Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/6c7970-8cf8-4d3a-a230-d62e585c8161/1/9Uh8hi2XjzjTI07m52BOUEVY774.roa
File:                     9Uh8hi2XjzjTI07m52BOUEVY774.roa (raw, json)
Hash identifier:          yoDrm0qg0msJJ0YvgT2enc8jij0zEDKh7V20lRAU8j4=
Subject key identifier:   F5:48:7C:86:2D:97:8F:38:D3:23:4E:E6:E7:60:4E:50:45:58:EF:BE
Certificate issuer:       /CN=b63ac2e4e4ddb3e540756f17aa970d4a8a30a85c
Certificate serial:       019E0198AA1F15D4D9B02C9BB24BFBDEBF12
Authority key identifier: B6:3A:C2:E4:E4:DD:B3:E5:40:75:6F:17:AA:97:0D:4A:8A:30:A8:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tjrC5OTds-VAdW8XqpcNSoowqFw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/6c7970-8cf8-4d3a-a230-d62e585c8161/1/9Uh8hi2XjzjTI07m52BOUEVY774.roa
Signing time:             Thu 07 May 2026 08:40:42 +0000
ROA not before:           Thu 07 May 2026 08:40:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42128
IP address blocks:        193.33.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/6c7970-8cf8-4d3a-a230-d62e585c8161/1/tjrC5OTds-VAdW8XqpcNSoowqFw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/6c7970-8cf8-4d3a-a230-d62e585c8161/1/tjrC5OTds-VAdW8XqpcNSoowqFw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tjrC5OTds-VAdW8XqpcNSoowqFw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:01:98:aa:1f:15:d4:d9:b0:2c:9b:b2:4b:fb:de:bf:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b63ac2e4e4ddb3e540756f17aa970d4a8a30a85c
        Validity
            Not Before: May  7 08:40:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f5487c862d978f38d3234ee6e7604e504558efbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:c4:b7:b4:75:02:d7:cf:15:93:f5:7d:80:40:
                    5d:6c:d7:92:73:fb:28:e0:c6:28:06:c6:52:98:06:
                    82:d7:e3:7c:38:49:a7:f9:a4:81:8e:7c:18:c2:0d:
                    d1:73:ee:fb:7c:e8:e4:dd:6e:6f:98:68:7b:5d:e1:
                    86:17:0c:2b:53:89:94:e2:c6:bd:c6:46:5c:05:de:
                    5f:56:db:74:60:16:d4:e3:9f:41:fb:23:8e:dc:0b:
                    da:29:16:1a:02:23:8c:9d:be:12:74:a2:a0:f7:c5:
                    23:85:d4:09:46:a5:78:bc:86:6b:20:e6:21:51:6b:
                    8f:76:8b:ed:98:95:4f:61:bb:61:19:1f:17:72:66:
                    cd:d0:56:10:52:ff:4b:6a:bb:20:20:51:f4:df:23:
                    98:7d:bd:9b:4d:4a:60:f3:2b:1f:ec:89:42:8d:39:
                    d7:13:96:ed:62:8d:79:6f:68:fe:ad:ab:5a:5d:5d:
                    2c:e5:34:c9:0e:e9:2a:0a:9b:07:1d:9f:b9:6e:ce:
                    cf:64:a9:e4:48:7e:32:1f:5b:78:e6:64:cc:de:a8:
                    e2:cd:97:1d:d4:38:20:dc:83:da:1e:3b:38:ee:d8:
                    2a:24:db:d8:1a:a3:02:0c:36:57:63:eb:8b:01:77:
                    b7:ab:65:6a:91:7a:d3:13:6c:f8:41:48:85:33:1c:
                    c7:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:48:7C:86:2D:97:8F:38:D3:23:4E:E6:E7:60:4E:50:45:58:EF:BE
            X509v3 Authority Key Identifier:
                keyid:B6:3A:C2:E4:E4:DD:B3:E5:40:75:6F:17:AA:97:0D:4A:8A:30:A8:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tjrC5OTds-VAdW8XqpcNSoowqFw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/6c7970-8cf8-4d3a-a230-d62e585c8161/1/9Uh8hi2XjzjTI07m52BOUEVY774.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/6c7970-8cf8-4d3a-a230-d62e585c8161/1/tjrC5OTds-VAdW8XqpcNSoowqFw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.33.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:2e:0e:4c:80:33:8b:5c:90:85:ce:51:59:ce:11:b6:f0:44:
         a0:4e:63:d7:13:17:c3:96:b0:57:59:92:70:45:7f:fe:1a:0a:
         be:52:44:69:da:c9:ab:ac:bc:1f:89:4e:de:63:61:02:24:d4:
         69:a6:fe:a3:46:42:fd:25:fd:ee:71:cc:b0:ea:c2:be:de:45:
         db:3c:b3:75:f2:c4:6d:4c:24:e5:5a:de:ed:d6:fc:6b:35:00:
         7b:ca:5e:7f:c1:35:19:dc:53:97:73:75:88:bc:44:a9:33:0c:
         55:af:9b:8a:54:0f:1c:11:09:23:95:e1:e7:63:8c:69:03:f0:
         61:c9:1e:30:9d:88:be:84:81:8b:31:a8:57:f3:f4:0f:b5:93:
         41:7e:48:22:6a:cc:bc:03:22:fa:1e:5d:5b:ca:94:7d:65:64:
         92:bd:46:e4:e7:7d:f9:74:fd:45:c7:65:3f:aa:02:bf:61:68:
         34:05:9e:ce:28:28:65:41:55:e8:34:42:c9:f8:2f:25:aa:4f:
         6b:b3:fa:ad:7e:8c:d5:dc:4d:4a:4f:96:98:55:a0:9a:83:bf:
         2d:49:66:f2:37:52:ab:be:17:b7:ef:a2:f8:cb:a3:9f:0a:c7:
         f2:e4:53:bc:64:7b:ef:b9:6b:89:40:c6:ac:47:de:1a:80:7a:
         c1:18:fe:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4BmKofFdTZsCybskv73r8SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2M2FjMmU0ZTRkZGIzZTU0MDc1NmYxN2FhOTcwZDRhOGEz
MGE4NWMwHhcNMjYwNTA3MDg0MDQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTQ4N2M4NjJkOTc4ZjM4ZDMyMzRlZTZlNzYwNGU1MDQ1NThlZmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA68S3tHUC188Vk/V9gEBdbNeSc/so
4MYoBsZSmAaC1+N8OEmn+aSBjnwYwg3Rc+77fOjk3W5vmGh7XeGGFwwrU4mU4sa9
xkZcBd5fVtt0YBbU459B+yOO3AvaKRYaAiOMnb4SdKKg98UjhdQJRqV4vIZrIOYh
UWuPdovtmJVPYbthGR8XcmbN0FYQUv9LarsgIFH03yOYfb2bTUpg8ysf7IlCjTnX
E5btYo15b2j+rataXV0s5TTJDukqCpsHHZ+5bs7PZKnkSH4yH1t45mTM3qjizZcd
1Dgg3IPaHjs47tgqJNvYGqMCDDZXY+uLAXe3q2VqkXrTE2z4QUiFMxzHAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPVIfIYtl4840yNO5udgTlBFWO++MB8GA1UdIwQY
MBaAFLY6wuTk3bPlQHVvF6qXDUqKMKhcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGpyQzVPVGRzLVZBZFc4WHFwY05Tb293cUZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni82Yzc5NzAtOGNmOC00ZDNhLWEyMzAt
ZDYyZTU4NWM4MTYxLzEvOVVoOGhpMlhqempUSTA3bTUyQk9VRVZZNzc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni82Yzc5NzAtOGNmOC00ZDNhLWEyMzAtZDYyZTU4NWM4MTYx
LzEvdGpyQzVPVGRzLVZBZFc4WHFwY05Tb293cUZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSFoMA0G
CSqGSIb3DQEBCwUAA4IBAQA0Lg5MgDOLXJCFzlFZzhG28ESgTmPXExfDlrBXWZJw
RX/+Ggq+UkRp2smrrLwfiU7eY2ECJNRppv6jRkL9Jf3uccyw6sK+3kXbPLN18sRt
TCTlWt7t1vxrNQB7yl5/wTUZ3FOXc3WIvESpMwxVr5uKVA8cEQkjleHnY4xpA/Bh
yR4wnYi+hIGLMahX8/QPtZNBfkgiasy8AyL6Hl1bypR9ZWSSvUbk5335dP1Fx2U/
qgK/YWg0BZ7OKChlQVXoNELJ+C8lqk9rs/qtfozV3E1KT5aYVaCag78tSWbyN1Kr
vhe376L4y6OfCsfy5FO8ZHvvuWuJQMasR94agHrBGP5q
-----END CERTIFICATE-----