Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/DcHyP-EvL5JB0AR6TgnEamGEyXw.roa
File:                     DcHyP-EvL5JB0AR6TgnEamGEyXw.roa (raw, json)
Hash identifier:          2EXmDj8EeuQdqWCdMyXvAF2OldfFdCBOuc9rEPVXwD8=
Subject key identifier:   0D:C1:F2:3F:E1:2F:2F:92:41:D0:04:7A:4E:09:C4:6A:61:84:C9:7C
Certificate issuer:       /CN=ef57c2d9d93ac7cf9b2f17caa7859b6985b39b9d
Certificate serial:       019E4A12A661A9091335EDAF4306FB7E68E6
Authority key identifier: EF:57:C2:D9:D9:3A:C7:CF:9B:2F:17:CA:A7:85:9B:69:85:B3:9B:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/DcHyP-EvL5JB0AR6TgnEamGEyXw.roa
Signing time:             Thu 21 May 2026 10:26:36 +0000
ROA not before:           Thu 21 May 2026 10:26:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6079
IP address blocks:        92.51.32.0/22 maxlen: 22
                          92.51.40.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 03:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4a:12:a6:61:a9:09:13:35:ed:af:43:06:fb:7e:68:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef57c2d9d93ac7cf9b2f17caa7859b6985b39b9d
        Validity
            Not Before: May 21 10:26:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0dc1f23fe12f2f9241d0047a4e09c46a6184c97c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:06:4b:5d:ce:51:37:8c:b3:25:2c:f9:7a:44:
                    59:ea:13:86:eb:85:df:7c:d4:09:3b:4d:76:c9:e4:
                    6e:c0:ff:d6:ab:1c:d8:8f:67:31:92:5d:1a:cd:72:
                    90:93:b4:b2:3a:1b:7c:7b:04:cb:2d:87:fe:84:58:
                    3f:48:5d:84:57:7b:ff:9f:06:a4:22:c9:d6:e2:19:
                    04:46:af:cf:0e:14:20:fb:5a:61:01:a7:c0:f8:ad:
                    2d:37:d7:ff:97:b5:17:fb:27:19:c5:24:e8:23:bd:
                    1c:a9:a6:c4:4d:ab:08:49:7e:d0:48:41:a4:b7:a2:
                    8c:cb:e1:7b:94:7f:f8:63:9c:10:cc:68:0b:ab:e8:
                    2b:0f:de:f5:3a:61:b3:03:8e:e7:59:a2:25:23:bc:
                    a9:00:2b:54:77:4b:cb:fc:57:dc:d6:a5:d4:06:d8:
                    d9:e2:ab:f3:17:05:8a:d7:bb:36:76:0c:55:32:a8:
                    13:20:a1:2b:25:b8:cc:f8:ef:65:a4:1f:c1:fd:93:
                    28:72:82:f7:f6:4c:50:7c:5e:03:28:d7:49:49:36:
                    98:90:c9:c6:d0:9c:14:68:a0:54:41:64:4e:ef:30:
                    04:b2:80:f5:6a:45:14:18:23:bd:e2:08:2b:6b:61:
                    d7:c1:70:b3:19:2e:ad:50:70:1f:22:0c:c2:1c:42:
                    f1:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:C1:F2:3F:E1:2F:2F:92:41:D0:04:7A:4E:09:C4:6A:61:84:C9:7C
            X509v3 Authority Key Identifier:
                keyid:EF:57:C2:D9:D9:3A:C7:CF:9B:2F:17:CA:A7:85:9B:69:85:B3:9B:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/DcHyP-EvL5JB0AR6TgnEamGEyXw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.51.32.0/22
                  92.51.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9d:1e:84:f6:61:bf:cf:9b:17:e8:68:e5:90:34:51:1f:45:e1:
         7b:c0:44:c2:80:af:0d:1a:27:d7:23:db:e7:30:ff:af:64:dc:
         f1:f0:76:d8:92:ff:0c:26:41:38:fc:9b:40:62:93:9a:6f:18:
         f1:d6:d4:3c:ec:33:1a:a3:5f:c9:f0:a1:b6:26:ef:45:f0:ff:
         cc:25:c7:28:b0:38:8c:87:b4:be:09:d0:75:8b:5f:7d:fb:b3:
         1b:1d:c9:f6:4b:d9:ea:8c:7f:28:f1:2f:54:1d:0c:15:6a:69:
         c7:ad:e8:4d:6b:49:17:32:e3:ac:f1:98:8d:4b:65:3d:24:eb:
         ba:d0:05:0a:65:25:63:a8:9b:e9:3c:c0:7d:d9:c3:8b:6e:99:
         cf:81:ab:68:31:8f:f6:9d:0b:1b:57:fa:18:41:a3:e6:0c:5a:
         a3:ec:a6:9b:ff:76:dd:aa:10:92:99:9f:98:eb:4e:09:40:1e:
         a6:45:91:0e:77:0c:e7:90:3f:4e:1c:01:d3:04:d6:b1:a9:90:
         35:2e:67:21:0b:c8:09:28:89:8c:10:75:b0:b3:b2:23:c4:23:
         dc:5a:39:01:13:58:9b:0c:fe:7f:f8:0a:b9:06:29:4d:9a:03:
         4a:88:dd:fb:4e:14:0e:ff:22:8d:03:90:41:a6:04:9e:90:a3:
         4f:d5:82:e9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5KEqZhqQkTNe2vQwb7fmjmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNTdjMmQ5ZDkzYWM3Y2Y5YjJmMTdjYWE3ODU5YjY5ODVi
MzliOWQwHhcNMjYwNTIxMTAyNjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGMxZjIzZmUxMmYyZjkyNDFkMDA0N2E0ZTA5YzQ2YTYxODRjOTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAswZLXc5RN4yzJSz5ekRZ6hOG64Xf
fNQJO012yeRuwP/WqxzYj2cxkl0azXKQk7SyOht8ewTLLYf+hFg/SF2EV3v/nwak
IsnW4hkERq/PDhQg+1phAafA+K0tN9f/l7UX+ycZxSToI70cqabETasISX7QSEGk
t6KMy+F7lH/4Y5wQzGgLq+grD971OmGzA47nWaIlI7ypACtUd0vL/Ffc1qXUBtjZ
4qvzFwWK17s2dgxVMqgTIKErJbjM+O9lpB/B/ZMocoL39kxQfF4DKNdJSTaYkMnG
0JwUaKBUQWRO7zAEsoD1akUUGCO94ggra2HXwXCzGS6tUHAfIgzCHELxCwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA3B8j/hLy+SQdAEek4JxGphhMl8MB8GA1UdIwQY
MBaAFO9XwtnZOsfPmy8XyqeFm2mFs5udMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8xZTA0YjgtMTAzMS00M2Y5LTk2Njct
OGU2Zjg3OGRiNWY0LzEvRGNIeVAtRXZMNUpCMEFSNlRnbkVhbUdFeVh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8xZTA0YjgtMTAzMS00M2Y5LTk2NjctOGU2Zjg3OGRiNWY0
LzEvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCXDMgAwQC
XDMoMA0GCSqGSIb3DQEBCwUAA4IBAQCdHoT2Yb/PmxfoaOWQNFEfReF7wETCgK8N
GifXI9vnMP+vZNzx8HbYkv8MJkE4/JtAYpOabxjx1tQ87DMao1/J8KG2Ju9F8P/M
JccosDiMh7S+CdB1i199+7MbHcn2S9nqjH8o8S9UHQwVamnHrehNa0kXMuOs8ZiN
S2U9JOu60AUKZSVjqJvpPMB92cOLbpnPgatoMY/2nQsbV/oYQaPmDFqj7Kab/3bd
qhCSmZ+Y604JQB6mRZEOdwznkD9OHAHTBNaxqZA1LmchC8gJKImMEHWws7IjxCPc
WjkBE1ibDP5/+Aq5BilNmgNKiN37ThQO/yKNA5BBpgSekKNP1YLp
-----END CERTIFICATE-----