Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/P76P4dF0ml0xn5L3PGZYLRu4kI8.roa
File:                     P76P4dF0ml0xn5L3PGZYLRu4kI8.roa (raw, json)
Hash identifier:          efyFbUnFHMFQB1JqfKtfbhksdOtrQaOEf0vwpCiCbdc=
Subject key identifier:   3F:BE:8F:E1:D1:74:9A:5D:31:9F:92:F7:3C:66:58:2D:1B:B8:90:8F
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       019E40880759979315693D318C7DE6EF86C4
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/P76P4dF0ml0xn5L3PGZYLRu4kI8.roa
Signing time:             Tue 19 May 2026 13:58:36 +0000
ROA not before:           Tue 19 May 2026 13:58:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197401
IP address blocks:        45.93.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:40:88:07:59:97:93:15:69:3d:31:8c:7d:e6:ef:86:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: May 19 13:58:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3fbe8fe1d1749a5d319f92f73c66582d1bb8908f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:38:cc:ad:59:28:74:b8:d1:3a:4d:85:75:7a:
                    82:1f:26:ad:26:06:e2:3d:28:20:7c:8f:dd:a9:df:
                    bb:ae:37:2e:d1:a8:54:61:3d:63:0d:bd:3c:1f:b1:
                    8a:e9:91:90:0e:65:23:0d:9f:33:b2:45:2a:27:3a:
                    e6:80:ac:55:79:e2:ed:f8:ce:89:a8:00:21:49:27:
                    ae:ea:7d:e9:a8:02:ac:97:88:e1:13:4d:a9:71:f3:
                    78:07:3f:6b:2e:0f:48:0d:48:da:86:54:29:a0:3e:
                    d1:0c:58:71:ec:28:fc:ed:3d:8e:6e:b1:34:4c:7d:
                    68:34:e7:b8:f4:81:cd:9a:e2:ab:5c:79:d0:8b:62:
                    d2:38:cd:59:08:4b:13:e9:6e:16:b7:98:67:63:2c:
                    f7:0e:b5:b7:9d:fc:00:81:15:85:04:71:51:f2:6d:
                    c0:8f:fd:a0:38:e0:77:a0:2c:df:91:05:43:a0:f1:
                    c7:ab:9b:80:fe:4f:62:71:30:f9:7b:2b:05:40:4e:
                    ca:99:e3:7a:d5:7a:7a:66:de:79:22:27:3f:1c:fd:
                    36:25:0b:8e:73:3f:f7:cb:56:a6:f2:77:d3:f6:ca:
                    4d:30:1a:aa:50:cf:c6:4a:75:f1:dc:f7:13:75:43:
                    66:cc:f8:4a:a6:74:68:4d:5d:c2:38:9a:49:b2:64:
                    b2:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:BE:8F:E1:D1:74:9A:5D:31:9F:92:F7:3C:66:58:2D:1B:B8:90:8F
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/P76P4dF0ml0xn5L3PGZYLRu4kI8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.93.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:39:f5:cc:61:ae:f6:59:c1:5d:2a:61:95:12:24:21:c3:50:
         a1:db:96:23:13:bc:96:11:97:3b:0f:e2:e2:c9:ad:fa:c7:84:
         51:d0:9d:25:23:b2:c5:bb:9e:e5:d0:ca:67:68:3a:94:4b:fb:
         07:00:3b:23:1c:5f:22:12:0b:de:35:ba:ae:d1:b7:20:35:b5:
         4b:ae:c2:85:b4:8d:97:b9:98:60:7f:e7:42:d2:99:30:b0:59:
         10:7b:26:dd:87:49:dc:5d:02:f9:94:e0:e4:16:e5:74:a6:c4:
         54:61:e1:a8:70:84:d5:5b:a7:dc:76:48:24:87:af:c9:28:26:
         7c:e7:0b:ae:fb:f6:a6:25:9f:89:18:ea:45:17:80:77:cb:b4:
         88:e1:00:61:d4:56:c3:e2:45:a9:7d:ad:ea:ef:6a:e4:72:9d:
         4a:59:c5:9b:d6:25:86:08:e6:d4:7a:37:f4:22:19:74:d3:7b:
         e7:51:a8:12:9b:a7:ba:a2:77:01:95:1b:ea:f1:b4:1a:f4:b4:
         8b:1c:67:86:c5:94:99:2d:8f:d7:4d:1e:09:2a:77:54:cf:9e:
         7d:77:94:7a:9d:13:f2:a8:2f:0c:50:52:2e:5d:1f:3c:91:fd:
         41:42:6a:90:32:0a:9c:4e:b5:33:86:6b:03:22:eb:3c:5c:e7:
         85:bb:73:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5AiAdZl5MVaT0xjH3m74bEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjYwNTE5MTM1ODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmJlOGZlMWQxNzQ5YTVkMzE5ZjkyZjczYzY2NTgyZDFiYjg5MDhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujjMrVkodLjROk2FdXqCHyatJgbi
PSggfI/dqd+7rjcu0ahUYT1jDb08H7GK6ZGQDmUjDZ8zskUqJzrmgKxVeeLt+M6J
qAAhSSeu6n3pqAKsl4jhE02pcfN4Bz9rLg9IDUjahlQpoD7RDFhx7Cj87T2ObrE0
TH1oNOe49IHNmuKrXHnQi2LSOM1ZCEsT6W4Wt5hnYyz3DrW3nfwAgRWFBHFR8m3A
j/2gOOB3oCzfkQVDoPHHq5uA/k9icTD5eysFQE7KmeN61Xp6Zt55Iic/HP02JQuO
cz/3y1am8nfT9spNMBqqUM/GSnXx3PcTdUNmzPhKpnRoTV3COJpJsmSyJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD++j+HRdJpdMZ+S9zxmWC0buJCPMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvUDc2UDRkRjBtbDB4bjVMM1BHWllMUnU0a0k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV1TMA0G
CSqGSIb3DQEBCwUAA4IBAQAdOfXMYa72WcFdKmGVEiQhw1Ch25YjE7yWEZc7D+Li
ya36x4RR0J0lI7LFu57l0MpnaDqUS/sHADsjHF8iEgveNbqu0bcgNbVLrsKFtI2X
uZhgf+dC0pkwsFkQeybdh0ncXQL5lODkFuV0psRUYeGocITVW6fcdkgkh6/JKCZ8
5wuu+/amJZ+JGOpFF4B3y7SI4QBh1FbD4kWpfa3q72rkcp1KWcWb1iWGCObUejf0
Ihl003vnUagSm6e6oncBlRvq8bQa9LSLHGeGxZSZLY/XTR4JKndUz559d5R6nRPy
qC8MUFIuXR88kf1BQmqQMgqcTrUzhmsDIus8XOeFu3MP
-----END CERTIFICATE-----