Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/d2890PaygR0MS5u8p7dH6H66pb4.roa
File:                     d2890PaygR0MS5u8p7dH6H66pb4.roa (raw, json)
Hash identifier:          HhGnLAPS8EnA/7AkwrL0JfpWX2Nt+s9/OgXKlvI6K0o=
Subject key identifier:   77:6F:3D:D0:F6:B2:81:1D:0C:4B:9B:BC:A7:B7:47:E8:7E:BA:A5:BE
Certificate issuer:       /CN=23e3d92bfe16619ca500c03267effa9aa7ca0c47
Certificate serial:       019E2A2214CF414F574105CB29CD18A2052F
Authority key identifier: 23:E3:D9:2B:FE:16:61:9C:A5:00:C0:32:67:EF:FA:9A:A7:CA:0C:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I-PZK_4WYZylAMAyZ-_6mqfKDEc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/d2890PaygR0MS5u8p7dH6H66pb4.roa
Signing time:             Fri 15 May 2026 05:35:37 +0000
ROA not before:           Fri 15 May 2026 05:35:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51369
IP address blocks:        82.194.244.0/22 maxlen: 24
                          89.188.167.0/24 maxlen: 24
                          89.188.176.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/I-PZK_4WYZylAMAyZ-_6mqfKDEc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/I-PZK_4WYZylAMAyZ-_6mqfKDEc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I-PZK_4WYZylAMAyZ-_6mqfKDEc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2a:22:14:cf:41:4f:57:41:05:cb:29:cd:18:a2:05:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23e3d92bfe16619ca500c03267effa9aa7ca0c47
        Validity
            Not Before: May 15 05:35:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=776f3dd0f6b2811d0c4b9bbca7b747e87ebaa5be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:9d:07:39:b5:ec:36:dd:b2:5a:6f:ea:07:37:
                    9f:5b:38:c0:13:d8:5c:25:c4:3f:8b:20:53:49:12:
                    75:97:ab:63:39:48:50:f0:06:3c:86:f0:d3:9e:56:
                    18:cc:c9:9f:02:8a:fc:1b:75:39:3b:9f:cc:47:28:
                    ef:06:ea:37:f4:62:0b:d2:83:17:cc:ff:07:19:d3:
                    fa:3a:13:83:6f:e2:b6:71:9f:72:4b:e0:c4:88:cd:
                    34:5a:93:95:b8:bb:a3:f8:2e:90:66:5f:34:b1:b4:
                    65:30:b9:d5:4b:4a:38:e8:f6:02:c4:9f:80:13:57:
                    51:a2:9f:17:9f:e1:a6:74:16:f2:81:5a:47:02:47:
                    07:77:87:e5:f4:c4:3b:89:c3:72:1c:16:e7:19:0c:
                    9e:8f:37:77:e1:85:90:e6:94:76:ca:70:5e:9d:fe:
                    93:6e:3c:60:c2:06:82:d5:ad:fa:84:c4:90:ce:d4:
                    a3:6a:be:1c:cc:64:75:29:27:30:53:0e:b5:57:6c:
                    b4:c5:a8:50:e4:d4:bb:32:1e:6d:48:d7:e6:e4:39:
                    e2:76:af:27:9a:f0:08:f8:9b:36:cf:e2:67:bd:fa:
                    c6:ea:ee:51:48:f2:6a:95:a4:f3:26:9e:3d:ee:bb:
                    4b:97:e9:2d:37:73:f7:81:47:7b:a6:1e:2f:4b:d5:
                    df:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:6F:3D:D0:F6:B2:81:1D:0C:4B:9B:BC:A7:B7:47:E8:7E:BA:A5:BE
            X509v3 Authority Key Identifier:
                keyid:23:E3:D9:2B:FE:16:61:9C:A5:00:C0:32:67:EF:FA:9A:A7:CA:0C:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I-PZK_4WYZylAMAyZ-_6mqfKDEc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/d2890PaygR0MS5u8p7dH6H66pb4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/I-PZK_4WYZylAMAyZ-_6mqfKDEc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.194.244.0/22
                  89.188.167.0/24
                  89.188.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         41:80:42:3b:aa:09:1a:86:d0:a5:5e:95:27:18:af:d5:92:49:
         de:9a:b9:bf:46:f1:2e:bb:38:0c:28:9f:e5:a0:eb:9c:24:6a:
         31:1a:ce:46:65:91:09:a6:4f:a3:ad:44:75:48:ba:7b:c4:10:
         e5:42:d1:64:9e:bd:25:da:f7:69:96:a2:e6:18:a2:7b:34:4a:
         41:c4:02:47:91:13:e6:53:74:6d:28:e7:d5:b9:44:21:5d:42:
         7f:73:22:0b:e5:2a:c8:9a:71:db:f7:e9:8c:56:69:dd:e6:42:
         c4:04:ab:10:24:90:d4:86:ce:69:fd:4b:93:ae:36:9d:3c:5c:
         fc:ac:70:43:7c:c4:84:eb:a2:b8:2b:5d:3a:16:83:80:e3:d3:
         a4:e2:6d:40:bd:42:55:33:3d:ee:ba:f2:5f:77:ff:e4:42:36:
         b7:d1:1b:e8:97:29:da:4a:46:36:95:d8:8d:f8:da:3b:55:ef:
         a2:f0:cf:30:b9:53:bb:3d:45:64:28:23:aa:02:b4:34:d8:d0:
         7f:b5:85:73:6c:c2:4d:07:81:9d:24:f2:83:15:0d:e5:95:8b:
         9e:69:64:36:ba:45:96:05:95:b8:dd:e5:f2:e3:95:ad:d5:3f:
         6f:8b:2d:92:8a:1c:4f:c4:19:4e:6e:c3:63:3e:61:52:92:f1:
         b7:e2:5e:ff
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ4qIhTPQU9XQQXLKc0YogUvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzZTNkOTJiZmUxNjYxOWNhNTAwYzAzMjY3ZWZmYTlhYTdj
YTBjNDcwHhcNMjYwNTE1MDUzNTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzZmM2RkMGY2YjI4MTFkMGM0YjliYmNhN2I3NDdlODdlYmFhNWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6p0HObXsNt2yWm/qBzefWzjAE9hc
JcQ/iyBTSRJ1l6tjOUhQ8AY8hvDTnlYYzMmfAor8G3U5O5/MRyjvBuo39GIL0oMX
zP8HGdP6OhODb+K2cZ9yS+DEiM00WpOVuLuj+C6QZl80sbRlMLnVS0o46PYCxJ+A
E1dRop8Xn+GmdBbygVpHAkcHd4fl9MQ7icNyHBbnGQyejzd34YWQ5pR2ynBenf6T
bjxgwgaC1a36hMSQztSjar4czGR1KScwUw61V2y0xahQ5NS7Mh5tSNfm5Dnidq8n
mvAI+Js2z+JnvfrG6u5RSPJqlaTzJp497rtLl+ktN3P3gUd7ph4vS9XflwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHdvPdD2soEdDEubvKe3R+h+uqW+MB8GA1UdIwQY
MBaAFCPj2Sv+FmGcpQDAMmfv+pqnygxHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSS1QWktfNFdZWnlsQU1BeVotXzZtcWZLREVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85YzJjOTAtYzdkNC00OGI3LTliYWYt
ZjFiZjBjMzNhOTA4LzEvZDI4OTBQYXlnUjBNUzV1OHA3ZEg2SDY2cGI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85YzJjOTAtYzdkNC00OGI3LTliYWYtZjFiZjBjMzNhOTA4
LzEvSS1QWktfNFdZWnlsQU1BeVotXzZtcWZLREVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCUsL0AwQA
WbynAwQCWbywMA0GCSqGSIb3DQEBCwUAA4IBAQBBgEI7qgkahtClXpUnGK/Vkkne
mrm/RvEuuzgMKJ/loOucJGoxGs5GZZEJpk+jrUR1SLp7xBDlQtFknr0l2vdplqLm
GKJ7NEpBxAJHkRPmU3RtKOfVuUQhXUJ/cyIL5SrImnHb9+mMVmnd5kLEBKsQJJDU
hs5p/UuTrjadPFz8rHBDfMSE66K4K106FoOA49Ok4m1AvUJVMz3uuvJfd//kQja3
0RvolynaSkY2ldiN+No7Ve+i8M8wuVO7PUVkKCOqArQ02NB/tYVzbMJNB4GdJPKD
FQ3llYueaWQ2ukWWBZW43eXy45Wt1T9viy2SihxPxBlObsNjPmFSkvG34l7/
-----END CERTIFICATE-----