Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/CLvieQcycU-jVZ0rNWe_Whtp7K0.roa
File:                     CLvieQcycU-jVZ0rNWe_Whtp7K0.roa (raw, json)
Hash identifier:          GhFSAlJ6xb+CTvebpjppk9iI+LSCfFhHd2oyvaT4u6I=
Subject key identifier:   08:BB:E2:79:07:32:71:4F:A3:55:9D:2B:35:67:BF:5A:1B:69:EC:AD
Certificate issuer:       /CN=62a15cc88659f578cc159c52b3a7e9ec5819fb20
Certificate serial:       019D68B67179018528FB67F085A374C275FF
Authority key identifier: 62:A1:5C:C8:86:59:F5:78:CC:15:9C:52:B3:A7:E9:EC:58:19:FB:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/CLvieQcycU-jVZ0rNWe_Whtp7K0.roa
Signing time:             Tue 07 Apr 2026 16:11:20 +0000
ROA not before:           Tue 07 Apr 2026 16:11:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206715
IP address blocks:        93.89.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:68:b6:71:79:01:85:28:fb:67:f0:85:a3:74:c2:75:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62a15cc88659f578cc159c52b3a7e9ec5819fb20
        Validity
            Not Before: Apr  7 16:11:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=08bbe2790732714fa3559d2b3567bf5a1b69ecad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:5f:8b:14:df:15:b1:29:d1:56:e5:8e:61:31:
                    05:66:74:d9:13:83:96:33:40:ad:d4:2a:71:43:5e:
                    9a:60:24:16:c1:ee:6f:69:b2:eb:fb:aa:3d:2b:8a:
                    4c:74:9d:fb:c7:95:00:58:81:bb:bf:4e:ff:a9:7d:
                    0e:79:ae:97:7e:77:31:d6:6e:dc:03:46:cb:64:b1:
                    38:45:46:cd:c1:33:bd:c4:5b:c3:b7:f2:90:76:48:
                    87:59:7e:83:83:ba:8c:4f:49:f1:f0:96:b2:81:fc:
                    f4:50:78:fc:ed:f4:01:8f:a1:fd:14:67:0c:04:b6:
                    f1:19:1f:48:28:4a:9d:bb:f1:c7:69:db:0a:5f:5f:
                    16:d8:a1:a7:f7:dc:db:51:70:36:92:b7:47:15:37:
                    37:1c:7e:36:bf:4e:57:3a:cc:c3:84:61:69:b4:6a:
                    c7:2d:e4:f5:31:f6:9c:8d:0f:a9:e6:fc:24:f4:ce:
                    35:63:76:c0:1b:6b:fc:a7:30:b1:58:11:9c:48:05:
                    eb:32:0d:e7:6b:c9:4e:eb:89:26:e7:72:e4:cc:a0:
                    60:27:9f:05:d0:15:ef:13:31:47:cc:e6:21:ee:69:
                    86:18:b1:6a:07:27:9f:84:f5:72:44:c9:18:f1:6c:
                    fd:f8:b1:3c:67:f3:a5:d7:44:de:eb:c2:a1:e0:d1:
                    bc:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:BB:E2:79:07:32:71:4F:A3:55:9D:2B:35:67:BF:5A:1B:69:EC:AD
            X509v3 Authority Key Identifier:
                keyid:62:A1:5C:C8:86:59:F5:78:CC:15:9C:52:B3:A7:E9:EC:58:19:FB:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/CLvieQcycU-jVZ0rNWe_Whtp7K0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.89.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:61:50:72:3b:4e:c9:21:66:5b:d6:23:ed:4b:82:97:c9:0f:
         50:1d:c7:6f:aa:aa:b4:33:c8:f4:bc:84:b2:60:af:d9:a0:b8:
         74:64:51:f0:e3:c9:fd:37:1f:9d:6d:94:e7:a3:a1:88:86:ca:
         04:97:02:16:d5:bd:fb:72:b5:79:f0:a3:d8:dd:78:00:03:2b:
         b8:98:41:13:45:ea:2d:01:10:87:9e:19:56:6e:19:18:a0:ce:
         52:b5:42:02:2b:16:80:c9:4e:03:45:c4:87:a0:4e:f1:e5:ca:
         e4:c3:81:06:22:3b:e8:98:75:8c:99:5b:8d:50:7f:f5:9b:d6:
         da:52:ca:30:ec:7e:67:fb:6f:04:85:7c:1f:0e:3d:31:53:be:
         9f:45:4e:ac:89:c1:8a:8c:95:35:7a:86:b9:9a:c5:ad:e6:9b:
         2e:e2:98:6d:64:7d:d1:2a:48:0e:b9:97:a3:ab:06:f2:c5:bd:
         06:c6:ca:d6:80:0a:3c:27:d8:9d:8f:70:db:dc:51:fb:d1:1e:
         eb:bd:fa:31:cd:17:b2:d6:56:7f:08:36:26:6d:bc:77:c0:db:
         d5:10:66:2f:ad:01:5b:0d:35:5f:09:96:0a:1d:58:3e:d8:63:
         3f:61:61:cc:b8:c5:33:04:da:87:5f:6f:57:5f:37:2e:92:da:
         43:b2:0b:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1otnF5AYUo+2fwhaN0wnX/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyYTE1Y2M4ODY1OWY1NzhjYzE1OWM1MmIzYTdlOWVjNTgx
OWZiMjAwHhcNMjYwNDA3MTYxMTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGJiZTI3OTA3MzI3MTRmYTM1NTlkMmIzNTY3YmY1YTFiNjllY2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1+LFN8VsSnRVuWOYTEFZnTZE4OW
M0Ct1CpxQ16aYCQWwe5vabLr+6o9K4pMdJ37x5UAWIG7v07/qX0Oea6Xfncx1m7c
A0bLZLE4RUbNwTO9xFvDt/KQdkiHWX6Dg7qMT0nx8Jaygfz0UHj87fQBj6H9FGcM
BLbxGR9IKEqdu/HHadsKX18W2KGn99zbUXA2krdHFTc3HH42v05XOszDhGFptGrH
LeT1MfacjQ+p5vwk9M41Y3bAG2v8pzCxWBGcSAXrMg3na8lO64km53LkzKBgJ58F
0BXvEzFHzOYh7mmGGLFqByefhPVyRMkY8Wz9+LE8Z/Ol10Te68Kh4NG8BwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAi74nkHMnFPo1WdKzVnv1obaeytMB8GA1UdIwQY
MBaAFGKhXMiGWfV4zBWcUrOn6exYGfsgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXFGY3lJWlo5WGpNRlp4U3M2ZnA3RmdaLXlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi8yMTE3YmMtMWY5ZS00NTkwLWE1NTAt
NDI2OWI1NmJmN2Q0LzEvQ0x2aWVRY3ljVS1qVlowck5XZV9XaHRwN0swLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi8yMTE3YmMtMWY5ZS00NTkwLWE1NTAtNDI2OWI1NmJmN2Q0
LzEvWXFGY3lJWlo5WGpNRlp4U3M2ZnA3RmdaLXlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXVnYMA0G
CSqGSIb3DQEBCwUAA4IBAQAQYVByO07JIWZb1iPtS4KXyQ9QHcdvqqq0M8j0vISy
YK/ZoLh0ZFHw48n9Nx+dbZTno6GIhsoElwIW1b37crV58KPY3XgAAyu4mEETReot
ARCHnhlWbhkYoM5StUICKxaAyU4DRcSHoE7x5crkw4EGIjvomHWMmVuNUH/1m9ba
Usow7H5n+28EhXwfDj0xU76fRU6sicGKjJU1eoa5msWt5psu4phtZH3RKkgOuZej
qwbyxb0GxsrWgAo8J9idj3Db3FH70R7rvfoxzRey1lZ/CDYmbbx3wNvVEGYvrQFb
DTVfCZYKHVg+2GM/YWHMuMUzBNqHX29XXzcuktpDsguQ
-----END CERTIFICATE-----