Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/384995-3ade-4b52-bffb-86626647086c/1/IgdPfhPl1P3iT1FWrsiJPEWiUf0.roa
File:                     IgdPfhPl1P3iT1FWrsiJPEWiUf0.roa (raw, json)
Hash identifier:          qJpCjPIGc1MaV9L1dwnXjXWQ+qoYXiY/1KG2OSBZzVg=
Subject key identifier:   22:07:4F:7E:13:E5:D4:FD:E2:4F:51:56:AE:C8:89:3C:45:A2:51:FD
Certificate issuer:       /CN=adebfc4e59f7e646460d90311566df1f47eda917
Certificate serial:       019EF94E89E5EF410286175A6EFBF4762598
Authority key identifier: AD:EB:FC:4E:59:F7:E6:46:46:0D:90:31:15:66:DF:1F:47:ED:A9:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rev8Tln35kZGDZAxFWbfH0ftqRc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/384995-3ade-4b52-bffb-86626647086c/1/IgdPfhPl1P3iT1FWrsiJPEWiUf0.roa
Signing time:             Wed 24 Jun 2026 11:05:34 +0000
ROA not before:           Wed 24 Jun 2026 11:05:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5631
IP address blocks:        193.32.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/384995-3ade-4b52-bffb-86626647086c/1/rev8Tln35kZGDZAxFWbfH0ftqRc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/384995-3ade-4b52-bffb-86626647086c/1/rev8Tln35kZGDZAxFWbfH0ftqRc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rev8Tln35kZGDZAxFWbfH0ftqRc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 14:31:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:f9:4e:89:e5:ef:41:02:86:17:5a:6e:fb:f4:76:25:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=adebfc4e59f7e646460d90311566df1f47eda917
        Validity
            Not Before: Jun 24 11:05:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=22074f7e13e5d4fde24f5156aec8893c45a251fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:45:f4:9a:1c:a5:13:12:65:76:38:56:47:5e:
                    90:69:1a:db:97:a7:9f:74:02:e8:e7:2e:0e:a1:de:
                    5f:f2:bf:6b:38:88:19:c1:96:c0:7f:a7:46:5d:c3:
                    bb:71:e9:8c:a4:c2:a3:94:bb:9a:19:b7:dd:97:3f:
                    50:80:25:cc:23:10:32:2a:d3:c1:98:a0:82:ce:d7:
                    3c:56:8d:0a:2b:5e:b8:b6:38:a0:1c:35:7f:e0:a5:
                    1b:99:95:85:7c:e4:80:01:cf:6b:47:c9:62:c2:13:
                    b4:2e:e9:b2:fe:0c:c9:2c:b0:e5:7e:ce:1f:0f:d9:
                    9e:df:d1:2f:74:44:b5:3c:cf:c2:6a:7d:b9:2e:0e:
                    8a:59:37:86:27:f6:b7:95:f9:9f:33:19:8e:c8:69:
                    6c:45:a5:2e:89:ee:a7:83:c4:60:99:fa:99:18:53:
                    7f:04:69:f6:7d:fd:85:3e:6a:92:7b:75:4e:de:69:
                    09:fd:e1:1d:c4:d1:07:54:b2:7e:a9:e0:28:6d:d7:
                    c4:f2:e9:64:ed:13:3d:8a:5f:94:3c:14:b7:c0:22:
                    44:a7:22:55:de:09:b1:8f:f2:f5:97:5d:35:26:56:
                    bc:1f:e1:8e:b8:0b:09:94:4f:fe:45:90:0e:13:ef:
                    d4:c8:56:6e:a8:b5:74:36:11:69:b5:aa:b1:4f:b9:
                    e8:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:07:4F:7E:13:E5:D4:FD:E2:4F:51:56:AE:C8:89:3C:45:A2:51:FD
            X509v3 Authority Key Identifier:
                keyid:AD:EB:FC:4E:59:F7:E6:46:46:0D:90:31:15:66:DF:1F:47:ED:A9:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rev8Tln35kZGDZAxFWbfH0ftqRc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/384995-3ade-4b52-bffb-86626647086c/1/IgdPfhPl1P3iT1FWrsiJPEWiUf0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/384995-3ade-4b52-bffb-86626647086c/1/rev8Tln35kZGDZAxFWbfH0ftqRc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:a5:48:a1:72:33:71:42:7d:bb:77:13:61:a9:00:d6:2c:1a:
         2a:53:fd:18:54:14:25:32:95:02:d5:2d:5c:44:14:e4:69:3d:
         01:44:ba:2e:cb:92:15:50:5c:25:4a:9c:2e:a7:78:95:55:9e:
         01:11:a5:ff:e9:14:e8:c0:38:20:d7:64:8b:f1:44:0d:38:a8:
         04:b2:cf:ac:58:68:a2:64:6f:52:af:ea:07:52:6a:27:6d:d2:
         9f:ae:58:77:c7:fd:45:0b:ea:06:69:ae:20:5f:98:c3:d1:20:
         98:4e:82:25:d2:65:39:9c:9a:0f:07:cc:13:6d:42:29:12:eb:
         8b:2b:73:cb:cb:42:07:e1:39:64:65:75:7b:88:93:03:e4:73:
         80:0c:4c:40:70:87:be:ea:49:89:43:c4:92:91:c8:51:e1:26:
         62:39:38:9b:1f:51:23:54:42:eb:f4:89:3f:bf:dc:bf:4a:1d:
         49:9c:e4:a5:40:88:74:a9:c2:8f:01:5b:1e:61:7e:4b:47:0c:
         cc:96:ed:be:fc:4d:fd:39:73:58:bf:d6:32:ff:db:f8:e3:59:
         21:30:0a:8b:d8:1d:90:f6:22:fc:c9:ba:84:7b:f4:cd:c6:47:
         99:c6:43:37:e7:db:56:bd:ab:09:a4:6c:46:a4:5a:97:55:bd:
         9a:94:85:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ75Tonl70EChhdabvv0diWYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZWJmYzRlNTlmN2U2NDY0NjBkOTAzMTE1NjZkZjFmNDdl
ZGE5MTcwHhcNMjYwNjI0MTEwNTM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjA3NGY3ZTEzZTVkNGZkZTI0ZjUxNTZhZWM4ODkzYzQ1YTI1MWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApUX0mhylExJldjhWR16QaRrbl6ef
dALo5y4Ood5f8r9rOIgZwZbAf6dGXcO7cemMpMKjlLuaGbfdlz9QgCXMIxAyKtPB
mKCCztc8Vo0KK164tjigHDV/4KUbmZWFfOSAAc9rR8liwhO0Lumy/gzJLLDlfs4f
D9me39EvdES1PM/Can25Lg6KWTeGJ/a3lfmfMxmOyGlsRaUuie6ng8RgmfqZGFN/
BGn2ff2FPmqSe3VO3mkJ/eEdxNEHVLJ+qeAobdfE8ulk7RM9il+UPBS3wCJEpyJV
3gmxj/L1l101Jla8H+GOuAsJlE/+RZAOE+/UyFZuqLV0NhFptaqxT7noQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCIHT34T5dT94k9RVq7IiTxFolH9MB8GA1UdIwQY
MBaAFK3r/E5Z9+ZGRg2QMRVm3x9H7akXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmV2OFRsbjM1a1pHRFpBeEZXYmZIMGZ0cVJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni8zODQ5OTUtM2FkZS00YjUyLWJmZmIt
ODY2MjY2NDcwODZjLzEvSWdkUGZoUGwxUDNpVDFGV3JzaUpQRVdpVWYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni8zODQ5OTUtM2FkZS00YjUyLWJmZmItODY2MjY2NDcwODZj
LzEvcmV2OFRsbjM1a1pHRFpBeEZXYmZIMGZ0cVJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSBdMA0G
CSqGSIb3DQEBCwUAA4IBAQBwpUihcjNxQn27dxNhqQDWLBoqU/0YVBQlMpUC1S1c
RBTkaT0BRLouy5IVUFwlSpwup3iVVZ4BEaX/6RTowDgg12SL8UQNOKgEss+sWGii
ZG9Sr+oHUmonbdKfrlh3x/1FC+oGaa4gX5jD0SCYToIl0mU5nJoPB8wTbUIpEuuL
K3PLy0IH4TlkZXV7iJMD5HOADExAcIe+6kmJQ8SSkchR4SZiOTibH1EjVELr9Ik/
v9y/Sh1JnOSlQIh0qcKPAVseYX5LRwzMlu2+/E39OXNYv9Yy/9v441khMAqL2B2Q
9iL8ybqEe/TNxkeZxkM359tWvasJpGxGpFqXVb2alIXv
-----END CERTIFICATE-----