Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/fsHuysT-Xwu71zHKwdrxBj4WhvQ.roa
File:                     fsHuysT-Xwu71zHKwdrxBj4WhvQ.roa (raw, json)
Hash identifier:          Mcmmjkdq/59vyj6uxWPXhPh7fNRBP6k5Mj1t7WF5Bxc=
Subject key identifier:   7E:C1:EE:CA:C4:FE:5F:0B:BB:D7:31:CA:C1:DA:F1:06:3E:16:86:F4
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019DF1C0142E4621004FD9D01A12C7AEE813
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/fsHuysT-Xwu71zHKwdrxBj4WhvQ.roa
Signing time:             Mon 04 May 2026 06:49:50 +0000
ROA not before:           Mon 04 May 2026 06:49:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201002
IP address blocks:        193.8.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 May 2026 14:07:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f1:c0:14:2e:46:21:00:4f:d9:d0:1a:12:c7:ae:e8:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: May  4 06:49:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7ec1eecac4fe5f0bbbd731cac1daf1063e1686f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:2e:ba:66:25:d7:e0:e7:8f:b9:d9:c9:97:93:
                    af:01:ab:b7:aa:32:d5:66:0d:13:ec:7a:f2:61:b6:
                    dc:fd:66:85:b3:d2:da:53:fd:b1:c5:37:31:c4:e5:
                    a7:bc:55:1b:e3:1c:db:c3:d6:02:0d:00:75:a8:6d:
                    b7:bd:14:36:42:40:6e:d2:3e:82:c0:d6:f0:6e:88:
                    1b:93:7c:4b:e5:db:2e:cc:47:ec:1b:c3:6d:24:0d:
                    58:0d:31:92:11:4b:dc:f7:a5:fe:f0:18:bc:35:43:
                    21:83:d9:8c:7d:c9:42:c7:16:91:dc:50:64:d9:45:
                    e6:c0:e3:06:f0:c2:e6:df:42:a1:9e:e9:b4:73:39:
                    71:11:af:c9:b6:6d:c0:4a:36:a6:ac:eb:85:aa:b8:
                    7a:62:9b:33:0e:ec:cd:6e:af:8e:35:f8:f0:24:bd:
                    20:b8:6c:c5:9d:2d:bb:e9:38:8b:e4:b7:e9:95:fc:
                    e5:3b:24:c6:6e:12:6d:3e:a6:2c:97:53:00:1b:16:
                    6e:e6:4e:87:40:5c:c5:ca:65:0b:b5:af:f7:c4:f1:
                    92:28:98:80:7e:d2:e5:97:92:a9:2e:05:41:14:cd:
                    f6:ef:7d:45:53:93:1d:ea:7d:e5:17:73:18:ca:3c:
                    44:40:55:8f:9c:ab:c9:1e:fc:de:1c:0e:86:62:74:
                    ce:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:C1:EE:CA:C4:FE:5F:0B:BB:D7:31:CA:C1:DA:F1:06:3E:16:86:F4
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/fsHuysT-Xwu71zHKwdrxBj4WhvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:f2:5c:f8:64:1c:ef:4b:72:20:5b:ce:d6:73:3c:6f:1f:c2:
         89:8f:f0:b2:fa:2f:83:e8:ac:cb:fe:9f:9e:94:e8:0a:b4:60:
         d1:88:22:f9:53:2f:07:60:f3:f3:9a:be:bd:98:a9:b4:a1:6f:
         47:12:6a:b9:b0:e5:41:98:57:fd:8c:b5:2b:11:95:35:86:12:
         7e:1a:11:a6:81:27:8f:1d:b9:2f:e9:3c:01:a6:34:0f:69:a9:
         d7:fe:79:f7:30:74:7c:d9:49:37:58:b9:fd:5c:e9:81:04:41:
         40:d7:87:ba:8a:ed:a5:e9:b0:a2:60:10:22:7b:b9:cf:09:7b:
         a8:86:40:77:b4:37:f4:19:53:25:a6:be:78:b7:7b:2d:b4:58:
         94:a4:4a:8c:7e:06:4f:44:f0:ad:df:a5:f8:ed:6c:cb:f4:f1:
         83:fd:2b:06:65:2b:f8:65:18:52:6f:b4:1b:08:0b:f6:79:5e:
         b5:aa:fe:de:56:8c:ab:24:04:a2:25:e8:79:7d:f4:01:54:54:
         fb:7c:f4:02:46:13:5d:75:8e:05:df:82:48:2e:4e:25:36:d2:
         76:c1:55:ff:89:29:4f:3f:54:4b:ba:08:21:d5:fa:df:8c:53:
         5f:20:27:27:f8:c4:24:7e:2c:f9:2f:f8:0b:0e:a5:1e:10:d5:
         23:7c:42:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3xwBQuRiEAT9nQGhLHrugTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjYwNTA0MDY0OTUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWMxZWVjYWM0ZmU1ZjBiYmJkNzMxY2FjMWRhZjEwNjNlMTY4NmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqC66ZiXX4OePudnJl5OvAau3qjLV
Zg0T7HryYbbc/WaFs9LaU/2xxTcxxOWnvFUb4xzbw9YCDQB1qG23vRQ2QkBu0j6C
wNbwbogbk3xL5dsuzEfsG8NtJA1YDTGSEUvc96X+8Bi8NUMhg9mMfclCxxaR3FBk
2UXmwOMG8MLm30Khnum0czlxEa/Jtm3ASjamrOuFqrh6YpszDuzNbq+ONfjwJL0g
uGzFnS276TiL5LfplfzlOyTGbhJtPqYsl1MAGxZu5k6HQFzFymULta/3xPGSKJiA
ftLll5KpLgVBFM32731FU5Md6n3lF3MYyjxEQFWPnKvJHvzeHA6GYnTOxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH7B7srE/l8Lu9cxysHa8QY+Fob0MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvZnNIdXlzVC1Yd3U3MXpIS3dkcnhCajRXaHZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQi6MA0G
CSqGSIb3DQEBCwUAA4IBAQBn8lz4ZBzvS3IgW87WczxvH8KJj/Cy+i+D6KzL/p+e
lOgKtGDRiCL5Uy8HYPPzmr69mKm0oW9HEmq5sOVBmFf9jLUrEZU1hhJ+GhGmgSeP
Hbkv6TwBpjQPaanX/nn3MHR82Uk3WLn9XOmBBEFA14e6iu2l6bCiYBAie7nPCXuo
hkB3tDf0GVMlpr54t3sttFiUpEqMfgZPRPCt36X47WzL9PGD/SsGZSv4ZRhSb7Qb
CAv2eV61qv7eVoyrJASiJeh5ffQBVFT7fPQCRhNddY4F34JILk4lNtJ2wVX/iSlP
P1RLuggh1frfjFNfICcn+MQkfiz5L/gLDqUeENUjfEL/
-----END CERTIFICATE-----