Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/9DlZGfzkGJH9pt3tlUtwbDIgZmE.roa
File:                     9DlZGfzkGJH9pt3tlUtwbDIgZmE.roa (raw, json)
Hash identifier:          BgtptWZDSzp28tC4nLvBq9ONf2sr0vsAGvBczOwVSY4=
Subject key identifier:   F4:39:59:19:FC:E4:18:91:FD:A6:DD:ED:95:4B:70:6C:32:20:66:61
Certificate issuer:       /CN=c04db7623241d7e6678fc25751fa4e0b6665186b
Certificate serial:       019DD4D2F766F6253D912F5DE93EED55FAEE
Authority key identifier: C0:4D:B7:62:32:41:D7:E6:67:8F:C2:57:51:FA:4E:0B:66:65:18:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wE23YjJB1-Znj8JXUfpOC2ZlGGs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/9DlZGfzkGJH9pt3tlUtwbDIgZmE.roa
Signing time:             Tue 28 Apr 2026 16:01:28 +0000
ROA not before:           Tue 28 Apr 2026 16:01:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6890
IP address blocks:        193.200.165.0/24 maxlen: 24
                          2001:67c:2ed4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/wE23YjJB1-Znj8JXUfpOC2ZlGGs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/wE23YjJB1-Znj8JXUfpOC2ZlGGs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wE23YjJB1-Znj8JXUfpOC2ZlGGs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d4:d2:f7:66:f6:25:3d:91:2f:5d:e9:3e:ed:55:fa:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c04db7623241d7e6678fc25751fa4e0b6665186b
        Validity
            Not Before: Apr 28 16:01:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f4395919fce41891fda6dded954b706c32206661
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:fd:48:20:0c:e2:0f:f1:d5:c7:91:c7:9c:ea:
                    46:ba:72:31:3a:a4:1e:de:3f:98:1e:f1:f5:69:04:
                    d8:88:63:66:7e:fe:1f:f4:bd:ae:d8:42:43:bc:25:
                    45:ed:43:ed:57:52:bd:f2:dc:c5:8e:64:d4:32:7a:
                    0b:1b:5f:d6:19:1e:83:52:51:4b:c6:2b:9c:0b:24:
                    c4:6b:0a:33:f0:61:b5:ad:f2:b9:f8:52:4b:36:36:
                    74:a1:4b:fb:39:96:7b:08:ad:5d:18:ae:e7:84:40:
                    7c:f4:ec:c8:92:b7:e9:b2:b3:4b:6e:59:34:2a:b4:
                    df:cb:aa:c3:fc:82:33:84:91:fb:6e:4f:26:61:12:
                    b7:0b:b6:9a:30:dd:69:74:a7:0c:56:58:3e:51:12:
                    f3:fd:df:cb:5a:bf:7a:95:0e:46:09:36:23:4d:28:
                    25:7a:2f:46:da:f8:64:cd:31:49:a9:3f:ce:8d:82:
                    31:bf:63:ff:47:aa:f6:42:be:31:f6:80:e4:a0:ff:
                    5e:22:ca:6d:bb:80:59:18:da:5b:c0:f4:40:5f:79:
                    2f:07:97:e1:57:e3:8e:6e:7c:fc:d0:13:7b:58:c4:
                    cc:99:5d:c7:07:e0:e7:5b:a6:0e:82:36:00:97:9c:
                    08:57:d3:fe:b6:6f:04:cf:1e:2a:8b:29:a6:cf:ab:
                    35:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:39:59:19:FC:E4:18:91:FD:A6:DD:ED:95:4B:70:6C:32:20:66:61
            X509v3 Authority Key Identifier:
                keyid:C0:4D:B7:62:32:41:D7:E6:67:8F:C2:57:51:FA:4E:0B:66:65:18:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wE23YjJB1-Znj8JXUfpOC2ZlGGs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/9DlZGfzkGJH9pt3tlUtwbDIgZmE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/6e874e-73fe-4dbb-b74c-0423f263f2cb/1/wE23YjJB1-Znj8JXUfpOC2ZlGGs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.165.0/24
                IPv6:
                  2001:67c:2ed4::/48

    Signature Algorithm: sha256WithRSAEncryption
         14:3b:ac:c8:de:ae:97:b3:21:cd:77:23:46:60:57:73:3a:68:
         c7:72:67:9e:1a:ef:d2:b0:f7:3c:af:8a:14:e3:76:7a:9d:1c:
         50:24:0e:53:23:2e:05:5a:83:c0:5d:50:34:b5:96:96:ca:2f:
         2b:a5:cb:1b:f3:24:20:df:b2:fb:5c:3f:da:f0:56:7e:c4:c4:
         ac:db:57:0d:42:0d:61:41:6c:1b:d0:86:bd:f7:4a:9c:83:aa:
         f6:c4:bc:12:3f:61:e2:bd:7b:c8:47:1f:4c:68:f0:30:6a:13:
         76:07:6d:3e:01:79:c4:03:90:bc:66:4d:5d:5a:9b:b6:37:a0:
         1d:a7:83:af:e3:14:f9:fb:fc:e1:d9:e7:2b:0a:ad:83:14:2b:
         59:ec:bf:a6:c7:9d:28:aa:cf:14:4b:fc:62:30:b0:60:42:5b:
         de:f3:d4:95:3f:21:c3:f8:89:31:a4:d7:64:7d:25:6b:5f:0a:
         39:7c:59:d6:3e:5c:d1:08:80:4b:ee:ab:ea:16:27:72:3b:71:
         ab:1e:82:8b:97:fc:f3:bb:0a:73:1d:ee:a1:28:dc:0e:15:3f:
         85:21:6e:23:fe:8b:cf:0e:c7:3a:f2:22:17:a6:c2:f4:34:29:
         10:a0:f4:f2:1f:5e:a2:19:dd:7e:23:76:bb:27:ab:a7:32:3a:
         7a:d8:15:98
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ3U0vdm9iU9kS9d6T7tVfruMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwNGRiNzYyMzI0MWQ3ZTY2NzhmYzI1NzUxZmE0ZTBiNjY2
NTE4NmIwHhcNMjYwNDI4MTYwMTI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDM5NTkxOWZjZTQxODkxZmRhNmRkZWQ5NTRiNzA2YzMyMjA2NjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/1IIAziD/HVx5HHnOpGunIxOqQe
3j+YHvH1aQTYiGNmfv4f9L2u2EJDvCVF7UPtV1K98tzFjmTUMnoLG1/WGR6DUlFL
xiucCyTEawoz8GG1rfK5+FJLNjZ0oUv7OZZ7CK1dGK7nhEB89OzIkrfpsrNLblk0
KrTfy6rD/IIzhJH7bk8mYRK3C7aaMN1pdKcMVlg+URLz/d/LWr96lQ5GCTYjTSgl
ei9G2vhkzTFJqT/OjYIxv2P/R6r2Qr4x9oDkoP9eIsptu4BZGNpbwPRAX3kvB5fh
V+OObnz80BN7WMTMmV3HB+DnW6YOgjYAl5wIV9P+tm8Ezx4qiymmz6s1UQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPQ5WRn85BiR/abd7ZVLcGwyIGZhMB8GA1UdIwQY
MBaAFMBNt2IyQdfmZ4/CV1H6TgtmZRhrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0UyM1lqSkIxLVpuajhKWFVmcE9DMlpsR0dzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC82ZTg3NGUtNzNmZS00ZGJiLWI3NGMt
MDQyM2YyNjNmMmNiLzEvOURsWkdmemtHSkg5cHQzdGxVdHdiRElnWm1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC82ZTg3NGUtNzNmZS00ZGJiLWI3NGMtMDQyM2YyNjNmMmNi
LzEvd0UyM1lqSkIxLVpuajhKWFVmcE9DMlpsR0dzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwcilMA8E
AgACMAkDBwAgAQZ8LtQwDQYJKoZIhvcNAQELBQADggEBABQ7rMjerpezIc13I0Zg
V3M6aMdyZ54a79Kw9zyvihTjdnqdHFAkDlMjLgVag8BdUDS1lpbKLyulyxvzJCDf
svtcP9rwVn7ExKzbVw1CDWFBbBvQhr33SpyDqvbEvBI/YeK9e8hHH0xo8DBqE3YH
bT4BecQDkLxmTV1am7Y3oB2ng6/jFPn7/OHZ5ysKrYMUK1nsv6bHnSiqzxRL/GIw
sGBCW97z1JU/IcP4iTGk12R9JWtfCjl8WdY+XNEIgEvuq+oWJ3I7casegouX/PO7
CnMd7qEo3A4VP4UhbiP+i88OxzryIhemwvQ0KRCg9PIfXqIZ3X4jdrsnq6cyOnrY
FZg=
-----END CERTIFICATE-----