Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/JVuoprbMxLbQdATYs7FnyNtpCsE.roa
File:                     JVuoprbMxLbQdATYs7FnyNtpCsE.roa (raw, json)
Hash identifier:          N0yMS1VnWb2pP+jHjBsPnN/6nX2H2mODP1yZDbzRLdI=
Subject key identifier:   25:5B:A8:A6:B6:CC:C4:B6:D0:74:04:D8:B3:B1:67:C8:DB:69:0A:C1
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019D00C1201B655159FE7B788262F68A456C
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/JVuoprbMxLbQdATYs7FnyNtpCsE.roa
Signing time:             Wed 18 Mar 2026 11:42:29 +0000
ROA not before:           Wed 18 Mar 2026 11:42:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198087
IP address blocks:        93.119.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 14:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:00:c1:20:1b:65:51:59:fe:7b:78:82:62:f6:8a:45:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Mar 18 11:42:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=255ba8a6b6ccc4b6d07404d8b3b167c8db690ac1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:ea:80:22:7c:0a:44:d7:4e:be:65:24:87:b4:
                    ce:df:1f:69:ad:5b:b4:c5:0a:f6:72:d0:34:48:9a:
                    f3:cc:72:42:a8:62:53:e8:bf:e1:8d:6d:85:fc:99:
                    92:57:2b:be:ca:b2:fe:d2:9e:96:85:0b:d8:35:c8:
                    70:cb:e7:24:b5:c7:0d:a5:48:c7:f0:b3:36:41:60:
                    d0:c8:9a:02:9b:f0:6b:af:7d:11:53:4e:d0:63:88:
                    a4:57:40:fa:c9:b9:ea:ca:21:2b:8c:67:28:e6:fa:
                    76:b1:66:26:3a:cf:5b:48:0b:fd:e3:88:8c:ba:64:
                    41:0f:45:c2:d9:a3:b1:06:4a:03:65:c0:1c:11:69:
                    a2:49:bd:5a:69:6b:41:e2:8c:8b:bd:83:9c:ef:19:
                    ee:d2:36:51:9c:7f:e4:31:ad:f2:9d:e9:4e:ed:53:
                    83:1e:8f:f3:d3:5c:55:5b:41:1b:48:1f:0e:0e:ee:
                    2f:27:3a:f1:6e:ea:ca:91:ed:ff:a3:df:54:00:1f:
                    b1:86:6f:27:d3:dd:08:24:ce:aa:c7:42:50:b0:06:
                    3a:e4:bc:b2:02:46:00:c4:75:02:61:80:e6:23:6c:
                    e6:a2:aa:16:7d:10:e9:5f:c3:89:fd:e1:5c:d4:1a:
                    ed:96:20:65:c5:07:25:55:29:48:98:5e:93:99:cd:
                    43:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:5B:A8:A6:B6:CC:C4:B6:D0:74:04:D8:B3:B1:67:C8:DB:69:0A:C1
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/JVuoprbMxLbQdATYs7FnyNtpCsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.119.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:98:01:22:39:41:26:e2:d3:bd:61:f9:e9:b7:e5:fa:bb:e2:
         f7:4e:ff:0b:07:d9:5a:20:df:a1:f7:39:d6:58:dd:13:1b:71:
         1d:5a:58:87:f4:c4:db:54:78:12:9e:38:79:f3:32:18:9d:e1:
         d2:57:06:5e:30:33:bd:b4:8b:6f:f9:3d:97:8a:2c:1a:b8:92:
         b0:66:20:31:12:a8:97:eb:f0:99:f0:f8:25:20:cc:3a:14:a9:
         0e:60:8e:16:c6:ad:fb:21:53:26:7f:60:a9:0e:ca:6f:55:96:
         25:a9:0a:b3:34:6a:71:25:e0:8d:d8:1d:5b:71:0d:43:8b:4c:
         90:65:c4:34:0f:68:50:1b:59:a2:83:8c:dd:57:44:d5:7a:65:
         2c:f4:59:4e:b4:cb:c0:08:cc:35:e7:f1:27:0b:cf:f5:6e:7a:
         97:8c:6e:71:46:00:52:32:32:f5:1a:97:f3:37:c8:f2:56:6b:
         8e:b0:4b:96:df:bc:d4:6f:c0:bd:77:96:9d:88:22:93:38:1f:
         82:db:27:be:0e:d9:23:63:37:32:e2:81:f6:37:7c:9d:19:c4:
         de:57:0b:2e:6b:d0:2d:ce:cf:4a:91:9f:b5:e1:e5:85:9d:a8:
         11:c0:25:d2:99:35:d9:79:79:86:50:93:d7:bc:00:fc:df:23:
         6a:24:e7:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0AwSAbZVFZ/nt4gmL2ikVsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjYwMzE4MTE0MjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTViYThhNmI2Y2NjNGI2ZDA3NDA0ZDhiM2IxNjdjOGRiNjkwYWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsOqAInwKRNdOvmUkh7TO3x9prVu0
xQr2ctA0SJrzzHJCqGJT6L/hjW2F/JmSVyu+yrL+0p6WhQvYNchwy+cktccNpUjH
8LM2QWDQyJoCm/Brr30RU07QY4ikV0D6ybnqyiErjGco5vp2sWYmOs9bSAv944iM
umRBD0XC2aOxBkoDZcAcEWmiSb1aaWtB4oyLvYOc7xnu0jZRnH/kMa3ynelO7VOD
Ho/z01xVW0EbSB8ODu4vJzrxburKke3/o99UAB+xhm8n090IJM6qx0JQsAY65Lyy
AkYAxHUCYYDmI2zmoqoWfRDpX8OJ/eFc1BrtliBlxQclVSlImF6Tmc1DNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCVbqKa2zMS20HQE2LOxZ8jbaQrBMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvSlZ1b3ByYk14TGJRZEFUWXM3Rm55TnRwQ3NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXXdrMA0G
CSqGSIb3DQEBCwUAA4IBAQB+mAEiOUEm4tO9Yfnpt+X6u+L3Tv8LB9laIN+h9znW
WN0TG3EdWliH9MTbVHgSnjh58zIYneHSVwZeMDO9tItv+T2XiiwauJKwZiAxEqiX
6/CZ8PglIMw6FKkOYI4Wxq37IVMmf2CpDspvVZYlqQqzNGpxJeCN2B1bcQ1Di0yQ
ZcQ0D2hQG1mig4zdV0TVemUs9FlOtMvACMw15/EnC8/1bnqXjG5xRgBSMjL1Gpfz
N8jyVmuOsEuW37zUb8C9d5adiCKTOB+C2ye+DtkjYzcy4oH2N3ydGcTeVwsua9At
zs9KkZ+14eWFnagRwCXSmTXZeXmGUJPXvAD83yNqJOdk
-----END CERTIFICATE-----