Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/9cae10-1613-4b9e-bba4-24d42a151c0a/1/t8a-QnR86-kpB7NDXscxwrUfubA.roa
File:                     t8a-QnR86-kpB7NDXscxwrUfubA.roa (raw, json)
Hash identifier:          urj77O5mIDu7OcW/OyhkE0pGwVVEOXwa/ya3893rN/k=
Subject key identifier:   B7:C6:BE:42:74:7C:EB:E9:29:07:B3:43:5E:C7:31:C2:B5:1F:B9:B0
Certificate issuer:       /CN=95a8c0090301995564aa2138b430389ef88cd77b
Certificate serial:       019B783502C0A6A6660275137914E05C1DC3
Authority key identifier: 95:A8:C0:09:03:01:99:55:64:AA:21:38:B4:30:38:9E:F8:8C:D7:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lajACQMBmVVkqiE4tDA4nviM13s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/9cae10-1613-4b9e-bba4-24d42a151c0a/1/t8a-QnR86-kpB7NDXscxwrUfubA.roa
Signing time:             Thu 01 Jan 2026 06:18:18 +0000
ROA not before:           Thu 01 Jan 2026 06:18:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44372
IP address blocks:        193.93.152.0/22 maxlen: 24
                          2a07:3ec0::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/9cae10-1613-4b9e-bba4-24d42a151c0a/1/lajACQMBmVVkqiE4tDA4nviM13s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/9cae10-1613-4b9e-bba4-24d42a151c0a/1/lajACQMBmVVkqiE4tDA4nviM13s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lajACQMBmVVkqiE4tDA4nviM13s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 06:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:02:c0:a6:a6:66:02:75:13:79:14:e0:5c:1d:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95a8c0090301995564aa2138b430389ef88cd77b
        Validity
            Not Before: Jan  1 06:18:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b7c6be42747cebe92907b3435ec731c2b51fb9b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:9f:76:13:93:de:98:97:dc:01:71:d0:46:28:
                    06:ad:00:bb:b6:f1:ed:0d:b3:3e:53:ce:e5:9c:ff:
                    9a:3d:31:b8:4a:9b:e4:5d:36:15:76:c0:54:b8:88:
                    57:9e:c6:4e:06:0a:94:90:5c:9a:cf:2c:44:35:a3:
                    d5:66:5e:50:80:15:29:d7:52:88:51:70:1c:1a:66:
                    60:48:34:dc:b2:d8:6a:e2:5d:62:01:21:10:fa:51:
                    9d:5b:e4:03:f7:19:d8:9a:de:f8:c3:8d:d6:23:dd:
                    5c:f9:1d:31:76:fd:33:ea:dc:28:9d:51:0e:dc:b3:
                    2a:ec:0d:55:c2:bf:29:38:1a:a2:30:e7:29:e6:98:
                    01:2e:cd:86:2b:96:b3:b6:13:0c:f5:7e:65:d1:0b:
                    fc:e7:36:0a:8a:f4:b0:80:d5:34:0a:8c:4a:18:37:
                    16:2c:94:16:f9:54:85:a7:16:96:2e:41:49:07:4c:
                    82:a9:de:34:db:40:7d:87:e6:19:a2:f9:06:43:91:
                    f4:41:99:ca:76:c8:cb:41:ee:a6:fd:55:43:a8:bb:
                    f3:41:5a:22:ac:4c:a7:c6:97:2c:31:08:7b:3b:ce:
                    9e:f2:08:05:1a:ee:54:eb:48:f5:97:d4:ab:e6:52:
                    98:de:53:b2:39:aa:16:21:c4:e7:71:19:e6:98:14:
                    79:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:C6:BE:42:74:7C:EB:E9:29:07:B3:43:5E:C7:31:C2:B5:1F:B9:B0
            X509v3 Authority Key Identifier:
                keyid:95:A8:C0:09:03:01:99:55:64:AA:21:38:B4:30:38:9E:F8:8C:D7:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lajACQMBmVVkqiE4tDA4nviM13s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/9cae10-1613-4b9e-bba4-24d42a151c0a/1/t8a-QnR86-kpB7NDXscxwrUfubA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/9cae10-1613-4b9e-bba4-24d42a151c0a/1/lajACQMBmVVkqiE4tDA4nviM13s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.93.152.0/22
                IPv6:
                  2a07:3ec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         af:4f:6c:0b:37:6c:28:6a:ea:fa:94:53:56:ce:35:df:4e:96:
         1f:5a:f3:54:c2:f5:cb:aa:17:42:f9:47:68:32:2c:9f:91:39:
         ba:c9:9c:be:54:66:cc:3a:5d:fa:b8:c2:08:56:54:08:fc:4f:
         e1:b1:65:15:bb:2a:09:ad:5e:5b:ff:ce:2f:ec:49:d3:fa:55:
         0b:d9:7b:80:0e:e0:13:04:5a:a4:ec:e0:18:8a:fc:fa:1d:8b:
         44:e0:ba:80:88:1b:73:a7:80:02:d3:56:db:3b:4b:7e:74:16:
         f8:01:6f:97:e5:56:6d:ba:34:0b:5b:e4:81:bf:af:3f:26:5b:
         5e:76:37:51:0e:c3:5e:5a:4d:68:a9:b7:96:d5:05:b8:7c:22:
         da:90:4b:16:fb:0c:ec:de:bf:4d:bd:db:56:a5:35:12:c0:90:
         81:1e:38:19:b6:98:b1:eb:7e:e5:bd:75:61:7e:c1:c7:f5:60:
         bf:12:18:9e:de:c6:76:5e:c7:6c:89:4f:ee:6b:d4:3b:36:39:
         16:00:ca:21:1f:97:86:59:28:5d:ac:3a:35:72:36:c8:62:e0:
         c4:4a:0c:c4:1b:0b:99:5b:09:88:12:f7:15:96:e3:14:dc:0e:
         83:de:5e:c9:87:ae:8d:d4:49:19:f4:5c:09:f3:11:3e:a1:34:
         8e:f7:e9:f4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt4NQLApqZmAnUTeRTgXB3DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1YThjMDA5MDMwMTk5NTU2NGFhMjEzOGI0MzAzODllZjg4
Y2Q3N2IwHhcNMjYwMTAxMDYxODE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2M2YmU0Mjc0N2NlYmU5MjkwN2IzNDM1ZWM3MzFjMmI1MWZiOWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu592E5PemJfcAXHQRigGrQC7tvHt
DbM+U87lnP+aPTG4SpvkXTYVdsBUuIhXnsZOBgqUkFyazyxENaPVZl5QgBUp11KI
UXAcGmZgSDTcsthq4l1iASEQ+lGdW+QD9xnYmt74w43WI91c+R0xdv0z6twonVEO
3LMq7A1Vwr8pOBqiMOcp5pgBLs2GK5azthMM9X5l0Qv85zYKivSwgNU0CoxKGDcW
LJQW+VSFpxaWLkFJB0yCqd4020B9h+YZovkGQ5H0QZnKdsjLQe6m/VVDqLvzQVoi
rEynxpcsMQh7O86e8ggFGu5U60j1l9Sr5lKY3lOyOaoWIcTncRnmmBR5WQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLfGvkJ0fOvpKQezQ17HMcK1H7mwMB8GA1UdIwQY
MBaAFJWowAkDAZlVZKohOLQwOJ74jNd7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGFqQUNRTUJtVlZrcWlFNHREQTRudmlNMTNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC85Y2FlMTAtMTYxMy00YjllLWJiYTQt
MjRkNDJhMTUxYzBhLzEvdDhhLVFuUjg2LWtwQjdORFhzY3h3clVmdWJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC85Y2FlMTAtMTYxMy00YjllLWJiYTQtMjRkNDJhMTUxYzBh
LzEvbGFqQUNRTUJtVlZrcWlFNHREQTRudmlNMTNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwV2YMA0E
AgACMAcDBQMqBz7AMA0GCSqGSIb3DQEBCwUAA4IBAQCvT2wLN2woaur6lFNWzjXf
TpYfWvNUwvXLqhdC+UdoMiyfkTm6yZy+VGbMOl36uMIIVlQI/E/hsWUVuyoJrV5b
/84v7EnT+lUL2XuADuATBFqk7OAYivz6HYtE4LqAiBtzp4AC01bbO0t+dBb4AW+X
5VZtujQLW+SBv68/JltedjdRDsNeWk1oqbeW1QW4fCLakEsW+wzs3r9NvdtWpTUS
wJCBHjgZtpix637lvXVhfsHH9WC/Ehie3sZ2XsdsiU/ua9Q7NjkWAMohH5eGWShd
rDo1cjbIYuDESgzEGwuZWwmIEvcVluMU3A6D3l7Jh66N1EkZ9FwJ8xE+oTSO9+n0
-----END CERTIFICATE-----