Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/FWMBoEPbEZJ9LWll1hHdYguPc1Q.roa
File:                     FWMBoEPbEZJ9LWll1hHdYguPc1Q.roa (raw, json)
Hash identifier:          D3IyHTq+1EEVMSrIYYDUg4SrD3tjS/LwJPAsUzG8Cnk=
Subject key identifier:   15:63:01:A0:43:DB:11:92:7D:2D:69:65:D6:11:DD:62:0B:8F:73:54
Certificate issuer:       /CN=098f7ba34bc6567bd3616d574f7285dd7556dbfd
Certificate serial:       019E63E781C087FDECFCC207DCB286B5E4E7
Authority key identifier: 09:8F:7B:A3:4B:C6:56:7B:D3:61:6D:57:4F:72:85:DD:75:56:DB:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/FWMBoEPbEZJ9LWll1hHdYguPc1Q.roa
Signing time:             Tue 26 May 2026 10:49:36 +0000
ROA not before:           Tue 26 May 2026 10:49:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203113
IP address blocks:        80.93.192.0/24 maxlen: 24
                          80.93.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 May 2026 22:01:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:63:e7:81:c0:87:fd:ec:fc:c2:07:dc:b2:86:b5:e4:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=098f7ba34bc6567bd3616d574f7285dd7556dbfd
        Validity
            Not Before: May 26 10:49:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=156301a043db11927d2d6965d611dd620b8f7354
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:3f:90:55:e4:99:dd:ab:81:03:ee:ae:da:0d:
                    40:ba:02:a8:7b:b0:4f:a2:0e:6f:9e:0f:9d:0a:8d:
                    8a:57:ce:63:c9:c1:32:42:c7:ef:aa:84:e4:f2:9f:
                    87:c3:82:6d:10:c3:ff:b6:6b:17:52:cb:97:b4:9f:
                    21:dd:11:3d:c5:66:f1:2e:da:35:aa:4f:36:f5:4a:
                    fe:41:15:1f:6c:cc:88:c2:f9:d4:f7:d9:9e:93:fc:
                    fa:15:62:36:dd:55:ef:e6:62:e3:29:30:8a:37:a3:
                    89:88:20:15:7a:1b:e0:a7:17:50:59:87:01:0a:1d:
                    44:9c:79:de:7a:00:0f:6f:fe:0d:19:17:bb:79:ca:
                    9b:26:2c:90:4e:72:4c:5f:a4:11:c0:4f:d6:61:5c:
                    22:73:62:60:b6:00:bc:88:21:cc:ed:97:3d:46:66:
                    25:e3:0d:66:29:59:64:60:f0:ee:0a:51:48:8b:c5:
                    da:c3:a4:8f:19:4a:ed:78:6e:e6:c0:83:d6:3f:14:
                    59:8c:7c:71:04:22:1b:e1:5a:01:d0:65:a6:21:40:
                    94:e7:d3:4d:d6:1f:93:b5:45:83:2b:75:87:58:97:
                    6a:8e:ee:de:55:e4:2e:50:63:c5:dc:c2:07:63:7e:
                    30:b1:7f:b5:26:4b:72:4b:d4:3a:4d:38:fa:a9:bf:
                    8a:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:63:01:A0:43:DB:11:92:7D:2D:69:65:D6:11:DD:62:0B:8F:73:54
            X509v3 Authority Key Identifier:
                keyid:09:8F:7B:A3:4B:C6:56:7B:D3:61:6D:57:4F:72:85:DD:75:56:DB:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/FWMBoEPbEZJ9LWll1hHdYguPc1Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.93.192.0/24
                  80.93.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:f4:79:4d:0a:cd:40:9f:13:db:44:70:d7:10:1d:81:45:4c:
         b4:72:f7:d7:84:d6:93:eb:d0:5d:57:1b:8a:23:47:f5:6a:ad:
         7d:51:47:7d:3f:90:dc:74:6a:f1:07:b8:1e:22:fe:b8:c1:6f:
         a8:24:92:9c:09:11:40:bf:94:b0:19:ba:8c:d1:9d:ac:65:4e:
         bf:30:21:ec:4a:52:43:f8:84:13:3b:b9:56:0a:29:49:e5:12:
         b9:31:ce:64:d6:85:ee:f1:b9:22:2a:e3:96:64:f2:c9:c4:47:
         f8:16:07:99:c3:57:53:19:d5:41:c9:54:ef:a1:43:8c:73:7a:
         b3:26:90:b4:c5:a4:0c:74:3f:67:ed:52:d9:1d:bf:13:7a:80:
         f0:4c:99:0b:1b:e6:e0:e0:f7:ee:e1:38:e6:c7:2a:d0:dc:2b:
         9a:70:e3:03:11:6b:42:3b:1d:25:86:72:c8:e1:1b:7c:c9:a7:
         3b:a0:67:2d:9b:01:7d:d7:bb:8d:89:73:ed:d7:69:72:21:14:
         81:cb:c1:34:a2:25:d9:be:f1:64:97:a5:c7:01:fc:d3:f1:a2:
         09:6d:03:70:13:85:4a:0e:e5:f3:84:71:50:e7:4e:df:b4:cc:
         6d:1e:5b:6f:6a:a6:81:df:9c:3c:39:f1:6e:3f:a9:9e:d0:ed:
         68:f9:c6:c8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5j54HAh/3s/MIH3LKGteTnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5OGY3YmEzNGJjNjU2N2JkMzYxNmQ1NzRmNzI4NWRkNzU1
NmRiZmQwHhcNMjYwNTI2MTA0OTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTYzMDFhMDQzZGIxMTkyN2QyZDY5NjVkNjExZGQ2MjBiOGY3MzU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxT+QVeSZ3auBA+6u2g1AugKoe7BP
og5vng+dCo2KV85jycEyQsfvqoTk8p+Hw4JtEMP/tmsXUsuXtJ8h3RE9xWbxLto1
qk829Ur+QRUfbMyIwvnU99mek/z6FWI23VXv5mLjKTCKN6OJiCAVehvgpxdQWYcB
Ch1EnHneegAPb/4NGRe7ecqbJiyQTnJMX6QRwE/WYVwic2JgtgC8iCHM7Zc9RmYl
4w1mKVlkYPDuClFIi8Xaw6SPGUrteG7mwIPWPxRZjHxxBCIb4VoB0GWmIUCU59NN
1h+TtUWDK3WHWJdqju7eVeQuUGPF3MIHY34wsX+1JktyS9Q6TTj6qb+KZwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBVjAaBD2xGSfS1pZdYR3WILj3NUMB8GA1UdIwQY
MBaAFAmPe6NLxlZ702FtV09yhd11Vtv9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1k5N28wdkdWbnZUWVcxWFQzS0YzWFZXMl8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC8zOGM1YWMtYjdlNy00MGRkLTk4ZDMt
ZTIxNjZhZDc0ZTNmLzEvRldNQm9FUGJFWko5TFdsbDFoSGRZZ3VQYzFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC8zOGM1YWMtYjdlNy00MGRkLTk4ZDMtZTIxNjZhZDc0ZTNm
LzEvQ1k5N28wdkdWbnZUWVcxWFQzS0YzWFZXMl8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUF3AAwQA
UF3DMA0GCSqGSIb3DQEBCwUAA4IBAQAe9HlNCs1AnxPbRHDXEB2BRUy0cvfXhNaT
69BdVxuKI0f1aq19UUd9P5DcdGrxB7geIv64wW+oJJKcCRFAv5SwGbqM0Z2sZU6/
MCHsSlJD+IQTO7lWCilJ5RK5Mc5k1oXu8bkiKuOWZPLJxEf4FgeZw1dTGdVByVTv
oUOMc3qzJpC0xaQMdD9n7VLZHb8TeoDwTJkLG+bg4Pfu4TjmxyrQ3CuacOMDEWtC
Ox0lhnLI4Rt8yac7oGctmwF917uNiXPt12lyIRSBy8E0oiXZvvFkl6XHAfzT8aIJ
bQNwE4VKDuXzhHFQ507ftMxtHltvaqaB35w8OfFuP6me0O1o+cbI
-----END CERTIFICATE-----