Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/3dd6c3-69c9-45b0-9ce6-b46d072f60f4/1/AptVZmy3_ItS_TkajqAe7kmL-_g.roa
File:                     AptVZmy3_ItS_TkajqAe7kmL-_g.roa (raw, json)
Hash identifier:          RA6pgWpcf8eG2XE0T6xxg33Mvuf+5VmFUkJi/0cT6G8=
Subject key identifier:   02:9B:55:66:6C:B7:FC:8B:52:FD:39:1A:8E:A0:1E:EE:49:8B:FB:F8
Certificate issuer:       /CN=73872663fcd7fead705c876911ad01a327d7beeb
Certificate serial:       019E923A4053C7D3AD75859B369318268884
Authority key identifier: 73:87:26:63:FC:D7:FE:AD:70:5C:87:69:11:AD:01:A3:27:D7:BE:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c4cmY_zX_q1wXIdpEa0BoyfXvus.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/3dd6c3-69c9-45b0-9ce6-b46d072f60f4/1/AptVZmy3_ItS_TkajqAe7kmL-_g.roa
Signing time:             Thu 04 Jun 2026 10:42:31 +0000
ROA not before:           Thu 04 Jun 2026 10:42:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212608
IP address blocks:        193.163.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/3dd6c3-69c9-45b0-9ce6-b46d072f60f4/1/c4cmY_zX_q1wXIdpEa0BoyfXvus.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/3dd6c3-69c9-45b0-9ce6-b46d072f60f4/1/c4cmY_zX_q1wXIdpEa0BoyfXvus.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c4cmY_zX_q1wXIdpEa0BoyfXvus.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:92:3a:40:53:c7:d3:ad:75:85:9b:36:93:18:26:88:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73872663fcd7fead705c876911ad01a327d7beeb
        Validity
            Not Before: Jun  4 10:42:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=029b55666cb7fc8b52fd391a8ea01eee498bfbf8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:25:9e:eb:f6:17:1d:1f:ad:d6:4e:d9:6b:fe:
                    98:d7:07:8f:13:96:1a:0b:52:b8:46:0d:60:88:09:
                    8d:30:50:30:79:3a:d6:06:33:87:59:e4:0a:de:33:
                    28:c9:fc:6e:ce:f5:4d:39:ea:93:d4:b6:4b:4d:61:
                    d7:70:15:a1:1a:fd:d4:75:8a:80:5b:28:d1:5c:38:
                    72:8d:91:b4:63:56:65:0c:f6:8c:17:1b:d0:0b:2b:
                    83:38:b1:c7:4e:66:82:16:1b:6c:03:bb:39:12:21:
                    c4:db:37:5d:41:df:2b:56:f0:32:de:9a:32:a6:bd:
                    45:a9:5d:c6:d5:97:1c:e9:a6:8c:86:26:ab:cf:68:
                    b4:79:f4:9e:b9:8e:5c:6d:bd:f4:55:d3:af:a8:b1:
                    a9:e0:e3:9f:35:0a:d7:4d:16:98:f6:78:dc:76:cc:
                    88:97:6a:b6:13:14:d4:0d:4f:62:10:ef:08:70:7c:
                    15:1d:33:c5:3e:8b:0a:06:2d:5b:ea:b8:a6:7f:3e:
                    38:32:a4:62:c0:7b:ef:24:80:86:2a:6a:d4:36:7e:
                    62:75:81:20:4e:fc:c2:6e:08:06:f7:13:ff:77:33:
                    ea:82:fb:ef:94:d3:ba:2f:5a:29:f3:df:de:17:cb:
                    5e:d1:d3:d6:ae:ce:8a:c5:a9:58:ff:da:5a:e1:16:
                    19:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:9B:55:66:6C:B7:FC:8B:52:FD:39:1A:8E:A0:1E:EE:49:8B:FB:F8
            X509v3 Authority Key Identifier:
                keyid:73:87:26:63:FC:D7:FE:AD:70:5C:87:69:11:AD:01:A3:27:D7:BE:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4cmY_zX_q1wXIdpEa0BoyfXvus.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/3dd6c3-69c9-45b0-9ce6-b46d072f60f4/1/AptVZmy3_ItS_TkajqAe7kmL-_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/3dd6c3-69c9-45b0-9ce6-b46d072f60f4/1/c4cmY_zX_q1wXIdpEa0BoyfXvus.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:8d:b8:c8:5f:0a:81:f5:1f:18:fa:1e:19:39:fc:4a:17:0b:
         ab:fc:14:20:7b:2e:91:d6:a5:d2:a9:5a:b1:7a:b0:76:0b:ba:
         fc:db:75:8b:2d:13:42:0f:36:2e:3d:4c:58:dc:89:4c:61:54:
         95:be:44:48:ad:12:69:1a:f6:d2:42:f9:a5:90:1c:a1:ba:4f:
         39:35:1a:c8:7c:3b:40:af:ae:32:48:81:f2:2c:db:19:dc:ae:
         22:94:28:b0:fe:7e:93:c0:12:71:88:d6:27:f6:dd:9f:80:47:
         b7:de:e6:f2:f8:b6:73:0b:50:ea:09:87:7f:00:ec:45:94:e7:
         c4:3a:84:18:6d:24:11:cb:b7:b7:0c:2a:04:5e:5b:64:b9:4f:
         a1:1d:25:5d:28:7c:5d:fd:eb:db:4f:99:a0:9c:a5:34:c1:97:
         66:5c:1e:5d:33:60:42:9c:a2:35:58:20:90:f6:ef:a6:10:99:
         70:de:1b:df:cb:0b:d3:e2:df:bb:0e:5f:6d:54:27:f7:a8:a8:
         5d:43:2a:20:60:07:d4:82:b6:f8:07:77:08:c8:7d:17:e4:7d:
         5b:75:23:2f:1b:2e:d2:35:00:9f:85:bd:8b:ff:94:3a:48:01:
         5b:62:f3:f2:eb:3b:9c:af:c9:2d:ba:fe:6e:c5:b2:0b:eb:9f:
         ef:e9:6c:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6SOkBTx9OtdYWbNpMYJoiEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczODcyNjYzZmNkN2ZlYWQ3MDVjODc2OTExYWQwMWEzMjdk
N2JlZWIwHhcNMjYwNjA0MTA0MjMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjliNTU2NjZjYjdmYzhiNTJmZDM5MWE4ZWEwMWVlZTQ5OGJmYmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCWe6/YXHR+t1k7Za/6Y1wePE5Ya
C1K4Rg1giAmNMFAweTrWBjOHWeQK3jMoyfxuzvVNOeqT1LZLTWHXcBWhGv3UdYqA
WyjRXDhyjZG0Y1ZlDPaMFxvQCyuDOLHHTmaCFhtsA7s5EiHE2zddQd8rVvAy3poy
pr1FqV3G1Zcc6aaMhiarz2i0efSeuY5cbb30VdOvqLGp4OOfNQrXTRaY9njcdsyI
l2q2ExTUDU9iEO8IcHwVHTPFPosKBi1b6rimfz44MqRiwHvvJICGKmrUNn5idYEg
TvzCbggG9xP/dzPqgvvvlNO6L1op89/eF8te0dPWrs6KxalY/9pa4RYZSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAKbVWZst/yLUv05Go6gHu5Ji/v4MB8GA1UdIwQY
MBaAFHOHJmP81/6tcFyHaRGtAaMn177rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzRjbVlfelhfcTF3WElkcEVhMEJveWZYdnVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC8zZGQ2YzMtNjljOS00NWIwLTljZTYt
YjQ2ZDA3MmY2MGY0LzEvQXB0VlpteTNfSXRTX1RrYWpxQWU3a21MLV9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC8zZGQ2YzMtNjljOS00NWIwLTljZTYtYjQ2ZDA3MmY2MGY0
LzEvYzRjbVlfelhfcTF3WElkcEVhMEJveWZYdnVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaM1MA0G
CSqGSIb3DQEBCwUAA4IBAQBWjbjIXwqB9R8Y+h4ZOfxKFwur/BQgey6R1qXSqVqx
erB2C7r823WLLRNCDzYuPUxY3IlMYVSVvkRIrRJpGvbSQvmlkByhuk85NRrIfDtA
r64ySIHyLNsZ3K4ilCiw/n6TwBJxiNYn9t2fgEe33uby+LZzC1DqCYd/AOxFlOfE
OoQYbSQRy7e3DCoEXltkuU+hHSVdKHxd/evbT5mgnKU0wZdmXB5dM2BCnKI1WCCQ
9u+mEJlw3hvfywvT4t+7Dl9tVCf3qKhdQyogYAfUgrb4B3cIyH0X5H1bdSMvGy7S
NQCfhb2L/5Q6SAFbYvPy6zucr8ktuv5uxbIL65/v6Wzs
-----END CERTIFICATE-----