Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/79aca9-51dd-4f22-b404-d53866e9186a/1/9l4eTxQiJdfwsUpte57Ojwmqkt8.roa
File:                     9l4eTxQiJdfwsUpte57Ojwmqkt8.roa (raw, json)
Hash identifier:          emeHHUrFvsDMnCrOVZjdq3feYW1b8D0yrHBj07czvhI=
Subject key identifier:   F6:5E:1E:4F:14:22:25:D7:F0:B1:4A:6D:7B:9E:CE:8F:09:AA:92:DF
Certificate issuer:       /CN=2d1172c1c73f971a9fb2e89b7917200c500ee407
Certificate serial:       019CB2E494DDB5DFD24D2B33F0743628E57E
Authority key identifier: 2D:11:72:C1:C7:3F:97:1A:9F:B2:E8:9B:79:17:20:0C:50:0E:E4:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LRFywcc_lxqfsuibeRcgDFAO5Ac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/79aca9-51dd-4f22-b404-d53866e9186a/1/9l4eTxQiJdfwsUpte57Ojwmqkt8.roa
Signing time:             Tue 03 Mar 2026 08:50:50 +0000
ROA not before:           Tue 03 Mar 2026 08:50:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15924
IP address blocks:        93.93.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/79aca9-51dd-4f22-b404-d53866e9186a/1/LRFywcc_lxqfsuibeRcgDFAO5Ac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/79aca9-51dd-4f22-b404-d53866e9186a/1/LRFywcc_lxqfsuibeRcgDFAO5Ac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LRFywcc_lxqfsuibeRcgDFAO5Ac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b2:e4:94:dd:b5:df:d2:4d:2b:33:f0:74:36:28:e5:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d1172c1c73f971a9fb2e89b7917200c500ee407
        Validity
            Not Before: Mar  3 08:50:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f65e1e4f142225d7f0b14a6d7b9ece8f09aa92df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:bc:cd:f1:f4:9d:c8:c1:0a:b6:2c:2c:a8:09:
                    9c:9a:41:3f:bc:cd:85:7e:69:a9:24:45:8f:a7:10:
                    11:92:56:30:1a:48:57:1b:f0:37:4b:4d:f6:68:73:
                    64:1b:5a:70:97:d4:ee:db:5d:a0:db:8b:9a:82:d3:
                    1b:3c:88:f8:21:25:dc:77:5b:2e:f3:1e:cc:1e:bd:
                    86:62:6b:1d:bc:3a:c5:97:b3:f7:fb:bb:a6:68:47:
                    18:b1:45:f7:a2:49:74:a5:eb:44:fc:5f:83:85:b7:
                    bd:12:c9:11:d8:bc:d9:ca:8d:78:06:b3:7d:28:3a:
                    87:20:0d:25:ce:a2:b4:9d:a3:62:a1:03:49:e8:b7:
                    55:dc:08:bd:40:40:34:da:b8:65:ff:9f:2e:05:69:
                    5c:cb:bf:e8:e8:e9:d5:55:92:3f:1d:24:90:cb:5b:
                    77:06:d8:1b:06:cb:d7:b1:3a:dc:d2:8f:31:eb:36:
                    5d:0f:42:5c:91:fd:e6:7b:75:df:c8:cb:37:c7:e9:
                    2a:28:5c:01:f0:00:ce:80:fc:d5:d3:1d:67:aa:f5:
                    5b:8c:94:33:eb:37:8b:8e:4b:d1:ba:8f:1e:42:5a:
                    f1:6b:17:4a:f4:ea:21:53:c3:e5:3d:4a:47:dd:52:
                    36:c1:67:12:95:c1:b0:af:dc:a4:9b:83:ec:a4:c1:
                    2c:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:5E:1E:4F:14:22:25:D7:F0:B1:4A:6D:7B:9E:CE:8F:09:AA:92:DF
            X509v3 Authority Key Identifier:
                keyid:2D:11:72:C1:C7:3F:97:1A:9F:B2:E8:9B:79:17:20:0C:50:0E:E4:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LRFywcc_lxqfsuibeRcgDFAO5Ac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/79aca9-51dd-4f22-b404-d53866e9186a/1/9l4eTxQiJdfwsUpte57Ojwmqkt8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/79aca9-51dd-4f22-b404-d53866e9186a/1/LRFywcc_lxqfsuibeRcgDFAO5Ac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.93.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:5e:58:57:c7:4d:be:d2:c9:1d:2b:bb:ae:80:7b:3b:92:47:
         f8:ab:0a:05:0c:21:10:9a:47:28:67:1b:7a:e3:b4:2f:ac:89:
         e9:81:7c:0e:3f:9c:aa:9c:b7:ad:18:6e:9b:93:51:71:b8:e1:
         24:4c:d7:87:ff:54:59:25:38:d0:25:21:92:8b:16:03:e2:51:
         77:f9:b1:84:72:a4:b2:6b:83:2c:29:da:6e:63:80:3c:1c:fb:
         75:dd:d6:3f:7e:ff:8f:72:a0:bb:20:1d:7a:15:12:a3:38:39:
         a8:54:fd:77:03:bf:fc:fc:6c:fb:7c:62:d7:95:a4:a6:b7:6a:
         3b:0b:33:61:aa:c2:cb:d6:85:3c:ab:28:86:b8:a2:42:c5:f9:
         a2:f6:17:5f:2f:c8:0a:2d:aa:58:47:2a:93:ac:57:cb:29:6f:
         4c:19:61:a6:08:2b:dc:14:f6:15:03:66:d9:64:7a:7b:f8:7c:
         fb:92:2c:fc:d4:0e:39:aa:76:e1:0f:d6:3d:be:87:eb:f3:61:
         54:a8:1e:ad:ac:f4:1e:b1:10:5b:cb:f6:c0:18:3c:20:06:85:
         ee:2b:3d:a6:4c:47:d8:1c:ad:40:79:66:b0:d9:52:85:87:8f:
         7c:cb:3c:8a:23:72:8e:95:51:e1:da:76:86:db:b8:2b:da:1e:
         f0:1a:96:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyy5JTdtd/STSsz8HQ2KOV+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMTE3MmMxYzczZjk3MWE5ZmIyZTg5Yjc5MTcyMDBjNTAw
ZWU0MDcwHhcNMjYwMzAzMDg1MDUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjVlMWU0ZjE0MjIyNWQ3ZjBiMTRhNmQ3YjllY2U4ZjA5YWE5MmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLzN8fSdyMEKtiwsqAmcmkE/vM2F
fmmpJEWPpxARklYwGkhXG/A3S032aHNkG1pwl9Tu212g24uagtMbPIj4ISXcd1su
8x7MHr2GYmsdvDrFl7P3+7umaEcYsUX3okl0petE/F+Dhbe9EskR2LzZyo14BrN9
KDqHIA0lzqK0naNioQNJ6LdV3Ai9QEA02rhl/58uBWlcy7/o6OnVVZI/HSSQy1t3
BtgbBsvXsTrc0o8x6zZdD0Jckf3me3XfyMs3x+kqKFwB8ADOgPzV0x1nqvVbjJQz
6zeLjkvRuo8eQlrxaxdK9OohU8PlPUpH3VI2wWcSlcGwr9ykm4PspMEsgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPZeHk8UIiXX8LFKbXuezo8JqpLfMB8GA1UdIwQY
MBaAFC0RcsHHP5can7Lom3kXIAxQDuQHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFJGeXdjY19seHFmc3VpYmVSY2dERkFPNUFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS83OWFjYTktNTFkZC00ZjIyLWI0MDQt
ZDUzODY2ZTkxODZhLzEvOWw0ZVR4UWlKZGZ3c1VwdGU1N09qd21xa3Q4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS83OWFjYTktNTFkZC00ZjIyLWI0MDQtZDUzODY2ZTkxODZh
LzEvTFJGeXdjY19seHFmc3VpYmVSY2dERkFPNUFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXV1oMA0G
CSqGSIb3DQEBCwUAA4IBAQCEXlhXx02+0skdK7uugHs7kkf4qwoFDCEQmkcoZxt6
47QvrInpgXwOP5yqnLetGG6bk1FxuOEkTNeH/1RZJTjQJSGSixYD4lF3+bGEcqSy
a4MsKdpuY4A8HPt13dY/fv+PcqC7IB16FRKjODmoVP13A7/8/Gz7fGLXlaSmt2o7
CzNhqsLL1oU8qyiGuKJCxfmi9hdfL8gKLapYRyqTrFfLKW9MGWGmCCvcFPYVA2bZ
ZHp7+Hz7kiz81A45qnbhD9Y9vofr82FUqB6trPQesRBby/bAGDwgBoXuKz2mTEfY
HK1AeWaw2VKFh498yzyKI3KOlVHh2naG27gr2h7wGpb3
-----END CERTIFICATE-----