Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/_8jJ5eeT5Lw0ciFe9vuDWXARwcg.roa
File:                     _8jJ5eeT5Lw0ciFe9vuDWXARwcg.roa (raw, json)
Hash identifier:          drdCxGQKJdt5UwUM+h/hU95DtuxDtJ06uRkr1/J5AZU=
Subject key identifier:   FF:C8:C9:E5:E7:93:E4:BC:34:72:21:5E:F6:FB:83:59:70:11:C1:C8
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       019C1DECE925A1D2EFBA311C909C7D3CF1C7
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/_8jJ5eeT5Lw0ciFe9vuDWXARwcg.roa
Signing time:             Mon 02 Feb 2026 10:36:31 +0000
ROA not before:           Mon 02 Feb 2026 10:36:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        93.191.170.0/24 maxlen: 24
                          93.191.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Feb 2026 00:56:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:1d:ec:e9:25:a1:d2:ef:ba:31:1c:90:9c:7d:3c:f1:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Feb  2 10:36:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ffc8c9e5e793e4bc3472215ef6fb83597011c1c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:76:0a:cc:62:b3:b5:d8:77:0f:98:96:a6:72:
                    7c:c8:2b:f4:d9:95:66:b7:bb:76:48:16:c0:7d:a3:
                    37:7c:46:9e:cf:5a:f8:63:6d:32:5b:73:32:0b:e8:
                    a5:17:a9:56:64:25:cd:a5:dd:50:6c:e5:71:35:b9:
                    63:68:c2:5a:e8:de:38:bb:0f:45:3f:4a:36:db:97:
                    6f:73:c0:8a:67:44:05:07:20:6c:5a:4a:ab:c5:ae:
                    3b:16:ab:e6:09:6a:be:aa:b3:18:87:ab:56:15:d6:
                    7b:0c:10:f7:d4:a9:a1:f5:81:99:cc:3c:74:3b:8a:
                    a4:e0:50:0b:1e:ca:41:b9:48:1d:2f:31:b9:fb:c5:
                    db:07:b1:45:a5:fc:61:58:d5:64:5e:42:5d:d1:e7:
                    13:c2:94:05:2d:eb:26:30:2d:3e:18:16:c8:13:ad:
                    f3:4e:e1:72:0c:92:93:10:db:87:1f:e2:b7:af:58:
                    c3:16:2b:9b:5f:43:cb:06:0e:be:ab:0d:7e:dc:ed:
                    31:71:e7:48:38:0f:6c:34:10:23:4a:1c:79:b7:97:
                    a1:fd:09:e5:78:61:d6:67:52:73:9e:30:60:2a:80:
                    d8:2f:cc:9f:f7:c5:1d:92:9d:be:10:8f:2c:16:79:
                    b7:00:8e:1c:8a:d1:2f:5e:37:a8:f7:70:8d:37:4b:
                    b8:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:C8:C9:E5:E7:93:E4:BC:34:72:21:5E:F6:FB:83:59:70:11:C1:C8
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/_8jJ5eeT5Lw0ciFe9vuDWXARwcg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.191.170.0/24
                  93.191.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:23:a4:60:77:ac:4f:d4:c5:fb:7c:53:ca:f2:6e:d7:0c:5c:
         6f:96:38:53:35:23:96:71:24:ad:5a:52:09:99:55:aa:d3:0c:
         bd:d2:f0:31:20:ca:82:ce:ed:4f:2e:60:97:e0:11:19:d1:ab:
         14:f5:02:8b:49:37:6d:4f:dc:47:be:37:0d:9d:6c:a3:72:92:
         4a:86:0a:35:3f:ce:58:bc:95:ae:f1:5f:56:66:45:5d:38:53:
         5c:ef:93:c3:68:1a:68:ae:ce:9b:cc:b2:75:98:51:69:14:87:
         1f:72:73:c8:11:1c:df:86:22:50:56:bc:ca:b6:10:92:4a:40:
         ad:43:39:a3:29:05:17:bf:9b:fe:5c:a5:fc:48:55:60:de:bd:
         e5:51:fb:d8:fd:c7:04:a8:a9:37:57:18:32:97:4c:91:17:fc:
         14:15:3e:36:f4:ae:5d:92:aa:65:19:2c:68:cf:06:53:6b:43:
         93:36:72:9b:2b:fe:26:e8:73:41:25:a3:ec:31:fe:04:64:53:
         dd:a4:c6:7a:8d:b4:14:46:f2:60:76:b9:a8:97:03:1f:47:f9:
         94:10:8b:39:7d:de:d2:96:76:b7:cc:ef:a0:63:38:f7:d2:dc:
         f9:8b:4a:6a:db:02:34:02:1f:22:1a:21:64:15:7d:ea:ef:1c:
         63:88:59:b4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZwd7OklodLvujEckJx9PPHHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjYwMjAyMTAzNjMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmM4YzllNWU3OTNlNGJjMzQ3MjIxNWVmNmZiODM1OTcwMTFjMWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv3YKzGKztdh3D5iWpnJ8yCv02ZVm
t7t2SBbAfaM3fEaez1r4Y20yW3MyC+ilF6lWZCXNpd1QbOVxNbljaMJa6N44uw9F
P0o225dvc8CKZ0QFByBsWkqrxa47FqvmCWq+qrMYh6tWFdZ7DBD31Kmh9YGZzDx0
O4qk4FALHspBuUgdLzG5+8XbB7FFpfxhWNVkXkJd0ecTwpQFLesmMC0+GBbIE63z
TuFyDJKTENuHH+K3r1jDFiubX0PLBg6+qw1+3O0xcedIOA9sNBAjShx5t5eh/Qnl
eGHWZ1JznjBgKoDYL8yf98Udkp2+EI8sFnm3AI4citEvXjeo93CNN0u4GwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP/IyeXnk+S8NHIhXvb7g1lwEcHIMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvXzhqSjVlZVQ1THcwY2lGZTl2dURXWEFSd2NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXb+qAwQA
Xb+vMA0GCSqGSIb3DQEBCwUAA4IBAQBDI6Rgd6xP1MX7fFPK8m7XDFxvljhTNSOW
cSStWlIJmVWq0wy90vAxIMqCzu1PLmCX4BEZ0asU9QKLSTdtT9xHvjcNnWyjcpJK
hgo1P85YvJWu8V9WZkVdOFNc75PDaBpors6bzLJ1mFFpFIcfcnPIERzfhiJQVrzK
thCSSkCtQzmjKQUXv5v+XKX8SFVg3r3lUfvY/ccEqKk3Vxgyl0yRF/wUFT429K5d
kqplGSxozwZTa0OTNnKbK/4m6HNBJaPsMf4EZFPdpMZ6jbQURvJgdrmolwMfR/mU
EIs5fd7Slna3zO+gYzj30tz5i0pq2wI0Ah8iGiFkFX3q7xxjiFm0
-----END CERTIFICATE-----