Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/6c7970-8cf8-4d3a-a230-d62e585c8161/1/pIrh8t_NNRD8MCPix_SqJSVgY7E.roa
File:                     pIrh8t_NNRD8MCPix_SqJSVgY7E.roa (raw, json)
Hash identifier:          eE3cynxx6yPYag5fkQ+E+tY5KNgvElDMK0Zwn7c5OSI=
Subject key identifier:   A4:8A:E1:F2:DF:CD:35:10:FC:30:23:E2:C7:F4:AA:25:25:60:63:B1
Certificate issuer:       /CN=b63ac2e4e4ddb3e540756f17aa970d4a8a30a85c
Certificate serial:       019E019A7F25130C0D916B468CC2D2B07754
Authority key identifier: B6:3A:C2:E4:E4:DD:B3:E5:40:75:6F:17:AA:97:0D:4A:8A:30:A8:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tjrC5OTds-VAdW8XqpcNSoowqFw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/6c7970-8cf8-4d3a-a230-d62e585c8161/1/pIrh8t_NNRD8MCPix_SqJSVgY7E.roa
Signing time:             Thu 07 May 2026 08:42:42 +0000
ROA not before:           Thu 07 May 2026 08:42:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1299
IP address blocks:        193.33.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/6c7970-8cf8-4d3a-a230-d62e585c8161/1/tjrC5OTds-VAdW8XqpcNSoowqFw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/6c7970-8cf8-4d3a-a230-d62e585c8161/1/tjrC5OTds-VAdW8XqpcNSoowqFw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tjrC5OTds-VAdW8XqpcNSoowqFw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:01:9a:7f:25:13:0c:0d:91:6b:46:8c:c2:d2:b0:77:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b63ac2e4e4ddb3e540756f17aa970d4a8a30a85c
        Validity
            Not Before: May  7 08:42:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a48ae1f2dfcd3510fc3023e2c7f4aa25256063b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:10:18:da:98:ce:c1:7f:e5:83:e1:55:f7:98:
                    85:56:d0:6f:12:61:8c:2d:5e:86:48:75:d9:b0:24:
                    21:e4:6b:a8:7d:7a:6f:e8:28:2d:44:5e:26:ed:80:
                    cc:bd:31:da:c4:a5:0d:42:51:71:b1:a3:99:94:ad:
                    f9:30:89:33:90:f1:f5:e1:8d:41:80:2e:5b:d3:a7:
                    6e:1a:c2:eb:1a:d3:94:a5:f3:8d:95:7f:52:ac:21:
                    8c:3c:ed:f6:58:37:c5:53:d8:45:a6:23:54:ba:97:
                    f8:a7:78:73:eb:89:d9:68:52:e8:6f:10:57:7f:dc:
                    15:0d:ce:aa:c5:1a:c7:1a:05:a5:b8:ef:fc:cd:bc:
                    74:68:02:c5:7a:6d:52:2a:2d:5b:d2:72:2e:12:dc:
                    19:49:37:be:97:b5:54:d6:67:5d:fe:6a:c4:9f:5e:
                    06:12:56:1f:5f:fd:ba:95:a3:66:bc:1d:74:50:b0:
                    32:6a:62:6d:52:64:c0:64:cb:fb:aa:33:9d:d8:c6:
                    a7:c3:37:1d:01:2e:d5:4a:6a:58:83:5a:25:fb:28:
                    63:bd:49:6f:06:3c:04:77:e3:e2:44:2c:ac:83:31:
                    6c:2c:81:b6:fc:69:79:b6:a6:67:6c:fa:49:8e:c6:
                    76:21:b8:b7:38:17:4e:a5:82:1d:25:4a:70:4b:5d:
                    48:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:8A:E1:F2:DF:CD:35:10:FC:30:23:E2:C7:F4:AA:25:25:60:63:B1
            X509v3 Authority Key Identifier:
                keyid:B6:3A:C2:E4:E4:DD:B3:E5:40:75:6F:17:AA:97:0D:4A:8A:30:A8:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tjrC5OTds-VAdW8XqpcNSoowqFw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/6c7970-8cf8-4d3a-a230-d62e585c8161/1/pIrh8t_NNRD8MCPix_SqJSVgY7E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/6c7970-8cf8-4d3a-a230-d62e585c8161/1/tjrC5OTds-VAdW8XqpcNSoowqFw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.33.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:2c:d1:41:c4:5c:10:2a:a5:fc:21:1d:f6:9b:8a:47:54:3e:
         42:9e:c3:62:3e:cb:e7:cb:b9:44:c0:65:ca:96:8f:32:c5:b4:
         6e:ad:27:56:dd:e7:6a:f4:7b:82:86:5b:c8:b6:73:ee:f7:f2:
         19:5d:af:b9:fa:9f:80:47:b0:eb:b8:22:ea:aa:cb:4a:9e:63:
         b7:ef:36:bc:9b:64:bd:cb:c3:e2:53:9d:ce:54:1f:fa:0d:e3:
         54:fb:b8:94:9b:48:67:99:9a:1b:c8:10:62:11:ad:c1:46:63:
         ab:21:ea:8f:6e:85:6a:b5:c9:28:18:3c:f2:39:dc:72:ee:43:
         3c:a7:12:f1:52:a1:45:24:35:df:4d:23:3b:bb:f3:04:55:0d:
         dc:cf:1b:04:34:f3:06:59:f9:c4:20:af:ce:92:f2:8a:13:be:
         a0:b4:b4:57:f7:2c:2a:eb:fe:84:ea:7b:93:d6:71:97:77:d8:
         db:54:d1:26:52:f6:cc:dd:d7:37:b4:df:56:5e:ff:86:7b:31:
         52:c0:4e:39:12:14:76:a0:5e:84:92:17:7b:11:2c:9c:4d:ae:
         0f:75:9b:e1:06:1e:1e:1c:8a:03:ae:10:43:91:1a:27:db:14:
         63:ba:e4:f6:8a:4b:01:d9:3d:b6:64:ce:90:ca:c7:fd:02:ec:
         e7:e7:78:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4Bmn8lEwwNkWtGjMLSsHdUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2M2FjMmU0ZTRkZGIzZTU0MDc1NmYxN2FhOTcwZDRhOGEz
MGE4NWMwHhcNMjYwNTA3MDg0MjQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDhhZTFmMmRmY2QzNTEwZmMzMDIzZTJjN2Y0YWEyNTI1NjA2M2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRAY2pjOwX/lg+FV95iFVtBvEmGM
LV6GSHXZsCQh5GuofXpv6CgtRF4m7YDMvTHaxKUNQlFxsaOZlK35MIkzkPH14Y1B
gC5b06duGsLrGtOUpfONlX9SrCGMPO32WDfFU9hFpiNUupf4p3hz64nZaFLobxBX
f9wVDc6qxRrHGgWluO/8zbx0aALFem1SKi1b0nIuEtwZSTe+l7VU1mdd/mrEn14G
ElYfX/26laNmvB10ULAyamJtUmTAZMv7qjOd2ManwzcdAS7VSmpYg1ol+yhjvUlv
BjwEd+PiRCysgzFsLIG2/Gl5tqZnbPpJjsZ2Ibi3OBdOpYIdJUpwS11IeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKSK4fLfzTUQ/DAj4sf0qiUlYGOxMB8GA1UdIwQY
MBaAFLY6wuTk3bPlQHVvF6qXDUqKMKhcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGpyQzVPVGRzLVZBZFc4WHFwY05Tb293cUZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni82Yzc5NzAtOGNmOC00ZDNhLWEyMzAt
ZDYyZTU4NWM4MTYxLzEvcElyaDh0X05OUkQ4TUNQaXhfU3FKU1ZnWTdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni82Yzc5NzAtOGNmOC00ZDNhLWEyMzAtZDYyZTU4NWM4MTYx
LzEvdGpyQzVPVGRzLVZBZFc4WHFwY05Tb293cUZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSFoMA0G
CSqGSIb3DQEBCwUAA4IBAQC8LNFBxFwQKqX8IR32m4pHVD5CnsNiPsvny7lEwGXK
lo8yxbRurSdW3edq9HuChlvItnPu9/IZXa+5+p+AR7DruCLqqstKnmO37za8m2S9
y8PiU53OVB/6DeNU+7iUm0hnmZobyBBiEa3BRmOrIeqPboVqtckoGDzyOdxy7kM8
pxLxUqFFJDXfTSM7u/MEVQ3czxsENPMGWfnEIK/OkvKKE76gtLRX9ywq6/6E6nuT
1nGXd9jbVNEmUvbM3dc3tN9WXv+GezFSwE45EhR2oF6Ekhd7ESycTa4PdZvhBh4e
HIoDrhBDkRon2xRjuuT2iksB2T22ZM6Qysf9Auzn53h4
-----END CERTIFICATE-----