Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/Vfrj1CjwXIt_tA2vbVO6W0Q8sww.roa
File:                     Vfrj1CjwXIt_tA2vbVO6W0Q8sww.roa (raw, json)
Hash identifier:          mvOhadzyYlNh3bwJh8QRN9BDoPYKpsh/DrQUaDTKRJg=
Subject key identifier:   55:FA:E3:D4:28:F0:5C:8B:7F:B4:0D:AF:6D:53:BA:5B:44:3C:B3:0C
Certificate issuer:       /CN=098f7ba34bc6567bd3616d574f7285dd7556dbfd
Certificate serial:       019E0670340230ADD3D824951379E0E7B57E
Authority key identifier: 09:8F:7B:A3:4B:C6:56:7B:D3:61:6D:57:4F:72:85:DD:75:56:DB:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/Vfrj1CjwXIt_tA2vbVO6W0Q8sww.roa
Signing time:             Fri 08 May 2026 07:14:37 +0000
ROA not before:           Fri 08 May 2026 07:14:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     151389
IP address blocks:        80.93.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:06:70:34:02:30:ad:d3:d8:24:95:13:79:e0:e7:b5:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=098f7ba34bc6567bd3616d574f7285dd7556dbfd
        Validity
            Not Before: May  8 07:14:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=55fae3d428f05c8b7fb40daf6d53ba5b443cb30c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:71:ec:b3:4c:a8:18:be:17:10:01:87:22:8c:
                    cc:8a:44:5b:f6:dd:dd:9b:68:79:d0:42:61:fb:35:
                    03:dc:85:1d:10:09:26:fb:10:59:81:c0:5f:2f:ac:
                    a8:d3:64:d6:45:1f:b5:2c:7b:64:8a:e6:24:3c:fa:
                    ce:11:45:f8:da:7c:8b:72:e1:08:d5:3d:35:5f:0d:
                    eb:b1:29:c8:b3:7f:e3:4c:91:42:2c:46:48:60:b0:
                    fe:6b:9b:21:cb:3f:6b:b8:36:a7:b2:75:c1:3c:1d:
                    90:84:ea:88:78:31:8e:7b:64:d5:86:9a:e4:7e:04:
                    35:cb:6a:d4:2d:ec:2d:16:1b:71:ab:40:8a:6c:13:
                    cf:c9:66:23:0d:25:89:66:d9:4a:99:ef:7a:1a:a6:
                    7a:0e:26:53:d2:23:5f:df:e8:99:a3:d0:cc:a8:13:
                    b0:60:dd:49:4b:32:43:09:d2:d8:f7:7b:ee:b8:61:
                    46:2d:e3:09:41:5e:48:5c:fd:34:f3:d2:ec:38:d4:
                    0b:c4:77:9b:03:7a:41:13:26:64:31:fe:4e:ff:b5:
                    64:6f:a6:ca:b8:3d:a1:5c:e0:c4:4f:7a:af:90:1a:
                    85:86:75:2e:2f:cf:2e:1a:cc:cd:29:e9:66:4b:f2:
                    cb:fd:b3:5e:4e:2a:08:f0:d8:9c:24:8b:2d:0c:be:
                    99:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:FA:E3:D4:28:F0:5C:8B:7F:B4:0D:AF:6D:53:BA:5B:44:3C:B3:0C
            X509v3 Authority Key Identifier:
                keyid:09:8F:7B:A3:4B:C6:56:7B:D3:61:6D:57:4F:72:85:DD:75:56:DB:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CY97o0vGVnvTYW1XT3KF3XVW2_0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/Vfrj1CjwXIt_tA2vbVO6W0Q8sww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/38c5ac-b7e7-40dd-98d3-e2166ad74e3f/1/CY97o0vGVnvTYW1XT3KF3XVW2_0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.93.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:42:75:70:00:5a:c6:42:c3:ac:a7:20:86:e1:49:82:0b:ee:
         7a:8e:54:d0:31:6d:5e:d3:25:6a:c9:5f:98:20:d8:e3:fd:39:
         4c:cc:55:2f:a8:8b:9b:d3:6a:33:f4:22:d8:af:6d:86:81:f9:
         35:ee:f9:8c:07:85:c4:bb:a7:31:7c:03:c1:58:48:c1:c4:e0:
         e8:ba:51:8d:43:e8:1b:4d:f6:c6:fb:14:2d:0a:2e:4c:f9:d7:
         fa:7a:69:f4:79:3c:50:4c:e5:be:d3:16:e9:5f:96:bd:98:1d:
         a0:f5:55:54:03:dd:5d:d9:3b:73:6d:5f:db:63:a7:3c:aa:44:
         f4:c5:cb:c9:a3:f7:92:e2:21:c7:19:89:bf:3b:29:da:4d:e6:
         08:07:c4:26:a7:1d:2f:b5:39:d7:17:a4:e9:e7:66:22:9c:3d:
         d9:b0:f3:bd:d1:a8:8d:3b:49:24:be:e3:5a:12:7a:21:f9:f3:
         c4:5c:a9:39:6e:af:0d:ab:5f:57:7e:43:f8:49:26:96:b8:c3:
         c0:8c:0d:3b:1c:78:85:a0:7a:f6:0a:72:84:88:bf:45:d0:32:
         ab:32:bd:4a:81:7b:1a:43:78:f7:16:e2:40:d4:03:78:d6:26:
         63:a5:48:c4:29:96:a7:72:d5:af:08:ac:96:4c:3c:21:01:1c:
         6d:7c:2b:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4GcDQCMK3T2CSVE3ng57V+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5OGY3YmEzNGJjNjU2N2JkMzYxNmQ1NzRmNzI4NWRkNzU1
NmRiZmQwHhcNMjYwNTA4MDcxNDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWZhZTNkNDI4ZjA1YzhiN2ZiNDBkYWY2ZDUzYmE1YjQ0M2NiMzBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnnHss0yoGL4XEAGHIozMikRb9t3d
m2h50EJh+zUD3IUdEAkm+xBZgcBfL6yo02TWRR+1LHtkiuYkPPrOEUX42nyLcuEI
1T01Xw3rsSnIs3/jTJFCLEZIYLD+a5shyz9ruDansnXBPB2QhOqIeDGOe2TVhprk
fgQ1y2rULewtFhtxq0CKbBPPyWYjDSWJZtlKme96GqZ6DiZT0iNf3+iZo9DMqBOw
YN1JSzJDCdLY93vuuGFGLeMJQV5IXP0089LsONQLxHebA3pBEyZkMf5O/7Vkb6bK
uD2hXODET3qvkBqFhnUuL88uGszNKelmS/LL/bNeTioI8NicJIstDL6Z/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFX649Qo8FyLf7QNr21TultEPLMMMB8GA1UdIwQY
MBaAFAmPe6NLxlZ702FtV09yhd11Vtv9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1k5N28wdkdWbnZUWVcxWFQzS0YzWFZXMl8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC8zOGM1YWMtYjdlNy00MGRkLTk4ZDMt
ZTIxNjZhZDc0ZTNmLzEvVmZyajFDandYSXRfdEEydmJWTzZXMFE4c3d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC8zOGM1YWMtYjdlNy00MGRkLTk4ZDMtZTIxNjZhZDc0ZTNm
LzEvQ1k5N28wdkdWbnZUWVcxWFQzS0YzWFZXMl8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUF3AMA0G
CSqGSIb3DQEBCwUAA4IBAQB7QnVwAFrGQsOspyCG4UmCC+56jlTQMW1e0yVqyV+Y
INjj/TlMzFUvqIub02oz9CLYr22Ggfk17vmMB4XEu6cxfAPBWEjBxODoulGNQ+gb
TfbG+xQtCi5M+df6emn0eTxQTOW+0xbpX5a9mB2g9VVUA91d2TtzbV/bY6c8qkT0
xcvJo/eS4iHHGYm/OynaTeYIB8Qmpx0vtTnXF6Tp52YinD3ZsPO90aiNO0kkvuNa
Enoh+fPEXKk5bq8Nq19XfkP4SSaWuMPAjA07HHiFoHr2CnKEiL9F0DKrMr1KgXsa
Q3j3FuJA1AN41iZjpUjEKZanctWvCKyWTDwhARxtfCs6
-----END CERTIFICATE-----