Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/My5Z-88aH_gx3E00nKUOZmAtVsQ.roa
File:                     My5Z-88aH_gx3E00nKUOZmAtVsQ.roa (raw, json)
Hash identifier:          V7YSFokfFkIIvqWcCiUoudgmL6PPFKOLUN2gOJJbyao=
Subject key identifier:   33:2E:59:FB:CF:1A:1F:F8:31:DC:4D:34:9C:A5:0E:66:60:2D:56:C4
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       019D6DEC5D98838DE76BE55C6AE21F18AC40
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/My5Z-88aH_gx3E00nKUOZmAtVsQ.roa
Signing time:             Wed 08 Apr 2026 16:28:20 +0000
ROA not before:           Wed 08 Apr 2026 16:28:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     397477
IP address blocks:        91.242.80.0/24 maxlen: 24
                          91.242.126.0/24 maxlen: 24
                          185.147.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 Apr 2026 23:57:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:6d:ec:5d:98:83:8d:e7:6b:e5:5c:6a:e2:1f:18:ac:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Apr  8 16:28:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=332e59fbcf1a1ff831dc4d349ca50e66602d56c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:16:a8:cf:0b:35:9e:77:5c:28:03:cb:94:dd:
                    ff:7f:ff:6b:49:ee:54:28:d0:02:35:c9:ac:0c:e4:
                    78:66:28:c3:89:a4:ce:ce:2c:5f:1f:2c:18:54:a8:
                    36:e5:b9:a3:33:b9:27:f6:22:bc:6a:1d:b5:c8:ea:
                    81:a9:10:f6:f1:47:ca:a9:c2:68:71:7d:68:e9:f8:
                    dc:6b:79:80:47:0d:e2:d3:0e:2e:cf:f6:82:bf:7b:
                    9f:05:81:92:5c:16:d3:b0:71:32:0f:f9:f7:7e:8a:
                    00:f6:56:73:d2:8a:67:c7:16:3f:58:1c:ee:bd:43:
                    29:df:d7:f1:40:84:3c:6d:59:e2:50:8e:57:45:bd:
                    37:41:cb:f0:25:6c:21:c7:dc:c9:5d:a3:93:aa:0d:
                    b2:13:11:df:19:a4:76:0d:e6:fd:4b:74:f9:9b:e6:
                    96:2e:ab:24:e6:fd:07:c1:f6:22:68:41:92:55:8d:
                    94:fd:97:1e:93:6c:68:d4:6e:52:cd:bb:28:ad:73:
                    b2:21:0b:cc:99:85:02:75:37:43:ed:34:62:6d:63:
                    9c:01:e1:cd:a4:22:6d:e6:10:2e:b9:76:24:1f:18:
                    9b:85:89:bc:b4:e7:fa:26:9c:f4:63:51:23:8c:d7:
                    8b:6e:b7:a2:24:dc:d0:96:31:cc:48:39:8b:ae:ab:
                    e4:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:2E:59:FB:CF:1A:1F:F8:31:DC:4D:34:9C:A5:0E:66:60:2D:56:C4
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/My5Z-88aH_gx3E00nKUOZmAtVsQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.242.80.0/24
                  91.242.126.0/24
                  185.147.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:8d:6b:76:77:a1:3b:f4:d2:04:ef:e6:71:1e:31:14:0a:5c:
         85:d0:4e:c2:2e:93:37:fb:df:f0:7f:d3:83:e9:ea:96:e6:bf:
         27:5a:62:a6:85:d8:65:e7:65:a9:49:15:85:b4:f1:e0:47:c6:
         b0:cd:9b:53:6e:ad:21:df:ba:d1:77:12:95:c0:73:be:02:f6:
         4a:d1:6f:b6:95:ba:6f:a7:4b:1a:5b:98:89:f4:b1:6c:70:4a:
         8c:3c:15:9a:5e:0e:54:bb:b1:5f:dc:2e:3c:33:17:5a:05:89:
         6c:64:23:fa:9f:83:de:e4:27:47:a5:b4:0e:3c:31:d5:64:d9:
         19:a5:a3:d0:95:32:92:61:31:94:27:48:94:76:d7:ab:a2:96:
         0b:62:cc:8b:9b:bb:93:86:db:d5:4f:c3:11:8c:ac:18:11:0d:
         bb:be:fe:d8:84:1f:bb:6c:4c:99:77:d4:e9:78:95:25:b9:f0:
         cc:86:91:41:3a:51:66:59:ec:ca:6b:22:ea:52:8d:61:2e:ed:
         3d:13:be:d9:35:28:f2:fd:7d:6d:a1:bf:f3:72:aa:5e:50:9e:
         dd:ae:d7:bf:3a:6e:99:a0:8a:10:93:a2:07:b8:93:bb:11:1a:
         fc:ba:d9:16:49:2d:68:28:90:d9:94:3a:b2:c6:ce:a7:d3:c1:
         0a:81:5c:6b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ1t7F2Yg43na+VcauIfGKxAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjYwNDA4MTYyODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzJlNTlmYmNmMWExZmY4MzFkYzRkMzQ5Y2E1MGU2NjYwMmQ1NmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlBaozws1nndcKAPLlN3/f/9rSe5U
KNACNcmsDOR4ZijDiaTOzixfHywYVKg25bmjM7kn9iK8ah21yOqBqRD28UfKqcJo
cX1o6fjca3mARw3i0w4uz/aCv3ufBYGSXBbTsHEyD/n3fooA9lZz0opnxxY/WBzu
vUMp39fxQIQ8bVniUI5XRb03QcvwJWwhx9zJXaOTqg2yExHfGaR2Deb9S3T5m+aW
Lqsk5v0HwfYiaEGSVY2U/Zcek2xo1G5SzbsorXOyIQvMmYUCdTdD7TRibWOcAeHN
pCJt5hAuuXYkHxibhYm8tOf6Jpz0Y1EjjNeLbreiJNzQljHMSDmLrqvkQQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDMuWfvPGh/4MdxNNJylDmZgLVbEMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvTXk1Wi04OGFIX2d4M0UwMG5LVU9abUF0VnNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW/JQAwQA
W/J+AwQAuZMxMA0GCSqGSIb3DQEBCwUAA4IBAQBLjWt2d6E79NIE7+ZxHjEUClyF
0E7CLpM3+9/wf9OD6eqW5r8nWmKmhdhl52WpSRWFtPHgR8awzZtTbq0h37rRdxKV
wHO+AvZK0W+2lbpvp0saW5iJ9LFscEqMPBWaXg5Uu7Ff3C48MxdaBYlsZCP6n4Pe
5CdHpbQOPDHVZNkZpaPQlTKSYTGUJ0iUdteropYLYsyLm7uThtvVT8MRjKwYEQ27
vv7YhB+7bEyZd9TpeJUlufDMhpFBOlFmWezKayLqUo1hLu09E77ZNSjy/X1tob/z
cqpeUJ7drte/Om6ZoIoQk6IHuJO7ERr8utkWSS1oKJDZlDqyxs6n08EKgVxr
-----END CERTIFICATE-----