Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/9KtPh2bGzzrKGJpY7El9jpa3vzM.roa
File:                     9KtPh2bGzzrKGJpY7El9jpa3vzM.roa (raw, json)
Hash identifier:          onOqphKDLLxWVJqA4wgXe3C4bRAFeD5HS0cyK1qsCms=
Subject key identifier:   F4:AB:4F:87:66:C6:CF:3A:CA:18:9A:58:EC:49:7D:8E:96:B7:BF:33
Certificate issuer:       /CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
Certificate serial:       019DFC0F448D7AC77E629984D124A8D5F1F2
Authority key identifier: 81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/9KtPh2bGzzrKGJpY7El9jpa3vzM.roa
Signing time:             Wed 06 May 2026 06:52:32 +0000
ROA not before:           Wed 06 May 2026 06:52:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198383
IP address blocks:        83.147.30.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fc:0f:44:8d:7a:c7:7e:62:99:84:d1:24:a8:d5:f1:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
        Validity
            Not Before: May  6 06:52:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f4ab4f8766c6cf3aca189a58ec497d8e96b7bf33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:1c:e7:e8:39:9b:5f:23:dd:fa:74:e8:8a:4c:
                    2d:86:7d:49:a5:48:ba:6e:06:13:d8:0f:79:51:a4:
                    6e:0d:bb:3b:4b:44:61:21:55:c5:ab:cb:06:87:e5:
                    5c:e6:39:94:08:12:89:e8:61:73:3b:e2:11:7a:11:
                    0c:09:ff:ca:a4:ca:91:79:c4:7a:be:ac:84:98:5d:
                    55:da:9a:e4:de:04:42:9e:f5:c9:e8:25:6c:bd:8e:
                    7f:e8:4b:c3:de:40:71:85:ef:20:f6:61:6a:92:56:
                    1a:75:cf:d6:ba:a7:a3:23:e3:04:3c:5f:39:ad:03:
                    f9:f6:7d:e0:05:7c:aa:25:6e:e8:87:b2:88:8b:22:
                    3f:2c:16:4c:aa:9f:d3:11:8d:8d:ca:37:5f:0f:d7:
                    da:29:e5:06:11:6f:a0:fe:41:de:7d:ab:6c:95:fa:
                    a8:07:41:0e:81:90:64:6f:ba:72:e4:e6:6b:70:de:
                    42:90:e8:b0:fb:fd:d3:a5:68:65:37:1c:0a:4f:66:
                    2e:6f:fd:c7:c0:da:20:11:0e:ad:e8:a6:7a:a1:33:
                    a9:07:45:bb:95:8c:81:db:73:d7:65:f1:e4:5f:fb:
                    b4:f3:b6:52:f2:25:6c:6d:6f:9d:7a:8d:fe:64:a3:
                    b0:6b:b4:64:48:b2:65:36:ee:7e:9a:70:2d:e1:b2:
                    b7:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:AB:4F:87:66:C6:CF:3A:CA:18:9A:58:EC:49:7D:8E:96:B7:BF:33
            X509v3 Authority Key Identifier:
                keyid:81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/9KtPh2bGzzrKGJpY7El9jpa3vzM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.30.0/23

    Signature Algorithm: sha256WithRSAEncryption
         55:45:43:50:bf:3d:e9:69:4d:34:df:ea:2b:f2:36:bf:f8:75:
         a7:7c:fd:b0:0f:26:22:dd:45:7a:a0:a5:a4:0d:3d:19:c2:82:
         a7:e2:66:5b:0e:83:bb:f6:cd:5a:3d:e4:3e:dc:ba:ff:4e:c2:
         a8:d7:c9:e2:8d:23:1a:22:db:c5:98:ec:d6:6e:fb:c7:9c:f7:
         1d:a3:6f:1d:79:64:e0:68:13:b3:e1:64:b7:72:b7:ef:37:c7:
         46:ca:ba:2d:d8:3e:27:70:64:9d:d9:b2:98:0f:8e:76:97:33:
         b8:2f:6a:1e:f8:48:4c:30:46:c6:e6:c4:1c:6f:1b:21:62:fe:
         9f:13:f9:1d:e2:a4:af:1f:34:43:f3:92:d0:29:f2:2e:26:5f:
         d6:e5:ec:0a:b6:78:2f:cd:21:f4:bd:e9:09:45:9f:cd:44:0f:
         04:34:18:a5:d3:2f:53:ce:08:7c:9c:0a:27:c5:00:04:be:50:
         40:32:aa:5f:7e:c6:80:c2:f2:b9:1a:03:92:a6:c2:42:2c:bd:
         ed:46:27:d1:d1:39:96:95:d7:6c:52:1e:53:ae:a5:bd:91:3e:
         60:b1:27:ed:5f:07:79:03:df:21:fe:2f:dd:e0:1d:46:9c:d2:
         39:85:6d:aa:de:7e:09:df:75:fe:cd:76:8b:de:0c:f8:cb:ef:
         2a:f2:2a:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ38D0SNesd+YpmE0SSo1fHyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxOTNmZmU5ZGIzNzYyNmIxM2Y4NWQ3Y2M0NTdhYWQ1YzFm
MzBjOWYwHhcNMjYwNTA2MDY1MjMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGFiNGY4NzY2YzZjZjNhY2ExODlhNThlYzQ5N2Q4ZTk2YjdiZjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphzn6DmbXyPd+nToikwthn1JpUi6
bgYT2A95UaRuDbs7S0RhIVXFq8sGh+Vc5jmUCBKJ6GFzO+IRehEMCf/KpMqRecR6
vqyEmF1V2prk3gRCnvXJ6CVsvY5/6EvD3kBxhe8g9mFqklYadc/WuqejI+MEPF85
rQP59n3gBXyqJW7oh7KIiyI/LBZMqp/TEY2NyjdfD9faKeUGEW+g/kHefatslfqo
B0EOgZBkb7py5OZrcN5CkOiw+/3TpWhlNxwKT2Yub/3HwNogEQ6t6KZ6oTOpB0W7
lYyB23PXZfHkX/u087ZS8iVsbW+deo3+ZKOwa7RkSLJlNu5+mnAt4bK3uwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPSrT4dmxs86yhiaWOxJfY6Wt78zMB8GA1UdIwQY
MBaAFIGT/+nbN2JrE/hdfMRXqtXB8wyfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODkt
MDhkMTI3MGMyZTcxLzEvOUt0UGgyYkd6enJLR0pwWTdFbDlqcGEzdnpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODktMDhkMTI3MGMyZTcx
LzEvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBU5MeMA0G
CSqGSIb3DQEBCwUAA4IBAQBVRUNQvz3paU003+or8ja/+HWnfP2wDyYi3UV6oKWk
DT0ZwoKn4mZbDoO79s1aPeQ+3Lr/TsKo18nijSMaItvFmOzWbvvHnPcdo28deWTg
aBOz4WS3crfvN8dGyrot2D4ncGSd2bKYD452lzO4L2oe+EhMMEbG5sQcbxshYv6f
E/kd4qSvHzRD85LQKfIuJl/W5ewKtngvzSH0vekJRZ/NRA8ENBil0y9Tzgh8nAon
xQAEvlBAMqpffsaAwvK5GgOSpsJCLL3tRifR0TmWlddsUh5TrqW9kT5gsSftXwd5
A98h/i/d4B1GnNI5hW2q3n4J33X+zXaL3gz4y+8q8ios
-----END CERTIFICATE-----