Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/mMhcTAUsEq-DNycXZbZCJR0srtQ.roa
File:                     mMhcTAUsEq-DNycXZbZCJR0srtQ.roa (raw, json)
Hash identifier:          IfB3ppygA/MuKvduBRn6Oad+w/QpUoS9p6uwhj/GpXM=
Subject key identifier:   98:C8:5C:4C:05:2C:12:AF:83:37:27:17:65:B6:42:25:1D:2C:AE:D4
Certificate issuer:       /CN=098f7ba34bc6567bd3616d574f7285dd7556dbfd
Certificate serial:       019EA6029FE6F918FFAB4D39D536D4652BAD
Authority key identifier: 09:8F:7B:A3:4B:C6:56:7B:D3:61:6D:57:4F:72:85:DD:75:56:DB:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/mMhcTAUsEq-DNycXZbZCJR0srtQ.roa
Signing time:             Mon 08 Jun 2026 06:54:10 +0000
ROA not before:           Mon 08 Jun 2026 06:54:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203113
IP address blocks:        80.93.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Jun 2026 23:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a6:02:9f:e6:f9:18:ff:ab:4d:39:d5:36:d4:65:2b:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=098f7ba34bc6567bd3616d574f7285dd7556dbfd
        Validity
            Not Before: Jun  8 06:54:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=98c85c4c052c12af8337271765b642251d2caed4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:cc:32:8d:11:b4:b4:f1:3e:e6:e6:ea:88:83:
                    dd:c9:19:83:00:e0:ec:81:e3:fd:77:60:45:17:f4:
                    36:78:80:62:30:9e:ac:68:b2:c2:4b:8e:a4:dc:3d:
                    2e:fb:b2:56:a9:31:69:2a:59:5f:aa:76:dc:14:db:
                    fa:14:8c:46:4b:79:5e:24:fe:2f:0f:03:27:09:92:
                    a2:df:5e:ee:0d:0d:ae:00:df:65:57:25:8f:dc:c9:
                    7d:a9:01:45:ab:77:3c:02:03:dd:85:8e:cc:8b:8f:
                    e1:8c:a5:4a:a3:2b:b1:40:55:2d:ea:51:48:2f:d2:
                    12:2e:ff:32:5d:6c:c4:8f:48:41:6c:20:16:f5:2b:
                    70:6f:86:03:83:8e:d1:64:00:66:a8:d5:b2:15:0b:
                    11:10:6a:94:ee:34:7f:b5:22:6f:52:21:52:c4:b4:
                    d9:e3:71:d8:75:9e:c2:0b:1d:73:51:7c:18:18:5b:
                    82:6a:06:ec:a5:a4:90:8d:48:9e:29:a5:22:c7:ed:
                    d0:82:0f:17:4b:c3:52:d9:d3:10:f5:8d:e0:b5:ca:
                    0f:86:68:45:6b:db:1d:c2:dd:91:28:85:58:a8:4a:
                    92:c2:a3:4f:c3:29:d9:86:da:ef:0e:26:4c:0c:bc:
                    9e:01:89:00:cd:d3:21:3e:64:15:b7:01:67:ad:51:
                    0d:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:C8:5C:4C:05:2C:12:AF:83:37:27:17:65:B6:42:25:1D:2C:AE:D4
            X509v3 Authority Key Identifier:
                keyid:09:8F:7B:A3:4B:C6:56:7B:D3:61:6D:57:4F:72:85:DD:75:56:DB:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/mMhcTAUsEq-DNycXZbZCJR0srtQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.93.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:8f:c9:e1:f2:be:96:04:d5:8b:63:d0:6b:8b:31:d4:4a:16:
         8e:67:49:e8:b7:a5:12:19:a7:6b:b1:8d:b4:71:2c:42:70:df:
         7a:98:03:53:3c:e3:1c:2c:13:af:e6:87:8e:a3:e6:c0:d3:67:
         fc:ab:f2:21:e2:74:9a:17:9d:2f:61:a8:78:9a:63:9d:06:43:
         00:cd:d8:3f:5e:37:cf:0e:e5:5b:c7:03:a4:9e:0c:0f:ec:d4:
         55:57:8a:c5:cf:78:35:74:c0:05:fa:09:d9:b9:43:2a:cb:bb:
         a9:83:31:e6:39:23:2a:9d:a8:99:a5:17:31:be:39:8b:ee:c2:
         28:12:67:aa:6b:2f:11:8a:3a:3b:55:c7:a7:23:9a:7e:c8:e4:
         cb:7a:1c:ab:db:61:d0:15:af:49:39:18:b4:b8:71:a3:c2:d5:
         87:0b:8e:6c:61:8d:06:ac:e2:d2:06:9a:7d:03:97:52:24:8e:
         8c:2b:23:f7:c3:15:3b:60:9d:eb:8c:84:b2:42:03:2e:81:80:
         14:f7:9f:e3:95:fc:8d:61:3c:29:73:75:12:e8:63:0c:08:8c:
         a9:0e:b0:22:30:04:c4:ea:66:c7:36:38:47:94:83:ae:3c:56:
         e4:55:2c:7c:2b:9b:fc:0b:53:7e:a8:2e:62:9d:35:86:09:e8:
         45:c6:ce:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6mAp/m+Rj/q0051TbUZSutMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5OGY3YmEzNGJjNjU2N2JkMzYxNmQ1NzRmNzI4NWRkNzU1
NmRiZmQwHhcNMjYwNjA4MDY1NDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGM4NWM0YzA1MmMxMmFmODMzNzI3MTc2NWI2NDIyNTFkMmNhZWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkMwyjRG0tPE+5ubqiIPdyRmDAODs
geP9d2BFF/Q2eIBiMJ6saLLCS46k3D0u+7JWqTFpKllfqnbcFNv6FIxGS3leJP4v
DwMnCZKi317uDQ2uAN9lVyWP3Ml9qQFFq3c8AgPdhY7Mi4/hjKVKoyuxQFUt6lFI
L9ISLv8yXWzEj0hBbCAW9Stwb4YDg47RZABmqNWyFQsREGqU7jR/tSJvUiFSxLTZ
43HYdZ7CCx1zUXwYGFuCagbspaSQjUieKaUix+3Qgg8XS8NS2dMQ9Y3gtcoPhmhF
a9sdwt2RKIVYqEqSwqNPwynZhtrvDiZMDLyeAYkAzdMhPmQVtwFnrVEN9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJjIXEwFLBKvgzcnF2W2QiUdLK7UMB8GA1UdIwQY
MBaAFAmPe6NLxlZ702FtV09yhd11Vtv9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1k5N28wdkdWbnZUWVcxWFQzS0YzWFZXMl8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC8zOGM1YWMtYjdlNy00MGRkLTk4ZDMt
ZTIxNjZhZDc0ZTNmLzEvbU1oY1RBVXNFcS1ETnljWFpiWkNKUjBzcnRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC8zOGM1YWMtYjdlNy00MGRkLTk4ZDMtZTIxNjZhZDc0ZTNm
LzEvQ1k5N28wdkdWbnZUWVcxWFQzS0YzWFZXMl8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUF3DMA0G
CSqGSIb3DQEBCwUAA4IBAQAij8nh8r6WBNWLY9BrizHUShaOZ0not6USGadrsY20
cSxCcN96mANTPOMcLBOv5oeOo+bA02f8q/Ih4nSaF50vYah4mmOdBkMAzdg/XjfP
DuVbxwOkngwP7NRVV4rFz3g1dMAF+gnZuUMqy7upgzHmOSMqnaiZpRcxvjmL7sIo
Emeqay8Rijo7VcenI5p+yOTLehyr22HQFa9JORi0uHGjwtWHC45sYY0GrOLSBpp9
A5dSJI6MKyP3wxU7YJ3rjISyQgMugYAU95/jlfyNYTwpc3US6GMMCIypDrAiMATE
6mbHNjhHlIOuPFbkVSx8K5v8C1N+qC5inTWGCehFxs4a
-----END CERTIFICATE-----