Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/k7liMI-mVHSTMRDvMrSZL-jxCbM.roa
File:                     k7liMI-mVHSTMRDvMrSZL-jxCbM.roa (raw, json)
Hash identifier:          xZlOE0QNFIw75v5pKjN9RWbBa25oUalqrJpJqiZC2ck=
Subject key identifier:   93:B9:62:30:8F:A6:54:74:93:31:10:EF:32:B4:99:2F:E8:F1:09:B3
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       019E84EB98F60433EDA61DD5A47C461CDBF1
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/k7liMI-mVHSTMRDvMrSZL-jxCbM.roa
Signing time:             Mon 01 Jun 2026 20:41:32 +0000
ROA not before:           Mon 01 Jun 2026 20:41:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1299
IP address blocks:        194.39.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:84:eb:98:f6:04:33:ed:a6:1d:d5:a4:7c:46:1c:db:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Jun  1 20:41:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=93b962308fa65474933110ef32b4992fe8f109b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:aa:fc:ee:84:0c:34:8e:e6:13:20:ca:da:c9:
                    5f:a6:64:e5:ac:dd:7a:e2:0d:ee:b6:a8:2b:67:0b:
                    79:21:67:8a:7b:9f:b2:db:18:e5:bf:3e:48:69:c6:
                    e0:a1:62:6d:5d:fd:ef:ba:bf:ee:c4:8e:37:dd:63:
                    e6:e6:6d:d6:05:c6:14:2c:6c:83:91:11:5a:eb:1a:
                    90:8c:27:09:d8:10:00:e1:74:5c:75:e0:4a:0b:56:
                    67:02:f8:62:9b:bf:18:4b:d6:09:79:cf:c5:99:33:
                    ab:b9:64:97:b3:7b:62:f7:9d:2f:76:23:5d:05:81:
                    52:3a:17:5a:85:b1:f6:3d:6e:0e:c9:37:ae:d7:4d:
                    35:39:fd:d9:ae:e1:6a:0d:37:d7:94:21:60:e5:dc:
                    43:4c:bd:e7:6f:18:c8:ed:4a:bc:af:91:0a:47:c3:
                    ed:e4:46:d6:14:c8:09:16:3f:72:9c:ef:3f:f6:8f:
                    40:1d:cf:8f:60:de:25:fb:52:c5:0f:65:ce:81:a3:
                    1f:75:ac:b8:9d:09:78:64:8c:07:05:e0:1a:d3:9f:
                    df:ca:3b:6c:bc:82:19:b0:eb:9f:5c:77:a0:ca:e2:
                    ef:e7:c1:75:52:48:53:3c:45:5e:80:64:d0:49:b0:
                    7b:75:a9:8d:6f:cc:6a:54:bd:bd:77:63:85:10:b6:
                    f6:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:B9:62:30:8F:A6:54:74:93:31:10:EF:32:B4:99:2F:E8:F1:09:B3
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/k7liMI-mVHSTMRDvMrSZL-jxCbM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.39.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:73:e2:36:94:fb:4c:8e:5e:66:a9:6a:4e:43:eb:48:a3:11:
         a9:e6:af:83:c6:c4:2c:8d:30:cd:74:77:01:72:a0:2e:02:4b:
         92:ea:c2:ed:c6:c2:fa:e9:5e:c8:fd:4a:9b:b9:7b:45:ec:a3:
         dd:d1:c3:fa:63:42:04:12:78:6d:d7:7e:fa:60:c0:03:14:74:
         7e:8d:2e:3b:3a:b5:f0:cd:54:9b:5b:ff:fc:a7:c3:31:55:e4:
         61:ff:59:67:2c:95:49:a7:f0:1b:4d:94:a8:0e:be:e7:04:25:
         37:fb:a2:41:7f:e3:4e:31:81:fa:58:52:2e:96:2b:a1:f3:8b:
         55:61:8e:ed:46:88:ef:b9:ab:67:26:b9:42:48:1c:c6:ce:0c:
         10:71:c4:1d:e1:da:63:f2:07:76:34:99:0a:bd:d5:bf:4f:25:
         92:68:e7:4f:be:d1:57:de:d2:29:aa:9a:f7:2b:a6:d8:44:cd:
         74:82:97:46:b7:53:4a:86:23:f5:08:49:f5:af:20:07:96:59:
         d4:2c:4b:9a:25:d1:f0:a0:bd:dd:c0:10:6f:64:96:83:c5:4a:
         2e:d8:b3:e9:56:4a:28:78:55:9d:cd:5d:c8:c1:84:43:bc:b8:
         d3:80:dd:01:fb:60:f1:bb:31:3c:6d:0c:2b:60:16:7a:b3:f9:
         a2:34:2d:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6E65j2BDPtph3VpHxGHNvxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjYwNjAxMjA0MTMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2I5NjIzMDhmYTY1NDc0OTMzMTEwZWYzMmI0OTkyZmU4ZjEwOWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ar87oQMNI7mEyDK2slfpmTlrN16
4g3utqgrZwt5IWeKe5+y2xjlvz5IacbgoWJtXf3vur/uxI433WPm5m3WBcYULGyD
kRFa6xqQjCcJ2BAA4XRcdeBKC1ZnAvhim78YS9YJec/FmTOruWSXs3ti950vdiNd
BYFSOhdahbH2PW4OyTeu1001Of3ZruFqDTfXlCFg5dxDTL3nbxjI7Uq8r5EKR8Pt
5EbWFMgJFj9ynO8/9o9AHc+PYN4l+1LFD2XOgaMfday4nQl4ZIwHBeAa05/fyjts
vIIZsOufXHegyuLv58F1UkhTPEVegGTQSbB7damNb8xqVL29d2OFELb2HwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJO5YjCPplR0kzEQ7zK0mS/o8QmzMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvazdsaU1JLW1WSFNUTVJEdk1yU1pMLWp4Q2JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwifYMA0G
CSqGSIb3DQEBCwUAA4IBAQA5c+I2lPtMjl5mqWpOQ+tIoxGp5q+DxsQsjTDNdHcB
cqAuAkuS6sLtxsL66V7I/UqbuXtF7KPd0cP6Y0IEEnht1376YMADFHR+jS47OrXw
zVSbW//8p8MxVeRh/1lnLJVJp/AbTZSoDr7nBCU3+6JBf+NOMYH6WFIuliuh84tV
YY7tRojvuatnJrlCSBzGzgwQccQd4dpj8gd2NJkKvdW/TyWSaOdPvtFX3tIpqpr3
K6bYRM10gpdGt1NKhiP1CEn1ryAHllnULEuaJdHwoL3dwBBvZJaDxUou2LPpVkoo
eFWdzV3IwYRDvLjTgN0B+2DxuzE8bQwrYBZ6s/miNC1m
-----END CERTIFICATE-----