Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/31431e-5a7d-4fc3-a88d-47f043fba13b/1/jQk4n2Iufw-SBEbcUGtAauX2sSw.roa
File:                     jQk4n2Iufw-SBEbcUGtAauX2sSw.roa (raw, json)
Hash identifier:          rbAWiUL35TgjvamvYnERtV7EjIaR0BKmbsf8zHOfaz4=
Subject key identifier:   8D:09:38:9F:62:2E:7F:0F:92:04:46:DC:50:6B:40:6A:E5:F6:B1:2C
Certificate issuer:       /CN=d8f1fbdbce2145a0db6900609f7c54732dfb0cd8
Certificate serial:       019D90A36DD780899806C6C56FCFE7D97046
Authority key identifier: D8:F1:FB:DB:CE:21:45:A0:DB:69:00:60:9F:7C:54:73:2D:FB:0C:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2PH7284hRaDbaQBgn3xUcy37DNg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/31431e-5a7d-4fc3-a88d-47f043fba13b/1/jQk4n2Iufw-SBEbcUGtAauX2sSw.roa
Signing time:             Wed 15 Apr 2026 10:15:22 +0000
ROA not before:           Wed 15 Apr 2026 10:15:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     4913
IP address blocks:        93.190.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/31431e-5a7d-4fc3-a88d-47f043fba13b/1/2PH7284hRaDbaQBgn3xUcy37DNg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/31431e-5a7d-4fc3-a88d-47f043fba13b/1/2PH7284hRaDbaQBgn3xUcy37DNg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2PH7284hRaDbaQBgn3xUcy37DNg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:90:a3:6d:d7:80:89:98:06:c6:c5:6f:cf:e7:d9:70:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8f1fbdbce2145a0db6900609f7c54732dfb0cd8
        Validity
            Not Before: Apr 15 10:15:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8d09389f622e7f0f920446dc506b406ae5f6b12c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:f0:bc:fb:c5:a9:7c:42:e6:6d:a7:cf:a8:ff:
                    d5:6f:e3:56:5d:cd:75:32:14:18:9b:00:c5:31:5b:
                    4a:f4:55:b7:92:8f:ca:3e:e9:a7:e0:74:d2:5a:50:
                    aa:44:dc:c7:06:fb:36:7c:70:7e:fe:a0:10:f5:ce:
                    63:76:36:35:b1:ff:df:14:b1:84:b7:bc:d4:02:09:
                    0e:07:c8:a2:02:d0:2a:3b:72:65:12:de:3e:1b:94:
                    5a:b4:f4:d4:dc:d1:ea:82:38:e0:68:15:ee:fd:9b:
                    b9:77:7a:8d:be:16:c4:3a:f2:35:77:30:8e:0d:0b:
                    45:39:07:95:15:11:12:a0:08:22:da:82:da:2e:cb:
                    77:06:4f:62:19:1a:ca:67:6a:29:d7:87:87:32:93:
                    ef:1d:b3:23:7d:50:e7:04:ec:68:0b:52:c4:1f:c9:
                    89:c7:3a:10:49:23:e0:1c:1f:e8:67:63:b8:b7:74:
                    c2:33:39:30:5f:27:e2:e0:28:bd:1a:bb:76:15:48:
                    f9:5b:54:da:cb:25:2a:4b:30:e7:6d:88:a5:d8:63:
                    59:0e:81:da:66:34:ce:43:fa:8b:17:a1:93:54:e3:
                    67:21:56:8b:37:df:d6:28:06:25:ae:1d:ae:ce:b4:
                    39:63:05:0c:da:2d:94:d3:dc:1f:2c:94:6e:44:f2:
                    80:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:09:38:9F:62:2E:7F:0F:92:04:46:DC:50:6B:40:6A:E5:F6:B1:2C
            X509v3 Authority Key Identifier:
                keyid:D8:F1:FB:DB:CE:21:45:A0:DB:69:00:60:9F:7C:54:73:2D:FB:0C:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2PH7284hRaDbaQBgn3xUcy37DNg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/31431e-5a7d-4fc3-a88d-47f043fba13b/1/jQk4n2Iufw-SBEbcUGtAauX2sSw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/31431e-5a7d-4fc3-a88d-47f043fba13b/1/2PH7284hRaDbaQBgn3xUcy37DNg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.190.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:5c:a0:1a:06:e9:65:52:7d:8c:47:f0:59:6c:d7:34:d6:aa:
         a5:9d:40:11:95:d3:e0:3e:d3:8e:cf:fe:e4:50:3d:3e:79:d5:
         42:73:37:a3:e2:56:9b:96:4d:d4:36:2b:4c:46:0c:4b:43:29:
         57:c4:46:22:0d:d5:59:2b:50:23:96:a3:f5:e1:3e:84:47:18:
         16:18:ef:99:a5:97:37:0b:9a:65:e6:c3:72:42:6b:27:5f:46:
         28:d5:2b:65:f5:52:8f:6b:c6:76:c0:0e:65:1d:eb:86:2a:99:
         9c:44:71:08:69:d2:7d:c6:91:70:49:4a:96:fd:e1:aa:50:cd:
         b3:5b:1e:a7:bc:26:aa:16:99:ce:51:33:b3:83:ff:9a:ab:43:
         de:f7:8c:f8:78:9b:f4:ce:ac:6d:f5:a9:8a:2d:2b:b1:13:01:
         d2:86:93:24:fa:69:2d:b8:64:73:ad:e4:75:a6:97:1e:0e:c0:
         d5:7c:b8:62:bb:ab:8d:3f:02:b1:b0:8b:6a:12:dc:00:41:2e:
         04:08:b6:2b:43:7e:34:fa:80:e4:dc:11:eb:6b:af:ec:c8:af:
         12:fd:34:c6:52:41:c8:04:65:95:e5:65:54:fb:7a:bc:f4:3f:
         e9:8e:f4:44:6c:5f:08:71:5e:e1:f1:dc:8e:20:72:66:7a:ca:
         23:85:91:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2Qo23XgImYBsbFb8/n2XBGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZjFmYmRiY2UyMTQ1YTBkYjY5MDA2MDlmN2M1NDczMmRm
YjBjZDgwHhcNMjYwNDE1MTAxNTIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDA5Mzg5ZjYyMmU3ZjBmOTIwNDQ2ZGM1MDZiNDA2YWU1ZjZiMTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovC8+8WpfELmbafPqP/Vb+NWXc11
MhQYmwDFMVtK9FW3ko/KPumn4HTSWlCqRNzHBvs2fHB+/qAQ9c5jdjY1sf/fFLGE
t7zUAgkOB8iiAtAqO3JlEt4+G5RatPTU3NHqgjjgaBXu/Zu5d3qNvhbEOvI1dzCO
DQtFOQeVFRESoAgi2oLaLst3Bk9iGRrKZ2op14eHMpPvHbMjfVDnBOxoC1LEH8mJ
xzoQSSPgHB/oZ2O4t3TCMzkwXyfi4Ci9Grt2FUj5W1TayyUqSzDnbYil2GNZDoHa
ZjTOQ/qLF6GTVONnIVaLN9/WKAYlrh2uzrQ5YwUM2i2U09wfLJRuRPKAUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI0JOJ9iLn8PkgRG3FBrQGrl9rEsMB8GA1UdIwQY
MBaAFNjx+9vOIUWg22kAYJ98VHMt+wzYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlBINzI4NGhSYURiYVFCZ24zeFVjeTM3RE5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS8zMTQzMWUtNWE3ZC00ZmMzLWE4OGQt
NDdmMDQzZmJhMTNiLzEvalFrNG4ySXVmdy1TQkViY1VHdEFhdVgyc1N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS8zMTQzMWUtNWE3ZC00ZmMzLWE4OGQtNDdmMDQzZmJhMTNi
LzEvMlBINzI4NGhSYURiYVFCZ24zeFVjeTM3RE5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXb66MA0G
CSqGSIb3DQEBCwUAA4IBAQB0XKAaBullUn2MR/BZbNc01qqlnUARldPgPtOOz/7k
UD0+edVCczej4lablk3UNitMRgxLQylXxEYiDdVZK1AjlqP14T6ERxgWGO+ZpZc3
C5pl5sNyQmsnX0Yo1Stl9VKPa8Z2wA5lHeuGKpmcRHEIadJ9xpFwSUqW/eGqUM2z
Wx6nvCaqFpnOUTOzg/+aq0Pe94z4eJv0zqxt9amKLSuxEwHShpMk+mktuGRzreR1
ppceDsDVfLhiu6uNPwKxsItqEtwAQS4ECLYrQ340+oDk3BHra6/syK8S/TTGUkHI
BGWV5WVU+3q89D/pjvREbF8IcV7h8dyOIHJmesojhZGH
-----END CERTIFICATE-----