Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/Cy393HmMTcAn60r5mHO2k2Dg17k.roa
File:                     Cy393HmMTcAn60r5mHO2k2Dg17k.roa (raw, json)
Hash identifier:          r8l9XvoJeBvAXNolGJ2W46Taz9bFIMoIIMpX642FPsI=
Subject key identifier:   0B:2D:FD:DC:79:8C:4D:C0:27:EB:4A:F9:98:73:B6:93:60:E0:D7:B9
Certificate issuer:       /CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
Certificate serial:       019D297D1ED9BA0F913DABB3C7CE07019092
Authority key identifier: 2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/Cy393HmMTcAn60r5mHO2k2Dg17k.roa
Signing time:             Thu 26 Mar 2026 09:32:38 +0000
ROA not before:           Thu 26 Mar 2026 09:32:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     19793
IP address blocks:        93.152.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:29:7d:1e:d9:ba:0f:91:3d:ab:b3:c7:ce:07:01:90:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
        Validity
            Not Before: Mar 26 09:32:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0b2dfddc798c4dc027eb4af99873b69360e0d7b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:23:e2:d8:23:df:9a:41:29:6b:9a:12:58:71:
                    32:51:78:63:99:85:3a:9e:c8:5f:6a:32:1a:9d:05:
                    c1:e6:b5:70:a6:d5:e0:d6:41:bc:cd:fc:01:9f:36:
                    c5:a7:05:38:bc:ee:af:55:b9:a0:70:0c:c3:1b:40:
                    cf:27:57:41:9c:1b:12:46:6d:ed:9e:b8:66:c9:2d:
                    cf:8d:f3:61:ce:4c:cc:e9:80:da:b0:56:ac:4b:a4:
                    ce:e9:0a:f7:3f:f6:d2:ad:fe:8c:65:c6:bb:11:a8:
                    2f:43:12:95:4f:27:2a:d0:06:87:9f:d6:91:36:1b:
                    f3:01:75:9e:3d:fb:3e:6c:d7:13:a8:4f:cb:ee:ec:
                    87:c2:93:6d:04:5b:c6:6b:4c:e7:14:74:87:fd:f5:
                    5e:d3:4c:1a:9a:53:59:57:c2:2a:1d:63:45:42:d5:
                    74:56:ac:d6:01:a1:32:66:07:5a:e5:4a:55:d0:fa:
                    d3:b1:84:8f:3a:b6:14:83:67:da:ea:99:68:4a:0b:
                    9f:c5:15:d6:21:96:ab:98:19:fa:32:7e:f3:67:88:
                    a8:03:02:bf:f0:ec:15:fb:30:ee:7c:8b:44:62:76:
                    6c:3d:ac:41:e4:23:10:a1:48:4e:b4:f0:a2:97:fc:
                    57:f1:7a:c6:cc:5f:e5:11:a3:fb:0e:af:c7:17:02:
                    77:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:2D:FD:DC:79:8C:4D:C0:27:EB:4A:F9:98:73:B6:93:60:E0:D7:B9
            X509v3 Authority Key Identifier:
                keyid:2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/Cy393HmMTcAn60r5mHO2k2Dg17k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.152.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:c5:45:79:d6:3a:d4:01:55:38:5d:c0:52:92:8c:bc:1b:27:
         cb:ae:77:b0:a6:fc:48:14:df:78:89:60:71:3d:69:6a:b9:37:
         9f:93:3f:7e:9f:86:ed:8f:59:0e:7d:61:14:d4:ee:64:67:06:
         df:b8:b7:79:8a:27:12:03:d8:b0:53:51:ad:a4:fc:1a:0c:8b:
         54:9d:45:bd:fb:18:c6:3c:a6:66:7f:af:d5:a6:4c:f7:88:92:
         96:5b:de:82:5f:cc:cf:36:bf:ce:62:2f:0a:5e:7b:18:9e:02:
         46:05:bf:84:08:f0:04:35:62:4a:9e:ac:00:7c:a2:98:e9:e1:
         0a:35:8e:be:c6:d2:5c:aa:ba:d0:d2:f9:47:7a:06:c9:02:e1:
         58:20:23:36:1e:50:5e:12:32:58:ae:16:1f:86:75:19:86:b9:
         b1:76:cd:74:61:52:3e:48:0e:a5:2d:40:9a:e9:5d:0b:13:cb:
         fb:86:37:2c:29:31:9f:72:0e:d0:7e:3e:86:c9:ae:fe:c4:92:
         3b:89:58:59:c9:2a:b6:e2:e7:38:43:0f:41:f2:05:99:12:ef:
         94:ee:93:60:9a:27:24:81:74:5e:d8:4f:20:48:8a:70:1c:9a:
         d9:1b:61:38:9f:e9:f8:02:a7:7e:08:f5:0a:74:a0:09:38:1c:
         1a:65:fd:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0pfR7Zug+RPauzx84HAZCSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMWNhYTY5MzU4ZjhjOThmN2E3MTlmMjU5N2Q1ZGFkZGJk
MDAxOGMwHhcNMjYwMzI2MDkzMjM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjJkZmRkYzc5OGM0ZGMwMjdlYjRhZjk5ODczYjY5MzYwZTBkN2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2SPi2CPfmkEpa5oSWHEyUXhjmYU6
nshfajIanQXB5rVwptXg1kG8zfwBnzbFpwU4vO6vVbmgcAzDG0DPJ1dBnBsSRm3t
nrhmyS3PjfNhzkzM6YDasFasS6TO6Qr3P/bSrf6MZca7EagvQxKVTycq0AaHn9aR
NhvzAXWePfs+bNcTqE/L7uyHwpNtBFvGa0znFHSH/fVe00wamlNZV8IqHWNFQtV0
VqzWAaEyZgda5UpV0PrTsYSPOrYUg2fa6ploSgufxRXWIZarmBn6Mn7zZ4ioAwK/
8OwV+zDufItEYnZsPaxB5CMQoUhOtPCil/xX8XrGzF/lEaP7Dq/HFwJ3fQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAst/dx5jE3AJ+tK+ZhztpNg4Ne5MB8GA1UdIwQY
MBaAFC0cqmk1j4yY96cZ8ll9Xa3b0AGMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2Yjct
MjliMDg1ZGQyM2FkLzEvQ3kzOTNIbU1UY0FuNjByNW1ITzJrMkRnMTdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2YjctMjliMDg1ZGQyM2Fk
LzEvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXZjmMA0G
CSqGSIb3DQEBCwUAA4IBAQAfxUV51jrUAVU4XcBSkoy8GyfLrnewpvxIFN94iWBx
PWlquTefkz9+n4btj1kOfWEU1O5kZwbfuLd5iicSA9iwU1GtpPwaDItUnUW9+xjG
PKZmf6/Vpkz3iJKWW96CX8zPNr/OYi8KXnsYngJGBb+ECPAENWJKnqwAfKKY6eEK
NY6+xtJcqrrQ0vlHegbJAuFYICM2HlBeEjJYrhYfhnUZhrmxds10YVI+SA6lLUCa
6V0LE8v7hjcsKTGfcg7Qfj6Gya7+xJI7iVhZySq24uc4Qw9B8gWZEu+U7pNgmick
gXRe2E8gSIpwHJrZG2E4n+n4Aqd+CPUKdKAJOBwaZf3O
-----END CERTIFICATE-----