Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f9c36d-e526-428c-9ed7-3a17754c8bc0/1/hR2Y21D7bGLkXBKfLZ5CaTvZjkk.roa
File:                     hR2Y21D7bGLkXBKfLZ5CaTvZjkk.roa (raw, json)
Hash identifier:          YlH5pSNmOHP/rxbn9aW9AqtUI/I4F8K3HIAacFaEpNQ=
Subject key identifier:   85:1D:98:DB:50:FB:6C:62:E4:5C:12:9F:2D:9E:42:69:3B:D9:8E:49
Certificate issuer:       /CN=081e0c54425bf1809b6cd9ca903355b6f60370cc
Certificate serial:       019E92765918688C9147B5F48B394D701B03
Authority key identifier: 08:1E:0C:54:42:5B:F1:80:9B:6C:D9:CA:90:33:55:B6:F6:03:70:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CB4MVEJb8YCbbNnKkDNVtvYDcMw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f9c36d-e526-428c-9ed7-3a17754c8bc0/1/hR2Y21D7bGLkXBKfLZ5CaTvZjkk.roa
Signing time:             Thu 04 Jun 2026 11:48:09 +0000
ROA not before:           Thu 04 Jun 2026 11:48:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6848
IP address blocks:        193.108.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/f9c36d-e526-428c-9ed7-3a17754c8bc0/1/CB4MVEJb8YCbbNnKkDNVtvYDcMw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/f9c36d-e526-428c-9ed7-3a17754c8bc0/1/CB4MVEJb8YCbbNnKkDNVtvYDcMw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CB4MVEJb8YCbbNnKkDNVtvYDcMw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 11:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:92:76:59:18:68:8c:91:47:b5:f4:8b:39:4d:70:1b:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=081e0c54425bf1809b6cd9ca903355b6f60370cc
        Validity
            Not Before: Jun  4 11:48:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=851d98db50fb6c62e45c129f2d9e42693bd98e49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:ad:ad:6e:ad:ec:bc:3e:9e:b0:16:21:f5:b0:
                    01:c5:19:c5:d1:76:1c:fc:b7:16:43:c3:11:ac:7f:
                    10:ca:de:a4:b8:02:66:a5:d1:6e:27:57:ab:20:3f:
                    bf:f9:2f:bb:e6:b0:41:e8:cc:21:e7:3c:76:65:dd:
                    2b:50:68:e4:6f:4f:5b:7f:ec:65:06:b2:d0:2d:bc:
                    ac:ea:ee:5b:b5:d2:8e:9b:bd:76:c5:e1:16:9b:b4:
                    8e:8d:28:af:56:6c:cb:1d:59:11:0e:b8:68:7b:6f:
                    31:36:5b:e5:f0:e8:d5:2f:b5:e9:4d:e7:7d:30:18:
                    a3:22:c2:40:30:18:23:91:df:58:0e:b6:49:bf:f9:
                    af:b8:1c:44:cd:ff:ad:8b:e1:3f:8d:bf:ff:8c:1a:
                    4d:82:af:cc:7d:a9:0e:4d:61:9c:99:d9:fb:a3:79:
                    03:a4:66:7b:28:43:12:f5:ee:be:5b:cc:5c:0e:7a:
                    c9:4c:ff:da:5e:31:fd:86:97:73:a5:49:69:a5:f5:
                    f5:2c:cd:8c:a4:7c:35:b1:f1:c3:0d:aa:d8:2d:94:
                    ec:69:8b:2d:d8:b8:32:8b:06:bb:fb:2a:43:2b:c4:
                    29:17:95:2b:c5:bc:e8:c5:5d:97:e2:66:ab:83:20:
                    8c:ac:e3:03:cf:0f:50:db:e2:85:b2:d9:d5:19:59:
                    35:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:1D:98:DB:50:FB:6C:62:E4:5C:12:9F:2D:9E:42:69:3B:D9:8E:49
            X509v3 Authority Key Identifier:
                keyid:08:1E:0C:54:42:5B:F1:80:9B:6C:D9:CA:90:33:55:B6:F6:03:70:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CB4MVEJb8YCbbNnKkDNVtvYDcMw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f9c36d-e526-428c-9ed7-3a17754c8bc0/1/hR2Y21D7bGLkXBKfLZ5CaTvZjkk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f9c36d-e526-428c-9ed7-3a17754c8bc0/1/CB4MVEJb8YCbbNnKkDNVtvYDcMw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:45:e0:e9:2c:ac:1d:c9:e8:47:15:6d:c6:f7:5b:65:15:6e:
         87:3b:1d:5f:e1:75:59:8a:b1:8b:56:28:e7:5e:88:35:bc:c2:
         2e:49:5d:9d:0e:a1:98:f3:31:a3:91:31:47:f1:92:63:5b:25:
         21:9b:46:82:5f:be:4e:0b:3f:94:32:94:66:59:2f:49:71:9d:
         c2:c4:83:49:eb:94:12:76:ac:1d:ba:96:38:1e:fe:2f:33:70:
         22:31:9b:6c:63:46:55:3c:51:03:eb:74:5f:80:14:af:25:81:
         60:48:50:cb:fb:3b:6d:03:d8:2c:07:67:03:86:a5:47:28:0f:
         c2:f2:d3:fb:a7:8d:29:27:9f:1e:16:1b:6a:5b:82:4a:34:87:
         26:51:5e:f1:aa:44:ea:73:d5:61:f0:aa:51:05:db:16:ae:ea:
         21:07:14:5b:3a:c3:a9:48:03:2a:26:76:c8:08:b4:6b:fe:ee:
         46:b7:87:7d:82:05:2d:11:8a:6d:fd:f1:09:b5:23:64:63:42:
         60:42:0e:40:ee:7c:99:99:e3:c2:cc:4f:de:6d:e1:40:7f:f3:
         a1:d4:2e:e2:25:fa:92:c5:44:79:89:30:0c:ab:3d:d8:9d:c6:
         00:da:9b:be:60:67:a0:57:59:4a:41:d7:05:06:fc:f7:5e:da:
         55:fc:21:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6SdlkYaIyRR7X0izlNcBsDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MWUwYzU0NDI1YmYxODA5YjZjZDljYTkwMzM1NWI2ZjYw
MzcwY2MwHhcNMjYwNjA0MTE0ODA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTFkOThkYjUwZmI2YzYyZTQ1YzEyOWYyZDllNDI2OTNiZDk4ZTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsK2tbq3svD6esBYh9bABxRnF0XYc
/LcWQ8MRrH8Qyt6kuAJmpdFuJ1erID+/+S+75rBB6Mwh5zx2Zd0rUGjkb09bf+xl
BrLQLbys6u5btdKOm712xeEWm7SOjSivVmzLHVkRDrhoe28xNlvl8OjVL7XpTed9
MBijIsJAMBgjkd9YDrZJv/mvuBxEzf+ti+E/jb//jBpNgq/MfakOTWGcmdn7o3kD
pGZ7KEMS9e6+W8xcDnrJTP/aXjH9hpdzpUlppfX1LM2MpHw1sfHDDarYLZTsaYst
2Lgyiwa7+ypDK8QpF5UrxbzoxV2X4margyCMrOMDzw9Q2+KFstnVGVk1KwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIUdmNtQ+2xi5FwSny2eQmk72Y5JMB8GA1UdIwQY
MBaAFAgeDFRCW/GAm2zZypAzVbb2A3DMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0I0TVZFSmI4WUNiYk5uS2tETlZ0dllEY013LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mOWMzNmQtZTUyNi00MjhjLTllZDct
M2ExNzc1NGM4YmMwLzEvaFIyWTIxRDdiR0xrWEJLZkxaNUNhVHZaamtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mOWMzNmQtZTUyNi00MjhjLTllZDctM2ExNzc1NGM4YmMw
LzEvQ0I0TVZFSmI4WUNiYk5uS2tETlZ0dllEY013LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWzJMA0G
CSqGSIb3DQEBCwUAA4IBAQB2ReDpLKwdyehHFW3G91tlFW6HOx1f4XVZirGLVijn
Xog1vMIuSV2dDqGY8zGjkTFH8ZJjWyUhm0aCX75OCz+UMpRmWS9JcZ3CxINJ65QS
dqwdupY4Hv4vM3AiMZtsY0ZVPFED63RfgBSvJYFgSFDL+zttA9gsB2cDhqVHKA/C
8tP7p40pJ58eFhtqW4JKNIcmUV7xqkTqc9Vh8KpRBdsWruohBxRbOsOpSAMqJnbI
CLRr/u5Gt4d9ggUtEYpt/fEJtSNkY0JgQg5A7nyZmePCzE/ebeFAf/Oh1C7iJfqS
xUR5iTAMqz3YncYA2pu+YGegV1lKQdcFBvz3XtpV/CHd
-----END CERTIFICATE-----