Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/8QpVBxX2eirF8sGJtE7zd4UNxBI.roa
File:                     8QpVBxX2eirF8sGJtE7zd4UNxBI.roa (raw, json)
Hash identifier:          CnXejZBAHN4vYEbHPm/eBo0FdHr7KBSmiggR33stBfk=
Subject key identifier:   F1:0A:55:07:15:F6:7A:2A:C5:F2:C1:89:B4:4E:F3:77:85:0D:C4:12
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       019EC98EFD16597791A460DBAC570A0E0740
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/8QpVBxX2eirF8sGJtE7zd4UNxBI.roa
Signing time:             Mon 15 Jun 2026 04:34:11 +0000
ROA not before:           Mon 15 Jun 2026 04:34:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        193.37.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Jun 2026 17:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:c9:8e:fd:16:59:77:91:a4:60:db:ac:57:0a:0e:07:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Jun 15 04:34:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f10a550715f67a2ac5f2c189b44ef377850dc412
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:30:26:74:7e:35:ec:7f:c0:b1:f4:5c:a1:22:
                    2f:fe:2c:f2:bd:e7:ab:01:a2:27:39:52:72:6a:f1:
                    18:11:ca:43:2f:1d:97:dc:31:44:d8:d9:20:1a:03:
                    ae:55:21:65:9b:46:7c:34:96:ce:31:ae:0d:bc:e1:
                    f7:ab:1b:e5:eb:8b:e5:cd:d7:3f:b6:22:a1:11:a7:
                    57:40:d2:79:bb:cc:a9:4a:05:40:f5:df:1f:89:75:
                    46:91:9a:8c:11:67:65:8c:f8:2e:23:0b:5e:7b:46:
                    4e:dc:5f:e7:d8:0a:28:23:4b:92:03:a2:32:4b:d6:
                    ac:90:da:a1:2d:5d:5f:50:91:fe:20:68:9f:5a:d9:
                    f2:39:15:2c:83:bc:d4:f4:5c:17:7d:97:6c:24:b9:
                    cd:cf:56:77:f2:d4:74:60:fb:70:d6:cd:f0:5c:7f:
                    93:b5:95:da:68:d1:3a:3d:2d:b2:a1:b1:3b:e0:fd:
                    e2:93:96:ca:82:7c:4e:57:85:49:42:e6:63:46:36:
                    5f:35:f8:cc:2e:67:d5:47:a9:21:ba:95:c2:65:5f:
                    f8:46:6c:c1:19:7d:bc:5f:3c:77:ee:c1:ff:e6:71:
                    41:43:12:61:f5:11:09:60:02:ee:19:47:b1:f0:53:
                    c5:54:87:88:79:74:e5:6b:12:b6:6e:14:76:9d:aa:
                    f0:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:0A:55:07:15:F6:7A:2A:C5:F2:C1:89:B4:4E:F3:77:85:0D:C4:12
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/8QpVBxX2eirF8sGJtE7zd4UNxBI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:f3:1f:5a:fd:bd:dc:1b:94:e3:fa:a4:0d:4c:27:f5:47:9c:
         35:eb:2c:e3:82:b6:54:fc:28:af:7e:24:a3:c8:04:8c:96:40:
         a2:48:ae:ac:1c:6c:a6:79:7d:46:26:e5:39:75:49:41:11:02:
         33:f2:e4:6f:46:65:6f:7f:26:f1:66:b4:3f:9d:89:36:dc:3d:
         17:f1:b4:39:7d:3b:72:cd:6e:49:ae:ff:6c:84:6c:fa:ee:55:
         e1:fb:64:6e:20:17:11:3d:5f:ff:c7:d0:7c:e2:fd:09:4a:03:
         f8:d8:40:b0:4a:e7:90:5e:1c:45:94:23:54:aa:31:b0:16:ee:
         8e:31:7b:dc:bb:6b:ad:28:87:1f:26:73:82:7e:80:11:db:9e:
         2c:1a:8f:49:f6:4f:82:d4:62:9d:ec:3d:73:90:f4:8f:2c:61:
         bb:f5:31:2a:d5:a8:65:7c:08:9b:ed:65:cd:5b:3b:14:f5:34:
         58:ac:df:82:f7:2b:2a:5f:6d:5e:53:d3:90:13:ff:55:c3:d5:
         64:e5:8b:2b:6b:de:c6:f0:af:8e:59:f8:ca:bc:08:8c:96:9f:
         7e:9a:2f:25:97:09:f3:c8:79:fc:e7:39:b3:d1:f0:16:46:67:
         77:a8:db:b5:93:39:5a:cb:81:53:9e:39:11:3a:0b:27:f0:c7:
         fc:d1:32:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7Jjv0WWXeRpGDbrFcKDgdAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjYwNjE1MDQzNDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTBhNTUwNzE1ZjY3YTJhYzVmMmMxODliNDRlZjM3Nzg1MGRjNDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0DAmdH417H/AsfRcoSIv/izyveer
AaInOVJyavEYEcpDLx2X3DFE2NkgGgOuVSFlm0Z8NJbOMa4NvOH3qxvl64vlzdc/
tiKhEadXQNJ5u8ypSgVA9d8fiXVGkZqMEWdljPguIwtee0ZO3F/n2AooI0uSA6Iy
S9askNqhLV1fUJH+IGifWtnyORUsg7zU9FwXfZdsJLnNz1Z38tR0YPtw1s3wXH+T
tZXaaNE6PS2yobE74P3ik5bKgnxOV4VJQuZjRjZfNfjMLmfVR6khupXCZV/4RmzB
GX28Xzx37sH/5nFBQxJh9REJYALuGUex8FPFVIeIeXTlaxK2bhR2narwZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPEKVQcV9noqxfLBibRO83eFDcQSMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvOFFwVkJ4WDJlaXJGOHNHSnRFN3pkNFVOeEJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSXGMA0G
CSqGSIb3DQEBCwUAA4IBAQBp8x9a/b3cG5Tj+qQNTCf1R5w16yzjgrZU/CivfiSj
yASMlkCiSK6sHGymeX1GJuU5dUlBEQIz8uRvRmVvfybxZrQ/nYk23D0X8bQ5fTty
zW5Jrv9shGz67lXh+2RuIBcRPV//x9B84v0JSgP42ECwSueQXhxFlCNUqjGwFu6O
MXvcu2utKIcfJnOCfoAR254sGo9J9k+C1GKd7D1zkPSPLGG79TEq1ahlfAib7WXN
WzsU9TRYrN+C9ysqX21eU9OQE/9Vw9Vk5Ysra97G8K+OWfjKvAiMlp9+mi8llwnz
yHn85zmz0fAWRmd3qNu1kzlay4FTnjkROgsn8Mf80TIl
-----END CERTIFICATE-----