Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/tpvfXEACkV14koJNtMfPTqgi_FI.roa
File:                     tpvfXEACkV14koJNtMfPTqgi_FI.roa (raw, json)
Hash identifier:          EfZdc30FGwxWmYElAs13ngXxxxQnDLgipgf5zCu6o1s=
Subject key identifier:   B6:9B:DF:5C:40:02:91:5D:78:92:82:4D:B4:C7:CF:4E:A8:22:FC:52
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       019E0BAF46E06D85C711599F8252819B5A8B
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/tpvfXEACkV14koJNtMfPTqgi_FI.roa
Signing time:             Sat 09 May 2026 07:41:36 +0000
ROA not before:           Sat 09 May 2026 07:41:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        193.108.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:0b:af:46:e0:6d:85:c7:11:59:9f:82:52:81:9b:5a:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: May  9 07:41:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b69bdf5c4002915d7892824db4c7cf4ea822fc52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:3f:63:70:2f:97:97:20:00:e0:85:38:33:9b:
                    7f:0f:ef:4f:6e:71:ea:bb:81:6f:2e:17:9b:4e:62:
                    81:e2:39:cb:15:7e:3d:4c:cc:28:c6:5c:85:a0:ce:
                    2c:a5:b2:6b:a7:f6:3c:3d:33:db:83:fc:3f:cb:b2:
                    45:92:8f:52:1d:4f:04:1c:c2:2a:36:e3:8f:89:25:
                    eb:69:03:57:04:81:a6:9d:bb:9b:bf:94:a7:d6:03:
                    cc:cc:92:9f:76:db:65:9b:c0:13:b5:5e:30:7c:b7:
                    24:90:92:58:a1:52:cb:90:3b:3e:5d:01:1d:06:e4:
                    ce:1c:18:e4:53:8d:38:fa:da:95:0a:56:6f:e3:9e:
                    2d:e8:57:2b:e9:1e:25:26:6b:d5:09:df:0d:b8:d1:
                    33:62:01:a6:1a:2c:a4:7d:c0:5f:f7:7b:6e:ed:0a:
                    d8:6c:83:cf:bc:10:a4:f5:7d:9e:56:b1:e9:11:8d:
                    67:0e:85:d0:22:ce:71:ec:4b:54:d2:ad:bb:93:3d:
                    a1:ad:bc:0d:dd:51:37:57:cc:35:3a:7c:cb:29:53:
                    29:cb:cf:50:9d:e3:5a:97:62:7e:17:53:2f:3b:1e:
                    5e:d5:c6:99:dd:2c:fa:27:4b:44:26:66:ea:2d:c7:
                    8c:6c:86:46:56:67:00:98:b8:43:02:9c:98:4f:20:
                    e1:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:9B:DF:5C:40:02:91:5D:78:92:82:4D:B4:C7:CF:4E:A8:22:FC:52
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/tpvfXEACkV14koJNtMfPTqgi_FI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:55:92:f1:57:c0:ae:fd:23:63:db:83:ff:c5:97:00:11:cf:
         6f:99:b7:00:b1:5b:34:5c:b1:39:ad:7a:7e:4c:63:20:05:47:
         f7:95:07:21:35:25:74:2b:7a:f6:b8:81:2c:2c:f1:19:56:03:
         62:c8:c0:80:ff:d6:57:17:4e:f3:0d:8c:3b:42:bc:91:e5:46:
         36:f3:6e:11:73:5e:d6:a6:68:0e:4a:cd:ef:7f:4f:c6:bd:18:
         0e:8b:8b:24:cc:2e:55:c8:08:0b:11:2a:b6:52:9a:c3:b9:40:
         e4:01:fd:67:d3:dc:cf:7b:57:8d:62:54:09:66:31:6b:a1:ee:
         20:81:0e:78:88:28:5a:0a:09:b2:23:5c:17:4d:db:80:c5:60:
         fb:cf:bc:38:60:d1:62:9a:b1:63:10:c6:29:fd:48:c5:e8:2f:
         b8:11:b6:34:4e:9a:f5:3b:97:ce:10:1a:36:a2:20:1c:6a:d7:
         91:03:e3:00:cc:94:a8:e7:4b:5c:4f:7a:62:fe:e0:2f:8d:c1:
         2d:e2:f6:39:f4:7c:1d:17:55:7c:c1:5b:bc:89:e5:8e:26:74:
         cd:27:90:4b:a8:06:8e:21:ad:c7:6f:51:6f:27:9e:a8:db:14:
         73:cb:00:6e:22:17:e8:26:c7:68:da:65:bf:1a:1c:4a:7b:6a:
         d0:5c:68:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4Lr0bgbYXHEVmfglKBm1qLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjYwNTA5MDc0MTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjliZGY1YzQwMDI5MTVkNzg5MjgyNGRiNGM3Y2Y0ZWE4MjJmYzUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzz9jcC+XlyAA4IU4M5t/D+9PbnHq
u4FvLhebTmKB4jnLFX49TMwoxlyFoM4spbJrp/Y8PTPbg/w/y7JFko9SHU8EHMIq
NuOPiSXraQNXBIGmnbubv5Sn1gPMzJKfdttlm8ATtV4wfLckkJJYoVLLkDs+XQEd
BuTOHBjkU404+tqVClZv454t6Fcr6R4lJmvVCd8NuNEzYgGmGiykfcBf93tu7QrY
bIPPvBCk9X2eVrHpEY1nDoXQIs5x7EtU0q27kz2hrbwN3VE3V8w1OnzLKVMpy89Q
neNal2J+F1MvOx5e1caZ3Sz6J0tEJmbqLceMbIZGVmcAmLhDApyYTyDh6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLab31xAApFdeJKCTbTHz06oIvxSMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvdHB2ZlhFQUNrVjE0a29KTnRNZlBUcWdpX0ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWw4MA0G
CSqGSIb3DQEBCwUAA4IBAQA0VZLxV8Cu/SNj24P/xZcAEc9vmbcAsVs0XLE5rXp+
TGMgBUf3lQchNSV0K3r2uIEsLPEZVgNiyMCA/9ZXF07zDYw7QryR5UY2824Rc17W
pmgOSs3vf0/GvRgOi4skzC5VyAgLESq2UprDuUDkAf1n09zPe1eNYlQJZjFroe4g
gQ54iChaCgmyI1wXTduAxWD7z7w4YNFimrFjEMYp/UjF6C+4EbY0Tpr1O5fOEBo2
oiAcateRA+MAzJSo50tcT3pi/uAvjcEt4vY59HwdF1V8wVu8ieWOJnTNJ5BLqAaO
Ia3Hb1FvJ56o2xRzywBuIhfoJsdo2mW/GhxKe2rQXGg0
-----END CERTIFICATE-----