Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/0f3a87-5ea1-4671-90b7-ae1759916df0/1/IDTYw6C5ecE0yTngM2giPFekYEo.roa
File:                     IDTYw6C5ecE0yTngM2giPFekYEo.roa (raw, json)
Hash identifier:          Mp7nJH1EbJ5wIQlVw/NFiqEMS1fdnjIoS+XOTuUWT3g=
Subject key identifier:   20:34:D8:C3:A0:B9:79:C1:34:C9:39:E0:33:68:22:3C:57:A4:60:4A
Certificate issuer:       /CN=d93e302c21a9dda67509fc8f13daf4c62acff0ee
Certificate serial:       019DAF7DBDDA37F99A9AA632771B45510012
Authority key identifier: D9:3E:30:2C:21:A9:DD:A6:75:09:FC:8F:13:DA:F4:C6:2A:CF:F0:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2T4wLCGp3aZ1CfyPE9r0xirP8O4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/0f3a87-5ea1-4671-90b7-ae1759916df0/1/IDTYw6C5ecE0yTngM2giPFekYEo.roa
Signing time:             Tue 21 Apr 2026 10:02:26 +0000
ROA not before:           Tue 21 Apr 2026 10:02:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8881
IP address blocks:        193.101.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/0f3a87-5ea1-4671-90b7-ae1759916df0/1/2T4wLCGp3aZ1CfyPE9r0xirP8O4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/0f3a87-5ea1-4671-90b7-ae1759916df0/1/2T4wLCGp3aZ1CfyPE9r0xirP8O4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2T4wLCGp3aZ1CfyPE9r0xirP8O4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 May 2026 19:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:af:7d:bd:da:37:f9:9a:9a:a6:32:77:1b:45:51:00:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d93e302c21a9dda67509fc8f13daf4c62acff0ee
        Validity
            Not Before: Apr 21 10:02:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2034d8c3a0b979c134c939e03368223c57a4604a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:4c:ee:70:c6:64:ac:0b:1c:9f:ee:6c:c2:50:
                    16:a3:81:73:da:40:62:e3:ae:5f:d8:48:ca:81:78:
                    a5:cd:d6:aa:d6:92:bf:0c:69:c1:cb:15:38:d6:da:
                    03:d6:b1:5e:a0:1c:ae:f2:a2:cf:c2:f6:f9:1d:be:
                    d6:dd:10:03:3b:c2:55:68:6d:00:e4:89:90:e1:b3:
                    db:81:e0:76:06:0c:62:30:23:78:cc:54:f1:7b:b7:
                    90:c1:52:33:bb:05:cb:3a:e7:f8:36:bb:19:4b:51:
                    58:ab:1a:54:f1:4b:4c:a6:24:6b:b7:6b:10:2a:9c:
                    2e:90:09:cd:cc:56:aa:c8:01:f4:34:90:3f:ec:d5:
                    17:98:b4:23:cb:a5:3c:84:9b:ec:d2:8a:7c:3d:7c:
                    5d:f9:36:bb:dc:d8:26:9b:f4:d2:ab:3f:07:80:0a:
                    3e:c7:11:ba:70:82:97:3f:0d:b2:c9:82:5e:a4:32:
                    2d:61:61:ea:0c:06:e0:e6:4d:46:05:30:6a:b5:51:
                    f0:06:a5:2f:f4:d2:d5:28:2b:92:17:30:09:92:ef:
                    22:f8:b4:eb:e8:68:6b:3e:d3:f4:63:9f:25:96:85:
                    82:c7:1a:4f:0e:b0:ca:91:48:e1:98:e6:17:c2:fe:
                    a6:a8:f3:0d:b0:53:12:24:2e:ce:46:5a:a9:3e:87:
                    b6:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:34:D8:C3:A0:B9:79:C1:34:C9:39:E0:33:68:22:3C:57:A4:60:4A
            X509v3 Authority Key Identifier:
                keyid:D9:3E:30:2C:21:A9:DD:A6:75:09:FC:8F:13:DA:F4:C6:2A:CF:F0:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2T4wLCGp3aZ1CfyPE9r0xirP8O4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/0f3a87-5ea1-4671-90b7-ae1759916df0/1/IDTYw6C5ecE0yTngM2giPFekYEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/0f3a87-5ea1-4671-90b7-ae1759916df0/1/2T4wLCGp3aZ1CfyPE9r0xirP8O4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.101.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:ac:6f:07:ba:59:6f:69:f4:2a:54:4b:26:97:b0:72:92:07:
         be:8b:05:dc:aa:19:af:e1:b5:42:57:b0:fb:1a:d9:c8:6a:9d:
         b7:ca:58:7b:e0:21:da:55:a6:d9:d6:ba:b0:f7:a0:85:3c:a1:
         4b:0c:e9:1d:82:96:2b:d5:cb:9d:d1:bc:95:cb:f7:00:d8:9b:
         ca:ed:06:1c:97:7d:a2:f9:54:0a:37:f7:5e:92:02:db:dc:c4:
         d8:74:7a:1f:79:0a:7f:c4:b2:23:e3:dd:35:1f:86:2c:f7:c1:
         e6:65:f8:3d:2d:e2:0c:04:4b:00:74:9b:5c:73:c6:27:20:80:
         10:e4:51:63:22:28:5d:c6:ba:58:97:c4:34:88:d1:76:56:aa:
         7c:ed:90:f4:62:84:3c:3f:cf:eb:e8:3d:5d:7e:63:45:f5:f9:
         9f:0b:50:07:de:b0:7a:51:f9:4c:05:b2:d8:41:02:27:e8:60:
         cc:d6:46:3d:2e:fd:3e:44:15:8d:88:58:06:63:08:94:b3:e6:
         dc:43:e7:17:36:d1:7f:71:fe:58:5b:0d:e4:a2:dc:ed:33:b6:
         a5:49:4c:ba:37:b8:fe:ad:9d:c1:52:d5:93:d9:92:19:05:a8:
         5b:b4:3c:f3:80:34:e1:3c:0f:24:d6:b1:24:56:e4:77:6e:80:
         79:8d:bf:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2vfb3aN/mamqYydxtFUQASMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5M2UzMDJjMjFhOWRkYTY3NTA5ZmM4ZjEzZGFmNGM2MmFj
ZmYwZWUwHhcNMjYwNDIxMTAwMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDM0ZDhjM2EwYjk3OWMxMzRjOTM5ZTAzMzY4MjIzYzU3YTQ2MDRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkkzucMZkrAscn+5swlAWo4Fz2kBi
465f2EjKgXilzdaq1pK/DGnByxU41toD1rFeoByu8qLPwvb5Hb7W3RADO8JVaG0A
5ImQ4bPbgeB2BgxiMCN4zFTxe7eQwVIzuwXLOuf4NrsZS1FYqxpU8UtMpiRrt2sQ
KpwukAnNzFaqyAH0NJA/7NUXmLQjy6U8hJvs0op8PXxd+Ta73Ngmm/TSqz8HgAo+
xxG6cIKXPw2yyYJepDItYWHqDAbg5k1GBTBqtVHwBqUv9NLVKCuSFzAJku8i+LTr
6GhrPtP0Y58lloWCxxpPDrDKkUjhmOYXwv6mqPMNsFMSJC7ORlqpPoe2kQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCA02MOguXnBNMk54DNoIjxXpGBKMB8GA1UdIwQY
MBaAFNk+MCwhqd2mdQn8jxPa9MYqz/DuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlQ0d0xDR3AzYVoxQ2Z5UEU5cjB4aXJQOE80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni8wZjNhODctNWVhMS00NjcxLTkwYjct
YWUxNzU5OTE2ZGYwLzEvSURUWXc2QzVlY0UweVRuZ00yZ2lQRmVrWUVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni8wZjNhODctNWVhMS00NjcxLTkwYjctYWUxNzU5OTE2ZGYw
LzEvMlQ0d0xDR3AzYVoxQ2Z5UEU5cjB4aXJQOE80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWWzMA0G
CSqGSIb3DQEBCwUAA4IBAQCXrG8HullvafQqVEsml7Bykge+iwXcqhmv4bVCV7D7
GtnIap23ylh74CHaVabZ1rqw96CFPKFLDOkdgpYr1cud0byVy/cA2JvK7QYcl32i
+VQKN/dekgLb3MTYdHofeQp/xLIj4901H4Ys98HmZfg9LeIMBEsAdJtcc8YnIIAQ
5FFjIihdxrpYl8Q0iNF2Vqp87ZD0YoQ8P8/r6D1dfmNF9fmfC1AH3rB6UflMBbLY
QQIn6GDM1kY9Lv0+RBWNiFgGYwiUs+bcQ+cXNtF/cf5YWw3kotztM7alSUy6N7j+
rZ3BUtWT2ZIZBahbtDzzgDThPA8k1rEkVuR3boB5jb/r
-----END CERTIFICATE-----