Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/AELpSQk4U_4yYMfTpV1YZnYYqE0.roa
File:                     AELpSQk4U_4yYMfTpV1YZnYYqE0.roa (raw, json)
Hash identifier:          rBmgfJahAhuDErRkXFjicnKRClC1gK9LNYqICO/Bw2c=
Subject key identifier:   00:42:E9:49:09:38:53:FE:32:60:C7:D3:A5:5D:58:66:76:18:A8:4D
Certificate issuer:       /CN=c089423af1be03027196d1f81df22992978cda6e
Certificate serial:       019DEF8C1A60E093D5ED4AB6E7CE146A024B
Authority key identifier: C0:89:42:3A:F1:BE:03:02:71:96:D1:F8:1D:F2:29:92:97:8C:DA:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wIlCOvG-AwJxltH4HfIpkpeM2m4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/AELpSQk4U_4yYMfTpV1YZnYYqE0.roa
Signing time:             Sun 03 May 2026 20:33:49 +0000
ROA not before:           Sun 03 May 2026 20:33:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210528
IP address blocks:        93.90.72.0/23 maxlen: 24
                          93.90.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/wIlCOvG-AwJxltH4HfIpkpeM2m4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/wIlCOvG-AwJxltH4HfIpkpeM2m4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wIlCOvG-AwJxltH4HfIpkpeM2m4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ef:8c:1a:60:e0:93:d5:ed:4a:b6:e7:ce:14:6a:02:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c089423af1be03027196d1f81df22992978cda6e
        Validity
            Not Before: May  3 20:33:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0042e949093853fe3260c7d3a55d58667618a84d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:f1:d2:15:ae:ec:95:e0:09:2f:e7:36:ed:34:
                    0f:e1:fe:c2:23:38:d8:2c:11:8e:ef:57:e9:b4:4c:
                    3a:b8:c4:97:e8:d5:1e:e8:8e:7a:c5:3a:95:8a:f4:
                    b5:59:64:7d:32:5e:24:59:fc:73:d5:5c:35:0a:c0:
                    48:84:de:b0:55:49:79:83:c4:71:02:07:0b:67:92:
                    79:54:6d:28:1e:40:6b:9f:ed:68:8f:0d:b3:e9:e2:
                    77:ec:ca:50:f3:7b:cb:3f:5f:f9:f8:e1:1e:d6:80:
                    8b:79:05:19:f2:8f:ca:6f:fa:15:10:e5:16:30:18:
                    2f:f4:33:a4:4c:1f:f1:f1:fc:c7:1e:e8:23:7e:a3:
                    21:f3:04:fb:a1:a9:b0:1c:37:83:61:93:ea:53:ab:
                    fc:52:54:9a:13:1e:eb:63:cb:3f:b9:50:b5:cc:bd:
                    60:cd:e7:44:a5:a4:6d:1b:b6:fc:46:59:b2:b0:8b:
                    8d:4b:d2:be:52:48:78:0e:af:5f:0a:56:92:65:16:
                    a4:aa:67:a9:77:c4:10:97:02:e4:32:08:44:32:75:
                    3a:c6:00:40:f2:35:77:8e:d7:1b:1b:80:02:06:8f:
                    ff:7f:68:12:f6:b6:4b:bd:6e:6a:b8:44:8a:92:77:
                    f4:e1:a2:48:32:13:8c:d7:05:1a:c3:19:26:32:fb:
                    30:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:42:E9:49:09:38:53:FE:32:60:C7:D3:A5:5D:58:66:76:18:A8:4D
            X509v3 Authority Key Identifier:
                keyid:C0:89:42:3A:F1:BE:03:02:71:96:D1:F8:1D:F2:29:92:97:8C:DA:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wIlCOvG-AwJxltH4HfIpkpeM2m4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/AELpSQk4U_4yYMfTpV1YZnYYqE0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/wIlCOvG-AwJxltH4HfIpkpeM2m4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.90.72.0/23

    Signature Algorithm: sha256WithRSAEncryption
         08:e4:90:40:91:94:b8:4b:4b:d4:7c:90:dd:7b:36:a1:c9:44:
         ac:cb:9f:a7:7a:ac:2b:6f:7f:69:f1:60:7e:54:e5:a5:93:f3:
         05:44:fb:1b:da:fe:37:1d:be:93:9b:86:15:a4:68:34:1e:29:
         06:91:59:55:99:fc:fb:46:c9:e6:f5:b6:36:e9:16:79:11:38:
         69:61:58:f9:f1:8e:ec:51:61:82:29:2d:c3:76:f0:6a:a7:5a:
         3e:da:1e:f7:6e:38:e5:79:4a:85:0b:37:02:40:24:c0:e2:4b:
         fc:1a:cd:2d:9b:b8:21:1b:04:2a:fd:dd:4d:8c:37:d1:03:9b:
         e2:78:2c:51:b2:60:a8:da:d0:bd:dc:44:38:2b:33:22:d8:b9:
         50:f1:86:89:df:90:76:cc:57:32:97:be:d3:61:a0:04:5b:72:
         36:67:0d:eb:87:05:3f:28:7a:61:d3:9a:42:d7:7b:28:88:4a:
         62:3c:43:ed:6d:20:02:e8:d5:29:29:b0:20:dd:a5:3a:1a:b1:
         bb:fa:18:f1:a9:0e:84:79:cc:71:d2:e1:90:f3:c4:cc:77:25:
         7a:be:bd:47:c1:c8:cd:7c:18:60:d1:49:97:4b:fe:7b:a9:9c:
         8a:e5:d5:72:fe:2d:37:ab:01:fe:c6:d8:c3:b3:2a:8a:0a:8e:
         00:bc:02:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3vjBpg4JPV7Uq2584UagJLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwODk0MjNhZjFiZTAzMDI3MTk2ZDFmODFkZjIyOTkyOTc4
Y2RhNmUwHhcNMjYwNTAzMjAzMzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDQyZTk0OTA5Mzg1M2ZlMzI2MGM3ZDNhNTVkNTg2Njc2MThhODRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2fHSFa7sleAJL+c27TQP4f7CIzjY
LBGO71fptEw6uMSX6NUe6I56xTqVivS1WWR9Ml4kWfxz1Vw1CsBIhN6wVUl5g8Rx
AgcLZ5J5VG0oHkBrn+1ojw2z6eJ37MpQ83vLP1/5+OEe1oCLeQUZ8o/Kb/oVEOUW
MBgv9DOkTB/x8fzHHugjfqMh8wT7oamwHDeDYZPqU6v8UlSaEx7rY8s/uVC1zL1g
zedEpaRtG7b8RlmysIuNS9K+Ukh4Dq9fClaSZRakqmepd8QQlwLkMghEMnU6xgBA
8jV3jtcbG4ACBo//f2gS9rZLvW5quESKknf04aJIMhOM1wUawxkmMvswfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFABC6UkJOFP+MmDH06VdWGZ2GKhNMB8GA1UdIwQY
MBaAFMCJQjrxvgMCcZbR+B3yKZKXjNpuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0lsQ092Ry1Bd0p4bHRINEhmSXBrcGVNMm00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9kYzI5MTItYzdiMC00ZGY0LTlhYTgt
NjUzMzJiNDdmNWViLzEvQUVMcFNRazRVXzR5WU1mVHBWMVlabllZcUUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9kYzI5MTItYzdiMC00ZGY0LTlhYTgtNjUzMzJiNDdmNWVi
LzEvd0lsQ092Ry1Bd0p4bHRINEhmSXBrcGVNMm00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXVpIMA0G
CSqGSIb3DQEBCwUAA4IBAQAI5JBAkZS4S0vUfJDdezahyUSsy5+neqwrb39p8WB+
VOWlk/MFRPsb2v43Hb6Tm4YVpGg0HikGkVlVmfz7Rsnm9bY26RZ5EThpYVj58Y7s
UWGCKS3DdvBqp1o+2h73bjjleUqFCzcCQCTA4kv8Gs0tm7ghGwQq/d1NjDfRA5vi
eCxRsmCo2tC93EQ4KzMi2LlQ8YaJ35B2zFcyl77TYaAEW3I2Zw3rhwU/KHph05pC
13soiEpiPEPtbSAC6NUpKbAg3aU6GrG7+hjxqQ6Eecxx0uGQ88TMdyV6vr1HwcjN
fBhg0UmXS/57qZyK5dVy/i03qwH+xtjDsyqKCo4AvAJX
-----END CERTIFICATE-----