Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/VC7TcHBWIB-c3OpUtL6VP47YHi8.roa
File:                     VC7TcHBWIB-c3OpUtL6VP47YHi8.roa (raw, json)
Hash identifier:          099WNuMzSaBOp6eqSfc+97pa+7DVJLfE15CwH7cknDQ=
Subject key identifier:   54:2E:D3:70:70:56:20:1F:9C:DC:EA:54:B4:BE:95:3F:8E:D8:1E:2F
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       019D90A7FC35ABE06115E3CAE26D7EB07B84
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/VC7TcHBWIB-c3OpUtL6VP47YHi8.roa
Signing time:             Wed 15 Apr 2026 10:20:21 +0000
ROA not before:           Wed 15 Apr 2026 10:20:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198946
IP address blocks:        93.171.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 04:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:90:a7:fc:35:ab:e0:61:15:e3:ca:e2:6d:7e:b0:7b:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Apr 15 10:20:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=542ed3707056201f9cdcea54b4be953f8ed81e2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:8d:d1:14:cc:93:fa:31:6c:a6:47:00:06:f9:
                    36:c0:67:d0:35:16:16:55:94:41:0f:d4:08:ed:87:
                    60:c4:bb:e2:5f:68:08:86:7b:91:aa:3d:36:9c:5f:
                    09:bf:27:7e:fa:7b:7d:f2:38:74:19:e1:25:7d:f5:
                    0d:87:6e:be:33:03:8a:19:d4:13:b7:ec:70:e1:07:
                    2b:5a:12:1c:07:67:11:fb:f3:64:b2:0a:f5:fd:5b:
                    53:9d:f6:bd:22:19:83:01:27:87:28:7f:e4:04:66:
                    b7:2c:49:c9:41:b7:05:94:1e:17:e8:3b:34:3c:36:
                    a6:bb:04:e5:6c:76:91:cd:5d:bf:68:af:6d:4a:33:
                    4f:79:dd:fe:a3:90:3a:7e:72:81:01:03:80:43:a0:
                    ee:5f:70:de:fd:54:20:38:70:a4:b5:f1:61:02:36:
                    c9:cc:db:d4:c0:b4:a1:29:20:de:98:b4:36:d7:2a:
                    42:6e:c4:bd:1e:54:e4:4a:dc:db:72:96:25:ef:b1:
                    4a:cf:76:84:94:d3:94:40:d3:56:c5:a8:db:5b:03:
                    b5:70:cf:26:3d:28:8d:2a:3d:9b:76:5e:cc:1e:1b:
                    4d:34:b1:35:d5:91:48:1e:53:1d:3d:24:42:33:04:
                    72:4b:bb:6c:d4:70:62:b9:9a:32:12:a3:e2:f5:d5:
                    9c:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:2E:D3:70:70:56:20:1F:9C:DC:EA:54:B4:BE:95:3F:8E:D8:1E:2F
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/VC7TcHBWIB-c3OpUtL6VP47YHi8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.171.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:8f:45:74:1b:1e:2f:46:30:83:e9:4b:51:1b:21:ac:c1:6a:
         ba:1b:26:4e:98:00:7a:f4:45:ee:9a:14:d7:87:b8:03:1b:27:
         c5:2c:04:dd:ea:0d:2c:a9:d7:42:81:20:88:95:e8:45:e7:fe:
         d1:92:48:7a:f9:63:54:b8:1b:3f:00:99:fb:b5:81:cb:d3:cd:
         e4:bc:68:ce:71:0b:f4:96:3e:33:c3:40:af:49:43:1b:4a:cf:
         0f:d5:55:9c:b2:39:e4:18:80:fc:d0:4f:e5:a6:b0:d5:a3:41:
         3c:44:e3:d6:41:57:f9:28:66:1f:73:9d:65:41:8f:e0:90:c3:
         17:fe:fb:40:84:30:1a:02:1b:ca:c2:71:b3:d1:2e:37:34:5f:
         78:94:e5:fc:94:87:dd:db:13:66:ca:4e:a4:7b:6c:96:09:2c:
         25:ea:e8:79:c2:9e:d2:bc:28:43:ab:04:f6:39:79:03:ab:fc:
         37:be:1d:8a:5c:db:f1:d9:dc:91:f9:ba:49:c1:8b:1b:fd:27:
         3d:95:03:49:1e:db:5a:fe:21:a2:15:64:a5:b4:d8:26:67:c2:
         11:8d:bc:38:bf:25:c9:24:8f:75:21:e1:68:76:9e:4f:c9:8c:
         33:fb:19:2a:ba:e3:a4:58:34:20:4c:a3:91:b3:96:79:3b:f8:
         1d:50:85:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2Qp/w1q+BhFePK4m1+sHuEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjYwNDE1MTAyMDIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDJlZDM3MDcwNTYyMDFmOWNkY2VhNTRiNGJlOTUzZjhlZDgxZTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1o3RFMyT+jFspkcABvk2wGfQNRYW
VZRBD9QI7YdgxLviX2gIhnuRqj02nF8Jvyd++nt98jh0GeElffUNh26+MwOKGdQT
t+xw4QcrWhIcB2cR+/Nksgr1/VtTnfa9IhmDASeHKH/kBGa3LEnJQbcFlB4X6Ds0
PDamuwTlbHaRzV2/aK9tSjNPed3+o5A6fnKBAQOAQ6DuX3De/VQgOHCktfFhAjbJ
zNvUwLShKSDemLQ21ypCbsS9HlTkStzbcpYl77FKz3aElNOUQNNWxajbWwO1cM8m
PSiNKj2bdl7MHhtNNLE11ZFIHlMdPSRCMwRyS7ts1HBiuZoyEqPi9dWcwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFQu03BwViAfnNzqVLS+lT+O2B4vMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvVkM3VGNIQldJQi1jM09wVXRMNlZQNDdZSGk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXavvMA0G
CSqGSIb3DQEBCwUAA4IBAQBEj0V0Gx4vRjCD6UtRGyGswWq6GyZOmAB69EXumhTX
h7gDGyfFLATd6g0sqddCgSCIlehF5/7Rkkh6+WNUuBs/AJn7tYHL083kvGjOcQv0
lj4zw0CvSUMbSs8P1VWcsjnkGID80E/lprDVo0E8ROPWQVf5KGYfc51lQY/gkMMX
/vtAhDAaAhvKwnGz0S43NF94lOX8lIfd2xNmyk6ke2yWCSwl6uh5wp7SvChDqwT2
OXkDq/w3vh2KXNvx2dyR+bpJwYsb/Sc9lQNJHtta/iGiFWSltNgmZ8IRjbw4vyXJ
JI91IeFodp5PyYwz+xkquuOkWDQgTKORs5Z5O/gdUIVe
-----END CERTIFICATE-----