Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/Axye6lnTQ2trM0NHgM46yPjQ3MM.roa
File:                     Axye6lnTQ2trM0NHgM46yPjQ3MM.roa (raw, json)
Hash identifier:          9auVk/IbutJ4boG/8uYOIyssY/B2u2+Nq7L55636P0g=
Subject key identifier:   03:1C:9E:EA:59:D3:43:6B:6B:33:43:47:80:CE:3A:C8:F8:D0:DC:C3
Certificate issuer:       /CN=086438e9889389829fa5f51b6a210731082eac22
Certificate serial:       019DC8E77AD8BD9FA150ECA94EEDA70A6B96
Authority key identifier: 08:64:38:E9:88:93:89:82:9F:A5:F5:1B:6A:21:07:31:08:2E:AC:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CGQ46YiTiYKfpfUbaiEHMQgurCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/Axye6lnTQ2trM0NHgM46yPjQ3MM.roa
Signing time:             Sun 26 Apr 2026 08:28:26 +0000
ROA not before:           Sun 26 Apr 2026 08:28:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        193.57.231.0/24 maxlen: 24
                          194.165.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/CGQ46YiTiYKfpfUbaiEHMQgurCI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/CGQ46YiTiYKfpfUbaiEHMQgurCI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CGQ46YiTiYKfpfUbaiEHMQgurCI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:c8:e7:7a:d8:bd:9f:a1:50:ec:a9:4e:ed:a7:0a:6b:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=086438e9889389829fa5f51b6a210731082eac22
        Validity
            Not Before: Apr 26 08:28:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=031c9eea59d3436b6b33434780ce3ac8f8d0dcc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:0b:28:5e:dd:7e:86:ea:70:52:65:42:35:96:
                    7b:03:91:e7:50:19:4c:4d:63:3f:27:4a:ea:56:de:
                    80:99:10:3a:80:e8:dc:e6:b1:cb:00:c1:fa:1d:49:
                    a0:6d:47:60:96:29:d0:cc:d5:a9:1c:17:c0:27:56:
                    6c:7d:a3:3d:8e:dc:fd:91:70:5a:af:61:9e:cc:6d:
                    7e:f0:18:d0:a8:f7:0f:92:db:38:76:e0:e3:b3:f1:
                    cb:3d:cb:fb:61:40:80:ce:f0:e7:3c:ec:1e:9b:7f:
                    4f:e7:cf:68:a8:96:8b:64:7c:ef:73:49:91:60:9e:
                    56:4b:4e:76:70:d0:41:6d:be:0b:c6:38:85:75:78:
                    04:3f:88:d9:49:86:4d:e9:19:07:ad:2d:d7:e4:2e:
                    90:9c:b5:5d:fc:fc:e6:a7:04:ab:68:79:22:60:11:
                    ed:57:22:7c:51:e6:26:f1:98:ef:40:90:35:ef:7c:
                    4d:10:28:a8:89:59:fe:87:a7:b3:3d:22:10:53:07:
                    8e:b5:68:2e:17:a1:bb:ff:8b:d8:f3:ae:c5:7f:63:
                    a5:b1:df:12:0f:b8:66:89:92:6d:cb:05:db:0e:fd:
                    d0:8c:9b:d9:58:61:e1:7c:d7:4c:17:c2:bb:3f:06:
                    39:a4:ea:69:7b:3d:50:09:37:b0:ab:93:21:a8:51:
                    12:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:1C:9E:EA:59:D3:43:6B:6B:33:43:47:80:CE:3A:C8:F8:D0:DC:C3
            X509v3 Authority Key Identifier:
                keyid:08:64:38:E9:88:93:89:82:9F:A5:F5:1B:6A:21:07:31:08:2E:AC:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CGQ46YiTiYKfpfUbaiEHMQgurCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/Axye6lnTQ2trM0NHgM46yPjQ3MM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/CGQ46YiTiYKfpfUbaiEHMQgurCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.231.0/24
                  194.165.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:50:91:db:da:88:e6:04:b8:ba:99:d6:3f:4b:85:bb:2f:e7:
         5a:bd:da:09:a9:b1:c2:c3:a6:1f:aa:43:b3:1d:ce:47:5f:57:
         35:bd:c0:ba:df:88:37:36:fc:f0:ed:7e:09:69:06:39:b2:b7:
         84:77:bc:05:a7:2d:8f:c8:6e:2a:5a:a6:05:7d:e3:42:d4:14:
         61:a6:0f:b3:37:6b:f2:33:14:b6:21:dc:44:cc:4d:1d:12:a0:
         2b:fa:8e:10:8d:1d:10:f9:47:3b:77:b3:1a:c2:97:55:5a:c4:
         93:81:70:61:7c:65:1b:82:ed:42:1c:78:2b:67:a0:fe:0f:c9:
         6a:8c:52:53:a9:de:72:6f:d3:93:9f:54:6b:e9:ec:d1:e1:b8:
         ea:e2:c0:29:a1:83:45:e4:e0:c5:3c:cb:b0:64:9d:2d:f9:75:
         d6:17:19:b5:ed:ee:30:c6:98:ae:b9:99:6a:25:0e:50:52:17:
         97:1b:b8:25:f1:f7:49:82:6d:6b:7d:2a:1c:af:25:e4:0f:2a:
         c2:20:dc:d8:df:19:3a:3b:06:61:8d:c1:f2:20:dc:e0:4a:c5:
         5e:d0:d2:35:99:2e:a2:48:1d:ba:2d:1d:e9:f9:90:1f:3e:04:
         d9:01:c9:4e:2f:cb:a0:e5:eb:73:63:c0:12:00:c6:0a:5d:6e:
         c1:f1:4e:77
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3I53rYvZ+hUOypTu2nCmuWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4NjQzOGU5ODg5Mzg5ODI5ZmE1ZjUxYjZhMjEwNzMxMDgy
ZWFjMjIwHhcNMjYwNDI2MDgyODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzFjOWVlYTU5ZDM0MzZiNmIzMzQzNDc4MGNlM2FjOGY4ZDBkY2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+AsoXt1+hupwUmVCNZZ7A5HnUBlM
TWM/J0rqVt6AmRA6gOjc5rHLAMH6HUmgbUdglinQzNWpHBfAJ1ZsfaM9jtz9kXBa
r2GezG1+8BjQqPcPkts4duDjs/HLPcv7YUCAzvDnPOwem39P589oqJaLZHzvc0mR
YJ5WS052cNBBbb4LxjiFdXgEP4jZSYZN6RkHrS3X5C6QnLVd/PzmpwSraHkiYBHt
VyJ8UeYm8ZjvQJA173xNECioiVn+h6ezPSIQUweOtWguF6G7/4vY867Ff2Olsd8S
D7hmiZJtywXbDv3QjJvZWGHhfNdMF8K7PwY5pOppez1QCTewq5MhqFESKwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAMcnupZ00NrazNDR4DOOsj40NzDMB8GA1UdIwQY
MBaAFAhkOOmIk4mCn6X1G2ohBzEILqwiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0dRNDZZaVRpWUtmcGZVYmFpRUhNUWd1ckNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9lNDlhZTctYTUxYS00NzY0LTg1Yzgt
YTc4MTBlM2ExYmViLzEvQXh5ZTZsblRRMnRyTTBOSGdNNDZ5UGpRM01NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9lNDlhZTctYTUxYS00NzY0LTg1YzgtYTc4MTBlM2ExYmVi
LzEvQ0dRNDZZaVRpWUtmcGZVYmFpRUhNUWd1ckNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwTnnAwQA
wqUlMA0GCSqGSIb3DQEBCwUAA4IBAQAiUJHb2ojmBLi6mdY/S4W7L+davdoJqbHC
w6YfqkOzHc5HX1c1vcC634g3Nvzw7X4JaQY5sreEd7wFpy2PyG4qWqYFfeNC1BRh
pg+zN2vyMxS2IdxEzE0dEqAr+o4QjR0Q+Uc7d7MawpdVWsSTgXBhfGUbgu1CHHgr
Z6D+D8lqjFJTqd5yb9OTn1Rr6ezR4bjq4sApoYNF5ODFPMuwZJ0t+XXWFxm17e4w
xpiuuZlqJQ5QUheXG7gl8fdJgm1rfSocryXkDyrCINzY3xk6OwZhjcHyINzgSsVe
0NI1mS6iSB26LR3p+ZAfPgTZAclOL8ug5etzY8ASAMYKXW7B8U53
-----END CERTIFICATE-----