Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/02daa4-0874-4f3d-bf22-d1ad54d0c053/1/rrMzogUtnNYohdiYHBUx1xdS4QY.roa
File:                     rrMzogUtnNYohdiYHBUx1xdS4QY.roa (raw, json)
Hash identifier:          gXfiVkS6pTRRTpVE1kuG1Q8iGKyEXJ5GRFNZwq4pmAg=
Subject key identifier:   AE:B3:33:A2:05:2D:9C:D6:28:85:D8:98:1C:15:31:D7:17:52:E1:06
Certificate issuer:       /CN=095654498e1cc7bf8ce09eae17acdf7c883d5b49
Certificate serial:       019B7E383FD2C14AEF74C2E0C65AA44A4FBF
Authority key identifier: 09:56:54:49:8E:1C:C7:BF:8C:E0:9E:AE:17:AC:DF:7C:88:3D:5B:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CVZUSY4cx7-M4J6uF6zffIg9W0k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/02daa4-0874-4f3d-bf22-d1ad54d0c053/1/rrMzogUtnNYohdiYHBUx1xdS4QY.roa
Signing time:             Fri 02 Jan 2026 10:19:34 +0000
ROA not before:           Fri 02 Jan 2026 10:19:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21134
IP address blocks:        193.109.104.0/23 maxlen: 23
                          193.109.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/02daa4-0874-4f3d-bf22-d1ad54d0c053/1/CVZUSY4cx7-M4J6uF6zffIg9W0k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/02daa4-0874-4f3d-bf22-d1ad54d0c053/1/CVZUSY4cx7-M4J6uF6zffIg9W0k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CVZUSY4cx7-M4J6uF6zffIg9W0k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 22:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:3f:d2:c1:4a:ef:74:c2:e0:c6:5a:a4:4a:4f:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=095654498e1cc7bf8ce09eae17acdf7c883d5b49
        Validity
            Not Before: Jan  2 10:19:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=aeb333a2052d9cd62885d8981c1531d71752e106
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:1b:76:49:bf:db:db:f4:db:c1:56:c8:c2:1f:
                    2c:b2:0e:bc:a7:08:33:53:21:c9:d0:7c:ba:87:57:
                    5a:48:65:9c:f4:31:c8:e9:b4:93:4b:37:b8:7f:05:
                    59:91:04:14:d5:03:15:47:39:fa:41:31:71:e9:b1:
                    8a:c2:a9:b4:c3:c0:8d:04:3b:e9:c9:79:f0:f4:d5:
                    a4:40:45:42:82:b9:39:1c:b8:78:bc:e5:4f:90:76:
                    ae:70:5e:73:ad:3e:e8:dc:cb:c4:44:3f:cd:f5:9a:
                    94:3d:7d:e1:00:11:cf:72:42:df:b8:a6:25:ec:4f:
                    54:d0:75:f8:fc:72:b7:8f:48:35:45:70:3b:ec:bb:
                    d5:41:09:17:13:72:00:98:16:98:4c:f9:f0:c7:42:
                    55:b1:b6:43:b1:1a:83:42:f5:3d:71:94:0e:18:8e:
                    47:08:70:36:0c:2d:d6:2d:58:23:19:97:d2:2d:c4:
                    d7:a5:7c:5e:d4:b5:a3:74:89:db:c1:c7:2c:04:98:
                    cc:cb:d0:2c:11:b5:37:6a:eb:d3:d3:d1:5f:ea:09:
                    01:cc:7d:b0:5b:43:cf:4e:f9:99:f6:cb:bb:a6:5e:
                    19:6e:47:68:9a:79:f7:cb:a9:78:8a:17:ed:46:fe:
                    87:92:f7:91:e7:f1:f3:7c:2b:31:c4:91:c9:65:69:
                    9b:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:B3:33:A2:05:2D:9C:D6:28:85:D8:98:1C:15:31:D7:17:52:E1:06
            X509v3 Authority Key Identifier:
                keyid:09:56:54:49:8E:1C:C7:BF:8C:E0:9E:AE:17:AC:DF:7C:88:3D:5B:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CVZUSY4cx7-M4J6uF6zffIg9W0k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/02daa4-0874-4f3d-bf22-d1ad54d0c053/1/rrMzogUtnNYohdiYHBUx1xdS4QY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/02daa4-0874-4f3d-bf22-d1ad54d0c053/1/CVZUSY4cx7-M4J6uF6zffIg9W0k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.109.104.0-193.109.106.255

    Signature Algorithm: sha256WithRSAEncryption
         74:56:d3:9d:46:6b:b3:a0:19:50:8c:78:c0:7e:12:2a:a6:55:
         d9:ad:34:a5:28:a3:b4:76:0a:d7:5e:27:f8:9e:21:2f:a6:75:
         bd:6c:bd:bb:c5:cf:35:0d:a9:e3:a5:a5:b1:50:9b:2d:3b:ac:
         6c:71:c2:4e:1b:a0:69:1a:95:d1:86:e7:0f:77:c7:0c:a9:ca:
         77:0f:e7:84:d0:c7:60:8d:a4:53:3d:ad:f8:2d:92:a9:82:c9:
         3e:e5:ef:79:b8:36:35:00:c2:2d:58:fd:64:18:d0:c1:d9:21:
         b3:e8:1d:fd:f5:1a:3c:16:eb:f3:80:2c:19:ea:f6:64:c4:a5:
         07:12:7c:68:01:ba:25:a0:88:9f:32:c4:d1:5a:1e:7c:40:dc:
         c3:30:b6:c0:f7:93:e3:09:17:2b:77:36:0a:d6:96:98:aa:10:
         e7:5e:cc:e3:75:3f:a9:5e:22:fa:61:97:67:a8:2f:6b:5a:60:
         92:72:f2:76:d8:70:c8:21:59:a3:5a:bf:e4:35:98:30:0c:22:
         fb:1d:9a:5b:ca:42:2f:2d:93:bb:29:0a:fe:be:62:41:d2:bd:
         d1:e6:7e:47:13:36:5c:b6:5d:d7:0e:1a:7f:c4:b2:89:dc:25:
         11:4b:b5:cd:f3:49:0b:d1:73:e8:8f:42:be:19:ac:22:04:a5:
         43:92:92:48
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZt+OD/SwUrvdMLgxlqkSk+/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5NTY1NDQ5OGUxY2M3YmY4Y2UwOWVhZTE3YWNkZjdjODgz
ZDViNDkwHhcNMjYwMTAyMTAxOTM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWIzMzNhMjA1MmQ5Y2Q2Mjg4NWQ4OTgxYzE1MzFkNzE3NTJlMTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtxt2Sb/b2/TbwVbIwh8ssg68pwgz
UyHJ0Hy6h1daSGWc9DHI6bSTSze4fwVZkQQU1QMVRzn6QTFx6bGKwqm0w8CNBDvp
yXnw9NWkQEVCgrk5HLh4vOVPkHaucF5zrT7o3MvERD/N9ZqUPX3hABHPckLfuKYl
7E9U0HX4/HK3j0g1RXA77LvVQQkXE3IAmBaYTPnwx0JVsbZDsRqDQvU9cZQOGI5H
CHA2DC3WLVgjGZfSLcTXpXxe1LWjdInbwccsBJjMy9AsEbU3auvT09Ff6gkBzH2w
W0PPTvmZ9su7pl4Zbkdomnn3y6l4ihftRv6HkveR5/HzfCsxxJHJZWmbjQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFK6zM6IFLZzWKIXYmBwVMdcXUuEGMB8GA1UdIwQY
MBaAFAlWVEmOHMe/jOCerhes33yIPVtJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ZaVVNZNGN4Ny1NNEo2dUY2emZmSWc5VzBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMmRhYTQtMDg3NC00ZjNkLWJmMjIt
ZDFhZDU0ZDBjMDUzLzEvcnJNem9nVXRuTllvaGRpWUhCVXgxeGRTNFFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMmRhYTQtMDg3NC00ZjNkLWJmMjItZDFhZDU0ZDBjMDUz
LzEvQ1ZaVVNZNGN4Ny1NNEo2dUY2emZmSWc5VzBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAPBbWgD
BADBbWowDQYJKoZIhvcNAQELBQADggEBAHRW051Ga7OgGVCMeMB+EiqmVdmtNKUo
o7R2CtdeJ/ieIS+mdb1svbvFzzUNqeOlpbFQmy07rGxxwk4boGkaldGG5w93xwyp
yncP54TQx2CNpFM9rfgtkqmCyT7l73m4NjUAwi1Y/WQY0MHZIbPoHf31GjwW6/OA
LBnq9mTEpQcSfGgBuiWgiJ8yxNFaHnxA3MMwtsD3k+MJFyt3NgrWlpiqEOdezON1
P6leIvphl2eoL2taYJJy8nbYcMghWaNav+Q1mDAMIvsdmlvKQi8tk7spCv6+YkHS
vdHmfkcTNly2XdcOGn/EsoncJRFLtc3zSQvRc+iPQr4ZrCIEpUOSkkg=
-----END CERTIFICATE-----