Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/bPyzXOMVqo5hfPx734MjIMWBbQM.roa
File:                     bPyzXOMVqo5hfPx734MjIMWBbQM.roa (raw, json)
Hash identifier:          s5W+HFr0hVieywBgC4xt0MHoCtumgQBOqg10ePCbHZ4=
Subject key identifier:   6C:FC:B3:5C:E3:15:AA:8E:61:7C:FC:7B:DF:83:23:20:C5:81:6D:03
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       019E3CD9080FDB5DDC67475F34DD5A33CD64
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/bPyzXOMVqo5hfPx734MjIMWBbQM.roa
Signing time:             Mon 18 May 2026 20:48:36 +0000
ROA not before:           Mon 18 May 2026 20:48:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34346
IP address blocks:        89.251.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:08:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:3c:d9:08:0f:db:5d:dc:67:47:5f:34:dd:5a:33:cd:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: May 18 20:48:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6cfcb35ce315aa8e617cfc7bdf832320c5816d03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:e2:ad:49:24:71:25:0a:ea:2a:e4:84:0d:49:
                    99:7e:d8:d1:23:f6:a0:b4:23:25:9d:ce:4a:6c:01:
                    24:db:78:56:1c:55:db:6c:d8:0e:8b:80:fa:f6:03:
                    ac:81:55:3f:d8:1c:ea:c3:5f:73:68:4b:4a:2c:cd:
                    9b:b3:8f:92:cb:aa:24:13:85:da:6b:59:17:df:b4:
                    18:c6:8e:ae:9f:78:ea:f2:41:32:42:20:bf:66:3d:
                    68:44:33:51:96:37:b6:88:75:ea:62:e5:61:7b:90:
                    e0:39:06:76:7b:49:e4:20:9f:bc:16:72:04:d6:e9:
                    4c:e4:21:1a:76:c7:e4:75:04:f2:87:86:f5:b8:cc:
                    82:f8:5a:4f:dc:39:0e:b3:fd:c2:ce:0c:fa:dc:b8:
                    f9:72:cc:31:37:ac:e3:37:3b:a8:d4:03:b8:90:e8:
                    ba:6a:8c:23:9e:f1:7c:bd:1e:27:da:36:92:03:f4:
                    86:10:7a:a4:99:02:07:68:57:9e:fa:2b:ca:6a:c8:
                    71:5a:1a:0d:f2:e0:37:a8:5e:36:ab:da:ce:35:0a:
                    cf:9c:3d:98:4a:bc:74:99:c0:5a:4b:ef:2b:33:0a:
                    32:8b:82:95:46:02:83:06:4c:1f:67:cc:0a:79:dc:
                    f8:56:93:7c:15:47:e4:34:5d:9e:a1:3f:5e:bf:50:
                    cd:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:FC:B3:5C:E3:15:AA:8E:61:7C:FC:7B:DF:83:23:20:C5:81:6D:03
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/bPyzXOMVqo5hfPx734MjIMWBbQM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.251.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:af:b8:ea:89:89:8c:97:eb:ff:cc:9c:f0:6f:87:3e:b9:42:
         7f:8b:43:eb:16:7f:9b:f7:8b:17:19:e4:f1:5d:7d:ae:68:21:
         ab:2d:b3:b7:01:b1:10:c2:8c:5d:85:58:a3:59:c6:d8:7d:d9:
         e4:bd:7c:75:e0:77:6b:df:26:48:cb:3a:4b:46:33:02:8b:ea:
         51:ff:0b:65:07:ef:21:a6:58:20:f6:77:5e:5a:2b:4b:d4:13:
         7e:ef:29:32:9d:e7:3b:f7:da:77:96:e7:bb:43:22:7e:e3:ff:
         20:c0:e2:fa:ee:c6:45:c5:5a:de:27:d0:ad:a5:8e:77:a8:be:
         78:2a:83:be:f6:8b:aa:e3:78:6e:14:05:23:71:c2:16:65:a7:
         00:c9:b0:4c:a7:3f:aa:65:cb:d4:0f:be:74:65:c2:fe:2a:73:
         98:65:ed:d8:8b:da:c4:4b:37:2e:ef:ef:b5:8c:36:71:d1:c6:
         cc:2a:35:bd:0e:5a:01:c7:b6:22:ba:e7:a4:98:12:e1:25:41:
         63:38:f4:1c:bd:b9:c2:2a:6d:45:9c:61:a6:d2:58:ea:59:ac:
         5b:d2:bc:47:62:ec:c3:79:9d:60:9a:f9:36:aa:52:3c:b4:0d:
         be:e8:62:1a:2c:32:80:d0:6a:54:0f:51:ea:6c:f8:e7:48:6b:
         1e:3f:96:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ482QgP213cZ0dfNN1aM81kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjYwNTE4MjA0ODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2ZjYjM1Y2UzMTVhYThlNjE3Y2ZjN2JkZjgzMjMyMGM1ODE2ZDAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqeKtSSRxJQrqKuSEDUmZftjRI/ag
tCMlnc5KbAEk23hWHFXbbNgOi4D69gOsgVU/2Bzqw19zaEtKLM2bs4+Sy6okE4Xa
a1kX37QYxo6un3jq8kEyQiC/Zj1oRDNRlje2iHXqYuVhe5DgOQZ2e0nkIJ+8FnIE
1ulM5CEadsfkdQTyh4b1uMyC+FpP3DkOs/3Czgz63Lj5cswxN6zjNzuo1AO4kOi6
aowjnvF8vR4n2jaSA/SGEHqkmQIHaFee+ivKashxWhoN8uA3qF42q9rONQrPnD2Y
Srx0mcBaS+8rMwoyi4KVRgKDBkwfZ8wKedz4VpN8FUfkNF2eoT9ev1DNBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGz8s1zjFaqOYXz8e9+DIyDFgW0DMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvYlB5elhPTVZxbzVoZlB4NzM0TWpJTVdCYlFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfsZMA0G
CSqGSIb3DQEBCwUAA4IBAQB1r7jqiYmMl+v/zJzwb4c+uUJ/i0PrFn+b94sXGeTx
XX2uaCGrLbO3AbEQwoxdhVijWcbYfdnkvXx14Hdr3yZIyzpLRjMCi+pR/wtlB+8h
plgg9ndeWitL1BN+7ykynec799p3lue7QyJ+4/8gwOL67sZFxVreJ9CtpY53qL54
KoO+9ouq43huFAUjccIWZacAybBMpz+qZcvUD750ZcL+KnOYZe3Yi9rESzcu7++1
jDZx0cbMKjW9DloBx7YiuuekmBLhJUFjOPQcvbnCKm1FnGGm0ljqWaxb0rxHYuzD
eZ1gmvk2qlI8tA2+6GIaLDKA0GpUD1HqbPjnSGseP5YH
-----END CERTIFICATE-----