Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/79aca9-51dd-4f22-b404-d53866e9186a/1/tc8DHwrpANZJAqmRBXBxCV3xfDQ.roa
File:                     tc8DHwrpANZJAqmRBXBxCV3xfDQ.roa (raw, json)
Hash identifier:          /HSEzwNzFaDBQVpi9xjFJo81xvhbu0eZ3IdAmabMsvo=
Subject key identifier:   B5:CF:03:1F:0A:E9:00:D6:49:02:A9:91:05:70:71:09:5D:F1:7C:34
Certificate issuer:       /CN=2d1172c1c73f971a9fb2e89b7917200c500ee407
Certificate serial:       01980E36CBACBD2EC1CCD06F5DE3A9771A97
Authority key identifier: 2D:11:72:C1:C7:3F:97:1A:9F:B2:E8:9B:79:17:20:0C:50:0E:E4:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LRFywcc_lxqfsuibeRcgDFAO5Ac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/79aca9-51dd-4f22-b404-d53866e9186a/1/tc8DHwrpANZJAqmRBXBxCV3xfDQ.roa
Signing time:             Tue 15 Jul 2025 13:12:08 +0000
ROA not before:           Tue 15 Jul 2025 13:12:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34984
IP address blocks:        93.93.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/79aca9-51dd-4f22-b404-d53866e9186a/1/LRFywcc_lxqfsuibeRcgDFAO5Ac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/79aca9-51dd-4f22-b404-d53866e9186a/1/LRFywcc_lxqfsuibeRcgDFAO5Ac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LRFywcc_lxqfsuibeRcgDFAO5Ac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 07:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:0e:36:cb:ac:bd:2e:c1:cc:d0:6f:5d:e3:a9:77:1a:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d1172c1c73f971a9fb2e89b7917200c500ee407
        Validity
            Not Before: Jul 15 13:12:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b5cf031f0ae900d64902a991057071095df17c34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:c2:5b:97:bb:d1:a3:6d:cc:70:3a:90:e9:e0:
                    7e:d8:36:5b:d7:7e:1a:7c:10:52:a3:9e:27:ad:0c:
                    75:10:d2:a5:70:64:e6:3e:a3:27:da:a4:e1:f9:33:
                    67:c2:34:73:99:f2:f0:81:e7:9b:6e:35:31:26:9f:
                    f5:da:78:6b:35:4c:39:91:2e:35:92:c4:9d:6f:81:
                    e6:63:23:96:16:02:b4:31:1b:e9:d0:fd:c1:14:6d:
                    40:58:d2:35:57:01:24:22:08:e7:4c:b0:d0:e7:20:
                    73:62:10:72:58:9f:fc:e8:21:a5:9f:22:be:e4:8f:
                    65:9b:27:e7:cc:a1:79:fc:73:8f:38:34:19:87:fe:
                    45:11:e9:0a:3f:4e:df:d1:f9:48:7a:8b:a1:c9:aa:
                    cb:e8:d4:3a:34:b4:ec:a0:99:2e:30:d1:10:1c:bc:
                    4d:8f:17:10:3d:67:43:9f:7b:04:bb:c6:73:59:47:
                    92:4b:de:7a:be:7e:07:da:72:e2:a6:41:30:a9:5c:
                    5a:3d:ca:e1:c2:53:7b:11:e9:8b:bf:8a:f6:a7:0d:
                    45:46:46:7d:89:d9:46:23:dc:98:2e:89:09:3c:2a:
                    a4:e7:34:64:84:54:67:bf:e4:fc:45:3a:b9:af:3b:
                    ac:75:cb:e9:7a:99:0b:1d:6b:95:fc:f9:0d:d5:56:
                    3a:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:CF:03:1F:0A:E9:00:D6:49:02:A9:91:05:70:71:09:5D:F1:7C:34
            X509v3 Authority Key Identifier:
                keyid:2D:11:72:C1:C7:3F:97:1A:9F:B2:E8:9B:79:17:20:0C:50:0E:E4:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LRFywcc_lxqfsuibeRcgDFAO5Ac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/79aca9-51dd-4f22-b404-d53866e9186a/1/tc8DHwrpANZJAqmRBXBxCV3xfDQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/79aca9-51dd-4f22-b404-d53866e9186a/1/LRFywcc_lxqfsuibeRcgDFAO5Ac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.93.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:60:ab:63:d0:16:00:2e:9b:b1:33:dc:05:fd:40:54:b2:56:
         fb:03:a5:85:70:7c:6c:6e:d6:08:2d:93:df:50:cd:3d:f4:f1:
         e2:ca:fd:8f:52:1b:b4:fa:bc:90:6f:3a:7f:3c:14:c0:19:ad:
         1d:73:60:e1:ca:eb:ea:1e:97:5f:60:68:8f:86:ec:02:bd:c7:
         9e:05:03:35:9e:55:e0:1f:59:40:74:ad:7c:5d:fe:78:9a:29:
         41:4e:e5:41:17:c6:26:71:3e:56:ba:6b:d0:f4:99:de:29:5b:
         f2:a9:e5:4f:52:97:d7:61:30:5a:0c:22:71:ef:7f:c3:b3:10:
         a8:71:fd:1f:51:9f:8e:89:d7:0b:b3:26:34:d3:18:c9:54:58:
         2e:0d:30:ec:2c:8e:b1:1c:cb:40:32:26:d9:9c:12:f8:2e:67:
         22:c1:3f:d2:46:fe:00:8f:f8:0e:10:e5:64:23:a2:4e:62:f7:
         b4:19:b7:f6:8f:89:83:82:0b:75:55:5d:c9:7e:50:9f:4e:53:
         1f:d4:c7:8b:54:7d:ae:d1:99:72:d5:8e:a3:ef:ec:7e:80:be:
         dd:e8:60:59:6f:47:80:1c:22:07:ee:29:ce:05:b4:a5:17:8a:
         20:a1:ce:88:e0:e1:5e:3c:31:70:e0:2a:60:b9:ac:90:e9:6d:
         82:f1:8f:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgONsusvS7BzNBvXeOpdxqXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMTE3MmMxYzczZjk3MWE5ZmIyZTg5Yjc5MTcyMDBjNTAw
ZWU0MDcwHhcNMjUwNzE1MTMxMjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWNmMDMxZjBhZTkwMGQ2NDkwMmE5OTEwNTcwNzEwOTVkZjE3YzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqsJbl7vRo23McDqQ6eB+2DZb134a
fBBSo54nrQx1ENKlcGTmPqMn2qTh+TNnwjRzmfLwgeebbjUxJp/12nhrNUw5kS41
ksSdb4HmYyOWFgK0MRvp0P3BFG1AWNI1VwEkIgjnTLDQ5yBzYhByWJ/86CGlnyK+
5I9lmyfnzKF5/HOPODQZh/5FEekKP07f0flIeouhyarL6NQ6NLTsoJkuMNEQHLxN
jxcQPWdDn3sEu8ZzWUeSS956vn4H2nLipkEwqVxaPcrhwlN7EemLv4r2pw1FRkZ9
idlGI9yYLokJPCqk5zRkhFRnv+T8RTq5rzusdcvpepkLHWuV/PkN1VY6xwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLXPAx8K6QDWSQKpkQVwcQld8Xw0MB8GA1UdIwQY
MBaAFC0RcsHHP5can7Lom3kXIAxQDuQHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFJGeXdjY19seHFmc3VpYmVSY2dERkFPNUFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS83OWFjYTktNTFkZC00ZjIyLWI0MDQt
ZDUzODY2ZTkxODZhLzEvdGM4REh3cnBBTlpKQXFtUkJYQnhDVjN4ZkRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS83OWFjYTktNTFkZC00ZjIyLWI0MDQtZDUzODY2ZTkxODZh
LzEvTFJGeXdjY19seHFmc3VpYmVSY2dERkFPNUFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXV1oMA0G
CSqGSIb3DQEBCwUAA4IBAQB7YKtj0BYALpuxM9wF/UBUslb7A6WFcHxsbtYILZPf
UM099PHiyv2PUhu0+ryQbzp/PBTAGa0dc2DhyuvqHpdfYGiPhuwCvceeBQM1nlXg
H1lAdK18Xf54milBTuVBF8YmcT5WumvQ9JneKVvyqeVPUpfXYTBaDCJx73/DsxCo
cf0fUZ+OidcLsyY00xjJVFguDTDsLI6xHMtAMibZnBL4LmciwT/SRv4Aj/gOEOVk
I6JOYve0Gbf2j4mDggt1VV3JflCfTlMf1MeLVH2u0Zly1Y6j7+x+gL7d6GBZb0eA
HCIH7inOBbSlF4ogoc6I4OFePDFw4CpguayQ6W2C8Y+X
-----END CERTIFICATE-----