8lBRNEgcf75sPsapULODO7+8Sf0Ovyp3h6S/t
Tx5fLJtZl58//L3njLUoa6tOKX9dSaQgpGf3jweuHIfpNI7xJBsDgQS+fx1pd4Uw
jvcgkEN0whqgFNwIYKMw4h1mI2cdNQl4MHnkJ0tTQAxubogCYx7RZ7Y=
-----END CERTIFICATE-----