Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/o0AzceYJjd60Ry3b020ux2ojQ3A.roa
File:                     o0AzceYJjd60Ry3b020ux2ojQ3A.roa (raw, json)
Hash identifier:          NgF8fmdZo53OSxGuZbWNUOhUP3+jy/8L4YpjR+m8LNc=
Subject key identifier:   A3:40:33:71:E6:09:8D:DE:B4:47:2D:DB:D3:6D:2E:C7:6A:23:43:70
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019E835C56935E59E5AEC497F67E7BC090CE
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/o0AzceYJjd60Ry3b020ux2ojQ3A.roa
Signing time:             Mon 01 Jun 2026 13:25:27 +0000
ROA not before:           Mon 01 Jun 2026 13:25:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206152
IP address blocks:        193.233.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 07:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:83:5c:56:93:5e:59:e5:ae:c4:97:f6:7e:7b:c0:90:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jun  1 13:25:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a3403371e6098ddeb4472ddbd36d2ec76a234370
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:6f:f3:32:a4:84:c9:3d:f2:75:59:87:77:ba:
                    2e:83:5b:9f:2f:82:7f:1d:a4:aa:fb:a5:bf:2f:aa:
                    ca:36:ef:92:2f:3d:0a:b5:32:43:a8:04:87:4a:20:
                    c8:0d:8c:2f:19:74:0b:f5:b9:2b:8c:08:6c:37:4a:
                    16:aa:20:20:26:cc:8c:c9:4b:d9:13:cf:57:20:77:
                    2c:e5:b2:fc:19:3d:a9:2f:50:bd:b9:43:19:65:bc:
                    19:fd:16:70:82:9d:47:f7:01:74:5c:52:a7:00:09:
                    13:df:af:b2:b3:7b:1a:8d:97:1c:75:17:4a:36:7f:
                    21:8d:da:82:ce:f6:fa:d8:7f:7e:cc:9b:32:a7:c5:
                    e3:70:22:0e:d8:95:e7:97:e0:a1:18:9c:b4:8d:6a:
                    81:e5:ac:9f:41:88:63:50:66:a6:95:a8:ae:74:49:
                    d0:62:57:8c:69:53:91:26:10:85:57:f1:6f:0e:ec:
                    98:d4:b0:34:61:33:14:f8:cd:70:e7:6d:c6:23:2c:
                    d0:7a:36:c0:d1:16:e9:8d:2e:70:d7:bc:c3:23:b3:
                    af:87:45:48:1e:f9:7d:19:b5:fe:b2:25:12:1d:93:
                    e5:15:43:33:47:c2:c5:74:56:6a:87:58:cc:8d:56:
                    1e:44:41:b3:8b:19:a9:26:40:6f:11:65:b1:59:f5:
                    8a:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:40:33:71:E6:09:8D:DE:B4:47:2D:DB:D3:6D:2E:C7:6A:23:43:70
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/o0AzceYJjd60Ry3b020ux2ojQ3A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:1a:94:0c:69:e7:63:03:b5:1d:bb:6e:c0:42:62:64:5b:61:
         4d:76:c5:63:55:9e:62:e2:49:dd:46:fd:74:54:e4:9a:88:e8:
         6a:a5:04:79:df:69:5b:87:1f:1b:e3:81:91:65:e5:13:4a:87:
         6f:7b:67:35:2b:b3:04:47:bd:7f:fb:3d:5a:cb:f5:1c:30:b8:
         3f:54:c2:7f:b6:8b:e8:2c:28:95:0e:a9:d8:24:c1:be:9e:f4:
         27:93:66:9d:4e:32:42:e6:29:f2:b6:a3:32:05:e6:2d:97:13:
         25:5c:d5:22:73:bb:b6:4f:93:7c:2c:38:d0:56:60:dc:f9:77:
         a0:9f:ce:fe:7e:75:bf:a4:c3:d3:c0:bd:93:d6:90:33:d3:0a:
         7b:0b:81:9a:59:11:d5:8f:02:e9:e6:cc:28:5a:1f:49:36:ea:
         2e:e2:a8:28:3b:a9:4f:8c:5e:a4:c5:7b:1f:87:88:6b:74:ae:
         69:9e:bc:77:a5:4e:34:06:d4:4b:2e:93:6b:1e:b2:69:19:5f:
         31:35:33:5d:86:49:bf:6d:c5:65:57:13:f5:11:a5:bb:ae:f2:
         78:be:7d:fe:bc:96:5c:c3:0b:94:b9:d0:11:56:ee:86:8c:c8:
         f6:e8:1f:6a:ef:f0:76:f4:16:66:b1:64:94:70:d9:ca:ad:fa:
         b2:f0:c9:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6DXFaTXlnlrsSX9n57wJDOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjYwNjAxMTMyNTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzQwMzM3MWU2MDk4ZGRlYjQ0NzJkZGJkMzZkMmVjNzZhMjM0MzcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz2/zMqSEyT3ydVmHd7oug1ufL4J/
HaSq+6W/L6rKNu+SLz0KtTJDqASHSiDIDYwvGXQL9bkrjAhsN0oWqiAgJsyMyUvZ
E89XIHcs5bL8GT2pL1C9uUMZZbwZ/RZwgp1H9wF0XFKnAAkT36+ys3sajZccdRdK
Nn8hjdqCzvb62H9+zJsyp8XjcCIO2JXnl+ChGJy0jWqB5ayfQYhjUGamlaiudEnQ
YleMaVORJhCFV/FvDuyY1LA0YTMU+M1w523GIyzQejbA0RbpjS5w17zDI7Ovh0VI
Hvl9GbX+siUSHZPlFUMzR8LFdFZqh1jMjVYeREGzixmpJkBvEWWxWfWKeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKNAM3HmCY3etEct29NtLsdqI0NwMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvbzBBemNlWUpqZDYwUnkzYjAyMHV4Mm9qUTNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwemjMA0G
CSqGSIb3DQEBCwUAA4IBAQA4GpQMaedjA7Udu27AQmJkW2FNdsVjVZ5i4kndRv10
VOSaiOhqpQR532lbhx8b44GRZeUTSodve2c1K7MER71/+z1ay/UcMLg/VMJ/tovo
LCiVDqnYJMG+nvQnk2adTjJC5inytqMyBeYtlxMlXNUic7u2T5N8LDjQVmDc+Xeg
n87+fnW/pMPTwL2T1pAz0wp7C4GaWRHVjwLp5swoWh9JNuou4qgoO6lPjF6kxXsf
h4hrdK5pnrx3pU40BtRLLpNrHrJpGV8xNTNdhkm/bcVlVxP1EaW7rvJ4vn3+vJZc
wwuUudARVu6GjMj26B9q7/B29BZmsWSUcNnKrfqy8MkS
-----END CERTIFICATE-----