Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/CrwR_rp6mP9IUxfoyhWiiVfYC9c.roa
File:                     CrwR_rp6mP9IUxfoyhWiiVfYC9c.roa (raw, json)
Hash identifier:          nDtmf0xw90O9h+G3jorhPaIWEfin/4UgsLwznpDmg4g=
Subject key identifier:   0A:BC:11:FE:BA:7A:98:FF:48:53:17:E8:CA:15:A2:89:57:D8:0B:D7
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019CBC7EE4A406F0C2EF0E2D9236F163B607
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/CrwR_rp6mP9IUxfoyhWiiVfYC9c.roa
Signing time:             Thu 05 Mar 2026 05:35:58 +0000
ROA not before:           Thu 05 Mar 2026 05:35:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402186
IP address blocks:        93.114.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 14:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:bc:7e:e4:a4:06:f0:c2:ef:0e:2d:92:36:f1:63:b6:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Mar  5 05:35:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0abc11feba7a98ff485317e8ca15a28957d80bd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:8f:6e:11:ca:4f:38:6e:01:0b:98:f4:c0:95:
                    b4:da:65:dc:7a:d7:d2:b0:e8:26:73:0a:c6:d7:2e:
                    0e:fe:94:5d:65:f4:0f:80:26:cb:3e:3a:28:d0:20:
                    5b:3a:11:73:02:e2:c8:c8:cf:fb:1c:83:2b:2b:6b:
                    1b:53:12:8c:1c:1b:a2:a1:cf:3f:89:37:4d:0a:dd:
                    f1:00:36:17:ae:ed:16:0a:9e:f0:b4:ec:3d:bf:bb:
                    0a:13:f3:aa:0a:d5:76:6f:b9:82:37:34:5e:b3:b2:
                    df:58:c0:61:27:c9:a4:f0:46:bf:6f:25:a8:b6:b7:
                    31:2e:66:6f:98:db:ed:06:e1:83:90:2c:b1:b4:38:
                    2c:c0:ff:3d:8e:69:12:e7:85:b4:a1:4d:4c:66:ee:
                    2d:f7:4c:35:82:50:a5:74:7f:1b:35:7e:10:54:0a:
                    78:c0:41:cd:d2:0a:ea:6b:3d:00:c2:90:db:56:b0:
                    74:5f:47:68:bc:8a:8b:ac:8f:95:6e:a8:af:f5:66:
                    78:5f:44:df:17:ac:f7:40:68:9f:f4:e5:a4:08:66:
                    79:db:57:5d:aa:ca:5a:76:0b:bc:2b:76:f1:7e:33:
                    fc:60:f5:a0:87:71:9a:8e:bb:18:13:01:24:12:9d:
                    5b:38:a0:36:25:ff:cc:52:e5:7d:95:97:8d:cb:d7:
                    ce:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:BC:11:FE:BA:7A:98:FF:48:53:17:E8:CA:15:A2:89:57:D8:0B:D7
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/CrwR_rp6mP9IUxfoyhWiiVfYC9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.114.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:0a:c7:05:48:3e:7f:2b:68:06:e1:9f:00:ba:9e:41:70:c6:
         f7:93:a2:ba:5e:a2:da:7c:63:17:69:05:99:da:19:70:dd:1b:
         14:30:6f:51:9d:fe:55:ee:14:8f:71:6d:57:a4:0d:61:4e:62:
         1a:27:d9:fd:c9:1c:b0:2b:4c:fc:d7:26:2b:8d:97:b6:10:83:
         7a:d1:38:ea:6c:70:cb:90:fc:de:0e:0d:16:ae:47:5f:dc:43:
         66:43:ee:fd:1b:60:7e:6d:36:d6:25:66:48:47:37:ce:a0:3c:
         de:ca:c1:ca:14:c5:4a:7d:de:de:f5:65:90:08:13:6b:04:6d:
         db:8e:fd:a6:82:03:5d:81:17:7f:41:6d:79:41:30:1e:23:a1:
         47:1d:26:70:c3:28:ab:8b:30:47:25:29:6b:32:bf:fb:d2:8a:
         e3:c8:a4:15:2e:17:a5:ef:aa:09:ff:b3:0e:a7:29:85:9a:78:
         b3:7a:37:06:39:f3:7e:8d:c8:ec:a2:9c:09:de:5c:f9:3e:b7:
         b4:97:a4:28:39:a7:3e:30:26:b9:c2:54:14:73:8a:b6:1b:cb:
         7f:5c:9b:5c:b3:28:42:c3:18:a7:98:0b:73:5e:68:5c:87:d5:
         84:8c:36:aa:46:7e:8c:ac:f2:ba:5c:7c:28:28:79:79:f2:55:
         0b:51:33:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy8fuSkBvDC7w4tkjbxY7YHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjYwMzA1MDUzNTU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWJjMTFmZWJhN2E5OGZmNDg1MzE3ZThjYTE1YTI4OTU3ZDgwYmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6o9uEcpPOG4BC5j0wJW02mXcetfS
sOgmcwrG1y4O/pRdZfQPgCbLPjoo0CBbOhFzAuLIyM/7HIMrK2sbUxKMHBuioc8/
iTdNCt3xADYXru0WCp7wtOw9v7sKE/OqCtV2b7mCNzRes7LfWMBhJ8mk8Ea/byWo
trcxLmZvmNvtBuGDkCyxtDgswP89jmkS54W0oU1MZu4t90w1glCldH8bNX4QVAp4
wEHN0grqaz0AwpDbVrB0X0dovIqLrI+Vbqiv9WZ4X0TfF6z3QGif9OWkCGZ521dd
qspadgu8K3bxfjP8YPWgh3GajrsYEwEkEp1bOKA2Jf/MUuV9lZeNy9fOYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAq8Ef66epj/SFMX6MoVoolX2AvXMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvQ3J3Ul9ycDZtUDlJVXhmb3loV2lpVmZZQzljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXXJIMA0G
CSqGSIb3DQEBCwUAA4IBAQBhCscFSD5/K2gG4Z8Aup5BcMb3k6K6XqLafGMXaQWZ
2hlw3RsUMG9Rnf5V7hSPcW1XpA1hTmIaJ9n9yRywK0z81yYrjZe2EIN60TjqbHDL
kPzeDg0Wrkdf3ENmQ+79G2B+bTbWJWZIRzfOoDzeysHKFMVKfd7e9WWQCBNrBG3b
jv2mggNdgRd/QW15QTAeI6FHHSZwwyirizBHJSlrMr/70orjyKQVLhel76oJ/7MO
pymFmnizejcGOfN+jcjsopwJ3lz5Pre0l6QoOac+MCa5wlQUc4q2G8t/XJtcsyhC
wxinmAtzXmhch9WEjDaqRn6MrPK6XHwoKHl58lULUTOr
-----END CERTIFICATE-----