Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/5yanEvaCNGmxYIoFSwD5iS2g81s.roa
File:                     5yanEvaCNGmxYIoFSwD5iS2g81s.roa (raw, json)
Hash identifier:          aMWaHQ8wF/Y1htK9oNbLHRQFbe1aIxUDLSAfigLBhqk=
Subject key identifier:   E7:26:A7:12:F6:82:34:69:B1:60:8A:05:4B:00:F9:89:2D:A0:F3:5B
Certificate issuer:       /CN=b45999899f76d2e2e4ccdfc817f9879cfac06bbe
Certificate serial:       019E9178BF7E3DC800AB7681C18C607DD62D
Authority key identifier: B4:59:99:89:9F:76:D2:E2:E4:CC:DF:C8:17:F9:87:9C:FA:C0:6B:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tFmZiZ920uLkzN_IF_mHnPrAa74.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/5yanEvaCNGmxYIoFSwD5iS2g81s.roa
Signing time:             Thu 04 Jun 2026 07:11:10 +0000
ROA not before:           Thu 04 Jun 2026 07:11:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202736
IP address blocks:        80.174.117.0/24 maxlen: 24
                          80.174.124.0/24 maxlen: 24
                          80.174.125.0/24 maxlen: 24
                          80.174.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/tFmZiZ920uLkzN_IF_mHnPrAa74.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/tFmZiZ920uLkzN_IF_mHnPrAa74.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tFmZiZ920uLkzN_IF_mHnPrAa74.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 08:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:91:78:bf:7e:3d:c8:00:ab:76:81:c1:8c:60:7d:d6:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b45999899f76d2e2e4ccdfc817f9879cfac06bbe
        Validity
            Not Before: Jun  4 07:11:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e726a712f6823469b1608a054b00f9892da0f35b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:b3:9f:f0:0d:fc:3b:f7:41:4c:1f:ab:ef:65:
                    10:1c:b4:d1:37:f6:b7:38:7b:1e:49:af:df:47:dc:
                    b1:19:9f:07:d3:68:11:3e:80:fd:5e:68:db:66:87:
                    27:51:e3:dd:42:84:fd:6d:b1:64:fb:14:f4:50:fb:
                    45:c6:2a:96:a9:6a:d7:85:31:f9:85:e7:e8:c7:b8:
                    d3:f6:05:fe:e8:20:d5:53:eb:48:67:6f:4a:09:42:
                    a0:b9:09:12:1c:86:4c:b2:99:f7:5d:aa:99:b9:b9:
                    ad:4c:2e:bb:03:48:11:6a:e0:d1:c3:75:55:d1:c6:
                    fc:ae:b3:d8:08:ec:83:ae:d1:2d:ec:3c:d8:75:eb:
                    58:07:91:59:1e:52:13:ff:6b:05:02:1c:fe:59:1d:
                    dd:b1:33:b3:4a:0c:ac:e6:42:df:95:4e:7f:2c:d1:
                    b2:dd:0c:fa:8f:36:f1:3f:6c:5c:1b:2d:a0:d8:82:
                    28:5c:53:1f:71:9b:44:4c:81:05:91:4c:b4:5e:c2:
                    da:9c:db:3e:0f:fb:44:5a:db:7f:bf:df:73:7b:6c:
                    b0:1a:26:84:b6:ab:31:c0:a9:6c:bf:21:f8:b7:72:
                    b3:bd:f9:88:0a:39:9f:07:80:9a:84:04:48:8a:90:
                    7e:9a:8c:5d:f3:c8:fc:ec:b9:f4:c4:5f:44:01:23:
                    29:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:26:A7:12:F6:82:34:69:B1:60:8A:05:4B:00:F9:89:2D:A0:F3:5B
            X509v3 Authority Key Identifier:
                keyid:B4:59:99:89:9F:76:D2:E2:E4:CC:DF:C8:17:F9:87:9C:FA:C0:6B:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tFmZiZ920uLkzN_IF_mHnPrAa74.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/5yanEvaCNGmxYIoFSwD5iS2g81s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cb7b21-335c-42ca-859e-73428f9c7bff/1/tFmZiZ920uLkzN_IF_mHnPrAa74.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.174.117.0/24
                  80.174.124.0-80.174.126.255

    Signature Algorithm: sha256WithRSAEncryption
         3b:cf:07:74:14:cb:80:95:23:c1:e4:ac:83:bc:75:70:56:3b:
         d1:48:f6:63:06:70:1e:03:2b:d1:f0:38:b5:4f:66:e0:47:f1:
         3d:d5:e9:de:8c:90:1f:3a:96:aa:ec:6d:60:aa:c8:7c:df:a2:
         7c:59:04:3a:e1:d1:9c:61:d5:ab:96:68:73:cf:57:94:8a:20:
         47:75:a1:96:51:0d:a3:f4:16:71:74:5a:1f:78:67:9f:a8:9d:
         d9:13:7f:98:c7:91:5c:58:44:d2:45:77:a1:ce:77:3b:5f:69:
         90:22:b2:3e:cf:13:52:d2:af:80:ff:10:7f:1f:0e:22:4d:96:
         53:73:f9:fd:9e:98:bd:39:4e:f2:d9:f2:d8:8d:51:b0:76:ef:
         88:6d:8f:9b:30:48:dd:5b:44:97:87:e5:16:63:53:9f:51:22:
         36:1c:bc:b4:91:0b:90:3b:ca:83:a3:99:c9:0c:52:0d:59:7e:
         4e:d8:fa:9f:38:e6:ea:16:33:61:e9:b4:a0:ce:80:b0:67:25:
         db:d8:5b:56:fc:7f:f0:93:d9:48:3f:9f:21:e7:90:45:44:95:
         23:c9:db:5c:c6:70:ce:ac:64:4a:a7:66:df:6c:25:7b:ad:d3:
         28:5c:df:86:24:93:5f:df:24:e8:5f:d3:a9:5d:97:6c:52:da:
         5c:1f:c8:58
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ6ReL9+PcgAq3aBwYxgfdYtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0NTk5OTg5OWY3NmQyZTJlNGNjZGZjODE3Zjk4NzljZmFj
MDZiYmUwHhcNMjYwNjA0MDcxMTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzI2YTcxMmY2ODIzNDY5YjE2MDhhMDU0YjAwZjk4OTJkYTBmMzViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv7Of8A38O/dBTB+r72UQHLTRN/a3
OHseSa/fR9yxGZ8H02gRPoD9XmjbZocnUePdQoT9bbFk+xT0UPtFxiqWqWrXhTH5
hefox7jT9gX+6CDVU+tIZ29KCUKguQkSHIZMspn3XaqZubmtTC67A0gRauDRw3VV
0cb8rrPYCOyDrtEt7DzYdetYB5FZHlIT/2sFAhz+WR3dsTOzSgys5kLflU5/LNGy
3Qz6jzbxP2xcGy2g2IIoXFMfcZtETIEFkUy0XsLanNs+D/tEWtt/v99ze2ywGiaE
tqsxwKlsvyH4t3KzvfmICjmfB4CahARIipB+moxd88j87Ln0xF9EASMpkwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFOcmpxL2gjRpsWCKBUsA+YktoPNbMB8GA1UdIwQY
MBaAFLRZmYmfdtLi5MzfyBf5h5z6wGu+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEZtWmlaOTIwdUxrek5fSUZfbUhuUHJBYTc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9jYjdiMjEtMzM1Yy00MmNhLTg1OWUt
NzM0MjhmOWM3YmZmLzEvNXlhbkV2YUNOR214WUlvRlN3RDVpUzJnODFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9jYjdiMjEtMzM1Yy00MmNhLTg1OWUtNzM0MjhmOWM3YmZm
LzEvdEZtWmlaOTIwdUxrek5fSUZfbUhuUHJBYTc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAUK51MAwD
BAJQrnwDBABQrn4wDQYJKoZIhvcNAQELBQADggEBADvPB3QUy4CVI8HkrIO8dXBW
O9FI9mMGcB4DK9HwOLVPZuBH8T3V6d6MkB86lqrsbWCqyHzfonxZBDrh0Zxh1auW
aHPPV5SKIEd1oZZRDaP0FnF0Wh94Z5+ondkTf5jHkVxYRNJFd6HOdztfaZAisj7P
E1LSr4D/EH8fDiJNllNz+f2emL05TvLZ8tiNUbB274htj5swSN1bRJeH5RZjU59R
IjYcvLSRC5A7yoOjmckMUg1Zfk7Y+p845uoWM2HptKDOgLBnJdvYW1b8f/CT2Ug/
nyHnkEVElSPJ21zGcM6sZEqnZt9sJXut0yhc34Ykk1/fJOhf06ldl2xS2lwfyFg=
-----END CERTIFICATE-----