Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/pD-fbg5i2GgP4ylo4vTKcrFb_T0.roa
File:                     pD-fbg5i2GgP4ylo4vTKcrFb_T0.roa (raw, json)
Hash identifier:          Vr0l5Z/qppvsPdDvWLwJyRFaZ0asvpPOv7lfHolELsE=
Subject key identifier:   A4:3F:9F:6E:0E:62:D8:68:0F:E3:29:68:E2:F4:CA:72:B1:5B:FD:3D
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       019E466AFCD1C8EB7758653CF03FDF32FB03
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/pD-fbg5i2GgP4ylo4vTKcrFb_T0.roa
Signing time:             Wed 20 May 2026 17:24:36 +0000
ROA not before:           Wed 20 May 2026 17:24:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     54903
IP address blocks:        91.242.83.0/24 maxlen: 24
                          91.242.108.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 04:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:46:6a:fc:d1:c8:eb:77:58:65:3c:f0:3f:df:32:fb:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: May 20 17:24:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a43f9f6e0e62d8680fe32968e2f4ca72b15bfd3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:3a:f5:81:21:2e:aa:64:0c:55:42:4e:c1:b6:
                    c5:ec:54:3a:c4:6f:c1:69:15:e2:1e:8a:a1:c6:54:
                    2c:4a:3c:0d:35:12:c9:72:99:e8:00:e7:0e:55:44:
                    a1:b3:8c:d1:fb:35:cb:b4:65:80:24:07:96:97:b6:
                    33:12:85:a5:96:b8:06:1c:e1:ef:0c:b3:43:a1:46:
                    b9:a8:19:49:34:c5:c0:14:60:84:61:49:7e:db:4b:
                    46:a9:ba:3e:87:54:ff:e6:9e:f2:38:04:85:dd:f4:
                    b1:8c:20:f7:29:9d:73:ba:81:40:9c:d7:ae:2b:06:
                    f9:77:49:30:05:75:5a:fd:14:b3:c0:76:3c:23:b7:
                    8c:b0:ca:09:02:24:2c:20:6b:5e:a8:92:82:64:73:
                    3a:b2:9f:e8:1f:a4:5c:1a:9c:46:a3:7f:3c:77:9e:
                    4d:4f:2b:83:22:93:b9:32:fe:9d:aa:ab:93:7b:eb:
                    d0:86:d8:85:af:ea:2e:bb:3c:39:37:0e:27:e4:35:
                    4a:1b:12:c2:1f:e9:e0:a2:4f:3a:b9:60:2c:93:6f:
                    58:6a:5d:0d:41:2d:a6:45:2e:a6:4e:36:ef:1a:d5:
                    ae:92:76:4c:65:e1:48:89:89:f1:74:14:1c:fd:1c:
                    62:5b:e8:9a:49:32:f2:68:c3:d3:b2:ce:8e:ab:be:
                    2e:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:3F:9F:6E:0E:62:D8:68:0F:E3:29:68:E2:F4:CA:72:B1:5B:FD:3D
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/pD-fbg5i2GgP4ylo4vTKcrFb_T0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.242.83.0/24
                  91.242.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         36:e9:76:66:96:19:fa:f4:f0:fd:8d:20:97:f2:d3:0b:10:31:
         8a:62:c4:c0:ab:7d:6c:6c:f2:7d:8e:77:93:06:d1:85:c7:f3:
         4f:0e:ed:d4:8f:e4:2c:f7:c4:cc:15:e3:c8:4b:ce:0f:c3:21:
         29:09:dd:7e:a9:78:37:c4:2c:fe:a9:6c:6e:88:1c:35:c6:66:
         17:50:82:eb:6d:ae:02:15:13:7c:8d:22:ab:30:95:e8:10:de:
         bd:8f:60:be:3b:ea:c8:5f:a1:f1:42:8a:fd:8a:db:58:f5:ff:
         d3:ac:01:ef:fb:a7:55:f1:67:86:13:3e:40:4b:08:88:9a:f4:
         c1:9b:98:60:8e:8f:08:0a:49:5f:4e:78:26:1e:33:40:09:ac:
         3d:1a:b6:63:30:da:65:0f:c8:9c:46:96:b5:ea:9d:eb:25:46:
         97:13:57:bb:8c:29:fb:d3:a6:6d:08:ca:6c:96:c1:e2:79:70:
         dd:8a:76:d0:0c:17:ec:75:a8:53:58:43:08:9b:e1:56:84:17:
         3a:d4:ce:59:a7:9e:a2:1e:9d:36:21:71:5e:21:6e:20:9d:13:
         1f:02:21:37:65:7a:34:a3:d7:46:a9:3a:be:4b:a8:08:ed:0e:
         72:96:07:fa:19:88:67:a3:70:21:9a:17:52:87:e3:41:8a:0d:
         3d:40:9d:35
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5GavzRyOt3WGU88D/fMvsDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjYwNTIwMTcyNDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDNmOWY2ZTBlNjJkODY4MGZlMzI5NjhlMmY0Y2E3MmIxNWJmZDNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyjr1gSEuqmQMVUJOwbbF7FQ6xG/B
aRXiHoqhxlQsSjwNNRLJcpnoAOcOVUShs4zR+zXLtGWAJAeWl7YzEoWllrgGHOHv
DLNDoUa5qBlJNMXAFGCEYUl+20tGqbo+h1T/5p7yOASF3fSxjCD3KZ1zuoFAnNeu
Kwb5d0kwBXVa/RSzwHY8I7eMsMoJAiQsIGteqJKCZHM6sp/oH6RcGpxGo388d55N
TyuDIpO5Mv6dqquTe+vQhtiFr+ouuzw5Nw4n5DVKGxLCH+ngok86uWAsk29Yal0N
QS2mRS6mTjbvGtWuknZMZeFIiYnxdBQc/RxiW+iaSTLyaMPTss6Oq74unwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKQ/n24OYthoD+MpaOL0ynKxW/09MB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvcEQtZmJnNWkyR2dQNHlsbzR2VEtjckZiX1QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW/JTAwQC
W/JsMA0GCSqGSIb3DQEBCwUAA4IBAQA26XZmlhn69PD9jSCX8tMLEDGKYsTAq31s
bPJ9jneTBtGFx/NPDu3Uj+Qs98TMFePIS84PwyEpCd1+qXg3xCz+qWxuiBw1xmYX
UILrba4CFRN8jSKrMJXoEN69j2C+O+rIX6HxQor9ittY9f/TrAHv+6dV8WeGEz5A
SwiImvTBm5hgjo8ICklfTngmHjNACaw9GrZjMNplD8icRpa16p3rJUaXE1e7jCn7
06ZtCMpslsHieXDdinbQDBfsdahTWEMIm+FWhBc61M5Zp56iHp02IXFeIW4gnRMf
AiE3ZXo0o9dGqTq+S6gI7Q5ylgf6GYhno3AhmhdSh+NBig09QJ01
-----END CERTIFICATE-----