Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/m2aCEWRSbYINPhfk7dIfOHcCZMQ.roa
File:                     m2aCEWRSbYINPhfk7dIfOHcCZMQ.roa (raw, json)
Hash identifier:          zF+FldUbeFBdo73eCEVXfBTgillyEx/Bek9AHg5vsQM=
Subject key identifier:   9B:66:82:11:64:52:6D:82:0D:3E:17:E4:ED:D2:1F:38:77:02:64:C4
Certificate issuer:       /CN=098f7ba34bc6567bd3616d574f7285dd7556dbfd
Certificate serial:       019E590BF8B20E5546A30769AE6330810C61
Authority key identifier: 09:8F:7B:A3:4B:C6:56:7B:D3:61:6D:57:4F:72:85:DD:75:56:DB:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/m2aCEWRSbYINPhfk7dIfOHcCZMQ.roa
Signing time:             Sun 24 May 2026 08:13:37 +0000
ROA not before:           Sun 24 May 2026 08:13:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402276
IP address blocks:        80.93.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 May 2026 17:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:59:0b:f8:b2:0e:55:46:a3:07:69:ae:63:30:81:0c:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=098f7ba34bc6567bd3616d574f7285dd7556dbfd
        Validity
            Not Before: May 24 08:13:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9b66821164526d820d3e17e4edd21f38770264c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:12:41:f0:fb:43:ec:99:b9:9b:ab:09:4e:6f:
                    a5:8a:ec:f1:f1:80:bb:fc:18:87:e4:81:45:2c:3e:
                    5b:c6:99:32:d5:01:cd:46:73:0f:73:f3:16:60:91:
                    f0:b5:f5:93:b0:41:90:6f:08:d2:d1:20:d4:eb:64:
                    92:e3:2e:0f:fa:8e:63:6e:51:a2:bd:f0:71:37:74:
                    d8:36:b0:78:b6:63:be:73:41:84:2b:64:0b:f3:29:
                    e8:eb:76:08:3a:d7:44:e2:2b:be:99:fe:11:04:1d:
                    e5:76:da:c7:56:ff:8a:f9:1f:99:89:6a:7a:a3:f4:
                    8e:b5:14:3b:c8:b9:4d:a5:b9:fa:c0:a4:f6:7f:c8:
                    0e:aa:a7:06:3b:24:7e:d4:5b:9b:3c:cc:0e:07:46:
                    34:13:73:11:5c:32:db:2d:b8:ab:50:42:eb:24:ad:
                    97:83:74:71:80:bf:8d:93:dc:fb:46:68:f0:86:4d:
                    35:64:a2:07:70:a0:7b:d7:ea:19:c5:25:8d:ea:8a:
                    b5:c2:85:2e:ee:ff:82:dc:fe:c5:ff:89:8b:d7:54:
                    ac:91:3a:ce:fd:b0:fc:a2:b7:b2:3e:31:28:e7:33:
                    f6:5b:40:3b:4a:35:fb:a9:e7:77:1f:29:b9:65:ec:
                    e6:c2:09:d4:1c:a1:6b:50:36:98:5a:89:5b:f7:cd:
                    26:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:66:82:11:64:52:6D:82:0D:3E:17:E4:ED:D2:1F:38:77:02:64:C4
            X509v3 Authority Key Identifier:
                keyid:09:8F:7B:A3:4B:C6:56:7B:D3:61:6D:57:4F:72:85:DD:75:56:DB:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/m2aCEWRSbYINPhfk7dIfOHcCZMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.93.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:7c:11:34:24:a6:ba:b2:93:88:ba:6b:21:cd:f6:83:f5:66:
         a9:9d:bf:16:c4:14:e5:a9:d1:ff:8a:70:a4:07:27:a8:e7:34:
         af:8f:e8:63:f5:4f:45:39:69:ed:cf:9e:a4:9b:dd:75:74:79:
         f3:f2:d9:c5:3a:22:fb:37:51:3f:23:3c:45:d6:30:04:11:d5:
         c7:10:14:e5:10:cc:29:54:63:19:4d:8d:09:73:46:fa:c3:6f:
         e9:50:d7:6e:e6:74:88:5a:6a:c2:c0:7e:e5:22:a9:a4:e9:4c:
         18:ad:d0:0e:39:69:e2:61:f0:32:4f:57:39:ce:4b:9b:c9:7c:
         a7:e4:da:c8:4d:15:1b:25:78:28:6d:cb:b3:51:79:50:43:23:
         2f:ff:df:45:f6:ef:3d:e9:50:46:ec:39:f7:da:9b:12:00:44:
         79:99:56:99:77:3f:f9:18:fd:8b:a3:cd:56:04:01:37:1c:7a:
         bb:fd:3f:23:da:c0:63:56:8d:05:59:bc:29:ef:ed:ac:bf:b4:
         c2:7c:5d:40:34:0b:59:e4:b4:e7:b2:ed:51:42:a5:8f:81:2c:
         1b:97:95:54:2f:01:6c:6c:97:d9:f0:68:b9:61:1a:ad:6b:b3:
         2a:66:e5:06:d5:7f:4f:08:e7:25:a5:ec:80:f1:1b:88:f2:84:
         9f:01:3f:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5ZC/iyDlVGowdprmMwgQxhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5OGY3YmEzNGJjNjU2N2JkMzYxNmQ1NzRmNzI4NWRkNzU1
NmRiZmQwHhcNMjYwNTI0MDgxMzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjY2ODIxMTY0NTI2ZDgyMGQzZTE3ZTRlZGQyMWYzODc3MDI2NGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRJB8PtD7Jm5m6sJTm+liuzx8YC7
/BiH5IFFLD5bxpky1QHNRnMPc/MWYJHwtfWTsEGQbwjS0SDU62SS4y4P+o5jblGi
vfBxN3TYNrB4tmO+c0GEK2QL8yno63YIOtdE4iu+mf4RBB3ldtrHVv+K+R+ZiWp6
o/SOtRQ7yLlNpbn6wKT2f8gOqqcGOyR+1FubPMwOB0Y0E3MRXDLbLbirUELrJK2X
g3RxgL+Nk9z7Rmjwhk01ZKIHcKB71+oZxSWN6oq1woUu7v+C3P7F/4mL11SskTrO
/bD8oreyPjEo5zP2W0A7SjX7qed3Hym5ZezmwgnUHKFrUDaYWolb980mnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJtmghFkUm2CDT4X5O3SHzh3AmTEMB8GA1UdIwQY
MBaAFAmPe6NLxlZ702FtV09yhd11Vtv9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1k5N28wdkdWbnZUWVcxWFQzS0YzWFZXMl8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC8zOGM1YWMtYjdlNy00MGRkLTk4ZDMt
ZTIxNjZhZDc0ZTNmLzEvbTJhQ0VXUlNiWUlOUGhmazdkSWZPSGNDWk1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC8zOGM1YWMtYjdlNy00MGRkLTk4ZDMtZTIxNjZhZDc0ZTNm
LzEvQ1k5N28wdkdWbnZUWVcxWFQzS0YzWFZXMl8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUF3HMA0G
CSqGSIb3DQEBCwUAA4IBAQB3fBE0JKa6spOIumshzfaD9Wapnb8WxBTlqdH/inCk
Byeo5zSvj+hj9U9FOWntz56km911dHnz8tnFOiL7N1E/IzxF1jAEEdXHEBTlEMwp
VGMZTY0Jc0b6w2/pUNdu5nSIWmrCwH7lIqmk6UwYrdAOOWniYfAyT1c5zkubyXyn
5NrITRUbJXgobcuzUXlQQyMv/99F9u896VBG7Dn32psSAER5mVaZdz/5GP2Lo81W
BAE3HHq7/T8j2sBjVo0FWbwp7+2sv7TCfF1ANAtZ5LTnsu1RQqWPgSwbl5VULwFs
bJfZ8Gi5YRqta7MqZuUG1X9PCOclpeyA8RuI8oSfAT+B
-----END CERTIFICATE-----