Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/_p0GP4Ak_eiq2gDURJGoVreg4GA.roa
File:                     _p0GP4Ak_eiq2gDURJGoVreg4GA.roa (raw, json)
Hash identifier:          7BSkuFVO6qSDnGpPDOaZB49xSVCYuU2VlR7/RhFYrrA=
Subject key identifier:   FE:9D:06:3F:80:24:FD:E8:AA:DA:00:D4:44:91:A8:56:B7:A0:E0:60
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       019E686CBD0ABBE4F39254782E8D4065F46B
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/_p0GP4Ak_eiq2gDURJGoVreg4GA.roa
Signing time:             Wed 27 May 2026 07:53:37 +0000
ROA not before:           Wed 27 May 2026 07:53:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216472
IP address blocks:        193.93.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:08:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:68:6c:bd:0a:bb:e4:f3:92:54:78:2e:8d:40:65:f4:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: May 27 07:53:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fe9d063f8024fde8aada00d44491a856b7a0e060
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:3c:9c:5f:07:d0:63:f4:c2:9c:9c:58:ad:88:
                    a2:9a:1e:bc:5b:1b:1b:f1:e6:96:61:e4:9d:f7:1c:
                    36:4d:b7:fb:ed:d0:4c:48:c2:d3:56:92:43:2a:ce:
                    cd:c4:0d:af:f4:23:7e:91:87:b1:4a:b7:54:f2:69:
                    11:bb:89:ba:7b:54:9f:1f:8c:34:55:1d:23:ec:66:
                    f5:18:68:97:fd:16:04:eb:0c:85:5c:e3:b2:aa:40:
                    f7:86:de:7d:78:42:db:ae:43:16:dd:b0:b0:3e:d2:
                    c4:0e:c2:e1:91:9b:bd:cd:d1:69:f3:cf:f9:3c:86:
                    c1:e0:dc:fa:5a:2f:3c:9f:d8:c6:80:72:a0:c5:6d:
                    16:25:34:b5:62:67:f7:35:3f:fa:c0:c3:32:aa:80:
                    3c:3f:f3:a0:ca:b7:0a:2c:3e:55:38:45:15:42:e7:
                    22:c8:ca:02:b0:a7:6a:3c:4a:4c:95:1a:65:b2:12:
                    71:7d:24:0b:cb:84:85:76:a1:15:b4:fe:28:97:be:
                    15:43:b6:83:00:c8:54:92:8a:4a:dd:48:2e:46:ac:
                    ad:a2:88:6a:65:32:d9:21:0a:2a:6a:cc:b0:60:f8:
                    a4:65:a9:78:7e:08:9d:44:fc:a8:91:81:69:ac:c9:
                    63:10:e8:37:e6:cb:51:67:8e:e5:bc:21:e3:83:93:
                    cb:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:9D:06:3F:80:24:FD:E8:AA:DA:00:D4:44:91:A8:56:B7:A0:E0:60
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/_p0GP4Ak_eiq2gDURJGoVreg4GA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.93.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:e8:e2:11:c7:e9:e4:4c:47:3e:1a:69:50:8c:16:46:30:b9:
         0a:23:94:af:54:cf:5f:76:dc:3c:b0:1c:a6:a8:db:b2:d3:b6:
         88:df:0c:dc:c8:d4:38:51:ba:8d:40:a1:fa:e3:c6:3a:c1:b6:
         1d:c9:47:8e:36:bb:9d:bd:3d:39:ba:0a:f6:75:1f:c2:a3:b6:
         a1:dd:7d:5e:b4:01:92:9e:21:9f:a0:8e:1e:75:ee:85:3a:cb:
         51:14:bb:4c:1d:43:6a:13:a5:d1:28:bb:af:2f:17:93:10:be:
         16:96:84:37:fe:2e:53:f0:7b:b1:6c:ee:39:7f:5b:25:e9:96:
         d1:39:4e:da:27:7b:f5:47:42:79:e3:92:98:d3:32:9a:d4:95:
         ab:65:b8:b7:12:e7:23:03:73:be:fe:36:ae:b6:ef:ad:ae:78:
         9f:9a:bc:80:4e:77:f0:af:6f:d0:c1:00:e4:d0:12:fe:1e:5b:
         8d:2a:12:77:67:05:15:ac:4d:e8:f1:de:be:0a:3e:f6:54:83:
         e8:99:56:b7:a3:fa:73:fd:74:b7:7f:f3:56:2c:4e:92:af:88:
         69:f0:d5:b0:57:d1:b2:12:b6:de:da:b2:38:9e:92:9c:de:52:
         03:e3:41:1f:f5:46:4e:cf:7a:35:3b:35:38:74:3e:dc:93:42:
         05:e3:62:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5obL0Ku+TzklR4Lo1AZfRrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjYwNTI3MDc1MzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTlkMDYzZjgwMjRmZGU4YWFkYTAwZDQ0NDkxYTg1NmI3YTBlMDYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDycXwfQY/TCnJxYrYiimh68Wxsb
8eaWYeSd9xw2Tbf77dBMSMLTVpJDKs7NxA2v9CN+kYexSrdU8mkRu4m6e1SfH4w0
VR0j7Gb1GGiX/RYE6wyFXOOyqkD3ht59eELbrkMW3bCwPtLEDsLhkZu9zdFp88/5
PIbB4Nz6Wi88n9jGgHKgxW0WJTS1Ymf3NT/6wMMyqoA8P/OgyrcKLD5VOEUVQuci
yMoCsKdqPEpMlRplshJxfSQLy4SFdqEVtP4ol74VQ7aDAMhUkopK3UguRqytoohq
ZTLZIQoqasywYPikZal4fgidRPyokYFprMljEOg35stRZ47lvCHjg5PLewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP6dBj+AJP3oqtoA1ESRqFa3oOBgMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvX3AwR1A0QWtfZWlxMmdEVVJKR29WcmVnNEdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwV02MA0G
CSqGSIb3DQEBCwUAA4IBAQAo6OIRx+nkTEc+GmlQjBZGMLkKI5SvVM9fdtw8sBym
qNuy07aI3wzcyNQ4UbqNQKH648Y6wbYdyUeONrudvT05ugr2dR/Co7ah3X1etAGS
niGfoI4ede6FOstRFLtMHUNqE6XRKLuvLxeTEL4WloQ3/i5T8HuxbO45f1sl6ZbR
OU7aJ3v1R0J545KY0zKa1JWrZbi3EucjA3O+/jautu+trnifmryATnfwr2/QwQDk
0BL+HluNKhJ3ZwUVrE3o8d6+Cj72VIPomVa3o/pz/XS3f/NWLE6Sr4hp8NWwV9Gy
Erbe2rI4npKc3lID40Ef9UZOz3o1OzU4dD7ck0IF42LO
-----END CERTIFICATE-----