Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/403ec3-c02e-4463-ad40-2a91c2cd2079/1/VHNvk1pFhm2Mv_jid3eMW8ccVIQ.roa
File:                     VHNvk1pFhm2Mv_jid3eMW8ccVIQ.roa (raw, json)
Hash identifier:          3Q72fFJWqHecJIDYOJyGhpclhNZ8eqSuAMkTIjrp1cA=
Subject key identifier:   54:73:6F:93:5A:45:86:6D:8C:BF:F8:E2:77:77:8C:5B:C7:1C:54:84
Certificate issuer:       /CN=82bc633e284664a4ca51ad5976c7faf2c6246b4b
Certificate serial:       019EA6760E9FBC3352F0485EF5593E3B6997
Authority key identifier: 82:BC:63:3E:28:46:64:A4:CA:51:AD:59:76:C7:FA:F2:C6:24:6B:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/grxjPihGZKTKUa1Zdsf68sYka0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/403ec3-c02e-4463-ad40-2a91c2cd2079/1/VHNvk1pFhm2Mv_jid3eMW8ccVIQ.roa
Signing time:             Mon 08 Jun 2026 09:00:15 +0000
ROA not before:           Mon 08 Jun 2026 09:00:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44400
IP address blocks:        193.19.144.0/24 maxlen: 24
                          193.19.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/403ec3-c02e-4463-ad40-2a91c2cd2079/1/grxjPihGZKTKUa1Zdsf68sYka0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/403ec3-c02e-4463-ad40-2a91c2cd2079/1/grxjPihGZKTKUa1Zdsf68sYka0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/grxjPihGZKTKUa1Zdsf68sYka0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 22:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a6:76:0e:9f:bc:33:52:f0:48:5e:f5:59:3e:3b:69:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=82bc633e284664a4ca51ad5976c7faf2c6246b4b
        Validity
            Not Before: Jun  8 09:00:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=54736f935a45866d8cbff8e277778c5bc71c5484
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:5f:65:d4:4e:2f:54:aa:14:f7:1c:42:e7:0b:
                    fe:55:b2:a0:4d:f4:2d:28:e0:54:a7:6a:31:07:3d:
                    af:e7:48:c2:66:77:4c:8a:91:d7:60:19:f4:7d:6f:
                    14:d6:c4:a9:12:c5:b5:d2:6e:d8:c3:69:93:11:ac:
                    cb:c3:eb:43:cf:6f:c7:d9:48:82:b7:d6:94:1a:d9:
                    28:92:7b:ac:09:f8:40:ca:f8:f2:93:8a:ec:32:7b:
                    69:12:df:a8:aa:d4:4e:85:6e:9d:86:85:4d:1a:e0:
                    8f:f3:16:97:f8:a6:30:86:9b:3b:f3:bf:45:58:36:
                    b4:c0:20:f8:7b:3b:2f:5d:7d:34:5d:2b:0c:34:63:
                    42:6d:d9:a9:97:3f:f3:be:b4:7a:e1:74:e0:ed:1c:
                    85:44:1c:1b:36:94:e5:d7:bb:88:96:e2:d6:0b:c3:
                    a3:72:5a:27:72:ed:7a:b4:fb:86:b8:f2:3b:77:42:
                    46:d1:bd:7b:76:a6:48:ef:f0:44:ec:2a:46:0e:ac:
                    ed:85:fd:22:57:78:eb:98:ed:12:cf:1b:04:27:5a:
                    47:d1:59:07:d7:15:88:b1:86:bb:b9:a5:d5:67:67:
                    e6:ae:51:7f:f3:b0:b5:69:b2:23:82:6c:2c:e6:64:
                    21:9f:fc:02:38:de:d2:7a:bf:ab:8f:27:fe:74:73:
                    29:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:73:6F:93:5A:45:86:6D:8C:BF:F8:E2:77:77:8C:5B:C7:1C:54:84
            X509v3 Authority Key Identifier:
                keyid:82:BC:63:3E:28:46:64:A4:CA:51:AD:59:76:C7:FA:F2:C6:24:6B:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/grxjPihGZKTKUa1Zdsf68sYka0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/403ec3-c02e-4463-ad40-2a91c2cd2079/1/VHNvk1pFhm2Mv_jid3eMW8ccVIQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/403ec3-c02e-4463-ad40-2a91c2cd2079/1/grxjPihGZKTKUa1Zdsf68sYka0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.19.144.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0d:e5:e8:fe:9e:45:65:fe:26:72:16:59:96:4d:99:ae:6a:b4:
         57:73:49:ab:ce:f4:4d:71:7e:87:c5:5a:7b:4c:d2:6c:59:56:
         e8:de:e5:f1:c0:ad:f9:76:ba:f4:5b:db:26:6a:1e:11:1d:fc:
         25:07:ed:af:ca:2e:44:f7:0d:c4:ae:e6:90:6b:bd:6c:74:82:
         c5:33:78:3c:7a:c0:8f:af:55:e4:e2:f2:05:4c:85:96:78:7d:
         22:68:f2:15:c6:e4:f1:8c:69:fd:82:bf:62:d8:0f:7a:7d:f2:
         c3:d3:68:96:35:4c:df:dc:df:da:d3:c0:7d:90:cb:b4:89:0d:
         ec:71:13:1e:83:d8:3b:fe:e4:57:61:e7:9a:00:11:f0:d1:c0:
         f1:50:8e:64:9c:2f:fc:0b:13:f4:5a:40:60:9e:28:12:3b:4f:
         80:fe:a2:49:f5:aa:d5:f8:fd:b5:b3:a9:d5:6b:0a:57:91:82:
         59:06:4a:19:7c:f1:c6:f6:29:0d:b5:38:e3:60:dc:89:3a:57:
         e8:b9:d5:b4:fb:4a:75:a2:eb:28:19:61:51:8f:da:65:6b:63:
         7f:3a:b3:71:bb:6a:de:34:b7:a4:2d:4a:65:51:ed:fd:52:f8:
         c8:82:1a:76:5d:e7:8a:37:bc:12:83:38:c0:94:4a:d9:58:2b:
         f0:d1:0f:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6mdg6fvDNS8Ehe9Vk+O2mXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyYmM2MzNlMjg0NjY0YTRjYTUxYWQ1OTc2YzdmYWYyYzYy
NDZiNGIwHhcNMjYwNjA4MDkwMDE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDczNmY5MzVhNDU4NjZkOGNiZmY4ZTI3Nzc3OGM1YmM3MWM1NDg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1V9l1E4vVKoU9xxC5wv+VbKgTfQt
KOBUp2oxBz2v50jCZndMipHXYBn0fW8U1sSpEsW10m7Yw2mTEazLw+tDz2/H2UiC
t9aUGtkoknusCfhAyvjyk4rsMntpEt+oqtROhW6dhoVNGuCP8xaX+KYwhps7879F
WDa0wCD4ezsvXX00XSsMNGNCbdmplz/zvrR64XTg7RyFRBwbNpTl17uIluLWC8Oj
cloncu16tPuGuPI7d0JG0b17dqZI7/BE7CpGDqzthf0iV3jrmO0SzxsEJ1pH0VkH
1xWIsYa7uaXVZ2fmrlF/87C1abIjgmws5mQhn/wCON7Ser+rjyf+dHMpaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFRzb5NaRYZtjL/44nd3jFvHHFSEMB8GA1UdIwQY
MBaAFIK8Yz4oRmSkylGtWXbH+vLGJGtLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3J4alBpaEdaS1RLVWExWmRzZjY4c1lrYTBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi80MDNlYzMtYzAyZS00NDYzLWFkNDAt
MmE5MWMyY2QyMDc5LzEvVkhOdmsxcEZobTJNdl9qaWQzZU1XOGNjVklRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi80MDNlYzMtYzAyZS00NDYzLWFkNDAtMmE5MWMyY2QyMDc5
LzEvZ3J4alBpaEdaS1RLVWExWmRzZjY4c1lrYTBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwROQMA0G
CSqGSIb3DQEBCwUAA4IBAQAN5ej+nkVl/iZyFlmWTZmuarRXc0mrzvRNcX6HxVp7
TNJsWVbo3uXxwK35drr0W9smah4RHfwlB+2vyi5E9w3EruaQa71sdILFM3g8esCP
r1Xk4vIFTIWWeH0iaPIVxuTxjGn9gr9i2A96ffLD02iWNUzf3N/a08B9kMu0iQ3s
cRMeg9g7/uRXYeeaABHw0cDxUI5knC/8CxP0WkBgnigSO0+A/qJJ9arV+P21s6nV
awpXkYJZBkoZfPHG9ikNtTjjYNyJOlfoudW0+0p1ousoGWFRj9pla2N/OrNxu2re
NLekLUplUe39UvjIghp2XeeKN7wSgzjAlErZWCvw0Q86
-----END CERTIFICATE-----