Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/5d6491-08ff-494d-8433-098f7c5fd975/1/r_8bT90UjcZl-MvxK-5tmdznS1I.roa
File:                     r_8bT90UjcZl-MvxK-5tmdznS1I.roa (raw, json)
Hash identifier:          +kBFEQDnTe7FZB/GY9jWIpmDn/+p706IcANeKk3b/o4=
Subject key identifier:   AF:FF:1B:4F:DD:14:8D:C6:65:F8:CB:F1:2B:EE:6D:99:DC:E7:4B:52
Certificate issuer:       /CN=58a763f0c467abaa701d968c3749c6dad03489b0
Certificate serial:       019ECBA5FE01D2A82659E55540E0630D2F68
Authority key identifier: 58:A7:63:F0:C4:67:AB:AA:70:1D:96:8C:37:49:C6:DA:D0:34:89:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WKdj8MRnq6pwHZaMN0nG2tA0ibA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/5d6491-08ff-494d-8433-098f7c5fd975/1/r_8bT90UjcZl-MvxK-5tmdznS1I.roa
Signing time:             Mon 15 Jun 2026 14:18:33 +0000
ROA not before:           Mon 15 Jun 2026 14:18:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35280
IP address blocks:        193.228.234.0/24 maxlen: 24
                          2001:67c:1314::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/5d6491-08ff-494d-8433-098f7c5fd975/1/WKdj8MRnq6pwHZaMN0nG2tA0ibA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/5d6491-08ff-494d-8433-098f7c5fd975/1/WKdj8MRnq6pwHZaMN0nG2tA0ibA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WKdj8MRnq6pwHZaMN0nG2tA0ibA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:cb:a5:fe:01:d2:a8:26:59:e5:55:40:e0:63:0d:2f:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58a763f0c467abaa701d968c3749c6dad03489b0
        Validity
            Not Before: Jun 15 14:18:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=afff1b4fdd148dc665f8cbf12bee6d99dce74b52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:9b:90:c1:e1:1d:89:2a:06:24:10:f4:1e:2b:
                    86:d5:f6:63:90:05:2a:06:26:d6:b7:f8:dd:3e:0c:
                    e3:79:08:ac:bb:8a:c1:16:9e:2d:c7:6d:29:0e:b2:
                    b2:95:7a:8e:b7:2a:29:dc:9f:e5:8d:40:f6:d9:f9:
                    44:ae:05:b5:fe:ca:e6:5e:13:a3:2d:35:79:66:82:
                    25:22:a5:5d:76:3b:00:e2:be:84:1b:4a:d2:7d:3c:
                    09:09:22:15:40:05:6a:15:c1:ab:2b:24:7c:ba:bd:
                    f3:73:9b:67:d7:f2:3b:7b:2b:db:c0:16:9c:8a:74:
                    b5:2d:8f:5c:69:ce:97:ca:13:d6:68:bf:7f:e0:cb:
                    8b:88:94:97:d7:57:3f:92:de:7b:01:9a:61:c4:18:
                    87:d7:cc:ba:05:56:e5:dc:dc:10:88:44:5c:c6:19:
                    7f:31:10:4d:c2:81:76:c1:15:cc:ca:ed:79:ac:52:
                    9e:7c:2b:b8:18:5f:c2:e7:5d:f0:c6:1c:43:0c:e3:
                    a1:ad:ca:83:9e:84:7f:a0:43:59:33:b2:d6:37:d8:
                    d7:8a:10:5f:03:08:cc:5c:7b:65:21:f0:64:42:c5:
                    d0:21:91:25:ce:52:30:8f:81:81:16:1b:cc:64:73:
                    ef:2e:d3:64:9f:62:57:c3:c0:56:9a:db:1d:96:11:
                    38:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:FF:1B:4F:DD:14:8D:C6:65:F8:CB:F1:2B:EE:6D:99:DC:E7:4B:52
            X509v3 Authority Key Identifier:
                keyid:58:A7:63:F0:C4:67:AB:AA:70:1D:96:8C:37:49:C6:DA:D0:34:89:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WKdj8MRnq6pwHZaMN0nG2tA0ibA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/5d6491-08ff-494d-8433-098f7c5fd975/1/r_8bT90UjcZl-MvxK-5tmdznS1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/5d6491-08ff-494d-8433-098f7c5fd975/1/WKdj8MRnq6pwHZaMN0nG2tA0ibA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.228.234.0/24
                IPv6:
                  2001:67c:1314::/48

    Signature Algorithm: sha256WithRSAEncryption
         62:7f:d0:4f:22:30:8e:3e:7e:fc:d6:88:80:08:06:d6:5e:65:
         cc:95:3e:30:32:a8:d0:1a:29:1e:79:d4:77:15:e0:8f:74:36:
         3a:a1:58:ee:77:1b:ba:1a:a0:6a:df:09:fa:8b:f2:17:15:27:
         ca:cc:5e:60:ee:d5:31:9c:1d:28:79:78:81:d3:7e:77:98:b4:
         47:9f:39:80:25:77:b3:b2:4b:95:e5:fb:62:10:5f:3e:ef:f3:
         90:0b:ca:60:41:cb:31:e8:aa:62:4f:c8:5f:74:37:ca:5f:73:
         b6:33:f6:fa:af:76:06:2d:58:49:86:d8:24:9d:9a:2f:30:32:
         ae:36:a7:7f:89:2b:8f:1e:ce:68:e8:4b:7e:4f:a7:c5:db:35:
         2b:aa:80:bf:91:b3:e6:5c:c5:3d:89:61:62:a8:5e:d5:57:52:
         aa:d9:9a:c8:ae:a9:a4:2f:85:55:93:42:02:97:58:51:3d:53:
         66:3f:ea:26:55:b3:98:3d:5e:0e:a5:73:5c:eb:5b:4a:d1:72:
         f6:c7:74:7c:1d:f7:fb:64:0b:31:37:5e:f6:c1:90:d0:09:34:
         1b:15:fb:b7:44:77:01:1a:2d:bc:32:51:0d:f8:f6:f2:3d:cd:
         4a:90:3d:d1:52:7e:8f:a6:10:92:3d:2e:d9:9e:e3:a3:fd:bc:
         db:bf:80:15
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ7Lpf4B0qgmWeVVQOBjDS9oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YTc2M2YwYzQ2N2FiYWE3MDFkOTY4YzM3NDljNmRhZDAz
NDg5YjAwHhcNMjYwNjE1MTQxODMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmZmMWI0ZmRkMTQ4ZGM2NjVmOGNiZjEyYmVlNmQ5OWRjZTc0YjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxZuQweEdiSoGJBD0HiuG1fZjkAUq
BibWt/jdPgzjeQisu4rBFp4tx20pDrKylXqOtyop3J/ljUD22flErgW1/srmXhOj
LTV5ZoIlIqVddjsA4r6EG0rSfTwJCSIVQAVqFcGrKyR8ur3zc5tn1/I7eyvbwBac
inS1LY9cac6XyhPWaL9/4MuLiJSX11c/kt57AZphxBiH18y6BVbl3NwQiERcxhl/
MRBNwoF2wRXMyu15rFKefCu4GF/C513wxhxDDOOhrcqDnoR/oENZM7LWN9jXihBf
AwjMXHtlIfBkQsXQIZElzlIwj4GBFhvMZHPvLtNkn2JXw8BWmtsdlhE4vwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFK//G0/dFI3GZfjL8SvubZnc50tSMB8GA1UdIwQY
MBaAFFinY/DEZ6uqcB2WjDdJxtrQNImwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0tkajhNUm5xNnB3SFphTU4wbkcydEEwaWJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC81ZDY0OTEtMDhmZi00OTRkLTg0MzMt
MDk4ZjdjNWZkOTc1LzEvcl84YlQ5MFVqY1psLU12eEstNXRtZHpuUzFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC81ZDY0OTEtMDhmZi00OTRkLTg0MzMtMDk4ZjdjNWZkOTc1
LzEvV0tkajhNUm5xNnB3SFphTU4wbkcydEEwaWJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAweTqMA8E
AgACMAkDBwAgAQZ8ExQwDQYJKoZIhvcNAQELBQADggEBAGJ/0E8iMI4+fvzWiIAI
BtZeZcyVPjAyqNAaKR551HcV4I90NjqhWO53G7oaoGrfCfqL8hcVJ8rMXmDu1TGc
HSh5eIHTfneYtEefOYAld7OyS5Xl+2IQXz7v85ALymBByzHoqmJPyF90N8pfc7Yz
9vqvdgYtWEmG2CSdmi8wMq42p3+JK48ezmjoS35Pp8XbNSuqgL+Rs+ZcxT2JYWKo
XtVXUqrZmsiuqaQvhVWTQgKXWFE9U2Y/6iZVs5g9Xg6lc1zrW0rRcvbHdHwd9/tk
CzE3XvbBkNAJNBsV+7dEdwEaLbwyUQ349vI9zUqQPdFSfo+mEJI9Ltme46P9vNu/
gBU=
-----END CERTIFICATE-----