Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/813cbc-4fa4-4646-a8db-1d28a60e0e30/1/q3xB1TlmhDj055zlvy4aiXlZXlk.roa
File:                     q3xB1TlmhDj055zlvy4aiXlZXlk.roa (raw, json)
Hash identifier:          3L2aJ4MWJ0YKmWL4+Damuuwr/sJjzRrBG+ZnvYerwp4=
Subject key identifier:   AB:7C:41:D5:39:66:84:38:F4:E7:9C:E5:BF:2E:1A:89:79:59:5E:59
Certificate issuer:       /CN=07d44a52778aa65f736e72436003f6654f268318
Certificate serial:       019EF4D8E4C7169348ADEFC897CA36DA5DAF
Authority key identifier: 07:D4:4A:52:77:8A:A6:5F:73:6E:72:43:60:03:F6:65:4F:26:83:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B9RKUneKpl9zbnJDYAP2ZU8mgxg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/813cbc-4fa4-4646-a8db-1d28a60e0e30/1/q3xB1TlmhDj055zlvy4aiXlZXlk.roa
Signing time:             Tue 23 Jun 2026 14:18:35 +0000
ROA not before:           Tue 23 Jun 2026 14:18:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1853
IP address blocks:        193.6.218.0/24 maxlen: 24
                          193.225.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/813cbc-4fa4-4646-a8db-1d28a60e0e30/1/B9RKUneKpl9zbnJDYAP2ZU8mgxg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/813cbc-4fa4-4646-a8db-1d28a60e0e30/1/B9RKUneKpl9zbnJDYAP2ZU8mgxg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B9RKUneKpl9zbnJDYAP2ZU8mgxg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 21:41:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:f4:d8:e4:c7:16:93:48:ad:ef:c8:97:ca:36:da:5d:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07d44a52778aa65f736e72436003f6654f268318
        Validity
            Not Before: Jun 23 14:18:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ab7c41d539668438f4e79ce5bf2e1a8979595e59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:07:b8:69:61:bd:e4:7e:48:3b:be:55:d4:a3:
                    e2:74:ff:00:02:12:af:c0:cb:e2:be:28:04:62:82:
                    05:d1:05:58:7c:7b:d0:92:85:e3:dd:f2:e8:8f:a0:
                    37:75:65:c0:f5:06:49:28:55:9e:2c:9e:9e:b4:a8:
                    71:86:a6:ac:e8:62:7b:d8:b9:81:dd:95:8a:1a:ba:
                    52:34:3c:20:6d:8f:88:3b:a3:29:a2:fb:89:73:08:
                    80:aa:7e:ce:c4:fa:a6:fd:83:61:6c:f8:d5:9a:88:
                    ab:15:35:66:49:52:0c:20:cc:76:12:8a:33:cd:ee:
                    72:c4:a7:c6:c9:ba:e1:76:92:c6:f1:90:a3:e5:47:
                    82:30:98:a2:69:f7:8c:b6:24:2e:7f:19:1d:00:25:
                    37:d9:c3:e6:6e:65:4c:14:9b:d0:58:f8:31:4e:f0:
                    e8:86:73:41:ef:11:81:62:ef:03:ce:10:13:34:65:
                    bd:a4:48:3d:38:bf:c9:ea:e2:55:bf:86:cf:3e:32:
                    84:27:6f:af:b7:8f:94:48:a6:99:3c:b6:23:31:d5:
                    32:c2:6b:81:88:62:e1:1b:0e:4c:67:d6:f6:bd:2a:
                    12:22:2a:5c:85:d1:9a:c2:4c:e1:ce:13:78:84:0c:
                    e6:3e:7a:f0:2f:77:6e:12:07:a6:4c:89:d8:62:ca:
                    49:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:7C:41:D5:39:66:84:38:F4:E7:9C:E5:BF:2E:1A:89:79:59:5E:59
            X509v3 Authority Key Identifier:
                keyid:07:D4:4A:52:77:8A:A6:5F:73:6E:72:43:60:03:F6:65:4F:26:83:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B9RKUneKpl9zbnJDYAP2ZU8mgxg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/813cbc-4fa4-4646-a8db-1d28a60e0e30/1/q3xB1TlmhDj055zlvy4aiXlZXlk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/813cbc-4fa4-4646-a8db-1d28a60e0e30/1/B9RKUneKpl9zbnJDYAP2ZU8mgxg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.6.218.0/24
                  193.225.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:86:af:55:75:d5:03:25:c1:27:a1:74:a2:2c:6d:7b:b5:be:
         f9:91:47:7b:17:06:e7:23:73:cf:48:88:3b:4a:08:c2:e8:cb:
         54:77:c2:01:dd:4e:89:4b:4b:85:0b:72:a3:70:6b:78:cd:f0:
         60:1c:91:80:78:06:81:2d:d1:f8:1c:83:fe:c9:48:80:15:41:
         01:10:41:d3:57:bf:b1:83:7e:79:80:f8:93:3b:94:1f:24:11:
         aa:bb:26:46:45:15:67:58:0e:72:ad:38:77:22:54:34:d4:03:
         0a:7d:a2:c2:30:1b:77:74:30:7f:e1:28:89:6f:f1:7e:80:44:
         38:67:ae:45:ad:c9:1f:e8:f3:ca:4d:ce:f9:1a:5c:0a:36:92:
         7c:1d:ad:2f:18:a9:8c:e7:c4:59:ad:bd:0e:61:2e:66:ec:82:
         a7:22:24:94:0f:92:c9:4f:6d:f3:19:65:f4:3e:06:e5:b1:67:
         65:a2:4f:5a:ec:de:6e:e0:ed:3c:95:0d:8a:48:6d:a6:88:10:
         ef:f4:21:c6:d5:64:a1:f4:0a:fe:3f:22:dc:a0:7b:76:65:ef:
         d3:49:37:6a:47:d6:1c:d1:2b:ff:e8:eb:55:91:51:1a:e8:2f:
         a8:ed:99:8f:ed:ba:66:c5:2a:b8:b6:e2:43:dc:0b:2a:bd:de:
         3b:1f:71:e0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ702OTHFpNIre/Il8o22l2vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZDQ0YTUyNzc4YWE2NWY3MzZlNzI0MzYwMDNmNjY1NGYy
NjgzMTgwHhcNMjYwNjIzMTQxODM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjdjNDFkNTM5NjY4NDM4ZjRlNzljZTViZjJlMWE4OTc5NTk1ZTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApge4aWG95H5IO75V1KPidP8AAhKv
wMvivigEYoIF0QVYfHvQkoXj3fLoj6A3dWXA9QZJKFWeLJ6etKhxhqas6GJ72LmB
3ZWKGrpSNDwgbY+IO6MpovuJcwiAqn7OxPqm/YNhbPjVmoirFTVmSVIMIMx2Eooz
ze5yxKfGybrhdpLG8ZCj5UeCMJiiafeMtiQufxkdACU32cPmbmVMFJvQWPgxTvDo
hnNB7xGBYu8DzhATNGW9pEg9OL/J6uJVv4bPPjKEJ2+vt4+USKaZPLYjMdUywmuB
iGLhGw5MZ9b2vSoSIipchdGawkzhzhN4hAzmPnrwL3duEgemTInYYspJ4QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKt8QdU5ZoQ49Oec5b8uGol5WV5ZMB8GA1UdIwQY
MBaAFAfUSlJ3iqZfc25yQ2AD9mVPJoMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjlSS1VuZUtwbDl6Ym5KRFlBUDJaVThtZ3hnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS84MTNjYmMtNGZhNC00NjQ2LWE4ZGIt
MWQyOGE2MGUwZTMwLzEvcTN4QjFUbG1oRGowNTV6bHZ5NGFpWGxaWGxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS84MTNjYmMtNGZhNC00NjQ2LWE4ZGItMWQyOGE2MGUwZTMw
LzEvQjlSS1VuZUtwbDl6Ym5KRFlBUDJaVThtZ3hnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwQbaAwQA
weHIMA0GCSqGSIb3DQEBCwUAA4IBAQCYhq9VddUDJcEnoXSiLG17tb75kUd7Fwbn
I3PPSIg7SgjC6MtUd8IB3U6JS0uFC3KjcGt4zfBgHJGAeAaBLdH4HIP+yUiAFUEB
EEHTV7+xg355gPiTO5QfJBGquyZGRRVnWA5yrTh3IlQ01AMKfaLCMBt3dDB/4SiJ
b/F+gEQ4Z65Frckf6PPKTc75GlwKNpJ8Ha0vGKmM58RZrb0OYS5m7IKnIiSUD5LJ
T23zGWX0PgblsWdlok9a7N5u4O08lQ2KSG2miBDv9CHG1WSh9Ar+PyLcoHt2Ze/T
STdqR9Yc0Sv/6OtVkVEa6C+o7ZmP7bpmxSq4tuJD3Asqvd47H3Hg
-----END CERTIFICATE-----