Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/dAYbp_idfM9oD27LO2OG4Lj-bSc.roa
File:                     dAYbp_idfM9oD27LO2OG4Lj-bSc.roa (raw, json)
Hash identifier:          +DgvNkMSI9ln0SfP+bwpToKJ+C6XmyR2t8iEX1H3J34=
Subject key identifier:   74:06:1B:A7:F8:9D:7C:CF:68:0F:6E:CB:3B:63:86:E0:B8:FE:6D:27
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019E5E2A17F87E63B8410756EF2F92719F27
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/dAYbp_idfM9oD27LO2OG4Lj-bSc.roa
Signing time:             Mon 25 May 2026 08:04:37 +0000
ROA not before:           Mon 25 May 2026 08:04:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     36351
IP address blocks:        5.83.159.0/24 maxlen: 24
                          89.144.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 05:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:5e:2a:17:f8:7e:63:b8:41:07:56:ef:2f:92:71:9f:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: May 25 08:04:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=74061ba7f89d7ccf680f6ecb3b6386e0b8fe6d27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:61:fb:e3:78:fc:d2:d2:51:ca:e7:1f:5e:93:
                    6a:f5:88:b1:5c:d3:53:46:86:15:a1:78:02:3c:78:
                    26:0a:06:a4:6d:ab:72:7c:8e:86:29:74:72:46:d2:
                    f4:b3:7b:cd:ee:33:14:c4:34:c7:15:e3:a6:1e:7e:
                    9c:48:98:aa:19:da:9d:df:0f:08:3b:1b:43:41:41:
                    f2:7c:c4:e0:80:a9:67:bf:0e:32:a8:a8:36:b4:64:
                    75:ed:7e:b8:90:ae:c4:91:6f:ad:9f:c2:fd:58:fb:
                    e8:57:78:d8:f7:1c:ab:61:ce:0c:50:c5:52:6a:89:
                    cf:d5:40:b9:61:ce:19:1f:27:ac:34:f5:b1:b4:bb:
                    aa:13:ec:ef:37:37:c8:f0:f1:0d:bf:0c:b6:3a:10:
                    c7:0d:2b:fd:fc:82:4d:5c:b6:7f:8a:a3:f1:23:d3:
                    c4:e8:2f:ea:fc:30:78:f0:0b:92:ba:d3:41:53:12:
                    aa:ba:c7:ae:30:ca:1f:5c:2b:8b:5f:f3:8c:62:8b:
                    29:40:56:de:0f:49:65:9f:54:3d:f1:2d:44:99:43:
                    04:f4:e6:4f:29:42:b3:6e:7a:01:54:d8:eb:98:83:
                    2b:25:00:4a:40:2d:70:5a:32:79:40:3a:44:93:91:
                    0e:5e:c5:93:25:27:15:a4:12:e6:76:bc:27:20:05:
                    22:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:06:1B:A7:F8:9D:7C:CF:68:0F:6E:CB:3B:63:86:E0:B8:FE:6D:27
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/dAYbp_idfM9oD27LO2OG4Lj-bSc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.83.159.0/24
                  89.144.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:a0:17:ae:46:c2:97:f8:3b:94:31:e0:54:57:9e:2b:ba:0a:
         63:e5:94:c6:0b:5c:f7:2d:d4:96:21:20:9f:b7:cd:d1:72:d7:
         b1:b3:49:23:0e:78:60:ab:4b:ce:2f:13:f0:df:1e:2d:c9:64:
         a7:f8:52:d8:49:86:24:bd:f8:52:7d:fc:2d:82:f4:bd:9d:57:
         56:37:8a:01:8b:45:f5:5e:4d:16:9c:e5:82:8d:9d:c3:c3:fd:
         cf:88:54:a4:d3:25:5e:af:c2:d9:6f:25:2f:42:d4:dc:81:cf:
         d1:1e:27:f2:b2:74:d9:62:62:c0:49:22:60:ee:97:cb:d2:71:
         05:1d:52:c6:c1:20:ca:f0:2c:a8:0b:bd:ea:d1:bd:ca:d1:c7:
         90:ef:e9:e3:97:51:29:4a:40:ee:1e:1d:b1:3c:1d:12:33:22:
         74:7d:75:66:0d:f0:0e:37:e7:59:d1:87:c7:4b:22:37:31:f6:
         e4:28:f6:5c:b3:cd:f8:d8:a4:d1:ea:03:a0:1c:61:4a:33:e8:
         27:de:e3:fd:87:65:13:35:aa:83:5f:1e:2f:c3:68:9c:fb:61:
         21:cd:c9:b6:ce:2e:84:ac:d6:6b:2f:42:51:59:7f:91:61:9b:
         5d:8b:25:92:30:ad:c9:19:4e:24:74:fb:f3:1b:63:4d:f6:e9:
         ab:33:c9:4d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5eKhf4fmO4QQdW7y+ScZ8nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwNTI1MDgwNDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDA2MWJhN2Y4OWQ3Y2NmNjgwZjZlY2IzYjYzODZlMGI4ZmU2ZDI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuWH743j80tJRyucfXpNq9YixXNNT
RoYVoXgCPHgmCgakbatyfI6GKXRyRtL0s3vN7jMUxDTHFeOmHn6cSJiqGdqd3w8I
OxtDQUHyfMTggKlnvw4yqKg2tGR17X64kK7EkW+tn8L9WPvoV3jY9xyrYc4MUMVS
aonP1UC5Yc4ZHyesNPWxtLuqE+zvNzfI8PENvwy2OhDHDSv9/IJNXLZ/iqPxI9PE
6C/q/DB48AuSutNBUxKquseuMMofXCuLX/OMYospQFbeD0lln1Q98S1EmUME9OZP
KUKzbnoBVNjrmIMrJQBKQC1wWjJ5QDpEk5EOXsWTJScVpBLmdrwnIAUiSwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHQGG6f4nXzPaA9uyztjhuC4/m0nMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvZEFZYnBfaWRmTTlvRDI3TE8yT0c0TGotYlNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABVOfAwQA
WZArMA0GCSqGSIb3DQEBCwUAA4IBAQBloBeuRsKX+DuUMeBUV54rugpj5ZTGC1z3
LdSWISCft83Rctexs0kjDnhgq0vOLxPw3x4tyWSn+FLYSYYkvfhSffwtgvS9nVdW
N4oBi0X1Xk0WnOWCjZ3Dw/3PiFSk0yVer8LZbyUvQtTcgc/RHifysnTZYmLASSJg
7pfL0nEFHVLGwSDK8CyoC73q0b3K0ceQ7+njl1EpSkDuHh2xPB0SMyJ0fXVmDfAO
N+dZ0YfHSyI3MfbkKPZcs8342KTR6gOgHGFKM+gn3uP9h2UTNaqDXx4vw2ic+2Eh
zcm2zi6ErNZrL0JRWX+RYZtdiyWSMK3JGU4kdPvzG2NN9umrM8lN
-----END CERTIFICATE-----