Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/B27NtzlM8cHH0CU9JsDTI5sbe7M.roa
File:                     B27NtzlM8cHH0CU9JsDTI5sbe7M.roa (raw, json)
Hash identifier:          wS9X1xFu6o21Za7wINFmQDLqiiEPNgQUATSZCjbsfvk=
Subject key identifier:   07:6E:CD:B7:39:4C:F1:C1:C7:D0:25:3D:26:C0:D3:23:9B:1B:7B:B3
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       019E630E876FB3132939C031F5BD34017442
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/B27NtzlM8cHH0CU9JsDTI5sbe7M.roa
Signing time:             Tue 26 May 2026 06:52:36 +0000
ROA not before:           Tue 26 May 2026 06:52:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39464
IP address blocks:        93.114.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 04:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:63:0e:87:6f:b3:13:29:39:c0:31:f5:bd:34:01:74:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: May 26 06:52:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=076ecdb7394cf1c1c7d0253d26c0d3239b1b7bb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:80:d3:12:76:88:41:19:08:54:7c:ba:a1:05:
                    15:ce:fc:64:90:d1:23:c2:0f:14:2c:fa:d6:ad:ce:
                    46:2e:6b:ea:47:73:3d:ef:0b:65:e2:2c:9b:a1:a4:
                    cb:71:46:ec:fd:8d:33:e8:06:f5:ec:5e:75:2a:22:
                    41:6a:f5:19:4c:50:0f:ed:c1:62:55:23:93:bb:7e:
                    ae:b4:b9:d0:c5:57:ff:64:d3:37:3b:4e:ad:39:d0:
                    ab:b0:4c:f1:9b:e5:10:29:22:dd:66:c4:5f:2a:ae:
                    f0:a6:0b:25:9d:03:6e:46:19:75:84:62:22:4c:52:
                    f6:d9:44:58:f6:42:d7:db:f5:10:e0:65:98:38:be:
                    af:7f:7c:89:2e:9c:8e:d3:fc:01:ec:43:ad:09:b7:
                    ca:82:86:df:d3:d5:7d:36:1c:52:7e:45:15:d3:1d:
                    36:4e:e5:1d:9b:f0:07:c8:59:b6:04:d7:05:1e:a1:
                    12:6a:b7:b9:95:b8:4f:27:e7:c7:02:6c:29:59:12:
                    9e:3f:ad:d3:a8:57:9f:dd:66:49:55:6e:ef:ff:d2:
                    13:11:12:e3:8d:3e:58:8a:6a:bd:1e:29:bb:1c:4f:
                    ce:01:7f:24:94:14:26:41:a0:03:ee:36:5c:62:fd:
                    73:84:84:d7:3e:d0:6f:fd:2f:3b:a3:b7:9a:5b:27:
                    17:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:6E:CD:B7:39:4C:F1:C1:C7:D0:25:3D:26:C0:D3:23:9B:1B:7B:B3
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/B27NtzlM8cHH0CU9JsDTI5sbe7M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.114.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:eb:e4:94:d0:b0:f5:2b:4f:78:4a:92:7a:fb:b4:23:5a:9e:
         7f:27:52:46:d7:f8:54:20:49:dd:c2:9b:15:02:70:46:4e:a8:
         86:94:af:6e:5e:59:04:65:d4:8d:7e:c2:02:ca:bb:a7:77:dd:
         98:29:ec:b2:02:9a:be:12:5b:fc:5c:32:56:7a:7f:97:3b:5f:
         ba:f2:ed:92:1a:6a:58:c5:78:d8:8c:e8:dc:ce:eb:77:12:e6:
         1a:e0:59:be:1a:7c:d1:b4:ac:45:9c:7d:5b:bf:c2:9b:18:fc:
         4e:8c:b4:0a:76:ff:5e:0b:f0:f0:30:e4:90:9b:67:fa:48:7d:
         1a:10:cb:ff:a3:a1:98:45:1d:87:1a:14:1e:20:c6:53:89:dd:
         18:59:bd:be:96:0a:d8:64:55:fa:04:fd:27:ee:f9:c3:e7:aa:
         aa:4a:e9:4c:ee:f0:8f:81:ca:b2:04:c3:8b:64:78:b9:07:bc:
         d7:84:52:68:b4:7b:51:72:9f:fa:41:9c:7c:c2:da:67:77:24:
         33:59:10:47:b8:0b:34:9a:79:fa:20:e4:90:5b:7f:c1:6d:5d:
         d3:18:0c:ba:fd:98:a1:58:1d:41:66:2a:84:fe:be:61:69:6d:
         70:35:34:61:76:37:45:7d:37:73:d8:40:15:53:a6:0a:51:a2:
         65:78:05:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5jDodvsxMpOcAx9b00AXRCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjYwNTI2MDY1MjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzZlY2RiNzM5NGNmMWMxYzdkMDI1M2QyNmMwZDMyMzliMWI3YmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoDTEnaIQRkIVHy6oQUVzvxkkNEj
wg8ULPrWrc5GLmvqR3M97wtl4iyboaTLcUbs/Y0z6Ab17F51KiJBavUZTFAP7cFi
VSOTu36utLnQxVf/ZNM3O06tOdCrsEzxm+UQKSLdZsRfKq7wpgslnQNuRhl1hGIi
TFL22URY9kLX2/UQ4GWYOL6vf3yJLpyO0/wB7EOtCbfKgobf09V9NhxSfkUV0x02
TuUdm/AHyFm2BNcFHqESare5lbhPJ+fHAmwpWRKeP63TqFef3WZJVW7v/9ITERLj
jT5Yimq9Him7HE/OAX8klBQmQaAD7jZcYv1zhITXPtBv/S87o7eaWycXhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAduzbc5TPHBx9AlPSbA0yObG3uzMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvQjI3TnR6bE04Y0hIMENVOUpzRFRJNXNiZTdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXXI3MA0G
CSqGSIb3DQEBCwUAA4IBAQBX6+SU0LD1K094SpJ6+7QjWp5/J1JG1/hUIEndwpsV
AnBGTqiGlK9uXlkEZdSNfsICyrund92YKeyyApq+Elv8XDJWen+XO1+68u2SGmpY
xXjYjOjczut3EuYa4Fm+GnzRtKxFnH1bv8KbGPxOjLQKdv9eC/DwMOSQm2f6SH0a
EMv/o6GYRR2HGhQeIMZTid0YWb2+lgrYZFX6BP0n7vnD56qqSulM7vCPgcqyBMOL
ZHi5B7zXhFJotHtRcp/6QZx8wtpndyQzWRBHuAs0mnn6IOSQW3/BbV3TGAy6/Zih
WB1BZiqE/r5haW1wNTRhdjdFfTdz2EAVU6YKUaJleAUm
-----END CERTIFICATE-----