Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/04y30fjyI-3BDJ7uz2F505Z72u0.roa
File:                     04y30fjyI-3BDJ7uz2F505Z72u0.roa (raw, json)
Hash identifier:          aZa8T3ZsQHcRS71nTo9v8vfzkySM2t6KPqF9AjnBbwU=
Subject key identifier:   D3:8C:B7:D1:F8:F2:23:ED:C1:0C:9E:EE:CF:61:79:D3:96:7B:DA:ED
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       019EA9DCAC379D29691A934485BFF6907F08
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/04y30fjyI-3BDJ7uz2F505Z72u0.roa
Signing time:             Tue 09 Jun 2026 00:51:11 +0000
ROA not before:           Tue 09 Jun 2026 00:51:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199412
IP address blocks:        193.37.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a9:dc:ac:37:9d:29:69:1a:93:44:85:bf:f6:90:7f:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Jun  9 00:51:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d38cb7d1f8f223edc10c9eeecf6179d3967bdaed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:14:55:45:91:00:34:0d:16:44:6f:12:2f:bf:
                    b0:cc:4c:f8:9d:c3:b0:37:d1:fa:5b:3a:0e:b1:8f:
                    49:95:6e:f1:9a:04:ca:02:fb:71:cf:48:9a:bc:40:
                    6a:1b:0d:c6:3a:69:92:db:2e:8d:b4:01:70:f5:b6:
                    22:ee:cc:2d:6b:18:3b:3d:6f:ea:36:af:da:cb:b1:
                    18:ec:90:be:9a:76:71:be:4f:7e:27:49:5c:68:97:
                    aa:9f:16:ac:ed:c0:f1:82:64:27:5c:af:a9:f9:c2:
                    38:8a:08:cb:80:ca:68:e7:0b:25:7f:1a:fa:38:f7:
                    3b:4b:fb:0f:99:87:99:05:21:56:f1:4e:ba:ae:25:
                    5d:62:47:65:f3:74:e9:28:b1:12:05:f4:ab:8c:f4:
                    61:1b:3f:f4:7d:62:58:15:97:e0:8b:63:51:16:40:
                    75:ba:92:e7:98:73:9d:62:11:f3:bf:5c:c3:22:98:
                    8d:5f:f8:85:39:14:79:50:3f:5d:cd:82:b6:23:bf:
                    36:de:64:01:30:b3:d4:dd:2f:69:52:9f:5e:aa:7f:
                    9c:2f:2a:29:0a:71:f3:3f:a1:d2:85:3e:38:86:41:
                    76:e5:10:d7:a3:9c:79:4d:97:60:e9:d6:c5:63:3d:
                    d1:11:98:60:48:6d:c6:23:1a:7e:7c:a6:12:fd:c8:
                    80:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:8C:B7:D1:F8:F2:23:ED:C1:0C:9E:EE:CF:61:79:D3:96:7B:DA:ED
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/04y30fjyI-3BDJ7uz2F505Z72u0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:90:54:e8:d1:ab:e3:7b:a9:9e:1d:62:f2:23:f1:a6:bd:41:
         78:18:67:5e:37:16:ed:0e:82:46:18:b7:35:ca:23:98:7f:c0:
         9e:ab:a8:a8:80:5d:f1:11:d1:da:a2:7c:9a:63:b5:1b:2a:a3:
         ff:ed:2d:55:99:ed:83:ce:91:63:d4:43:c7:a0:c3:ea:56:15:
         e9:f6:93:3e:4b:03:8d:33:63:e1:b2:6b:b5:2f:1a:34:de:33:
         53:58:b8:37:42:16:25:c3:bd:6e:1e:dd:56:30:fb:d0:23:a5:
         ab:e0:ed:04:89:1a:1d:26:fd:80:85:ea:9c:40:b0:81:4b:93:
         3c:b6:f1:0c:ee:e2:de:7c:83:d8:98:4e:66:67:95:3b:7c:6f:
         8b:12:57:f2:26:73:7f:78:d3:e4:c5:98:59:42:76:5e:9c:a3:
         27:1c:11:93:21:b2:12:f6:ea:ab:ed:6c:e3:bd:71:14:1b:82:
         e0:d7:84:89:e8:c9:36:3f:4d:2d:91:c0:9e:16:60:8f:ff:eb:
         cb:48:ae:e4:2f:aa:c0:c8:d8:b5:55:15:e3:68:66:8b:c0:ec:
         08:73:08:c2:99:d6:98:25:2e:0e:ce:a4:3b:77:38:fc:cd:22:
         c2:09:7f:74:d3:f6:f0:bf:fc:10:0e:e6:85:18:a5:ca:0c:7f:
         42:10:ef:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6p3Kw3nSlpGpNEhb/2kH8IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjYwNjA5MDA1MTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzhjYjdkMWY4ZjIyM2VkYzEwYzllZWVjZjYxNzlkMzk2N2JkYWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtRRVRZEANA0WRG8SL7+wzEz4ncOw
N9H6WzoOsY9JlW7xmgTKAvtxz0iavEBqGw3GOmmS2y6NtAFw9bYi7swtaxg7PW/q
Nq/ay7EY7JC+mnZxvk9+J0lcaJeqnxas7cDxgmQnXK+p+cI4igjLgMpo5wslfxr6
OPc7S/sPmYeZBSFW8U66riVdYkdl83TpKLESBfSrjPRhGz/0fWJYFZfgi2NRFkB1
upLnmHOdYhHzv1zDIpiNX/iFORR5UD9dzYK2I7823mQBMLPU3S9pUp9eqn+cLyop
CnHzP6HShT44hkF25RDXo5x5TZdg6dbFYz3REZhgSG3GIxp+fKYS/ciA3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNOMt9H48iPtwQye7s9hedOWe9rtMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvMDR5MzBmanlJLTNCREo3dXoyRjUwNVo3MnUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSXFMA0G
CSqGSIb3DQEBCwUAA4IBAQAnkFTo0avje6meHWLyI/GmvUF4GGdeNxbtDoJGGLc1
yiOYf8Ceq6iogF3xEdHaonyaY7UbKqP/7S1Vme2DzpFj1EPHoMPqVhXp9pM+SwON
M2Phsmu1Lxo03jNTWLg3QhYlw71uHt1WMPvQI6Wr4O0EiRodJv2AheqcQLCBS5M8
tvEM7uLefIPYmE5mZ5U7fG+LElfyJnN/eNPkxZhZQnZenKMnHBGTIbIS9uqr7Wzj
vXEUG4Lg14SJ6Mk2P00tkcCeFmCP/+vLSK7kL6rAyNi1VRXjaGaLwOwIcwjCmdaY
JS4OzqQ7dzj8zSLCCX900/bwv/wQDuaFGKXKDH9CEO9G
-----END CERTIFICATE-----