Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/b39739-2705-4fab-af42-ae225ad6d699/1/89jvJXnh1sGEP1l3k8ak_3r52QU.roa
File:                     89jvJXnh1sGEP1l3k8ak_3r52QU.roa (raw, json)
Hash identifier:          x9Fl/XRXMk/32nTJD0wvoKgIkMONRMEb7sPTQo8EEEc=
Subject key identifier:   F3:D8:EF:25:79:E1:D6:C1:84:3F:59:77:93:C6:A4:FF:7A:F9:D9:05
Certificate issuer:       /CN=15efcd69f130ce4ccb5c20b10c033a565a61df85
Certificate serial:       019CB8F407C472F88E01FB25891EF5D449FF
Authority key identifier: 15:EF:CD:69:F1:30:CE:4C:CB:5C:20:B1:0C:03:3A:56:5A:61:DF:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fe_NafEwzkzLXCCxDAM6Vlph34U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/b39739-2705-4fab-af42-ae225ad6d699/1/89jvJXnh1sGEP1l3k8ak_3r52QU.roa
Signing time:             Wed 04 Mar 2026 13:05:26 +0000
ROA not before:           Wed 04 Mar 2026 13:05:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13335
IP address blocks:        193.53.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/b39739-2705-4fab-af42-ae225ad6d699/1/Fe_NafEwzkzLXCCxDAM6Vlph34U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/b39739-2705-4fab-af42-ae225ad6d699/1/Fe_NafEwzkzLXCCxDAM6Vlph34U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fe_NafEwzkzLXCCxDAM6Vlph34U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b8:f4:07:c4:72:f8:8e:01:fb:25:89:1e:f5:d4:49:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15efcd69f130ce4ccb5c20b10c033a565a61df85
        Validity
            Not Before: Mar  4 13:05:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f3d8ef2579e1d6c1843f597793c6a4ff7af9d905
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:35:bb:c4:d4:d7:76:e5:a4:5e:a1:92:da:6c:
                    2e:3f:c3:c7:6b:45:ce:a3:57:f6:fb:2e:ae:ba:a7:
                    f4:c2:ee:6c:c2:8a:13:a5:ab:35:ac:77:97:16:b9:
                    27:63:70:e5:ac:de:0e:6f:7e:9f:69:4f:c8:39:60:
                    f8:f2:06:3f:7f:1f:35:ca:55:71:87:59:d5:6a:04:
                    a0:65:38:7c:ee:83:49:8f:9e:9e:41:0a:4e:53:b7:
                    37:bb:6c:f7:a5:db:23:b8:6a:fc:71:50:d6:76:78:
                    0c:d2:c3:8c:a4:3a:bf:ee:35:89:2a:91:72:39:b8:
                    5a:e6:34:72:9a:0a:e9:89:57:e8:65:b9:87:98:ec:
                    ee:33:7c:6d:bc:4c:e0:f1:a1:41:af:97:b2:3a:3b:
                    d5:80:61:3a:ff:94:ac:f6:b0:c8:6d:0c:b9:e5:9d:
                    8b:ec:37:fe:73:58:83:b7:c0:a8:a4:cf:c9:7b:ba:
                    0f:76:94:ff:37:df:0a:bd:16:51:a7:99:40:3f:54:
                    1b:07:c6:24:f7:90:0e:36:05:d2:95:1c:de:35:74:
                    fb:b8:5c:bd:5a:ae:bb:d6:b6:1b:9e:dc:8f:3f:23:
                    c6:e4:c1:c1:92:be:bc:13:38:30:5f:59:32:20:89:
                    20:38:43:0c:a7:57:40:3f:0c:a6:b7:c4:21:8a:e8:
                    0d:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:D8:EF:25:79:E1:D6:C1:84:3F:59:77:93:C6:A4:FF:7A:F9:D9:05
            X509v3 Authority Key Identifier:
                keyid:15:EF:CD:69:F1:30:CE:4C:CB:5C:20:B1:0C:03:3A:56:5A:61:DF:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fe_NafEwzkzLXCCxDAM6Vlph34U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/b39739-2705-4fab-af42-ae225ad6d699/1/89jvJXnh1sGEP1l3k8ak_3r52QU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/b39739-2705-4fab-af42-ae225ad6d699/1/Fe_NafEwzkzLXCCxDAM6Vlph34U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.53.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:ff:a5:ef:cb:cc:85:5e:b3:52:06:0b:b0:28:78:bc:e8:b6:
         0f:77:71:a6:86:62:b0:b4:f8:52:49:8b:27:ab:89:3a:44:fd:
         0a:1e:f0:e3:a3:a6:91:bf:76:a0:d7:25:59:56:ab:30:ba:43:
         c3:2f:ba:21:c3:2d:a0:4c:26:8a:59:d3:69:2d:0b:81:02:3c:
         5a:12:2a:23:9d:dc:12:3e:d2:4d:b0:ae:22:2e:dd:85:fb:be:
         5f:fa:e6:e6:12:de:f9:95:c5:5d:08:d6:4b:a7:bb:6c:7b:3d:
         56:0f:8e:af:92:11:d3:94:99:bd:4e:63:86:d0:2f:57:86:b7:
         9d:e3:47:b2:0a:29:d8:b5:da:60:3c:7a:07:02:50:27:84:d0:
         dd:08:21:5d:86:9b:5e:a7:b0:ec:7b:c0:8e:6a:6a:9c:48:79:
         61:e5:bd:81:55:c0:7c:d9:7f:91:0d:ed:c2:56:a0:1f:6a:8c:
         c2:57:91:6f:b6:75:91:c5:e1:61:0a:10:c2:70:83:da:c1:3e:
         ec:d8:09:3b:70:66:f3:cb:e7:0c:9f:db:3d:48:65:af:44:17:
         6b:b7:1d:0b:27:55:8b:d6:50:0d:dd:a2:a5:f6:5a:74:90:59:
         eb:7f:f7:ba:1a:43:fc:e8:20:f2:28:64:97:b3:6a:e6:6e:84:
         ca:1b:1d:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy49AfEcviOAfsliR711En/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZWZjZDY5ZjEzMGNlNGNjYjVjMjBiMTBjMDMzYTU2NWE2
MWRmODUwHhcNMjYwMzA0MTMwNTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2Q4ZWYyNTc5ZTFkNmMxODQzZjU5Nzc5M2M2YTRmZjdhZjlkOTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmzW7xNTXduWkXqGS2mwuP8PHa0XO
o1f2+y6uuqf0wu5swooTpas1rHeXFrknY3DlrN4Ob36faU/IOWD48gY/fx81ylVx
h1nVagSgZTh87oNJj56eQQpOU7c3u2z3pdsjuGr8cVDWdngM0sOMpDq/7jWJKpFy
Obha5jRymgrpiVfoZbmHmOzuM3xtvEzg8aFBr5eyOjvVgGE6/5Ss9rDIbQy55Z2L
7Df+c1iDt8CopM/Je7oPdpT/N98KvRZRp5lAP1QbB8Yk95AONgXSlRzeNXT7uFy9
Wq671rYbntyPPyPG5MHBkr68EzgwX1kyIIkgOEMMp1dAPwymt8QhiugNiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPPY7yV54dbBhD9Zd5PGpP96+dkFMB8GA1UdIwQY
MBaAFBXvzWnxMM5My1wgsQwDOlZaYd+FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmVfTmFmRXd6a3pMWENDeERBTTZWbHBoMzRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi9iMzk3MzktMjcwNS00ZmFiLWFmNDIt
YWUyMjVhZDZkNjk5LzEvODlqdkpYbmgxc0dFUDFsM2s4YWtfM3I1MlFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi9iMzk3MzktMjcwNS00ZmFiLWFmNDItYWUyMjVhZDZkNjk5
LzEvRmVfTmFmRXd6a3pMWENDeERBTTZWbHBoMzRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTUpMA0G
CSqGSIb3DQEBCwUAA4IBAQBo/6Xvy8yFXrNSBguwKHi86LYPd3GmhmKwtPhSSYsn
q4k6RP0KHvDjo6aRv3ag1yVZVqswukPDL7ohwy2gTCaKWdNpLQuBAjxaEiojndwS
PtJNsK4iLt2F+75f+ubmEt75lcVdCNZLp7tsez1WD46vkhHTlJm9TmOG0C9Xhred
40eyCinYtdpgPHoHAlAnhNDdCCFdhptep7Dse8COamqcSHlh5b2BVcB82X+RDe3C
VqAfaozCV5FvtnWRxeFhChDCcIPawT7s2Ak7cGbzy+cMn9s9SGWvRBdrtx0LJ1WL
1lAN3aKl9lp0kFnrf/e6GkP86CDyKGSXs2rmboTKGx23
-----END CERTIFICATE-----