Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/6y-secnE2lDQKI1GGrirpaJzUYs.roa
File:                     6y-secnE2lDQKI1GGrirpaJzUYs.roa (raw, json)
Hash identifier:          1ZBZRlQJYd1XGb21+sdUz77pf1q1nzuib9QtD1g4f7E=
Subject key identifier:   EB:2F:AC:79:C9:C4:DA:50:D0:28:8D:46:1A:B8:AB:A5:A2:73:51:8B
Certificate issuer:       /CN=c089423af1be03027196d1f81df22992978cda6e
Certificate serial:       019E40871B74FE7E86B8687C26444A513B4C
Authority key identifier: C0:89:42:3A:F1:BE:03:02:71:96:D1:F8:1D:F2:29:92:97:8C:DA:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wIlCOvG-AwJxltH4HfIpkpeM2m4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/6y-secnE2lDQKI1GGrirpaJzUYs.roa
Signing time:             Tue 19 May 2026 13:57:36 +0000
ROA not before:           Tue 19 May 2026 13:57:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210528
IP address blocks:        93.90.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/wIlCOvG-AwJxltH4HfIpkpeM2m4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/wIlCOvG-AwJxltH4HfIpkpeM2m4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wIlCOvG-AwJxltH4HfIpkpeM2m4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:40:87:1b:74:fe:7e:86:b8:68:7c:26:44:4a:51:3b:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c089423af1be03027196d1f81df22992978cda6e
        Validity
            Not Before: May 19 13:57:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=eb2fac79c9c4da50d0288d461ab8aba5a273518b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:57:34:26:21:95:2f:73:a7:90:aa:5f:68:be:
                    90:28:c1:3d:27:1d:1c:94:ff:aa:e1:37:52:92:6a:
                    e0:6e:12:54:56:a8:a7:eb:0c:c1:16:11:d6:4f:82:
                    b1:dc:96:09:00:c0:4e:82:ea:6f:fa:1c:c1:83:c5:
                    d0:24:7b:b2:d1:ad:b3:b4:13:bc:8f:fc:75:8c:b3:
                    03:96:da:f8:74:27:cd:2e:78:5f:5f:cf:8a:9d:0b:
                    06:c7:40:23:1f:4f:8b:59:c9:ba:21:3b:79:8e:cb:
                    41:92:18:8a:7d:f7:a6:7a:d7:c5:86:3e:82:2f:4f:
                    dc:cb:f4:33:b9:91:df:ec:a1:60:fb:a5:21:d6:a4:
                    75:fb:92:b7:6f:e1:f2:40:dc:94:4b:14:00:47:b9:
                    cd:62:f7:48:29:cf:a6:a5:62:7b:91:c2:56:02:72:
                    7b:9a:a3:55:7c:74:89:38:2a:ec:56:96:2d:c6:a2:
                    8e:5c:c1:34:2f:99:a4:32:e4:0f:00:74:78:af:74:
                    21:07:42:66:55:95:5d:6c:a3:aa:59:b2:94:96:81:
                    11:de:98:b1:a7:94:c0:7e:77:b2:a1:99:0c:4a:9c:
                    e3:6a:e8:c5:08:f0:db:de:f8:4d:9a:cc:69:e1:2a:
                    79:77:db:2c:4e:1e:38:7e:75:c1:52:46:42:a4:d3:
                    a3:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:2F:AC:79:C9:C4:DA:50:D0:28:8D:46:1A:B8:AB:A5:A2:73:51:8B
            X509v3 Authority Key Identifier:
                keyid:C0:89:42:3A:F1:BE:03:02:71:96:D1:F8:1D:F2:29:92:97:8C:DA:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wIlCOvG-AwJxltH4HfIpkpeM2m4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/6y-secnE2lDQKI1GGrirpaJzUYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/wIlCOvG-AwJxltH4HfIpkpeM2m4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.90.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c8:b5:2b:3b:bd:ea:59:9e:33:cc:d5:ac:60:32:d7:3e:dc:e8:
         e7:bf:af:64:dc:b4:12:d1:d7:4c:19:91:70:ac:ac:34:ed:6f:
         f4:08:68:ed:36:02:66:0b:b7:f6:0b:97:07:47:ba:91:73:22:
         ba:4f:cd:ef:e3:12:32:42:78:dd:0a:c9:ca:6f:b7:62:58:e3:
         86:70:45:8e:ca:1b:14:16:69:5c:dd:93:dd:2e:cd:60:99:9e:
         95:25:c7:5b:0b:a5:43:b4:01:18:ed:ec:f8:52:ea:d5:4d:f9:
         d4:a0:bc:86:3e:12:3b:81:85:9f:74:88:75:c4:54:e5:92:f1:
         d8:2c:f7:34:23:e8:aa:9e:25:00:a6:44:f5:06:28:8f:9f:70:
         86:d5:71:81:c6:fe:20:c9:da:80:30:9d:c5:d9:26:74:b7:57:
         a0:9f:04:4d:59:3c:37:9a:dd:b5:e6:b9:82:17:fb:ad:0b:8a:
         f2:3c:8a:64:f5:82:07:71:35:ae:b7:e5:0b:7a:bb:f0:1b:a1:
         81:87:db:03:aa:40:b2:44:03:29:76:35:21:da:5a:8b:09:5b:
         d9:96:79:44:b0:05:5b:5b:01:09:e4:d9:9f:f7:24:a1:66:83:
         81:20:16:19:d3:c6:2a:0f:e0:7d:c8:39:68:99:0f:34:e6:7f:
         f9:61:bc:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5Ahxt0/n6GuGh8JkRKUTtMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwODk0MjNhZjFiZTAzMDI3MTk2ZDFmODFkZjIyOTkyOTc4
Y2RhNmUwHhcNMjYwNTE5MTM1NzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjJmYWM3OWM5YzRkYTUwZDAyODhkNDYxYWI4YWJhNWEyNzM1MThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVc0JiGVL3OnkKpfaL6QKME9Jx0c
lP+q4TdSkmrgbhJUVqin6wzBFhHWT4Kx3JYJAMBOgupv+hzBg8XQJHuy0a2ztBO8
j/x1jLMDltr4dCfNLnhfX8+KnQsGx0AjH0+LWcm6ITt5jstBkhiKffemetfFhj6C
L0/cy/QzuZHf7KFg+6Uh1qR1+5K3b+HyQNyUSxQAR7nNYvdIKc+mpWJ7kcJWAnJ7
mqNVfHSJOCrsVpYtxqKOXME0L5mkMuQPAHR4r3QhB0JmVZVdbKOqWbKUloER3pix
p5TAfneyoZkMSpzjaujFCPDb3vhNmsxp4Sp5d9ssTh44fnXBUkZCpNOjwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOsvrHnJxNpQ0CiNRhq4q6Wic1GLMB8GA1UdIwQY
MBaAFMCJQjrxvgMCcZbR+B3yKZKXjNpuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0lsQ092Ry1Bd0p4bHRINEhmSXBrcGVNMm00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9kYzI5MTItYzdiMC00ZGY0LTlhYTgt
NjUzMzJiNDdmNWViLzEvNnktc2VjbkUybERRS0kxR0dyaXJwYUp6VVlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9kYzI5MTItYzdiMC00ZGY0LTlhYTgtNjUzMzJiNDdmNWVi
LzEvd0lsQ092Ry1Bd0p4bHRINEhmSXBrcGVNMm00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXVpJMA0G
CSqGSIb3DQEBCwUAA4IBAQDItSs7vepZnjPM1axgMtc+3Ojnv69k3LQS0ddMGZFw
rKw07W/0CGjtNgJmC7f2C5cHR7qRcyK6T83v4xIyQnjdCsnKb7diWOOGcEWOyhsU
Fmlc3ZPdLs1gmZ6VJcdbC6VDtAEY7ez4UurVTfnUoLyGPhI7gYWfdIh1xFTlkvHY
LPc0I+iqniUApkT1BiiPn3CG1XGBxv4gydqAMJ3F2SZ0t1egnwRNWTw3mt215rmC
F/utC4ryPIpk9YIHcTWut+ULervwG6GBh9sDqkCyRAMpdjUh2lqLCVvZlnlEsAVb
WwEJ5Nmf9yShZoOBIBYZ08YqD+B9yDlomQ805n/5Ybxp
-----END CERTIFICATE-----