Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/7fa943-9ea6-4068-b6ae-a4d413d7f89c/1/m5nd6kFiv9cEJ3YGISzOiJTcIuY.roa
File:                     m5nd6kFiv9cEJ3YGISzOiJTcIuY.roa (raw, json)
Hash identifier:          l/6MeKI5nL12kgOCDxiIjShRIf4nZLpNk/deaFd6nrY=
Subject key identifier:   9B:99:DD:EA:41:62:BF:D7:04:27:76:06:21:2C:CE:88:94:DC:22:E6
Certificate issuer:       /CN=93ece780dfda43ab4a841727eb20d71fc76528bc
Certificate serial:       019D87142F0D08453C01C121D0B9659FE3D5
Authority key identifier: 93:EC:E7:80:DF:DA:43:AB:4A:84:17:27:EB:20:D7:1F:C7:65:28:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k-zngN_aQ6tKhBcn6yDXH8dlKLw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/7fa943-9ea6-4068-b6ae-a4d413d7f89c/1/m5nd6kFiv9cEJ3YGISzOiJTcIuY.roa
Signing time:             Mon 13 Apr 2026 13:42:20 +0000
ROA not before:           Mon 13 Apr 2026 13:42:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214437
IP address blocks:        69.19.142.0/23 maxlen: 23
                          85.155.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/7fa943-9ea6-4068-b6ae-a4d413d7f89c/1/k-zngN_aQ6tKhBcn6yDXH8dlKLw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/7fa943-9ea6-4068-b6ae-a4d413d7f89c/1/k-zngN_aQ6tKhBcn6yDXH8dlKLw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k-zngN_aQ6tKhBcn6yDXH8dlKLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 Apr 2026 13:42:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:87:14:2f:0d:08:45:3c:01:c1:21:d0:b9:65:9f:e3:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93ece780dfda43ab4a841727eb20d71fc76528bc
        Validity
            Not Before: Apr 13 13:42:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9b99ddea4162bfd704277606212cce8894dc22e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:d0:4a:fd:07:1a:d9:41:cd:ba:49:fe:36:df:
                    4f:30:60:aa:4e:1a:fc:bc:c1:0f:89:86:dd:4c:11:
                    c3:d1:a5:d5:5e:f5:f4:e4:60:14:94:31:87:fe:19:
                    34:81:9c:c5:9f:37:be:55:b6:3b:f9:8c:72:f4:6f:
                    ac:d0:c1:e6:d9:ff:4c:92:cd:ed:4c:ca:9e:74:3b:
                    f1:70:3e:f4:bb:75:81:a1:d2:84:e2:8f:cb:32:c6:
                    d0:10:30:70:87:93:da:9a:49:7e:20:31:9a:99:1c:
                    92:de:fc:64:f9:e9:7f:09:ed:9d:ec:df:6a:e4:41:
                    d2:05:12:4e:f5:60:47:29:66:be:ce:12:d1:64:55:
                    6b:7e:52:2e:40:88:f1:5d:35:54:2d:e6:3f:71:fc:
                    c8:cd:81:cd:37:b0:3c:e0:cc:91:d1:f8:7d:5c:ca:
                    b2:37:2b:1e:86:81:f9:83:24:8a:01:0e:5a:72:73:
                    8a:24:b2:1d:85:28:f2:d3:05:99:e0:02:24:28:8e:
                    06:08:db:a2:be:02:3f:be:3c:34:5d:59:23:9f:f0:
                    70:d0:2d:fd:ff:97:6a:58:7b:9b:77:2f:3e:f7:da:
                    3c:53:98:1e:47:91:46:c9:7e:2a:93:52:6f:31:ca:
                    44:a2:0c:5d:80:bd:99:1a:df:15:db:d4:9c:76:80:
                    cc:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:99:DD:EA:41:62:BF:D7:04:27:76:06:21:2C:CE:88:94:DC:22:E6
            X509v3 Authority Key Identifier:
                keyid:93:EC:E7:80:DF:DA:43:AB:4A:84:17:27:EB:20:D7:1F:C7:65:28:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k-zngN_aQ6tKhBcn6yDXH8dlKLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/7fa943-9ea6-4068-b6ae-a4d413d7f89c/1/m5nd6kFiv9cEJ3YGISzOiJTcIuY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/7fa943-9ea6-4068-b6ae-a4d413d7f89c/1/k-zngN_aQ6tKhBcn6yDXH8dlKLw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  69.19.142.0/23
                  85.155.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:38:4a:d0:be:e4:5c:30:9e:45:16:be:04:60:5a:f7:ea:9a:
         6e:c1:83:1d:5a:b7:bf:07:8c:03:d3:1d:d3:35:5e:1e:e9:4f:
         68:f8:64:33:7d:dd:63:d0:63:94:be:d9:b2:17:7c:04:f8:c6:
         90:61:70:30:ae:48:a5:65:8b:24:e3:4d:b3:37:0b:d2:5a:90:
         2b:b6:bb:83:12:81:71:3c:64:8f:ec:15:f1:a5:42:2a:72:39:
         a1:0d:d5:ca:7a:ad:56:c7:29:ca:ea:26:7d:ca:06:c2:cf:51:
         d1:e1:16:5e:6f:2f:b4:aa:29:da:3f:4e:65:2e:ae:15:dd:b3:
         fc:01:a6:9c:73:0f:6f:08:67:f9:80:cb:1b:aa:d4:bf:8b:35:
         33:10:d6:f3:d8:25:ab:92:5b:5a:1e:5b:bc:73:68:e2:07:e6:
         c0:de:36:51:b4:96:8d:93:c2:e9:46:98:e4:71:d2:63:d5:d3:
         14:79:51:28:61:f3:83:ce:e6:dc:d2:85:68:1d:61:9a:f3:4a:
         ee:cb:1a:4d:c6:03:a9:e8:d4:63:63:36:22:58:2d:84:5d:96:
         ae:22:e8:1f:d7:0e:7a:57:f2:16:8c:c7:08:05:c4:4d:02:9a:
         5b:bf:8b:20:9c:2e:27:ea:14:ae:e5:b1:05:a8:21:31:33:1a:
         04:5f:b9:33
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2HFC8NCEU8AcEh0Llln+PVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZWNlNzgwZGZkYTQzYWI0YTg0MTcyN2ViMjBkNzFmYzc2
NTI4YmMwHhcNMjYwNDEzMTM0MjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Yjk5ZGRlYTQxNjJiZmQ3MDQyNzc2MDYyMTJjY2U4ODk0ZGMyMmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6tBK/Qca2UHNukn+Nt9PMGCqThr8
vMEPiYbdTBHD0aXVXvX05GAUlDGH/hk0gZzFnze+VbY7+Yxy9G+s0MHm2f9Mks3t
TMqedDvxcD70u3WBodKE4o/LMsbQEDBwh5Pamkl+IDGamRyS3vxk+el/Ce2d7N9q
5EHSBRJO9WBHKWa+zhLRZFVrflIuQIjxXTVULeY/cfzIzYHNN7A84MyR0fh9XMqy
NysehoH5gySKAQ5acnOKJLIdhSjy0wWZ4AIkKI4GCNuivgI/vjw0XVkjn/Bw0C39
/5dqWHubdy8+99o8U5geR5FGyX4qk1JvMcpEogxdgL2ZGt8V29ScdoDMiwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJuZ3epBYr/XBCd2BiEszoiU3CLmMB8GA1UdIwQY
MBaAFJPs54Df2kOrSoQXJ+sg1x/HZSi8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvay16bmdOX2FRNnRLaEJjbjZ5RFhIOGRsS0x3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy83ZmE5NDMtOWVhNi00MDY4LWI2YWUt
YTRkNDEzZDdmODljLzEvbTVuZDZrRml2OWNFSjNZR0lTek9pSlRjSXVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy83ZmE5NDMtOWVhNi00MDY4LWI2YWUtYTRkNDEzZDdmODlj
LzEvay16bmdOX2FRNnRLaEJjbjZ5RFhIOGRsS0x3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBRROOAwQA
VZtAMA0GCSqGSIb3DQEBCwUAA4IBAQBLOErQvuRcMJ5FFr4EYFr36ppuwYMdWre/
B4wD0x3TNV4e6U9o+GQzfd1j0GOUvtmyF3wE+MaQYXAwrkilZYsk402zNwvSWpAr
truDEoFxPGSP7BXxpUIqcjmhDdXKeq1WxynK6iZ9ygbCz1HR4RZeby+0qinaP05l
Lq4V3bP8Aaaccw9vCGf5gMsbqtS/izUzENbz2CWrkltaHlu8c2jiB+bA3jZRtJaN
k8LpRpjkcdJj1dMUeVEoYfODzubc0oVoHWGa80ruyxpNxgOp6NRjYzYiWC2EXZau
Iugf1w56V/IWjMcIBcRNAppbv4sgnC4n6hSu5bEFqCExMxoEX7kz
-----END CERTIFICATE-----