Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/f5634f-c49f-4d9a-9534-1756887dd4cb/1/AsgCbpxXAfVEl8fMySxEMEBj3v0.roa
File:                     AsgCbpxXAfVEl8fMySxEMEBj3v0.roa (raw, json)
Hash identifier:          3DUclWrbvVnjRe22xwXjCYPITDFNxuR0Ynpweo6931E=
Subject key identifier:   02:C8:02:6E:9C:57:01:F5:44:97:C7:CC:C9:2C:44:30:40:63:DE:FD
Certificate issuer:       /CN=ac82c9dd9d6ccfb38ca11640e102f751ae274927
Certificate serial:       019DD3E765AA5398FFC15DB22D5969C7D7C0
Authority key identifier: AC:82:C9:DD:9D:6C:CF:B3:8C:A1:16:40:E1:02:F7:51:AE:27:49:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rILJ3Z1sz7OMoRZA4QL3Ua4nSSc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/f5634f-c49f-4d9a-9534-1756887dd4cb/1/AsgCbpxXAfVEl8fMySxEMEBj3v0.roa
Signing time:             Tue 28 Apr 2026 11:44:10 +0000
ROA not before:           Tue 28 Apr 2026 11:44:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29119
IP address blocks:        81.172.32.0/22 maxlen: 22
                          81.172.112.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/f5634f-c49f-4d9a-9534-1756887dd4cb/1/rILJ3Z1sz7OMoRZA4QL3Ua4nSSc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/f5634f-c49f-4d9a-9534-1756887dd4cb/1/rILJ3Z1sz7OMoRZA4QL3Ua4nSSc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rILJ3Z1sz7OMoRZA4QL3Ua4nSSc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 17:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d3:e7:65:aa:53:98:ff:c1:5d:b2:2d:59:69:c7:d7:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac82c9dd9d6ccfb38ca11640e102f751ae274927
        Validity
            Not Before: Apr 28 11:44:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=02c8026e9c5701f54497c7ccc92c44304063defd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a4:4d:25:c5:26:7c:c7:d4:84:ee:3c:d2:b7:
                    7f:71:05:97:b7:0d:0b:3a:81:e2:aa:b2:9d:df:b0:
                    f9:c2:33:75:5f:20:6e:7f:b1:e4:9c:1f:61:da:9c:
                    c2:8c:e4:5e:99:72:3f:ce:29:b7:da:3d:5b:e9:d2:
                    35:39:53:5b:ce:37:45:c1:b5:a1:d6:3c:f4:9d:0e:
                    7f:02:34:9c:d5:19:66:62:42:86:19:73:fa:f9:5e:
                    bd:7b:09:f7:10:16:9f:63:92:1e:fc:7c:2b:dd:b7:
                    a0:d9:a5:75:67:99:0c:73:c2:3e:f5:fb:3e:f9:9e:
                    ac:51:c2:39:74:1f:ee:e0:7c:9e:a0:81:4d:91:c0:
                    5c:da:ab:cc:c6:98:d7:a9:aa:e2:41:6f:b3:54:ad:
                    7d:48:a5:b7:e3:8a:1b:81:96:57:69:2b:72:00:24:
                    93:c4:44:ca:93:f6:20:99:cf:66:bd:ee:5a:8f:aa:
                    39:b1:ee:15:38:44:f1:68:dc:b2:08:52:71:96:51:
                    e9:d2:e8:09:1e:92:4f:e4:ba:48:ea:92:2e:0d:e3:
                    8e:a2:54:0c:7b:69:1c:81:52:ca:7f:e1:9c:3f:01:
                    0d:a1:7a:69:b6:a9:5a:73:5a:7b:ec:8a:12:fe:f0:
                    4e:95:32:41:b1:31:fe:87:7d:60:c8:a9:27:08:db:
                    55:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:C8:02:6E:9C:57:01:F5:44:97:C7:CC:C9:2C:44:30:40:63:DE:FD
            X509v3 Authority Key Identifier:
                keyid:AC:82:C9:DD:9D:6C:CF:B3:8C:A1:16:40:E1:02:F7:51:AE:27:49:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rILJ3Z1sz7OMoRZA4QL3Ua4nSSc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/f5634f-c49f-4d9a-9534-1756887dd4cb/1/AsgCbpxXAfVEl8fMySxEMEBj3v0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/f5634f-c49f-4d9a-9534-1756887dd4cb/1/rILJ3Z1sz7OMoRZA4QL3Ua4nSSc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.172.32.0/22
                  81.172.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:79:21:b8:92:90:cb:c4:8c:65:a6:c6:bd:1a:d2:bd:f9:72:
         b2:45:6c:cc:ba:2a:a3:84:00:a8:f8:7f:b8:e5:87:d9:cd:f9:
         81:9e:a9:2e:9f:55:37:ca:0e:1f:e6:9a:6a:f9:62:2b:40:e5:
         09:5e:ff:bb:6c:a0:df:f0:5d:ce:f7:f9:9d:7f:dd:95:2b:7f:
         4c:cf:c7:87:5b:2d:c8:bf:bb:bd:4f:65:c2:46:89:1b:32:05:
         76:01:c7:3e:a6:f5:ff:7b:a2:d0:ba:14:0b:87:a1:37:e7:7c:
         87:e4:a9:d0:96:ba:dd:93:b9:20:a2:af:82:dd:4c:b4:23:bc:
         7e:ab:06:66:05:be:91:6e:7a:aa:77:c8:f8:68:ae:f9:58:f4:
         d6:97:2f:c5:92:81:b3:fd:eb:7f:66:f1:ef:76:86:73:4d:5d:
         ee:40:30:6e:f7:44:ac:54:4c:cf:88:cd:0a:08:04:6f:4e:2a:
         68:74:3e:80:bf:af:be:50:9c:25:84:5a:6c:9a:13:c7:a7:07:
         71:40:a3:db:a2:e7:80:bd:34:76:6b:3c:2b:63:63:d7:b2:12:
         28:e5:54:a4:cc:50:64:a1:7b:ef:94:2b:f8:79:74:49:ca:c1:
         ba:3d:1e:54:37:3e:ed:ef:bb:28:b1:f9:6d:5f:dc:b2:f9:f2:
         d1:b1:50:9e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3T52WqU5j/wV2yLVlpx9fAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjODJjOWRkOWQ2Y2NmYjM4Y2ExMTY0MGUxMDJmNzUxYWUy
NzQ5MjcwHhcNMjYwNDI4MTE0NDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmM4MDI2ZTljNTcwMWY1NDQ5N2M3Y2NjOTJjNDQzMDQwNjNkZWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtaRNJcUmfMfUhO480rd/cQWXtw0L
OoHiqrKd37D5wjN1XyBuf7HknB9h2pzCjORemXI/zim32j1b6dI1OVNbzjdFwbWh
1jz0nQ5/AjSc1RlmYkKGGXP6+V69ewn3EBafY5Ie/Hwr3beg2aV1Z5kMc8I+9fs+
+Z6sUcI5dB/u4HyeoIFNkcBc2qvMxpjXqariQW+zVK19SKW344obgZZXaStyACST
xETKk/Ygmc9mve5aj6o5se4VOETxaNyyCFJxllHp0ugJHpJP5LpI6pIuDeOOolQM
e2kcgVLKf+GcPwENoXpptqlac1p77IoS/vBOlTJBsTH+h31gyKknCNtVYQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFALIAm6cVwH1RJfHzMksRDBAY979MB8GA1UdIwQY
MBaAFKyCyd2dbM+zjKEWQOEC91GuJ0knMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcklMSjNaMXN6N09Nb1JaQTRRTDNVYTRuU1NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9mNTYzNGYtYzQ5Zi00ZDlhLTk1MzQt
MTc1Njg4N2RkNGNiLzEvQXNnQ2JweFhBZlZFbDhmTXlTeEVNRUJqM3YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9mNTYzNGYtYzQ5Zi00ZDlhLTk1MzQtMTc1Njg4N2RkNGNi
LzEvcklMSjNaMXN6N09Nb1JaQTRRTDNVYTRuU1NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCUawgAwQC
UaxwMA0GCSqGSIb3DQEBCwUAA4IBAQCFeSG4kpDLxIxlpsa9GtK9+XKyRWzMuiqj
hACo+H+45YfZzfmBnqkun1U3yg4f5ppq+WIrQOUJXv+7bKDf8F3O9/mdf92VK39M
z8eHWy3Iv7u9T2XCRokbMgV2Acc+pvX/e6LQuhQLh6E353yH5KnQlrrdk7kgoq+C
3Uy0I7x+qwZmBb6Rbnqqd8j4aK75WPTWly/FkoGz/et/ZvHvdoZzTV3uQDBu90Ss
VEzPiM0KCARvTipodD6Av6++UJwlhFpsmhPHpwdxQKPboueAvTR2azwrY2PXshIo
5VSkzFBkoXvvlCv4eXRJysG6PR5UNz7t77sosfltX9yy+fLRsVCe
-----END CERTIFICATE-----