Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/jJXaRbZWnD0HSKTA9XlCvO1Db2A.roa
File:                     jJXaRbZWnD0HSKTA9XlCvO1Db2A.roa (raw, json)
Hash identifier:          e99hplHynXdKTtO6efhigN2lpFvsW5DYhCdYczLYo3o=
Subject key identifier:   8C:95:DA:45:B6:56:9C:3D:07:48:A4:C0:F5:79:42:BC:ED:43:6F:60
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019E474F93F63B79FC3AEE4ABE89163A78A0
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/jJXaRbZWnD0HSKTA9XlCvO1Db2A.roa
Signing time:             Wed 20 May 2026 21:34:18 +0000
ROA not before:           Wed 20 May 2026 21:34:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     399955
IP address blocks:        193.233.108.0/22 maxlen: 22
                          193.233.116.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 May 2026 21:34:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:47:4f:93:f6:3b:79:fc:3a:ee:4a:be:89:16:3a:78:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: May 20 21:34:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8c95da45b6569c3d0748a4c0f57942bced436f60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:d9:34:4d:f4:db:35:bd:62:de:ee:5b:ed:48:
                    93:47:f9:ae:f9:cc:6c:52:0a:99:96:e6:b7:b9:ad:
                    b2:ec:e8:e4:6a:d8:0e:c6:8e:bd:04:12:0b:1c:3a:
                    05:1b:ec:3d:43:03:09:a1:a6:7e:e0:12:2f:f8:e9:
                    35:0c:af:66:44:87:92:46:a1:14:7e:ff:64:fd:e1:
                    26:88:70:dd:12:d7:56:c3:fa:c1:6b:ee:c6:12:f9:
                    28:af:e9:4a:fc:19:38:e1:b2:21:d8:8e:00:95:c2:
                    07:6e:ee:03:fa:5e:4b:ab:79:ad:d9:ee:44:35:ed:
                    ef:7d:9c:b6:c9:89:6c:bd:3f:7f:bb:4b:25:60:9f:
                    78:77:c1:72:b1:8f:fd:48:17:8c:3f:a8:17:4d:1c:
                    bf:6f:48:f5:ca:66:6d:7f:34:82:eb:85:43:bc:d7:
                    85:39:cf:d5:21:d5:9c:09:05:c2:eb:5f:90:ca:8f:
                    5a:f7:db:9f:db:76:60:3e:2b:23:87:97:1a:d3:5a:
                    c3:09:c4:cd:fe:c8:a4:2d:64:7a:73:f4:d4:23:68:
                    e5:e2:96:cd:ba:ee:c5:90:d5:da:85:ca:4d:c0:42:
                    2e:74:4f:e2:e5:a9:0f:6c:d6:0f:a5:61:6a:42:d5:
                    b5:9d:25:eb:e6:4d:71:e0:ed:47:81:6f:4c:31:91:
                    32:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:95:DA:45:B6:56:9C:3D:07:48:A4:C0:F5:79:42:BC:ED:43:6F:60
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/jJXaRbZWnD0HSKTA9XlCvO1Db2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.108.0/22
                  193.233.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4d:0b:11:82:cf:5c:3f:89:05:c5:63:28:c5:3f:e5:27:e4:fc:
         2d:80:a0:2b:5b:46:36:87:5e:bc:a4:fd:5b:5a:52:2b:e3:64:
         d1:9f:ea:c9:78:a1:fb:97:13:1b:a8:bd:01:e8:4a:4f:32:21:
         86:d3:a9:a9:23:4d:8d:d3:23:b8:9a:48:a3:ad:72:89:80:e0:
         9f:45:75:ac:b3:55:c2:41:b7:e5:a3:7b:8b:b3:5a:40:38:c3:
         0c:dc:b7:f0:32:a1:2a:4f:49:f5:40:03:08:5a:5f:d1:71:68:
         f9:5a:16:5d:92:09:24:14:78:eb:13:21:40:a2:89:31:be:67:
         c2:97:a4:11:00:86:cb:43:55:ab:0e:e7:ad:20:b6:36:83:d7:
         3d:f2:f0:ec:c3:47:44:c1:d4:15:73:42:b2:b6:4c:2b:5f:e6:
         f0:af:ea:5c:a6:11:6e:0d:f5:c1:5d:ff:d2:66:e8:6d:5e:6e:
         20:7b:5e:26:51:e5:b9:81:26:42:c5:3b:50:d7:71:5e:e8:93:
         91:fd:c6:59:09:7b:c0:3b:cb:59:09:69:a9:d6:24:bd:c6:f6:
         ed:a9:db:bd:59:85:9b:0f:ef:55:bc:55:ce:61:d4:78:45:37:
         57:90:a7:83:27:dc:d7:12:e6:fe:ee:22:d3:29:a3:f8:6f:66:
         e6:16:5a:3d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5HT5P2O3n8Ou5KvokWOnigMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjYwNTIwMjEzNDE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Yzk1ZGE0NWI2NTY5YzNkMDc0OGE0YzBmNTc5NDJiY2VkNDM2ZjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAndk0TfTbNb1i3u5b7UiTR/mu+cxs
UgqZlua3ua2y7OjkatgOxo69BBILHDoFG+w9QwMJoaZ+4BIv+Ok1DK9mRIeSRqEU
fv9k/eEmiHDdEtdWw/rBa+7GEvkor+lK/Bk44bIh2I4AlcIHbu4D+l5Lq3mt2e5E
Ne3vfZy2yYlsvT9/u0slYJ94d8FysY/9SBeMP6gXTRy/b0j1ymZtfzSC64VDvNeF
Oc/VIdWcCQXC61+Qyo9a99uf23ZgPisjh5ca01rDCcTN/sikLWR6c/TUI2jl4pbN
uu7FkNXahcpNwEIudE/i5akPbNYPpWFqQtW1nSXr5k1x4O1HgW9MMZEy8wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIyV2kW2Vpw9B0ikwPV5QrztQ29gMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvakpYYVJiWlduRDBIU0tUQTlYbEN2TzFEYjJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCwelsAwQC
wel0MA0GCSqGSIb3DQEBCwUAA4IBAQBNCxGCz1w/iQXFYyjFP+Un5PwtgKArW0Y2
h168pP1bWlIr42TRn+rJeKH7lxMbqL0B6EpPMiGG06mpI02N0yO4mkijrXKJgOCf
RXWss1XCQbflo3uLs1pAOMMM3LfwMqEqT0n1QAMIWl/RcWj5WhZdkgkkFHjrEyFA
ookxvmfCl6QRAIbLQ1WrDuetILY2g9c98vDsw0dEwdQVc0KytkwrX+bwr+pcphFu
DfXBXf/SZuhtXm4ge14mUeW5gSZCxTtQ13Fe6JOR/cZZCXvAO8tZCWmp1iS9xvbt
qdu9WYWbD+9VvFXOYdR4RTdXkKeDJ9zXEub+7iLTKaP4b2bmFlo9
-----END CERTIFICATE-----