Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/0szAMahK1oQnINJK81wlTT6Btig.roa
File:                     0szAMahK1oQnINJK81wlTT6Btig.roa (raw, json)
Hash identifier:          SZ/iPl1/uEv70XbCNZiszMUzRfgvtHmx/hWYhWGapmo=
Subject key identifier:   D2:CC:C0:31:A8:4A:D6:84:27:20:D2:4A:F3:5C:25:4D:3E:81:B6:28
Certificate issuer:       /CN=571cb51cba68eb7ef9867a75d17ab28018196aa1
Certificate serial:       019E423CBB4EFE930AEC49FC6F17A30B6E9B
Authority key identifier: 57:1C:B5:1C:BA:68:EB:7E:F9:86:7A:75:D1:7A:B2:80:18:19:6A:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vxy1HLpo6375hnp10XqygBgZaqE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/0szAMahK1oQnINJK81wlTT6Btig.roa
Signing time:             Tue 19 May 2026 21:55:36 +0000
ROA not before:           Tue 19 May 2026 21:55:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     54903
IP address blocks:        91.235.84.0/22 maxlen: 22
                          185.110.8.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/Vxy1HLpo6375hnp10XqygBgZaqE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/Vxy1HLpo6375hnp10XqygBgZaqE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vxy1HLpo6375hnp10XqygBgZaqE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 May 2026 21:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:42:3c:bb:4e:fe:93:0a:ec:49:fc:6f:17:a3:0b:6e:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=571cb51cba68eb7ef9867a75d17ab28018196aa1
        Validity
            Not Before: May 19 21:55:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d2ccc031a84ad6842720d24af35c254d3e81b628
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:34:c8:52:ac:49:68:55:d3:3d:6d:76:77:4f:
                    e3:6c:90:6b:0e:da:4e:8f:e5:ca:9a:55:ae:34:07:
                    c0:c9:17:22:51:fc:b9:5c:b2:80:33:7c:51:2c:64:
                    eb:f4:8b:a3:8e:c5:04:75:69:d8:ef:1f:22:ed:12:
                    21:19:54:f9:62:1d:3f:a3:22:e9:95:b8:06:fd:6f:
                    ee:6b:05:ba:8b:6e:a4:45:8c:b4:ed:4b:96:c9:d1:
                    c6:e1:c4:82:61:74:00:a5:45:0d:96:ae:fb:59:06:
                    7e:4f:f5:93:c7:c4:db:bc:74:d7:53:92:ff:81:7b:
                    dc:74:31:1e:da:5d:0d:40:46:3d:20:bc:3a:a5:1e:
                    51:af:1a:d6:92:6e:a6:12:85:1e:5a:f4:0a:7b:81:
                    db:f2:9e:78:7a:89:09:43:1b:a4:49:c7:b2:80:0e:
                    34:1e:64:86:cf:49:c6:69:eb:c3:3f:46:5e:ef:f3:
                    97:66:5e:68:55:08:a7:05:79:9f:a6:97:0b:28:41:
                    9c:26:ac:8a:18:ae:2f:c4:8d:b8:13:db:02:fa:e5:
                    72:ba:bd:c4:3d:b5:a5:ed:71:ba:3d:28:f2:87:e0:
                    ee:e5:96:8a:be:ff:8e:73:34:62:de:d8:3b:93:48:
                    6d:c7:b3:a0:45:fc:e2:43:13:5b:c7:a9:72:6a:8d:
                    ef:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:CC:C0:31:A8:4A:D6:84:27:20:D2:4A:F3:5C:25:4D:3E:81:B6:28
            X509v3 Authority Key Identifier:
                keyid:57:1C:B5:1C:BA:68:EB:7E:F9:86:7A:75:D1:7A:B2:80:18:19:6A:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vxy1HLpo6375hnp10XqygBgZaqE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/0szAMahK1oQnINJK81wlTT6Btig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/Vxy1HLpo6375hnp10XqygBgZaqE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.235.84.0/22
                  185.110.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1b:b7:96:df:4f:80:b0:0d:1e:9d:f5:d5:42:74:db:38:68:55:
         08:53:9e:d9:be:8b:96:87:2f:59:bd:7d:7b:50:0a:8b:37:c5:
         58:1b:90:fd:37:6e:74:d1:8e:5f:cc:ba:6d:fc:2c:d2:72:8d:
         34:86:39:3f:2f:8a:b4:64:f3:16:37:b3:5b:15:c5:1b:2d:f5:
         18:11:90:34:e0:37:9d:58:3d:16:c1:14:0e:be:56:7b:84:24:
         9e:3b:10:9a:f9:4f:37:12:ae:fd:82:8e:60:34:7e:b3:0c:a1:
         2c:56:3e:42:ba:dd:32:d3:8e:95:8a:1f:46:bb:13:3c:ef:c9:
         02:68:e0:ab:94:5a:f1:45:9a:35:83:ec:f2:a6:48:38:c5:54:
         3e:da:22:48:77:06:e5:a3:c6:20:5e:43:a7:31:08:5c:e7:3a:
         fc:32:e3:05:fd:a5:45:91:08:d0:8c:82:fb:a9:b4:6e:20:34:
         12:e4:19:6c:31:ed:41:67:95:81:57:e0:8e:47:f3:5c:5d:fd:
         a9:31:3f:31:53:86:34:68:53:1f:31:e3:da:a7:f7:e2:f4:fb:
         8d:2a:e7:45:ac:d9:46:22:e1:ae:9e:bd:7b:95:b9:55:8f:a3:
         e2:4c:82:e3:c3:23:e0:b5:ba:b6:36:dc:55:fe:bc:a2:7c:a0:
         35:90:b8:59
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5CPLtO/pMK7En8bxejC26bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MWNiNTFjYmE2OGViN2VmOTg2N2E3NWQxN2FiMjgwMTgx
OTZhYTEwHhcNMjYwNTE5MjE1NTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmNjYzAzMWE4NGFkNjg0MjcyMGQyNGFmMzVjMjU0ZDNlODFiNjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuDTIUqxJaFXTPW12d0/jbJBrDtpO
j+XKmlWuNAfAyRciUfy5XLKAM3xRLGTr9IujjsUEdWnY7x8i7RIhGVT5Yh0/oyLp
lbgG/W/uawW6i26kRYy07UuWydHG4cSCYXQApUUNlq77WQZ+T/WTx8TbvHTXU5L/
gXvcdDEe2l0NQEY9ILw6pR5RrxrWkm6mEoUeWvQKe4Hb8p54eokJQxukSceygA40
HmSGz0nGaevDP0Ze7/OXZl5oVQinBXmfppcLKEGcJqyKGK4vxI24E9sC+uVyur3E
PbWl7XG6PSjyh+Du5ZaKvv+OczRi3tg7k0htx7OgRfziQxNbx6lyao3vIQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNLMwDGoStaEJyDSSvNcJU0+gbYoMB8GA1UdIwQY
MBaAFFcctRy6aOt++YZ6ddF6soAYGWqhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnh5MUhMcG82Mzc1aG5wMTBYcXlnQmdaYXFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9iOGQyYTgtNTNhOS00MmMwLWI3Yzkt
ZGQ4NjI3NzRhMDkyLzEvMHN6QU1haEsxb1FuSU5KSzgxd2xUVDZCdGlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9iOGQyYTgtNTNhOS00MmMwLWI3YzktZGQ4NjI3NzRhMDky
LzEvVnh5MUhMcG82Mzc1aG5wMTBYcXlnQmdaYXFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW+tUAwQC
uW4IMA0GCSqGSIb3DQEBCwUAA4IBAQAbt5bfT4CwDR6d9dVCdNs4aFUIU57ZvouW
hy9ZvX17UAqLN8VYG5D9N2500Y5fzLpt/CzSco00hjk/L4q0ZPMWN7NbFcUbLfUY
EZA04DedWD0WwRQOvlZ7hCSeOxCa+U83Eq79go5gNH6zDKEsVj5Cut0y046Vih9G
uxM878kCaOCrlFrxRZo1g+zypkg4xVQ+2iJIdwblo8YgXkOnMQhc5zr8MuMF/aVF
kQjQjIL7qbRuIDQS5BlsMe1BZ5WBV+COR/NcXf2pMT8xU4Y0aFMfMePap/fi9PuN
KudFrNlGIuGunr17lblVj6PiTILjwyPgtbq2NtxV/ryifKA1kLhZ
-----END CERTIFICATE-----