Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/i5O54aij_mNTUzWLzOM1WYxmRrU.roa
File:                     i5O54aij_mNTUzWLzOM1WYxmRrU.roa (raw, json)
Hash identifier:          lHqOZSs4dzPkPYnpMYHWunvUYZ1bCXXGzYNhppuJAdo=
Subject key identifier:   8B:93:B9:E1:A8:A3:FE:63:53:53:35:8B:CC:E3:35:59:8C:66:46:B5
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019E633E27C0D4932EB5F4A7BF524CE58381
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/i5O54aij_mNTUzWLzOM1WYxmRrU.roa
Signing time:             Tue 26 May 2026 07:44:38 +0000
ROA not before:           Tue 26 May 2026 07:44:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201724
IP address blocks:        82.163.16.0/24 maxlen: 24
                          89.213.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 13:25:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:63:3e:27:c0:d4:93:2e:b5:f4:a7:bf:52:4c:e5:83:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 26 07:44:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8b93b9e1a8a3fe635353358bcce335598c6646b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:0d:12:dd:72:51:1b:69:e1:5e:6a:f3:96:0e:
                    19:5e:8f:bc:3f:42:4f:d2:10:30:67:8d:03:f8:a5:
                    d4:54:31:45:0f:54:a8:57:7e:69:f1:a2:bd:25:23:
                    8c:81:67:b1:87:ae:d3:65:2a:6a:b8:db:54:1c:e2:
                    92:d3:9b:51:a5:dd:97:5c:bf:b6:4d:c2:fb:43:27:
                    35:47:f3:b0:51:22:5a:68:f4:12:60:2e:37:0b:a8:
                    58:1b:97:e4:7b:fd:9e:87:a0:fe:10:2c:c5:89:30:
                    25:d3:d4:73:36:fa:2f:bd:3c:6a:fe:9a:b0:2e:c1:
                    72:4d:6f:75:35:28:6e:48:f3:35:07:e4:69:31:62:
                    45:de:fc:b1:13:6a:99:0d:8f:fa:91:fd:d0:d4:79:
                    98:8a:a3:21:c1:d4:ef:46:f3:2f:81:57:37:cf:5f:
                    41:f5:41:28:22:9c:a7:e9:7d:ee:ab:58:f5:e2:71:
                    e3:1c:ff:dc:0b:44:b8:64:5d:7d:aa:27:1d:61:31:
                    81:90:8c:f4:2d:30:0a:52:b0:fc:ac:0e:53:e6:de:
                    fe:d9:ec:1f:38:fd:b6:56:a0:91:64:7d:30:71:79:
                    19:31:d4:f6:39:02:0c:ab:a5:5e:aa:8b:15:05:35:
                    cb:c3:46:46:f9:24:1f:d5:a2:f0:2c:0b:8d:05:10:
                    ed:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:93:B9:E1:A8:A3:FE:63:53:53:35:8B:CC:E3:35:59:8C:66:46:B5
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/i5O54aij_mNTUzWLzOM1WYxmRrU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.163.16.0/24
                  89.213.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:86:a5:ad:4b:12:b8:7a:37:42:83:c3:42:8b:ea:d3:3d:1c:
         79:2f:55:6e:25:6f:a7:0a:2e:be:07:9d:77:4a:a1:1b:0d:bb:
         99:e1:ef:6c:19:df:6e:02:04:ae:f8:e3:63:30:2b:b4:ac:20:
         1a:e3:c9:92:04:24:b5:ba:ad:c9:63:cf:22:a2:22:6d:da:81:
         dd:ad:09:33:57:be:82:94:a8:3c:73:ff:ed:4f:d6:66:70:92:
         97:ac:b5:49:bd:1e:66:64:3a:a8:88:10:02:76:3a:ff:ec:61:
         ac:06:19:eb:6f:c3:9f:34:79:3c:3b:e7:57:e4:d5:8b:9a:ce:
         0b:63:b5:7a:60:bd:90:a5:1b:b8:99:13:d4:ca:b3:ae:32:99:
         78:e8:2b:e5:91:f2:98:f4:c8:55:67:dd:4d:54:6e:89:34:bf:
         91:11:16:6b:44:bd:85:15:c3:27:c5:52:5f:03:d5:79:1a:4f:
         7b:f6:27:a3:64:f0:64:31:11:5f:a3:8c:40:03:6e:26:e9:b9:
         28:a8:26:8d:af:b8:2e:6d:fa:92:29:29:65:92:1a:ea:0b:58:
         61:b3:a0:2d:d9:ca:15:f2:91:52:73:7b:3a:ef:e1:b2:a1:0c:
         ff:a8:57:b9:26:fd:62:05:5d:80:58:a4:ec:6b:84:49:61:7e:
         16:55:2a:33
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5jPifA1JMutfSnv1JM5YOBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNTI2MDc0NDM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjkzYjllMWE4YTNmZTYzNTM1MzM1OGJjY2UzMzU1OThjNjY0NmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjA0S3XJRG2nhXmrzlg4ZXo+8P0JP
0hAwZ40D+KXUVDFFD1SoV35p8aK9JSOMgWexh67TZSpquNtUHOKS05tRpd2XXL+2
TcL7Qyc1R/OwUSJaaPQSYC43C6hYG5fke/2eh6D+ECzFiTAl09RzNvovvTxq/pqw
LsFyTW91NShuSPM1B+RpMWJF3vyxE2qZDY/6kf3Q1HmYiqMhwdTvRvMvgVc3z19B
9UEoIpyn6X3uq1j14nHjHP/cC0S4ZF19qicdYTGBkIz0LTAKUrD8rA5T5t7+2ewf
OP22VqCRZH0wcXkZMdT2OQIMq6VeqosVBTXLw0ZG+SQf1aLwLAuNBRDtJwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIuTueGoo/5jU1M1i8zjNVmMZka1MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvaTVPNTRhaWpfbU5UVXpXTHpPTTFXWXhtUnJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUqMQAwQA
WdXJMA0GCSqGSIb3DQEBCwUAA4IBAQCDhqWtSxK4ejdCg8NCi+rTPRx5L1VuJW+n
Ci6+B513SqEbDbuZ4e9sGd9uAgSu+ONjMCu0rCAa48mSBCS1uq3JY88ioiJt2oHd
rQkzV76ClKg8c//tT9ZmcJKXrLVJvR5mZDqoiBACdjr/7GGsBhnrb8OfNHk8O+dX
5NWLms4LY7V6YL2QpRu4mRPUyrOuMpl46CvlkfKY9MhVZ91NVG6JNL+RERZrRL2F
FcMnxVJfA9V5Gk979iejZPBkMRFfo4xAA24m6bkoqCaNr7gubfqSKSllkhrqC1hh
s6At2coV8pFSc3s67+GyoQz/qFe5Jv1iBV2AWKTsa4RJYX4WVSoz
-----END CERTIFICATE-----