Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/93od_JJTHV0tN640pXkw-FlzA-c.roa
File:                     93od_JJTHV0tN640pXkw-FlzA-c.roa (raw, json)
Hash identifier:          LW6Tg3WPAazdC5T9I5Hy89AZoMfMT1cdunnmI6cgYBM=
Subject key identifier:   F7:7A:1D:FC:92:53:1D:5D:2D:37:AE:34:A5:79:30:F8:59:73:03:E7
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       019C4FAF46EF9D30FF21ED420C182510808C
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/93od_JJTHV0tN640pXkw-FlzA-c.roa
Signing time:             Thu 12 Feb 2026 02:30:12 +0000
ROA not before:           Thu 12 Feb 2026 02:30:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198584
IP address blocks:        89.44.243.0/24 maxlen: 24
                          185.3.200.0/24 maxlen: 24
                          188.212.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 17:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:4f:af:46:ef:9d:30:ff:21:ed:42:0c:18:25:10:80:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Feb 12 02:30:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f77a1dfc92531d5d2d37ae34a57930f8597303e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:1d:53:2d:5e:74:f4:b5:e1:2c:66:4a:11:ea:
                    92:a3:5e:c4:21:c6:0e:d0:9b:a5:f6:e4:3a:09:86:
                    c5:b6:66:14:f5:5c:5a:e2:53:05:56:74:9e:b1:70:
                    25:bd:d7:4e:c2:b7:16:80:a7:c6:b4:75:fc:22:4f:
                    e8:ed:d3:23:5c:ea:a4:68:dd:33:ce:34:e4:4e:d6:
                    e4:cb:ee:b1:13:c1:e1:50:fc:4d:a6:76:3d:82:df:
                    9d:74:88:7c:1f:8c:ee:19:55:e1:33:67:d6:1c:a0:
                    97:7b:dc:a2:b6:de:b6:88:fb:13:15:c7:23:54:3a:
                    57:68:c2:23:b0:7b:b8:80:26:0c:aa:c5:6c:24:36:
                    35:54:de:bb:e4:56:70:13:f5:83:1e:4c:aa:cc:21:
                    49:bc:5e:09:8e:2c:71:0a:c2:c1:86:29:0c:88:ce:
                    a7:45:78:e4:66:d9:66:95:a2:d1:94:2a:25:a8:e9:
                    ba:71:73:e9:b4:87:e5:24:32:be:13:d9:9d:c9:79:
                    10:3c:b1:8b:85:b3:5e:4b:f8:ae:b7:5f:0a:33:4a:
                    f3:65:a0:63:ca:9c:57:17:20:48:35:9f:ae:c6:5b:
                    13:4a:16:ea:b2:13:bb:70:2e:e9:7f:88:e7:01:00:
                    93:8d:68:3f:13:79:06:19:68:67:c4:c7:8f:f3:16:
                    3e:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:7A:1D:FC:92:53:1D:5D:2D:37:AE:34:A5:79:30:F8:59:73:03:E7
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/93od_JJTHV0tN640pXkw-FlzA-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.44.243.0/24
                  185.3.200.0/24
                  188.212.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:ab:b4:fb:79:b9:77:49:64:71:5e:6c:9b:76:07:59:40:93:
         f6:af:2b:eb:8f:36:82:db:60:05:10:01:1f:6c:76:ef:d2:42:
         c2:3b:13:b6:dc:18:27:13:53:8e:44:23:2d:4c:5d:64:81:8f:
         07:38:51:2f:c3:6a:ad:2b:0e:ab:72:a3:0c:d7:d4:df:85:51:
         da:89:ab:0b:d1:4a:73:a8:6b:bc:7b:1b:61:65:c0:b8:14:15:
         cf:1f:8a:f7:ae:f5:33:5b:62:6c:da:c3:9e:0b:67:36:c7:dc:
         2f:f3:f5:dc:4c:0f:52:0d:0b:e6:62:4c:f0:d6:75:44:db:eb:
         28:49:e1:54:88:72:8b:5a:08:e2:fc:55:5b:d6:50:ce:1e:7f:
         5d:49:62:50:3c:b2:0d:59:f5:6d:59:55:74:72:b1:c4:91:23:
         ef:42:d1:61:f2:a4:79:2c:1c:35:5c:06:93:98:d7:b3:d0:f8:
         09:c8:fa:e2:03:a9:c2:8e:c7:ff:7a:32:89:c6:c9:85:01:a7:
         d2:ca:e4:41:d9:b9:48:a3:64:a4:c1:5f:f2:12:89:6e:0d:40:
         cc:44:f2:fc:11:df:08:3c:f7:d5:06:83:ec:e8:5a:50:cf:e1:
         25:11:b1:46:06:cb:ea:55:88:88:92:92:80:59:45:2c:d4:30:
         39:5c:0c:d8
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZxPr0bvnTD/Ie1CDBglEICMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjYwMjEyMDIzMDEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzdhMWRmYzkyNTMxZDVkMmQzN2FlMzRhNTc5MzBmODU5NzMwM2U3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvB1TLV509LXhLGZKEeqSo17EIcYO
0Jul9uQ6CYbFtmYU9Vxa4lMFVnSesXAlvddOwrcWgKfGtHX8Ik/o7dMjXOqkaN0z
zjTkTtbky+6xE8HhUPxNpnY9gt+ddIh8H4zuGVXhM2fWHKCXe9yitt62iPsTFccj
VDpXaMIjsHu4gCYMqsVsJDY1VN675FZwE/WDHkyqzCFJvF4JjixxCsLBhikMiM6n
RXjkZtlmlaLRlColqOm6cXPptIflJDK+E9mdyXkQPLGLhbNeS/iut18KM0rzZaBj
ypxXFyBINZ+uxlsTShbqshO7cC7pf4jnAQCTjWg/E3kGGWhnxMeP8xY+pQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPd6HfySUx1dLTeuNKV5MPhZcwPnMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvOTNvZF9KSlRIVjB0TjY0MHBYa3ctRmx6QS1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWSzzAwQA
uQPIAwQAvNRiMA0GCSqGSIb3DQEBCwUAA4IBAQAKq7T7ebl3SWRxXmybdgdZQJP2
ryvrjzaC22AFEAEfbHbv0kLCOxO23BgnE1OORCMtTF1kgY8HOFEvw2qtKw6rcqMM
19TfhVHaiasL0UpzqGu8exthZcC4FBXPH4r3rvUzW2Js2sOeC2c2x9wv8/XcTA9S
DQvmYkzw1nVE2+soSeFUiHKLWgji/FVb1lDOHn9dSWJQPLINWfVtWVV0crHEkSPv
QtFh8qR5LBw1XAaTmNez0PgJyPriA6nCjsf/ejKJxsmFAafSyuRB2blIo2SkwV/y
EoluDUDMRPL8Ed8IPPfVBoPs6FpQz+ElEbFGBsvqVYiIkpKAWUUs1DA5XAzY
-----END CERTIFICATE-----