Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/8CRAzgsoXZ3R79FWWctj3ImK9Mw.roa
File:                     8CRAzgsoXZ3R79FWWctj3ImK9Mw.roa (raw, json)
Hash identifier:          6NM6Jwn6Hj02hW0yqUwKsiGgHdJV/f7oetsPrh6Xe3M=
Subject key identifier:   F0:24:40:CE:0B:28:5D:9D:D1:EF:D1:56:59:CB:63:DC:89:8A:F4:CC
Certificate issuer:       /CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
Certificate serial:       019976C93C498235B8A7E82CCF51CAD03361
Authority key identifier: 2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/8CRAzgsoXZ3R79FWWctj3ImK9Mw.roa
Signing time:             Tue 23 Sep 2025 13:35:23 +0000
ROA not before:           Tue 23 Sep 2025 13:35:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210006
IP address blocks:        93.152.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:76:c9:3c:49:82:35:b8:a7:e8:2c:cf:51:ca:d0:33:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
        Validity
            Not Before: Sep 23 13:35:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f02440ce0b285d9dd1efd15659cb63dc898af4cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:f9:37:42:3b:a0:b1:a6:f4:a7:d0:03:9e:7b:
                    70:2b:11:70:c4:a1:ad:14:14:22:62:ba:68:63:72:
                    08:e3:ae:e8:49:1f:52:d1:b8:e1:c8:50:f4:43:fe:
                    e1:2d:1e:9a:e8:8d:a5:a2:9b:15:9a:5f:2c:0c:c0:
                    04:b7:55:53:5f:fa:59:0f:66:8f:07:f7:92:b1:ac:
                    cb:30:df:8b:94:e1:e6:12:13:40:24:d3:56:a6:ed:
                    8b:51:15:f2:11:5b:a2:d9:5a:09:39:41:8f:e3:9c:
                    57:c8:84:d8:bd:f7:0d:0b:0a:44:27:71:76:f8:ee:
                    49:7c:3e:7c:e7:b0:2c:a7:27:75:b2:58:43:28:ab:
                    1a:bd:00:1c:85:c0:e7:27:91:53:56:b5:8f:ea:41:
                    b2:d6:c8:77:ac:6b:d5:f3:d2:f3:e0:62:75:56:3e:
                    14:a8:ac:57:a4:4b:ac:4a:ba:19:44:d3:54:42:74:
                    53:9a:ca:2e:0c:44:ac:6e:7b:8a:b7:bb:6c:6f:f7:
                    23:0a:02:47:dc:99:07:c9:44:ba:71:5a:fd:3c:bc:
                    51:e3:43:5a:d6:d4:70:00:b3:72:40:48:a3:d9:38:
                    85:e9:b5:1f:6f:b9:4c:90:e3:d7:95:00:86:c0:33:
                    94:11:7f:7e:84:c0:2e:ff:41:fd:af:74:97:36:a3:
                    42:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:24:40:CE:0B:28:5D:9D:D1:EF:D1:56:59:CB:63:DC:89:8A:F4:CC
            X509v3 Authority Key Identifier:
                keyid:2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/8CRAzgsoXZ3R79FWWctj3ImK9Mw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.152.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:28:63:36:dd:e0:4e:31:19:aa:f1:6d:1e:54:72:74:48:62:
         a4:5c:a2:e7:e9:d1:f6:f1:85:99:1f:fd:70:7d:22:89:67:1d:
         b6:ab:9b:5c:12:8e:bf:9a:ee:b7:df:16:ee:ff:0e:e5:5b:f1:
         15:5e:46:d2:6f:7e:32:83:59:0f:ff:7b:1b:0c:2a:cd:62:bb:
         1a:ea:0e:d2:01:93:56:10:c4:6b:6e:aa:3b:5e:ae:89:a4:af:
         03:ec:24:a9:b3:28:61:54:6c:0b:e2:d8:5e:0e:56:35:08:13:
         82:3b:96:c6:4c:e4:4b:a5:ed:7e:cf:2c:fd:47:8a:2d:61:b9:
         56:cc:eb:73:a4:20:00:63:90:ae:bb:8d:08:4c:d8:89:b3:c1:
         b3:42:a8:ba:cd:bb:52:46:ca:a4:b9:a9:cc:e7:94:c3:8d:80:
         a8:8a:39:6a:89:b1:36:27:4a:e8:8c:ba:68:eb:7f:50:48:97:
         17:d2:d4:c7:01:70:b6:10:1b:49:11:32:2c:6c:95:81:93:c7:
         64:85:61:cd:da:19:c9:86:dd:58:5a:77:a1:f3:55:63:83:fb:
         fe:ce:ae:45:03:61:5e:2d:30:3e:77:6a:cc:4c:ce:ad:c3:31:
         f1:b2:75:3c:0d:d2:de:bb:cb:a5:b7:b9:1c:4d:dd:23:5b:b7:
         23:d0:68:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZl2yTxJgjW4p+gsz1HK0DNhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMWNhYTY5MzU4ZjhjOThmN2E3MTlmMjU5N2Q1ZGFkZGJk
MDAxOGMwHhcNMjUwOTIzMTMzNTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDI0NDBjZTBiMjg1ZDlkZDFlZmQxNTY1OWNiNjNkYzg5OGFmNGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvk3Qjugsab0p9ADnntwKxFwxKGt
FBQiYrpoY3II467oSR9S0bjhyFD0Q/7hLR6a6I2lopsVml8sDMAEt1VTX/pZD2aP
B/eSsazLMN+LlOHmEhNAJNNWpu2LURXyEVui2VoJOUGP45xXyITYvfcNCwpEJ3F2
+O5JfD5857Aspyd1slhDKKsavQAchcDnJ5FTVrWP6kGy1sh3rGvV89Lz4GJ1Vj4U
qKxXpEusSroZRNNUQnRTmsouDESsbnuKt7tsb/cjCgJH3JkHyUS6cVr9PLxR40Na
1tRwALNyQEij2TiF6bUfb7lMkOPXlQCGwDOUEX9+hMAu/0H9r3SXNqNC/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPAkQM4LKF2d0e/RVlnLY9yJivTMMB8GA1UdIwQY
MBaAFC0cqmk1j4yY96cZ8ll9Xa3b0AGMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2Yjct
MjliMDg1ZGQyM2FkLzEvOENSQXpnc29YWjNSNzlGV1djdGozSW1LOU13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2YjctMjliMDg1ZGQyM2Fk
LzEvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXZjmMA0G
CSqGSIb3DQEBCwUAA4IBAQCmKGM23eBOMRmq8W0eVHJ0SGKkXKLn6dH28YWZH/1w
fSKJZx22q5tcEo6/mu633xbu/w7lW/EVXkbSb34yg1kP/3sbDCrNYrsa6g7SAZNW
EMRrbqo7Xq6JpK8D7CSpsyhhVGwL4theDlY1CBOCO5bGTORLpe1+zyz9R4otYblW
zOtzpCAAY5Cuu40ITNiJs8GzQqi6zbtSRsqkuanM55TDjYCoijlqibE2J0rojLpo
639QSJcX0tTHAXC2EBtJETIsbJWBk8dkhWHN2hnJht1YWneh81Vjg/v+zq5FA2Fe
LTA+d2rMTM6twzHxsnU8DdLeu8ult7kcTd0jW7cj0GhO
-----END CERTIFICATE-----