Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/a4YdJwrpWOp-4JpC89lu0BY4BUk.roa
File:                     a4YdJwrpWOp-4JpC89lu0BY4BUk.roa (raw, json)
Hash identifier:          aEUBy/A9N2tFgJ0mr9veXJ0dXUgUnv61rlWtFJdTw0M=
Subject key identifier:   6B:86:1D:27:0A:E9:58:EA:7E:E0:9A:42:F3:D9:6E:D0:16:38:05:49
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       019E87905BE45450952A7AB3E9D6E7E184E6
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/a4YdJwrpWOp-4JpC89lu0BY4BUk.roa
Signing time:             Tue 02 Jun 2026 09:00:45 +0000
ROA not before:           Tue 02 Jun 2026 09:00:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        89.251.31.0/24 maxlen: 24
                          91.226.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:08:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:87:90:5b:e4:54:50:95:2a:7a:b3:e9:d6:e7:e1:84:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Jun  2 09:00:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6b861d270ae958ea7ee09a42f3d96ed016380549
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:1f:63:1b:97:09:f8:7d:0c:1c:e0:a4:7c:af:
                    f3:fb:25:58:7d:ba:33:31:ea:5f:3b:ef:15:9d:36:
                    85:86:a7:73:b8:fd:35:40:e7:5d:fd:75:23:cd:e9:
                    d2:00:b0:b8:99:6d:ed:9d:45:22:0f:46:c6:e4:09:
                    d8:7d:0f:a4:c0:3e:d9:b6:11:dd:8e:db:2b:d1:3e:
                    19:21:2a:f2:e3:df:de:b1:4b:5f:20:bd:48:f1:f4:
                    f1:61:3d:38:cc:10:84:95:a9:d2:be:26:dd:08:4d:
                    70:d2:66:d6:80:fd:00:b1:35:69:6a:9c:1e:23:51:
                    df:d7:36:e1:6f:30:ea:86:cf:0d:7e:50:03:6b:60:
                    c0:78:3b:29:03:da:04:df:31:0c:2e:fb:00:56:06:
                    42:0c:67:ab:2c:7f:69:77:7a:21:a6:f8:5b:ec:98:
                    e2:99:8a:7a:56:42:1c:1d:77:da:a5:3b:aa:0e:dd:
                    1f:8c:9a:37:6e:0e:83:53:6e:e5:03:ff:46:23:94:
                    15:5d:45:ec:80:1a:da:17:f4:98:b9:72:d9:63:87:
                    69:6d:e3:42:08:17:e4:0b:bb:e5:22:f9:1d:76:3d:
                    55:78:91:16:10:20:10:31:36:3a:ba:ed:c6:27:d3:
                    68:73:4b:82:5e:a8:70:30:49:34:f5:cf:bf:e2:9e:
                    1b:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:86:1D:27:0A:E9:58:EA:7E:E0:9A:42:F3:D9:6E:D0:16:38:05:49
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/a4YdJwrpWOp-4JpC89lu0BY4BUk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.251.31.0/24
                  91.226.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:62:11:2d:4a:93:cb:ff:ac:bb:c4:11:4c:9c:3a:a3:e1:ae:
         39:ea:c0:b2:7f:08:2b:8f:bc:69:9d:2f:8b:51:e1:dc:97:52:
         d6:75:c9:18:2e:02:fd:d1:fd:a3:f5:c8:71:1b:25:16:bb:8d:
         b6:fe:25:cd:4e:4f:99:2f:b9:15:97:6d:f6:e2:26:21:1a:69:
         33:2f:eb:13:e9:0c:cd:98:c0:53:bf:14:6f:a7:da:75:63:3a:
         92:8f:02:4a:63:aa:77:4d:87:9d:eb:7e:0b:e6:a5:26:8e:7a:
         4b:aa:04:a0:99:4a:2e:1a:56:6f:cc:f3:fa:45:d9:25:c9:92:
         d1:31:85:66:45:19:51:66:a1:40:c4:82:68:86:9a:96:0e:e6:
         ff:5a:b6:79:8f:db:8f:40:67:c2:31:bb:bd:9b:b7:50:e4:15:
         bd:d7:20:bd:78:eb:64:55:96:b5:3e:0a:e2:58:c9:07:46:54:
         8a:a2:c3:9b:19:44:31:fe:13:07:d2:03:58:bd:ee:fa:9f:60:
         fd:d3:67:18:36:05:7b:d5:7c:75:8b:7f:0b:27:41:20:22:06:
         54:a5:dc:ca:e5:98:18:41:fe:93:e7:0a:da:a2:a5:73:b1:26:
         68:84:28:24:04:a7:b8:b4:7e:8b:ce:1b:8a:8c:de:b2:62:56:
         32:e4:6d:66
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6HkFvkVFCVKnqz6dbn4YTmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjYwNjAyMDkwMDQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Yjg2MWQyNzBhZTk1OGVhN2VlMDlhNDJmM2Q5NmVkMDE2MzgwNTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkh9jG5cJ+H0MHOCkfK/z+yVYfboz
MepfO+8VnTaFhqdzuP01QOdd/XUjzenSALC4mW3tnUUiD0bG5AnYfQ+kwD7ZthHd
jtsr0T4ZISry49/esUtfIL1I8fTxYT04zBCElanSvibdCE1w0mbWgP0AsTVpapwe
I1Hf1zbhbzDqhs8NflADa2DAeDspA9oE3zEMLvsAVgZCDGerLH9pd3ohpvhb7Jji
mYp6VkIcHXfapTuqDt0fjJo3bg6DU27lA/9GI5QVXUXsgBraF/SYuXLZY4dpbeNC
CBfkC7vlIvkddj1VeJEWECAQMTY6uu3GJ9Noc0uCXqhwMEk09c+/4p4bswIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGuGHScK6VjqfuCaQvPZbtAWOAVJMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvYTRZZEp3cnBXT3AtNEpwQzg5bHUwQlk0QlVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWfsfAwQA
W+I4MA0GCSqGSIb3DQEBCwUAA4IBAQAgYhEtSpPL/6y7xBFMnDqj4a456sCyfwgr
j7xpnS+LUeHcl1LWdckYLgL90f2j9chxGyUWu422/iXNTk+ZL7kVl2324iYhGmkz
L+sT6QzNmMBTvxRvp9p1YzqSjwJKY6p3TYed634L5qUmjnpLqgSgmUouGlZvzPP6
RdklyZLRMYVmRRlRZqFAxIJohpqWDub/WrZ5j9uPQGfCMbu9m7dQ5BW91yC9eOtk
VZa1PgriWMkHRlSKosObGUQx/hMH0gNYve76n2D902cYNgV71Xx1i38LJ0EgIgZU
pdzK5ZgYQf6T5wraoqVzsSZohCgkBKe4tH6LzhuKjN6yYlYy5G1m
-----END CERTIFICATE-----