Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/0bXwc8soxR3hEtgwnrJbe4-IENY.roa
File:                     0bXwc8soxR3hEtgwnrJbe4-IENY.roa (raw, json)
Hash identifier:          Q9HvUSntmXKYW9r/nVZnHS+U+9jgBja4OU5nob8v4xo=
Subject key identifier:   D1:B5:F0:73:CB:28:C5:1D:E1:12:D8:30:9E:B2:5B:7B:8F:88:10:D6
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019E73E2DC53D643748764A1B0B8E4527BE1
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/0bXwc8soxR3hEtgwnrJbe4-IENY.roa
Signing time:             Fri 29 May 2026 13:18:27 +0000
ROA not before:           Fri 29 May 2026 13:18:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206378
IP address blocks:        193.8.187.0/24 maxlen: 24
                          194.113.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 30 May 2026 13:18:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:73:e2:dc:53:d6:43:74:87:64:a1:b0:b8:e4:52:7b:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: May 29 13:18:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d1b5f073cb28c51de112d8309eb25b7b8f8810d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:80:ea:f1:8a:db:f6:a4:90:44:7e:54:eb:a1:
                    76:10:96:7f:61:42:b1:2c:a2:8a:1e:ca:be:78:35:
                    56:bb:38:0d:58:f1:a8:c5:9a:ce:c2:21:ec:88:fd:
                    ce:ad:51:61:e6:fb:37:5b:d7:3b:9a:a2:94:24:16:
                    33:68:e1:91:7a:62:71:c9:23:10:fa:a3:2a:9f:cb:
                    d3:46:d8:3f:bc:48:5a:83:17:7d:4c:80:4c:7d:d3:
                    38:83:21:b8:3e:24:a0:65:de:be:06:b6:23:d0:8c:
                    04:72:85:e1:29:21:60:bf:c8:dd:c4:44:03:6f:f6:
                    c0:1d:56:0e:a6:a8:a6:ff:af:b3:c0:8f:7e:3c:45:
                    a3:92:3d:cd:e0:80:2c:2b:aa:01:64:fe:bb:35:77:
                    7d:45:63:e1:92:7a:25:57:c7:3c:f5:8b:99:57:5f:
                    c9:fa:e0:b3:e4:21:b8:20:25:de:88:91:4a:a7:a8:
                    86:fe:b5:b1:97:df:71:d4:b5:4e:b8:ef:46:fb:2f:
                    e8:98:ba:3f:68:33:92:bb:29:8a:64:5b:d9:f5:53:
                    ed:25:74:76:96:89:f5:57:0d:e1:b2:40:47:28:40:
                    56:35:93:10:56:06:e7:be:af:e5:b7:38:c9:92:e2:
                    61:ea:38:ce:ec:74:0b:53:9a:8b:bf:6b:95:da:84:
                    95:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:B5:F0:73:CB:28:C5:1D:E1:12:D8:30:9E:B2:5B:7B:8F:88:10:D6
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/0bXwc8soxR3hEtgwnrJbe4-IENY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.187.0/24
                  194.113.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:f8:c2:6c:92:24:9b:6e:0c:17:5b:d9:0e:85:6b:b5:c6:1b:
         df:dc:7d:9a:d3:56:61:69:96:35:f3:c8:44:65:38:d0:2d:22:
         b3:de:1b:89:f0:bf:9b:3d:5a:fd:5d:7b:9e:dc:ba:0c:66:b3:
         f5:d4:0f:75:0d:00:bf:b3:fc:b9:e7:bc:d7:ff:9e:d7:73:f0:
         cc:21:81:f3:8c:54:e0:51:ba:ef:cd:cf:bb:11:cc:34:96:83:
         ce:08:e1:25:1f:6d:ca:74:a8:7f:ae:f1:04:ff:a6:94:38:bf:
         fb:91:26:02:63:b8:b6:d5:0c:23:2b:b6:c2:8a:5f:e4:0e:88:
         78:81:5a:6e:23:61:f2:cb:1d:fe:6a:aa:43:7d:64:c0:5c:8e:
         67:6a:31:9b:9e:54:79:88:10:cf:7f:08:b4:cb:1b:fa:88:f4:
         74:a8:b0:ec:36:2c:63:f1:46:1e:2e:70:6a:e3:b7:5e:9b:64:
         ce:0d:ff:8a:42:9b:31:8f:b4:0b:7c:00:5b:ee:d8:d2:46:5c:
         be:48:0d:72:42:06:17:9f:d2:99:2c:aa:b3:6d:d9:aa:b3:27:
         15:30:45:49:a6:ee:0e:23:ff:8b:24:e4:4e:53:e6:42:39:93:
         cd:bc:b6:06:21:49:72:e7:2d:af:23:6f:a4:8c:a2:f3:45:5c:
         61:63:50:17
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5z4txT1kN0h2ShsLjkUnvhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjYwNTI5MTMxODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWI1ZjA3M2NiMjhjNTFkZTExMmQ4MzA5ZWIyNWI3YjhmODgxMGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuIDq8Yrb9qSQRH5U66F2EJZ/YUKx
LKKKHsq+eDVWuzgNWPGoxZrOwiHsiP3OrVFh5vs3W9c7mqKUJBYzaOGRemJxySMQ
+qMqn8vTRtg/vEhagxd9TIBMfdM4gyG4PiSgZd6+BrYj0IwEcoXhKSFgv8jdxEQD
b/bAHVYOpqim/6+zwI9+PEWjkj3N4IAsK6oBZP67NXd9RWPhknolV8c89YuZV1/J
+uCz5CG4ICXeiJFKp6iG/rWxl99x1LVOuO9G+y/omLo/aDOSuymKZFvZ9VPtJXR2
lon1Vw3hskBHKEBWNZMQVgbnvq/ltzjJkuJh6jjO7HQLU5qLv2uV2oSV2wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNG18HPLKMUd4RLYMJ6yW3uPiBDWMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMGJYd2M4c294UjNoRXRnd25ySmJlNC1JRU5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwQi7AwQA
wnEnMA0GCSqGSIb3DQEBCwUAA4IBAQCN+MJskiSbbgwXW9kOhWu1xhvf3H2a01Zh
aZY188hEZTjQLSKz3huJ8L+bPVr9XXue3LoMZrP11A91DQC/s/y557zX/57Xc/DM
IYHzjFTgUbrvzc+7Ecw0loPOCOElH23KdKh/rvEE/6aUOL/7kSYCY7i21QwjK7bC
il/kDoh4gVpuI2Hyyx3+aqpDfWTAXI5najGbnlR5iBDPfwi0yxv6iPR0qLDsNixj
8UYeLnBq47dem2TODf+KQpsxj7QLfABb7tjSRly+SA1yQgYXn9KZLKqzbdmqsycV
MEVJpu4OI/+LJOROU+ZCOZPNvLYGIUly5y2vI2+kjKLzRVxhY1AX
-----END CERTIFICATE-----