Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/fd8ef9-7833-4974-9257-65b4a69fbbce/1/_5oe6VqZsqBT0LMhmKV2LIl_uf8.roa
File:                     _5oe6VqZsqBT0LMhmKV2LIl_uf8.roa (raw, json)
Hash identifier:          /SkExJhWDQiBSVIh+Uw/CkRQN60+0HSnourFk+/DB2s=
Subject key identifier:   FF:9A:1E:E9:5A:99:B2:A0:53:D0:B3:21:98:A5:76:2C:89:7F:B9:FF
Certificate issuer:       /CN=d3ee4d6e1c04a0f58295b2a97210acd47bf7d96a
Certificate serial:       019B79ECC75DA6EA1B70EAEA9D5CD77E49CB
Authority key identifier: D3:EE:4D:6E:1C:04:A0:F5:82:95:B2:A9:72:10:AC:D4:7B:F7:D9:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0-5NbhwEoPWClbKpchCs1Hv32Wo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/fd8ef9-7833-4974-9257-65b4a69fbbce/1/_5oe6VqZsqBT0LMhmKV2LIl_uf8.roa
Signing time:             Thu 01 Jan 2026 14:18:39 +0000
ROA not before:           Thu 01 Jan 2026 14:18:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     398300
IP address blocks:        193.34.148.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/fd8ef9-7833-4974-9257-65b4a69fbbce/1/0-5NbhwEoPWClbKpchCs1Hv32Wo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/fd8ef9-7833-4974-9257-65b4a69fbbce/1/0-5NbhwEoPWClbKpchCs1Hv32Wo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0-5NbhwEoPWClbKpchCs1Hv32Wo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 20:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:c7:5d:a6:ea:1b:70:ea:ea:9d:5c:d7:7e:49:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3ee4d6e1c04a0f58295b2a97210acd47bf7d96a
        Validity
            Not Before: Jan  1 14:18:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ff9a1ee95a99b2a053d0b32198a5762c897fb9ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:fa:b9:12:27:ad:db:57:d5:33:be:42:11:e8:
                    92:c1:84:46:dd:51:7e:85:92:d6:eb:42:eb:2b:a4:
                    fa:38:e1:8d:c1:f6:2f:97:5e:c0:fb:55:1d:74:bb:
                    2d:62:8b:ec:f5:95:9a:00:fb:1f:4d:58:39:b9:ce:
                    ef:3a:91:b6:15:6e:d8:ff:d1:50:f1:cd:f6:93:ea:
                    52:54:aa:ae:86:76:32:27:c8:0a:c1:3a:e7:40:81:
                    b9:15:9e:ee:51:5a:fd:3e:a0:45:c4:3c:3c:ed:ee:
                    f3:b0:ca:a8:05:18:da:72:2e:61:f3:54:19:7f:ad:
                    b8:9f:a8:0d:de:75:aa:f8:ac:15:5b:e0:8a:2f:34:
                    53:a7:66:89:5b:37:1a:51:ba:7c:e4:2a:f5:3c:76:
                    04:57:01:88:66:66:46:68:6b:5f:f4:7a:ac:a0:43:
                    c3:91:c8:ca:89:8b:4e:c5:dc:bc:d1:15:b6:21:66:
                    e8:03:5b:df:03:4e:a5:27:33:90:1d:db:3b:97:79:
                    13:1a:87:ae:83:0f:3f:64:24:9f:bc:a5:ce:f2:3b:
                    f9:21:7e:9d:2d:42:c8:55:0f:fe:92:e3:ab:60:11:
                    95:42:21:47:20:ad:6e:21:39:0a:40:c3:00:54:96:
                    78:f3:94:85:22:99:a0:33:06:32:4d:ce:a1:d7:44:
                    26:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:9A:1E:E9:5A:99:B2:A0:53:D0:B3:21:98:A5:76:2C:89:7F:B9:FF
            X509v3 Authority Key Identifier:
                keyid:D3:EE:4D:6E:1C:04:A0:F5:82:95:B2:A9:72:10:AC:D4:7B:F7:D9:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0-5NbhwEoPWClbKpchCs1Hv32Wo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/fd8ef9-7833-4974-9257-65b4a69fbbce/1/_5oe6VqZsqBT0LMhmKV2LIl_uf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/fd8ef9-7833-4974-9257-65b4a69fbbce/1/0-5NbhwEoPWClbKpchCs1Hv32Wo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.34.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         19:97:17:d8:36:a9:f9:ad:04:4b:7c:72:03:d9:87:cd:96:90:
         5f:b7:70:15:79:7d:cf:14:d4:c6:e5:49:17:54:d2:26:7a:59:
         fd:48:e3:87:f6:ec:a1:e2:6f:d9:ba:b4:f9:64:2f:d2:a8:5d:
         0b:c2:c5:c8:14:05:c5:f1:7e:46:50:97:77:1b:e9:5c:ee:2a:
         5e:dd:82:ed:4b:d3:f4:2c:1f:cf:b3:00:6a:d8:c2:b5:45:21:
         c2:fe:bb:87:69:2e:a6:9c:e7:57:3a:84:e9:4c:63:ec:15:26:
         64:75:af:ce:b9:be:49:96:18:eb:0e:bb:b5:9b:77:24:9c:dd:
         a3:bf:5e:d1:a9:ed:c2:bf:22:58:bc:94:5d:31:8d:81:7f:2b:
         ad:50:11:7e:0a:a2:e4:21:ac:11:ba:ac:94:a8:3f:16:57:dc:
         ea:f6:6e:3e:76:f1:69:31:9f:11:81:32:69:8e:a6:56:00:4b:
         c6:95:09:01:23:b1:2e:4f:2e:cd:a9:42:f1:a3:33:a4:9b:80:
         08:a0:eb:23:3c:06:17:34:78:2f:ab:a1:2a:18:69:7e:a5:3e:
         75:be:e5:d3:1a:2d:20:8c:f0:52:0d:0e:22:97:da:e4:2f:a3:
         32:b6:bf:54:23:75:3b:1d:24:02:29:9b:43:0a:89:52:6e:3a:
         8e:38:26:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57MddpuobcOrqnVzXfknLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzZWU0ZDZlMWMwNGEwZjU4Mjk1YjJhOTcyMTBhY2Q0N2Jm
N2Q5NmEwHhcNMjYwMTAxMTQxODM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjlhMWVlOTVhOTliMmEwNTNkMGIzMjE5OGE1NzYyYzg5N2ZiOWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAufq5Eiet21fVM75CEeiSwYRG3VF+
hZLW60LrK6T6OOGNwfYvl17A+1UddLstYovs9ZWaAPsfTVg5uc7vOpG2FW7Y/9FQ
8c32k+pSVKquhnYyJ8gKwTrnQIG5FZ7uUVr9PqBFxDw87e7zsMqoBRjaci5h81QZ
f624n6gN3nWq+KwVW+CKLzRTp2aJWzcaUbp85Cr1PHYEVwGIZmZGaGtf9HqsoEPD
kcjKiYtOxdy80RW2IWboA1vfA06lJzOQHds7l3kTGoeugw8/ZCSfvKXO8jv5IX6d
LULIVQ/+kuOrYBGVQiFHIK1uITkKQMMAVJZ485SFIpmgMwYyTc6h10QmfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP+aHulambKgU9CzIZildiyJf7n/MB8GA1UdIwQY
MBaAFNPuTW4cBKD1gpWyqXIQrNR799lqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMC01TmJod0VvUFdDbGJLcGNoQ3MxSHYzMldvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS9mZDhlZjktNzgzMy00OTc0LTkyNTct
NjViNGE2OWZiYmNlLzEvXzVvZTZWcVpzcUJUMExNaG1LVjJMSWxfdWY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS9mZDhlZjktNzgzMy00OTc0LTkyNTctNjViNGE2OWZiYmNl
LzEvMC01TmJod0VvUFdDbGJLcGNoQ3MxSHYzMldvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwSKUMA0G
CSqGSIb3DQEBCwUAA4IBAQAZlxfYNqn5rQRLfHID2YfNlpBft3AVeX3PFNTG5UkX
VNImeln9SOOH9uyh4m/ZurT5ZC/SqF0LwsXIFAXF8X5GUJd3G+lc7ipe3YLtS9P0
LB/PswBq2MK1RSHC/ruHaS6mnOdXOoTpTGPsFSZkda/Oub5JlhjrDru1m3cknN2j
v17Rqe3CvyJYvJRdMY2BfyutUBF+CqLkIawRuqyUqD8WV9zq9m4+dvFpMZ8RgTJp
jqZWAEvGlQkBI7EuTy7NqULxozOkm4AIoOsjPAYXNHgvq6EqGGl+pT51vuXTGi0g
jPBSDQ4il9rkL6Mytr9UI3U7HSQCKZtDColSbjqOOCau
-----END CERTIFICATE-----