Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/e445e4-26bd-48c9-83db-7a0ece9c0af8/1/mi7KJXHo-_cgynjrOEYKa7kVD8I.roa
File:                     mi7KJXHo-_cgynjrOEYKa7kVD8I.roa (raw, json)
Hash identifier:          YGaCcIrn+IZQb5Rq3PZQYSYoXxlLsMVa6xxEh3lbzgI=
Subject key identifier:   9A:2E:CA:25:71:E8:FB:F7:20:CA:78:EB:38:46:0A:6B:B9:15:0F:C2
Certificate issuer:       /CN=8aad9c0ce5ba3905b41970a04e51976076c67e00
Certificate serial:       019DDF1FAC3A84E1E54991E325BE89B8B7DF
Authority key identifier: 8A:AD:9C:0C:E5:BA:39:05:B4:19:70:A0:4E:51:97:60:76:C6:7E:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iq2cDOW6OQW0GXCgTlGXYHbGfgA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/e445e4-26bd-48c9-83db-7a0ece9c0af8/1/mi7KJXHo-_cgynjrOEYKa7kVD8I.roa
Signing time:             Thu 30 Apr 2026 16:01:28 +0000
ROA not before:           Thu 30 Apr 2026 16:01:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13335
IP address blocks:        193.135.40.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/e445e4-26bd-48c9-83db-7a0ece9c0af8/1/iq2cDOW6OQW0GXCgTlGXYHbGfgA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/e445e4-26bd-48c9-83db-7a0ece9c0af8/1/iq2cDOW6OQW0GXCgTlGXYHbGfgA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iq2cDOW6OQW0GXCgTlGXYHbGfgA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:df:1f:ac:3a:84:e1:e5:49:91:e3:25:be:89:b8:b7:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8aad9c0ce5ba3905b41970a04e51976076c67e00
        Validity
            Not Before: Apr 30 16:01:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9a2eca2571e8fbf720ca78eb38460a6bb9150fc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:90:c9:9f:b0:c0:70:ac:c2:f7:73:fe:a7:de:
                    0a:29:b8:71:12:7b:0b:ec:0b:ba:07:e3:fd:79:f3:
                    d6:f3:bc:81:77:99:d1:d1:df:d0:1f:e8:8a:a9:eb:
                    08:86:d4:c9:4e:c8:85:f6:9c:61:2e:8a:6a:d7:1d:
                    a7:30:aa:7d:cb:14:9e:68:5e:28:71:09:6f:3e:06:
                    5d:ba:57:11:62:07:1e:78:03:20:33:58:c6:5c:82:
                    ca:54:c6:88:63:1e:1e:83:f4:44:21:f6:a3:d8:b3:
                    9a:90:a0:69:53:25:35:7a:b2:a6:6d:5c:ef:50:fe:
                    d0:39:5d:c7:d7:b9:f5:e5:61:dc:fc:87:da:2a:de:
                    1b:ef:90:a1:09:ae:5a:7f:ed:61:bf:7d:9c:9b:5f:
                    c0:b0:53:27:31:13:08:36:2e:c8:a3:d2:88:de:ac:
                    99:d8:c7:de:e2:07:05:49:49:4f:8d:b6:2b:aa:2d:
                    95:a2:07:bf:de:4d:58:be:44:7c:d0:2c:ed:f3:88:
                    99:97:64:d7:b3:16:74:18:41:fc:3b:be:43:10:d6:
                    e6:5c:ca:79:6d:c3:71:e3:96:a7:3e:e8:44:8b:a7:
                    40:66:7e:5a:21:0f:7c:32:49:92:ce:e5:36:02:26:
                    c5:be:fe:03:5b:c3:f0:4a:72:2b:2f:e8:ed:f0:bf:
                    1e:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:2E:CA:25:71:E8:FB:F7:20:CA:78:EB:38:46:0A:6B:B9:15:0F:C2
            X509v3 Authority Key Identifier:
                keyid:8A:AD:9C:0C:E5:BA:39:05:B4:19:70:A0:4E:51:97:60:76:C6:7E:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iq2cDOW6OQW0GXCgTlGXYHbGfgA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/e445e4-26bd-48c9-83db-7a0ece9c0af8/1/mi7KJXHo-_cgynjrOEYKa7kVD8I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/e445e4-26bd-48c9-83db-7a0ece9c0af8/1/iq2cDOW6OQW0GXCgTlGXYHbGfgA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.135.40.0/21

    Signature Algorithm: sha256WithRSAEncryption
         3b:f8:f3:25:64:01:13:e6:66:78:06:a1:b8:57:b3:17:ba:7c:
         3b:1b:83:69:b7:b2:12:4d:8f:90:61:d8:d3:88:73:09:0e:d3:
         85:46:38:72:3d:b5:91:2f:fc:5b:83:1e:5a:66:fc:a2:59:bf:
         22:6c:2d:cb:a9:12:52:61:b3:1e:18:28:24:ec:22:e1:1b:46:
         a4:ba:0f:e1:92:76:22:a0:2b:e6:0c:e9:82:4f:07:4c:3e:2a:
         98:98:ef:8f:77:fb:ee:6c:4f:fa:d7:a7:d7:d3:b9:b8:79:23:
         a7:81:25:b2:b8:95:8f:38:ab:6c:90:1e:49:db:fc:b6:ee:48:
         67:db:36:6e:cb:85:e0:40:cd:e9:63:ed:c3:0f:51:46:cf:f5:
         55:55:9b:cc:f1:28:9e:66:4e:8e:7c:0f:d5:49:f2:7c:d8:fe:
         86:06:d1:d3:20:3c:a5:5d:59:43:82:fc:d3:4c:8f:26:26:95:
         0a:7b:38:82:6d:64:35:87:a6:85:3f:bd:54:8e:31:2d:74:a7:
         02:e4:c2:db:d8:d3:31:cf:f1:c8:4e:85:a1:31:23:42:26:cd:
         5b:90:c9:37:09:33:bb:ad:0a:a7:d1:74:d3:f0:df:66:95:7d:
         72:d7:aa:78:03:f9:d3:5c:50:53:a9:8e:41:46:da:41:7a:67:
         a1:55:0a:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3fH6w6hOHlSZHjJb6JuLffMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhYWQ5YzBjZTViYTM5MDViNDE5NzBhMDRlNTE5NzYwNzZj
NjdlMDAwHhcNMjYwNDMwMTYwMTI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTJlY2EyNTcxZThmYmY3MjBjYTc4ZWIzODQ2MGE2YmI5MTUwZmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ZDJn7DAcKzC93P+p94KKbhxEnsL
7Au6B+P9efPW87yBd5nR0d/QH+iKqesIhtTJTsiF9pxhLopq1x2nMKp9yxSeaF4o
cQlvPgZdulcRYgceeAMgM1jGXILKVMaIYx4eg/REIfaj2LOakKBpUyU1erKmbVzv
UP7QOV3H17n15WHc/IfaKt4b75ChCa5af+1hv32cm1/AsFMnMRMINi7Io9KI3qyZ
2Mfe4gcFSUlPjbYrqi2Voge/3k1YvkR80Czt84iZl2TXsxZ0GEH8O75DENbmXMp5
bcNx45anPuhEi6dAZn5aIQ98MkmSzuU2AibFvv4DW8PwSnIrL+jt8L8eJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJouyiVx6Pv3IMp46zhGCmu5FQ/CMB8GA1UdIwQY
MBaAFIqtnAzlujkFtBlwoE5Rl2B2xn4AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXEyY0RPVzZPUVcwR1hDZ1RsR1hZSGJHZmdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9lNDQ1ZTQtMjZiZC00OGM5LTgzZGIt
N2EwZWNlOWMwYWY4LzEvbWk3S0pYSG8tX2NneW5qck9FWUthN2tWRDhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9lNDQ1ZTQtMjZiZC00OGM5LTgzZGItN2EwZWNlOWMwYWY4
LzEvaXEyY0RPVzZPUVcwR1hDZ1RsR1hZSGJHZmdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwYcoMA0G
CSqGSIb3DQEBCwUAA4IBAQA7+PMlZAET5mZ4BqG4V7MXunw7G4Npt7ISTY+QYdjT
iHMJDtOFRjhyPbWRL/xbgx5aZvyiWb8ibC3LqRJSYbMeGCgk7CLhG0akug/hknYi
oCvmDOmCTwdMPiqYmO+Pd/vubE/616fX07m4eSOngSWyuJWPOKtskB5J2/y27khn
2zZuy4XgQM3pY+3DD1FGz/VVVZvM8SieZk6OfA/VSfJ82P6GBtHTIDylXVlDgvzT
TI8mJpUKeziCbWQ1h6aFP71UjjEtdKcC5MLb2NMxz/HIToWhMSNCJs1bkMk3CTO7
rQqn0XTT8N9mlX1y16p4A/nTXFBTqY5BRtpBemehVQpT
-----END CERTIFICATE-----