Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/_QtYt9J1bjujJzyERLrrzaAoWvg.roa
File:                     _QtYt9J1bjujJzyERLrrzaAoWvg.roa (raw, json)
Hash identifier:          UQYqFkwt0dd554SqiNjGVia5cBLhp+dGRDnZtYz3NuI=
Subject key identifier:   FD:0B:58:B7:D2:75:6E:3B:A3:27:3C:84:44:BA:EB:CD:A0:28:5A:F8
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       019E3B40B4FB9E585CED01F467D441E4FFD3
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/_QtYt9J1bjujJzyERLrrzaAoWvg.roa
Signing time:             Mon 18 May 2026 13:22:36 +0000
ROA not before:           Mon 18 May 2026 13:22:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57043
IP address blocks:        193.42.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:3b:40:b4:fb:9e:58:5c:ed:01:f4:67:d4:41:e4:ff:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: May 18 13:22:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fd0b58b7d2756e3ba3273c8444baebcda0285af8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:f5:e8:09:6f:43:fc:dd:a3:8c:b8:3a:bf:9d:
                    13:88:de:4e:9d:f2:fe:e6:e9:f6:93:84:db:35:f3:
                    54:68:8a:41:6c:56:bb:0d:04:57:d1:a4:6b:06:b6:
                    75:dd:e5:52:c8:71:4a:6f:cc:40:e3:d7:7f:bf:49:
                    42:e8:88:c7:3e:be:9d:af:d8:23:a7:d5:93:6e:7d:
                    4a:95:79:e1:87:71:3c:42:16:e8:a5:fe:a0:7e:c9:
                    92:df:57:e8:f0:7b:ab:71:20:da:3e:ab:de:0c:87:
                    c0:83:0c:cc:38:4e:a0:43:d9:57:ff:9a:bf:4f:fb:
                    48:29:60:98:8f:3d:7c:06:db:95:65:55:b1:cb:78:
                    9e:0e:33:77:e0:47:e7:bd:68:cb:d6:85:da:61:9e:
                    90:c1:5e:22:04:77:bf:1e:b8:45:b8:86:cb:0c:18:
                    19:73:ad:97:87:b8:29:48:f1:cc:ad:d2:53:54:3b:
                    24:c0:9a:37:1d:65:64:e9:e2:65:38:58:f7:97:2f:
                    6d:33:5b:39:27:7d:ca:6e:1a:6f:bc:f8:b7:3a:d2:
                    02:aa:bd:2b:24:44:75:53:8d:98:c0:09:64:70:71:
                    10:c1:0b:1f:93:0c:33:ab:a7:cd:f3:d9:45:30:c1:
                    37:2a:dc:0d:d9:21:b1:65:bf:ba:ac:e9:27:79:34:
                    de:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:0B:58:B7:D2:75:6E:3B:A3:27:3C:84:44:BA:EB:CD:A0:28:5A:F8
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/_QtYt9J1bjujJzyERLrrzaAoWvg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.42.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:81:8d:16:6d:84:71:d6:37:bd:d2:89:a1:74:6e:1b:35:1d:
         b0:d6:fd:7d:36:f6:ef:1c:a6:95:f1:53:90:16:ac:13:1e:a8:
         22:ca:c2:93:c2:2d:fb:18:04:2a:1f:ab:e5:60:cd:89:ce:ed:
         6f:f9:7a:dc:f2:b3:da:e0:d3:f3:34:d5:a0:8e:7f:e5:f9:b5:
         d2:41:11:bf:d1:d6:91:af:ac:6e:1d:d3:17:77:c0:8c:52:97:
         82:41:8c:65:15:ea:37:46:ab:7d:aa:49:9b:ea:fb:46:65:0f:
         3e:35:f0:3b:d9:4a:e0:75:b0:9d:0e:c4:39:36:b4:39:77:34:
         df:78:db:56:d3:a1:5a:00:3f:0f:bf:f6:82:96:60:a5:e3:29:
         bc:c0:86:cc:03:a9:0a:b1:bd:52:ba:52:4b:d6:67:7a:75:8a:
         54:e1:0f:43:63:5d:c4:d2:9f:db:70:db:0f:85:be:d2:a6:84:
         44:7c:00:17:22:18:1b:6d:3b:0d:d5:ea:99:f4:8c:4c:b5:f6:
         65:78:b7:ac:dd:eb:0a:be:ab:4c:0a:d5:86:28:57:bb:c9:7a:
         cf:4d:65:7b:31:a7:ea:3a:ba:d4:78:b7:9b:40:97:cb:8a:72:
         61:72:70:e9:dd:b6:5c:a8:10:18:67:3a:e6:5b:77:8c:96:ed:
         66:41:4b:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ47QLT7nlhc7QH0Z9RB5P/TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjYwNTE4MTMyMjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDBiNThiN2QyNzU2ZTNiYTMyNzNjODQ0NGJhZWJjZGEwMjg1YWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPXoCW9D/N2jjLg6v50TiN5OnfL+
5un2k4TbNfNUaIpBbFa7DQRX0aRrBrZ13eVSyHFKb8xA49d/v0lC6IjHPr6dr9gj
p9WTbn1KlXnhh3E8Qhbopf6gfsmS31fo8HurcSDaPqveDIfAgwzMOE6gQ9lX/5q/
T/tIKWCYjz18BtuVZVWxy3ieDjN34EfnvWjL1oXaYZ6QwV4iBHe/HrhFuIbLDBgZ
c62Xh7gpSPHMrdJTVDskwJo3HWVk6eJlOFj3ly9tM1s5J33KbhpvvPi3OtICqr0r
JER1U42YwAlkcHEQwQsfkwwzq6fN89lFMME3KtwN2SGxZb+6rOkneTTeJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP0LWLfSdW47oyc8hES6682gKFr4MB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvX1F0WXQ5SjFianVqSnp5RVJMcnJ6YUFvV3ZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSp6MA0G
CSqGSIb3DQEBCwUAA4IBAQA5gY0WbYRx1je90omhdG4bNR2w1v19NvbvHKaV8VOQ
FqwTHqgiysKTwi37GAQqH6vlYM2Jzu1v+Xrc8rPa4NPzNNWgjn/l+bXSQRG/0daR
r6xuHdMXd8CMUpeCQYxlFeo3Rqt9qkmb6vtGZQ8+NfA72UrgdbCdDsQ5NrQ5dzTf
eNtW06FaAD8Pv/aClmCl4ym8wIbMA6kKsb1SulJL1md6dYpU4Q9DY13E0p/bcNsP
hb7SpoREfAAXIhgbbTsN1eqZ9IxMtfZleLes3esKvqtMCtWGKFe7yXrPTWV7Mafq
OrrUeLebQJfLinJhcnDp3bZcqBAYZzrmW3eMlu1mQUtD
-----END CERTIFICATE-----