Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/909975-4e86-4478-b81e-72df6fedd748/1/hXlpXaM1pFmksY1FpbebpRbEl-Q.roa
File:                     hXlpXaM1pFmksY1FpbebpRbEl-Q.roa (raw, json)
Hash identifier:          Lw896zRP/JglXDT61QeSjgmUxl+Qailc29oqIkIXseQ=
Subject key identifier:   85:79:69:5D:A3:35:A4:59:A4:B1:8D:45:A5:B7:9B:A5:16:C4:97:E4
Certificate issuer:       /CN=0f1d5b9d88b579d0ddf7c21cb3d387d61ea516c1
Certificate serial:       019EF89F521826180B5F58B8C8B4B8D3EFDE
Authority key identifier: 0F:1D:5B:9D:88:B5:79:D0:DD:F7:C2:1C:B3:D3:87:D6:1E:A5:16:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dx1bnYi1edDd98Ics9OH1h6lFsE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/909975-4e86-4478-b81e-72df6fedd748/1/hXlpXaM1pFmksY1FpbebpRbEl-Q.roa
Signing time:             Wed 24 Jun 2026 07:54:11 +0000
ROA not before:           Wed 24 Jun 2026 07:54:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     10753
IP address blocks:        193.142.108.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/909975-4e86-4478-b81e-72df6fedd748/1/Dx1bnYi1edDd98Ics9OH1h6lFsE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/909975-4e86-4478-b81e-72df6fedd748/1/Dx1bnYi1edDd98Ics9OH1h6lFsE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Dx1bnYi1edDd98Ics9OH1h6lFsE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 13:58:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:f8:9f:52:18:26:18:0b:5f:58:b8:c8:b4:b8:d3:ef:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f1d5b9d88b579d0ddf7c21cb3d387d61ea516c1
        Validity
            Not Before: Jun 24 07:54:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8579695da335a459a4b18d45a5b79ba516c497e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:bb:a2:27:97:0c:2e:45:09:39:32:f2:ff:30:
                    25:90:6f:98:af:6a:38:a6:ab:3b:62:35:39:39:5f:
                    ad:53:ae:d0:c7:05:8c:ae:91:cc:88:2f:af:9d:52:
                    d2:34:2a:46:e6:75:65:6c:91:68:39:98:0b:cb:a7:
                    34:14:fa:1b:33:a6:b3:84:04:ba:ab:40:17:0f:a3:
                    0d:21:20:6f:10:67:53:84:c4:e1:5e:1c:93:19:6f:
                    4e:fc:3e:7c:15:9f:07:ab:ed:5c:75:52:ad:0d:40:
                    9e:37:34:b9:87:e6:b9:65:04:b0:6e:8f:ac:07:36:
                    cc:91:92:54:5c:3f:df:db:df:32:a9:d4:86:ae:a9:
                    31:82:16:e4:06:13:44:9b:e9:84:f8:e0:7d:63:c2:
                    07:df:b4:90:3f:60:89:08:b8:5a:90:0e:c4:60:42:
                    9c:12:b0:75:3c:be:dc:f4:f5:66:90:e9:56:2c:0d:
                    92:8e:aa:61:b2:b6:72:42:22:10:29:30:3e:f2:4e:
                    01:53:8d:6d:28:c8:c1:c9:5d:06:1d:be:da:8e:0a:
                    3e:d5:38:c5:ee:87:a2:3c:63:e4:a8:fe:c1:10:85:
                    84:a7:67:49:ba:80:a1:ab:fb:0a:48:4a:4f:b0:24:
                    20:0b:4d:7c:4c:8f:16:8f:d7:f6:04:00:b2:ac:e7:
                    16:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:79:69:5D:A3:35:A4:59:A4:B1:8D:45:A5:B7:9B:A5:16:C4:97:E4
            X509v3 Authority Key Identifier:
                keyid:0F:1D:5B:9D:88:B5:79:D0:DD:F7:C2:1C:B3:D3:87:D6:1E:A5:16:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dx1bnYi1edDd98Ics9OH1h6lFsE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/909975-4e86-4478-b81e-72df6fedd748/1/hXlpXaM1pFmksY1FpbebpRbEl-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/909975-4e86-4478-b81e-72df6fedd748/1/Dx1bnYi1edDd98Ics9OH1h6lFsE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.142.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         46:97:85:fe:ce:4a:17:76:df:8a:e1:20:cf:af:81:a3:94:70:
         62:a1:cd:ca:de:49:d5:ef:87:52:80:5e:62:aa:bc:9f:90:70:
         25:d1:52:f7:25:16:6d:ce:1c:f5:c4:35:62:64:cf:66:5f:92:
         20:23:d6:ed:64:e5:f0:3b:de:bd:fe:6f:d9:5c:22:cf:8c:d5:
         69:1f:62:4f:68:00:51:ca:2d:c6:fd:0c:64:a9:00:5d:db:d3:
         1b:ec:3d:43:79:40:76:f5:98:7d:4e:54:b9:ba:8a:c6:4e:c7:
         67:52:0b:b3:92:a6:39:d4:1f:12:07:d1:c9:d9:f5:ad:78:f0:
         41:e7:a5:85:76:e0:58:ba:78:3e:4d:65:2a:f7:ee:8f:87:73:
         40:d8:93:cd:db:ba:42:4d:ba:4a:a9:ec:d2:d3:79:83:04:1c:
         5a:66:a8:58:2d:38:74:e7:84:9f:f3:32:e3:f5:5c:eb:7e:0f:
         64:1d:fc:5d:23:ac:7e:0e:09:82:6d:55:c3:ca:d2:31:3c:22:
         f7:ac:0d:0f:4d:7c:d4:39:76:1a:af:66:9c:fb:6d:20:fd:94:
         d7:da:d4:91:3e:a2:20:db:d6:dc:6f:58:b8:5d:d6:3d:9d:1d:
         34:3f:c6:c0:33:43:19:15:c7:0b:92:e4:94:6c:6b:96:00:cd:
         66:d7:12:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ74n1IYJhgLX1i4yLS40+/eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmMWQ1YjlkODhiNTc5ZDBkZGY3YzIxY2IzZDM4N2Q2MWVh
NTE2YzEwHhcNMjYwNjI0MDc1NDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTc5Njk1ZGEzMzVhNDU5YTRiMThkNDVhNWI3OWJhNTE2YzQ5N2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ruiJ5cMLkUJOTLy/zAlkG+Yr2o4
pqs7YjU5OV+tU67QxwWMrpHMiC+vnVLSNCpG5nVlbJFoOZgLy6c0FPobM6azhAS6
q0AXD6MNISBvEGdThMThXhyTGW9O/D58FZ8Hq+1cdVKtDUCeNzS5h+a5ZQSwbo+s
BzbMkZJUXD/f298yqdSGrqkxghbkBhNEm+mE+OB9Y8IH37SQP2CJCLhakA7EYEKc
ErB1PL7c9PVmkOlWLA2SjqphsrZyQiIQKTA+8k4BU41tKMjByV0GHb7ajgo+1TjF
7oeiPGPkqP7BEIWEp2dJuoChq/sKSEpPsCQgC018TI8Wj9f2BACyrOcWXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIV5aV2jNaRZpLGNRaW3m6UWxJfkMB8GA1UdIwQY
MBaAFA8dW52ItXnQ3ffCHLPTh9YepRbBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHgxYm5ZaTFlZERkOThJY3M5T0gxaDZsRnNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC85MDk5NzUtNGU4Ni00NDc4LWI4MWUt
NzJkZjZmZWRkNzQ4LzEvaFhscFhhTTFwRm1rc1kxRnBiZWJwUmJFbC1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC85MDk5NzUtNGU4Ni00NDc4LWI4MWUtNzJkZjZmZWRkNzQ4
LzEvRHgxYm5ZaTFlZERkOThJY3M5T0gxaDZsRnNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwY5sMA0G
CSqGSIb3DQEBCwUAA4IBAQBGl4X+zkoXdt+K4SDPr4GjlHBioc3K3knV74dSgF5i
qryfkHAl0VL3JRZtzhz1xDViZM9mX5IgI9btZOXwO969/m/ZXCLPjNVpH2JPaABR
yi3G/QxkqQBd29Mb7D1DeUB29Zh9TlS5uorGTsdnUguzkqY51B8SB9HJ2fWtePBB
56WFduBYung+TWUq9+6Ph3NA2JPN27pCTbpKqezS03mDBBxaZqhYLTh054Sf8zLj
9Vzrfg9kHfxdI6x+DgmCbVXDytIxPCL3rA0PTXzUOXYar2ac+20g/ZTX2tSRPqIg
29bcb1i4XdY9nR00P8bAM0MZFccLkuSUbGuWAM1m1xLy
-----END CERTIFICATE-----