Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/Ri2C8jT87JUPY1N_tYFlXXpEEUk.roa
File:                     Ri2C8jT87JUPY1N_tYFlXXpEEUk.roa (raw, json)
Hash identifier:          bov73pH9tjDEmSsRTrp/h5e7PIOp0L9ZGu7At3Y3OkU=
Subject key identifier:   46:2D:82:F2:34:FC:EC:95:0F:63:53:7F:B5:81:65:5D:7A:44:11:49
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019DF3A42780B0E276CC0E480F58C64E2908
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/Ri2C8jT87JUPY1N_tYFlXXpEEUk.roa
Signing time:             Mon 04 May 2026 15:38:34 +0000
ROA not before:           Mon 04 May 2026 15:38:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39944
IP address blocks:        93.113.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 May 2026 11:18:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f3:a4:27:80:b0:e2:76:cc:0e:48:0f:58:c6:4e:29:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: May  4 15:38:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=462d82f234fcec950f63537fb581655d7a441149
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:6a:3e:77:09:10:e8:af:6f:ec:f8:5c:77:02:
                    6d:6b:9f:e3:76:ab:a0:cc:ac:9f:c7:29:43:6d:aa:
                    58:91:db:4c:21:2e:d6:31:7a:1e:86:85:5d:46:1e:
                    6e:8b:df:4c:a8:9a:88:cb:69:c5:86:a2:c1:bf:f3:
                    fa:15:ba:fb:82:15:59:22:ac:3f:f4:0b:7a:96:36:
                    ed:cc:14:ab:8f:e7:d2:4c:92:97:25:27:02:3b:86:
                    68:97:40:b2:7a:fb:a9:7f:08:39:84:d1:53:c9:19:
                    4e:7a:8f:67:f8:8f:36:b9:ce:0b:f3:2d:04:e9:1c:
                    2c:9b:e8:25:54:86:84:5c:61:95:98:8b:89:da:82:
                    a5:33:e8:6d:18:99:b9:ab:65:0c:cf:a1:9c:19:57:
                    7f:24:6d:3d:b5:bf:09:da:15:a6:b5:84:fc:d0:b7:
                    56:6e:c4:60:5c:c0:82:33:bf:7c:3a:4b:42:4c:b4:
                    95:36:04:f3:f9:35:8e:66:cf:05:57:3b:ea:8d:cb:
                    83:74:7a:fc:71:b7:fd:a7:66:af:8a:21:fb:20:2a:
                    0e:2f:84:9e:ac:90:aa:aa:be:06:8c:9d:72:b1:8e:
                    5b:2b:41:77:3c:c1:d1:07:19:33:a6:56:2f:75:6f:
                    91:e7:bd:71:37:6a:1a:94:f6:49:a6:c2:bf:83:f5:
                    09:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:2D:82:F2:34:FC:EC:95:0F:63:53:7F:B5:81:65:5D:7A:44:11:49
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/Ri2C8jT87JUPY1N_tYFlXXpEEUk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.113.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:72:18:19:10:de:f9:e9:74:43:dc:4d:b2:e6:ad:7b:58:f2:
         f0:95:99:80:c1:00:a8:08:c0:c3:18:d0:be:c3:ec:05:e5:b0:
         c3:c0:f5:6f:be:37:aa:7e:82:b7:b5:71:8c:7a:7a:58:36:9a:
         5c:85:8f:90:87:30:d2:bb:b4:dc:e7:87:40:ab:ee:14:6c:f1:
         80:6b:5e:76:c3:45:ee:aa:9f:4c:ef:73:19:d2:7d:9c:0f:74:
         11:8c:0a:49:a1:4d:9e:47:59:a9:14:7a:92:77:3c:80:da:43:
         61:6c:ef:48:bd:fb:5d:f5:83:29:dc:6b:3e:d7:b1:ef:3d:7b:
         b7:10:f5:8c:35:03:48:9a:45:78:6c:ab:66:ea:d8:13:16:5c:
         c0:8c:aa:57:9c:14:38:51:4d:76:8c:77:b2:ef:b4:14:34:97:
         2e:43:45:a6:d7:72:e6:27:9f:33:75:8c:2b:3e:89:fd:c4:c5:
         c5:f8:b7:e4:72:17:57:16:33:85:87:a6:96:6c:d4:e3:71:91:
         d5:87:9c:40:1d:65:23:a9:9b:af:74:b9:3f:ab:de:a3:da:bf:
         42:a5:39:27:cd:83:19:a2:d0:99:59:32:09:e6:62:07:df:9d:
         22:f5:e7:a1:30:a6:76:3e:61:2c:03:43:7a:95:94:9c:46:0d:
         80:b7:7b:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3zpCeAsOJ2zA5ID1jGTikIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjYwNTA0MTUzODM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjJkODJmMjM0ZmNlYzk1MGY2MzUzN2ZiNTgxNjU1ZDdhNDQxMTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWo+dwkQ6K9v7PhcdwJta5/jdqug
zKyfxylDbapYkdtMIS7WMXoehoVdRh5ui99MqJqIy2nFhqLBv/P6Fbr7ghVZIqw/
9At6ljbtzBSrj+fSTJKXJScCO4Zol0Cyevupfwg5hNFTyRlOeo9n+I82uc4L8y0E
6Rwsm+glVIaEXGGVmIuJ2oKlM+htGJm5q2UMz6GcGVd/JG09tb8J2hWmtYT80LdW
bsRgXMCCM798OktCTLSVNgTz+TWOZs8FVzvqjcuDdHr8cbf9p2aviiH7ICoOL4Se
rJCqqr4GjJ1ysY5bK0F3PMHRBxkzplYvdW+R571xN2oalPZJpsK/g/UJuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEYtgvI0/OyVD2NTf7WBZV16RBFJMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvUmkyQzhqVDg3SlVQWTFOX3RZRmxYWHBFRVVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXXGwMA0G
CSqGSIb3DQEBCwUAA4IBAQBrchgZEN756XRD3E2y5q17WPLwlZmAwQCoCMDDGNC+
w+wF5bDDwPVvvjeqfoK3tXGMenpYNppchY+QhzDSu7Tc54dAq+4UbPGAa152w0Xu
qp9M73MZ0n2cD3QRjApJoU2eR1mpFHqSdzyA2kNhbO9Ivftd9YMp3Gs+17HvPXu3
EPWMNQNImkV4bKtm6tgTFlzAjKpXnBQ4UU12jHey77QUNJcuQ0Wm13LmJ58zdYwr
Pon9xMXF+LfkchdXFjOFh6aWbNTjcZHVh5xAHWUjqZuvdLk/q96j2r9CpTknzYMZ
otCZWTIJ5mIH350i9eehMKZ2PmEsA0N6lZScRg2At3ui
-----END CERTIFICATE-----