Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/xsyFP3WB5Usaew7SGQRO9fW_v3w.roa
File:                     xsyFP3WB5Usaew7SGQRO9fW_v3w.roa (raw, json)
Hash identifier:          LxeGCJgt6lWaEJ/RMO1YX/wb1GOfng/XVidChMvRHe0=
Subject key identifier:   C6:CC:85:3F:75:81:E5:4B:1A:7B:0E:D2:19:04:4E:F5:F5:BF:BF:7C
Certificate issuer:       /CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
Certificate serial:       019DF4533DAF2E086B0D9DC30FB4204EA0F4
Authority key identifier: 2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/xsyFP3WB5Usaew7SGQRO9fW_v3w.roa
Signing time:             Mon 04 May 2026 18:49:49 +0000
ROA not before:           Mon 04 May 2026 18:49:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     135388
IP address blocks:        93.152.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f4:53:3d:af:2e:08:6b:0d:9d:c3:0f:b4:20:4e:a0:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
        Validity
            Not Before: May  4 18:49:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c6cc853f7581e54b1a7b0ed219044ef5f5bfbf7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:60:be:14:9b:7c:a9:d1:2c:25:3f:9f:69:f8:
                    b3:8a:35:77:81:06:00:ad:0e:f1:19:af:09:31:39:
                    e2:9a:35:4c:e5:44:7e:44:90:44:bd:4b:f1:e4:01:
                    fa:d4:ce:74:f0:e7:2a:c7:8f:b9:2a:98:f6:b2:c9:
                    2d:2e:7f:9d:c4:ca:91:cb:f7:f8:b3:e6:b0:e8:f9:
                    99:4c:f7:20:32:00:e9:6e:27:c6:48:e1:94:db:8a:
                    13:57:2b:a3:ea:72:53:5a:89:22:a8:6d:64:c3:f2:
                    97:fc:c4:2c:ff:4e:15:a8:67:60:51:a0:91:dc:a7:
                    f7:55:c4:f9:7e:f9:3c:88:79:a2:06:bb:c3:98:c7:
                    aa:be:e6:4c:61:2b:ac:85:7d:01:63:56:2d:fb:6a:
                    e0:d9:a2:f2:11:ad:af:93:db:26:8a:70:22:cd:ab:
                    1d:30:41:22:7f:37:e9:1a:dd:21:c5:9e:25:d5:1c:
                    6f:4c:18:98:d5:a5:4d:e8:a1:19:a1:52:8c:d4:73:
                    5e:7f:b0:08:14:9a:c5:15:51:65:27:27:dd:60:b2:
                    1e:3d:9c:c4:93:b3:83:d0:a7:3b:09:43:c6:91:db:
                    47:ec:39:32:03:27:b9:25:22:dd:23:ee:71:2e:11:
                    23:4c:5d:e1:09:5f:1f:2c:97:3b:97:7a:d1:19:37:
                    13:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:CC:85:3F:75:81:E5:4B:1A:7B:0E:D2:19:04:4E:F5:F5:BF:BF:7C
            X509v3 Authority Key Identifier:
                keyid:2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/xsyFP3WB5Usaew7SGQRO9fW_v3w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.152.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:f8:d7:08:f0:0c:0f:8e:03:39:99:68:af:b2:a3:90:73:d9:
         7f:d6:be:d6:fc:9b:87:47:7c:d3:63:50:c9:d6:4b:49:a8:01:
         61:2a:1f:b9:ff:d4:e9:2c:6e:0f:22:50:e4:c7:bc:ce:6c:b8:
         78:f0:12:b6:3d:07:e2:f1:b1:5e:b4:fd:5f:c1:df:6d:e9:c5:
         a1:e4:f1:b1:49:f4:6c:cd:16:c3:97:ad:e9:ea:a0:7d:cd:17:
         53:13:27:ef:c7:b0:34:4e:57:df:94:b7:3d:1b:41:da:4a:0b:
         c6:95:6f:42:19:0f:8f:f2:f8:b0:87:35:fb:0b:90:7f:f8:42:
         67:74:77:0f:bf:41:62:e8:bb:0e:d3:66:79:90:da:03:c7:79:
         fa:c5:ed:d8:23:1a:31:48:94:55:ae:96:f0:de:06:f8:db:90:
         09:d5:85:8e:01:7f:a1:8d:c3:57:0c:d9:2b:ad:2a:83:ae:4d:
         47:ae:ce:03:81:83:70:7c:69:c6:d8:20:3c:b0:20:da:79:42:
         53:1a:ab:b7:9c:70:b1:d0:91:28:37:af:97:db:fb:da:2c:14:
         49:76:2e:7c:29:86:79:f9:c0:0f:61:71:a3:dd:0e:6c:b1:86:
         d9:ca:19:6f:38:dc:16:73:36:c7:33:d5:cd:8d:bb:fe:e7:ca:
         3a:eb:57:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ30Uz2vLghrDZ3DD7QgTqD0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMWNhYTY5MzU4ZjhjOThmN2E3MTlmMjU5N2Q1ZGFkZGJk
MDAxOGMwHhcNMjYwNTA0MTg0OTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmNjODUzZjc1ODFlNTRiMWE3YjBlZDIxOTA0NGVmNWY1YmZiZjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9WC+FJt8qdEsJT+fafizijV3gQYA
rQ7xGa8JMTnimjVM5UR+RJBEvUvx5AH61M508Ocqx4+5Kpj2ssktLn+dxMqRy/f4
s+aw6PmZTPcgMgDpbifGSOGU24oTVyuj6nJTWokiqG1kw/KX/MQs/04VqGdgUaCR
3Kf3VcT5fvk8iHmiBrvDmMeqvuZMYSushX0BY1Yt+2rg2aLyEa2vk9sminAizasd
MEEifzfpGt0hxZ4l1RxvTBiY1aVN6KEZoVKM1HNef7AIFJrFFVFlJyfdYLIePZzE
k7OD0Kc7CUPGkdtH7DkyAye5JSLdI+5xLhEjTF3hCV8fLJc7l3rRGTcTgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMbMhT91geVLGnsO0hkETvX1v798MB8GA1UdIwQY
MBaAFC0cqmk1j4yY96cZ8ll9Xa3b0AGMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2Yjct
MjliMDg1ZGQyM2FkLzEveHN5RlAzV0I1VXNhZXc3U0dRUk85ZldfdjN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2YjctMjliMDg1ZGQyM2Fk
LzEvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXZjfMA0G
CSqGSIb3DQEBCwUAA4IBAQCm+NcI8AwPjgM5mWivsqOQc9l/1r7W/JuHR3zTY1DJ
1ktJqAFhKh+5/9TpLG4PIlDkx7zObLh48BK2PQfi8bFetP1fwd9t6cWh5PGxSfRs
zRbDl63p6qB9zRdTEyfvx7A0TlfflLc9G0HaSgvGlW9CGQ+P8viwhzX7C5B/+EJn
dHcPv0Fi6LsO02Z5kNoDx3n6xe3YIxoxSJRVrpbw3gb425AJ1YWOAX+hjcNXDNkr
rSqDrk1Hrs4DgYNwfGnG2CA8sCDaeUJTGqu3nHCx0JEoN6+X2/vaLBRJdi58KYZ5
+cAPYXGj3Q5ssYbZyhlvONwWczbHM9XNjbv+58o661dK
-----END CERTIFICATE-----