Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/RIy2kjsXLlKWvS0JMTvs2VhVEZ0.roa
File:                     RIy2kjsXLlKWvS0JMTvs2VhVEZ0.roa (raw, json)
Hash identifier:          XQjBMdPNXucPNqTWTFVklAVLPYHnqbpOKfZjxddt3vY=
Subject key identifier:   44:8C:B6:92:3B:17:2E:52:96:BD:2D:09:31:3B:EC:D9:58:55:11:9D
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       019E0BFE03883AB986C1590322AFA08EBD48
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/RIy2kjsXLlKWvS0JMTvs2VhVEZ0.roa
Signing time:             Sat 09 May 2026 09:07:36 +0000
ROA not before:           Sat 09 May 2026 09:07:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        193.93.54.0/24 maxlen: 24
                          193.93.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:0b:fe:03:88:3a:b9:86:c1:59:03:22:af:a0:8e:bd:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: May  9 09:07:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=448cb6923b172e5296bd2d09313becd95855119d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:8d:31:d0:70:a9:20:8a:74:0b:47:70:f4:e7:
                    00:ad:20:6e:2e:de:65:7c:d6:4a:10:2b:04:13:6c:
                    e8:ec:c7:26:ef:ef:62:01:2e:64:6f:b8:f6:f0:5c:
                    30:a4:87:de:a4:5e:92:ee:e5:4d:6a:a7:b5:36:d2:
                    89:ae:90:88:b7:f9:a5:7f:27:2a:e0:3c:56:2a:e0:
                    14:a4:b1:39:fc:71:82:2a:ac:88:28:bd:8c:ff:24:
                    17:3a:80:66:ae:f3:a8:e4:8c:90:54:21:08:fa:d3:
                    16:71:ed:dd:0f:56:95:de:36:f2:6f:56:3c:78:d3:
                    91:84:9f:4a:ee:15:a3:7c:84:88:d8:87:9b:d9:64:
                    73:8d:f6:49:91:94:f0:c8:d5:20:4e:4d:fb:41:7b:
                    48:5a:f3:f4:9a:07:40:ca:15:5f:52:23:58:6f:68:
                    90:31:c7:8c:a5:18:32:f9:11:3f:7e:56:28:ad:c8:
                    2e:37:79:e3:4e:24:e1:c1:d0:e6:0a:78:36:df:2e:
                    a4:9f:f4:9b:a1:cd:7f:38:97:94:c5:4f:12:3e:75:
                    d5:57:0d:89:a6:da:53:fa:9b:00:8f:60:ac:45:c1:
                    58:b0:79:34:d9:1b:40:df:a8:f2:63:50:92:18:06:
                    77:22:3c:21:8a:bf:a9:9c:4d:01:d9:59:3c:d6:36:
                    35:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:8C:B6:92:3B:17:2E:52:96:BD:2D:09:31:3B:EC:D9:58:55:11:9D
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/RIy2kjsXLlKWvS0JMTvs2VhVEZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.93.54.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1d:34:f8:b1:10:22:06:b9:f5:c6:c6:7c:19:34:3b:f1:51:5e:
         c5:f7:38:a9:49:33:5f:e1:65:d9:4f:19:98:a8:f6:5d:67:72:
         e9:62:0c:c0:42:ec:3f:07:13:b2:02:db:61:26:97:de:cb:f0:
         12:af:91:3a:b7:d9:56:60:ff:dd:40:13:a6:8e:e8:73:30:66:
         58:32:4c:35:1f:e5:ba:3e:84:c8:88:f4:3a:0c:c9:95:ad:63:
         71:9f:0d:9e:74:d0:61:35:1d:27:82:1f:51:94:76:6d:f8:c0:
         46:fc:59:32:58:dd:c4:23:eb:df:a2:7e:de:7d:ed:ef:43:26:
         70:9b:10:09:d9:c9:f8:83:72:c6:cd:b9:b9:71:76:ca:da:24:
         69:8d:e3:ea:35:a6:de:d6:d0:9e:ee:d6:50:e8:e2:e2:92:8e:
         22:2f:52:c9:2d:ab:5e:27:59:b2:ac:6c:cf:74:2d:4b:89:8c:
         f2:e8:1b:57:9a:45:b8:8d:d3:9b:42:dd:ca:bb:33:36:63:04:
         5c:94:f9:66:d8:61:c6:9e:b5:19:56:ba:cf:82:6d:7b:86:51:
         0e:9b:57:25:ce:de:72:94:5f:03:23:f8:83:1a:c5:f8:50:bc:
         13:bd:59:a8:26:fc:06:03:ba:27:cb:9d:11:17:94:69:76:71:
         17:3e:9d:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4L/gOIOrmGwVkDIq+gjr1IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjYwNTA5MDkwNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDhjYjY5MjNiMTcyZTUyOTZiZDJkMDkzMTNiZWNkOTU4NTUxMTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Y0x0HCpIIp0C0dw9OcArSBuLt5l
fNZKECsEE2zo7Mcm7+9iAS5kb7j28FwwpIfepF6S7uVNaqe1NtKJrpCIt/mlfycq
4DxWKuAUpLE5/HGCKqyIKL2M/yQXOoBmrvOo5IyQVCEI+tMWce3dD1aV3jbyb1Y8
eNORhJ9K7hWjfISI2Ieb2WRzjfZJkZTwyNUgTk37QXtIWvP0mgdAyhVfUiNYb2iQ
MceMpRgy+RE/flYorcguN3njTiThwdDmCng23y6kn/Sboc1/OJeUxU8SPnXVVw2J
ptpT+psAj2CsRcFYsHk02RtA36jyY1CSGAZ3Ijwhir+pnE0B2Vk81jY1DQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFESMtpI7Fy5Slr0tCTE77NlYVRGdMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvUkl5Mmtqc1hMbEtXdlMwSk1UdnMyVmhWRVowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwV02MA0G
CSqGSIb3DQEBCwUAA4IBAQAdNPixECIGufXGxnwZNDvxUV7F9zipSTNf4WXZTxmY
qPZdZ3LpYgzAQuw/BxOyAtthJpfey/ASr5E6t9lWYP/dQBOmjuhzMGZYMkw1H+W6
PoTIiPQ6DMmVrWNxnw2edNBhNR0ngh9RlHZt+MBG/FkyWN3EI+vfon7efe3vQyZw
mxAJ2cn4g3LGzbm5cXbK2iRpjePqNabe1tCe7tZQ6OLiko4iL1LJLateJ1myrGzP
dC1LiYzy6BtXmkW4jdObQt3KuzM2YwRclPlm2GHGnrUZVrrPgm17hlEOm1clzt5y
lF8DI/iDGsX4ULwTvVmoJvwGA7ony50RF5RpdnEXPp2Q
-----END CERTIFICATE-----