Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/pvtsjCAO4y-vq3ZdNaiR3OiYskU.roa
File:                     pvtsjCAO4y-vq3ZdNaiR3OiYskU.roa (raw, json)
Hash identifier:          IIyvHyWyAecP0+6Uelf3whmqvHx6kGdyzaJLoP3cD6w=
Subject key identifier:   A6:FB:6C:8C:20:0E:E3:2F:AF:AB:76:5D:35:A8:91:DC:E8:98:B2:45
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019E30CBB71B31949781CE4E3988B1A64A8C
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/pvtsjCAO4y-vq3ZdNaiR3OiYskU.roa
Signing time:             Sat 16 May 2026 12:38:37 +0000
ROA not before:           Sat 16 May 2026 12:38:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     272855
IP address blocks:        80.66.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 30 May 2026 15:28:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:30:cb:b7:1b:31:94:97:81:ce:4e:39:88:b1:a6:4a:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: May 16 12:38:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a6fb6c8c200ee32fafab765d35a891dce898b245
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:4d:01:24:4a:4f:59:e5:84:ac:9b:83:4a:f7:
                    14:d2:cb:e3:76:8a:41:89:80:fb:c4:59:29:69:c8:
                    9a:f1:40:23:13:3c:d7:36:79:b8:9e:33:c5:77:18:
                    2e:02:df:0a:0b:9f:16:c8:a0:0b:2f:3e:76:cd:f1:
                    e0:8c:b7:f2:1d:b2:8b:c1:de:ed:d8:6b:a0:c1:68:
                    3e:e9:1e:2f:fe:3a:bf:e9:e8:69:3e:f1:32:42:b0:
                    81:15:07:9c:42:27:b8:4c:99:92:bc:ca:37:36:b7:
                    12:12:f8:3d:39:33:1e:9b:b4:c8:dd:24:fd:e2:00:
                    aa:21:af:98:4e:f9:d0:bc:60:ba:04:65:97:21:57:
                    a2:70:e6:74:6b:3c:d4:f6:ea:70:fd:83:ac:37:0b:
                    fa:79:4a:84:e1:49:bf:a2:c3:04:18:63:52:af:b9:
                    e7:da:9d:04:9e:44:12:51:73:47:50:2a:5a:4b:ff:
                    89:d5:1b:2c:2c:92:f9:f9:a5:15:a9:fb:2c:12:16:
                    74:f3:8f:d7:20:52:6c:f4:31:f6:fd:59:e5:4b:a1:
                    bb:e7:61:a6:4e:39:0a:70:72:ff:49:d8:08:93:0c:
                    b1:04:47:2c:94:2b:4f:f1:c3:15:13:ba:00:88:41:
                    a3:04:dc:79:ba:1c:5f:ba:bd:ea:97:4c:7f:9c:e7:
                    3b:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:FB:6C:8C:20:0E:E3:2F:AF:AB:76:5D:35:A8:91:DC:E8:98:B2:45
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/pvtsjCAO4y-vq3ZdNaiR3OiYskU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.66.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c6:af:52:2d:e1:c4:9f:17:1c:44:58:03:b3:cd:64:ba:26:9c:
         30:6a:fa:48:8e:57:f8:6d:5f:f1:c8:58:13:49:e8:b2:54:ae:
         ab:14:bd:c6:55:f5:70:3a:e0:79:92:b8:e4:c8:5a:4d:08:28:
         1c:3b:ff:35:41:bb:12:3d:a2:50:68:e2:e4:76:9c:61:51:75:
         92:7d:bc:7e:8d:23:51:6c:66:04:e6:06:bc:5e:42:75:4a:69:
         47:37:b9:c3:1c:33:e3:61:48:b2:1d:a0:c4:74:17:25:d0:2e:
         7f:b7:f4:c4:6c:02:49:c4:35:d3:72:88:34:1e:96:0d:36:a1:
         1f:d8:3f:ff:e3:a4:e7:48:19:71:51:b7:76:14:53:fa:5a:30:
         f0:6f:b9:34:84:19:76:0a:d6:66:1e:f1:57:3f:a2:bf:fe:b9:
         ab:61:0d:cc:c6:77:ae:44:d9:02:81:13:d5:2f:58:82:b8:bd:
         eb:15:dd:9f:2b:c4:d7:7f:45:44:31:dd:4e:57:d4:45:b0:b2:
         b3:d3:02:49:ec:cd:93:05:54:56:77:33:87:cd:f0:d4:df:b5:
         3c:3d:ee:ed:b8:5a:88:9e:83:b7:1c:1b:3d:47:66:41:53:0e:
         e0:ba:c4:7c:67:69:64:e6:14:3d:21:26:cf:50:6f:0b:0a:b1:
         18:51:8e:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4wy7cbMZSXgc5OOYixpkqMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjYwNTE2MTIzODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmZiNmM4YzIwMGVlMzJmYWZhYjc2NWQzNWE4OTFkY2U4OThiMjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsU0BJEpPWeWErJuDSvcU0svjdopB
iYD7xFkpacia8UAjEzzXNnm4njPFdxguAt8KC58WyKALLz52zfHgjLfyHbKLwd7t
2GugwWg+6R4v/jq/6ehpPvEyQrCBFQecQie4TJmSvMo3NrcSEvg9OTMem7TI3ST9
4gCqIa+YTvnQvGC6BGWXIVeicOZ0azzU9upw/YOsNwv6eUqE4Um/osMEGGNSr7nn
2p0EnkQSUXNHUCpaS/+J1RssLJL5+aUVqfssEhZ084/XIFJs9DH2/VnlS6G752Gm
TjkKcHL/SdgIkwyxBEcslCtP8cMVE7oAiEGjBNx5uhxfur3ql0x/nOc7GwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKb7bIwgDuMvr6t2XTWokdzomLJFMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvcHZ0c2pDQU80eS12cTNaZE5haVIzT2lZc2tVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEJ9MA0G
CSqGSIb3DQEBCwUAA4IBAQDGr1It4cSfFxxEWAOzzWS6JpwwavpIjlf4bV/xyFgT
SeiyVK6rFL3GVfVwOuB5krjkyFpNCCgcO/81QbsSPaJQaOLkdpxhUXWSfbx+jSNR
bGYE5ga8XkJ1SmlHN7nDHDPjYUiyHaDEdBcl0C5/t/TEbAJJxDXTcog0HpYNNqEf
2D//46TnSBlxUbd2FFP6WjDwb7k0hBl2CtZmHvFXP6K//rmrYQ3MxneuRNkCgRPV
L1iCuL3rFd2fK8TXf0VEMd1OV9RFsLKz0wJJ7M2TBVRWdzOHzfDU37U8Pe7tuFqI
noO3HBs9R2ZBUw7gusR8Z2lk5hQ9ISbPUG8LCrEYUY7i
-----END CERTIFICATE-----