Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/79d860-09ec-47bc-92f4-2a6a06060b09/1/N1snAMXzLm6w9tbqq5WTiSuZ-KQ.roa
File:                     N1snAMXzLm6w9tbqq5WTiSuZ-KQ.roa (raw, json)
Hash identifier:          D7WrQezxe4gaVK29KpFqYccoZm4CDPK7VK3rQW3wQLA=
Subject key identifier:   37:5B:27:00:C5:F3:2E:6E:B0:F6:D6:EA:AB:95:93:89:2B:99:F8:A4
Certificate issuer:       /CN=f34ae9ff58c936bb4b621bd13fa87c576dd873fb
Certificate serial:       019B7F155D6590419394058A9567C23BB4C2
Authority key identifier: F3:4A:E9:FF:58:C9:36:BB:4B:62:1B:D1:3F:A8:7C:57:6D:D8:73:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/80rp_1jJNrtLYhvRP6h8V23Yc_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/79d860-09ec-47bc-92f4-2a6a06060b09/1/N1snAMXzLm6w9tbqq5WTiSuZ-KQ.roa
Signing time:             Fri 02 Jan 2026 14:21:05 +0000
ROA not before:           Fri 02 Jan 2026 14:21:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47663
IP address blocks:        93.187.240.0/22 maxlen: 22
                          93.187.240.0/24 maxlen: 24
                          93.187.244.0/24 maxlen: 24
                          93.187.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/79d860-09ec-47bc-92f4-2a6a06060b09/1/80rp_1jJNrtLYhvRP6h8V23Yc_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/79d860-09ec-47bc-92f4-2a6a06060b09/1/80rp_1jJNrtLYhvRP6h8V23Yc_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/80rp_1jJNrtLYhvRP6h8V23Yc_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:05:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:5d:65:90:41:93:94:05:8a:95:67:c2:3b:b4:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f34ae9ff58c936bb4b621bd13fa87c576dd873fb
        Validity
            Not Before: Jan  2 14:21:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=375b2700c5f32e6eb0f6d6eaab9593892b99f8a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:27:b6:19:6e:7e:3f:01:d7:a5:ff:ad:0f:79:
                    cb:02:60:11:aa:55:76:42:4c:65:03:01:b0:03:87:
                    ed:59:92:a3:85:b0:41:e2:f7:72:70:1f:4c:32:de:
                    54:ee:e2:c4:b7:cb:1a:30:ed:78:27:ea:c9:5b:b7:
                    68:e8:52:57:90:57:a7:cf:fd:b8:97:3a:4d:52:f5:
                    66:d8:d0:7f:75:87:1a:02:d6:2d:20:71:32:56:b1:
                    1c:f0:15:d1:44:e7:94:d8:6d:9c:a6:33:f7:1d:4d:
                    4b:2c:f8:3c:5c:1e:23:e5:c4:cd:ea:ac:85:31:1d:
                    39:c5:8d:be:1f:4f:61:c2:48:a4:79:f7:d8:8e:5c:
                    9b:2d:89:12:c5:db:4b:4e:58:84:39:b8:6e:2d:4e:
                    41:05:04:cb:ac:16:b7:0d:1a:cf:0e:ed:fc:cf:d4:
                    76:60:33:8e:8e:46:b7:11:61:23:46:0c:06:a2:91:
                    59:e8:97:ee:54:d8:72:a0:14:8b:b2:81:0e:81:7f:
                    fc:b5:dd:64:ae:45:80:ad:37:e2:dd:65:7d:ec:db:
                    44:1f:6d:0f:7c:e0:20:b8:73:51:ef:ee:61:41:d2:
                    47:8f:15:a5:7d:fd:b9:da:eb:4e:8e:7f:64:ae:3f:
                    98:d9:75:9b:82:4c:3c:19:e8:ad:03:df:ba:1d:f7:
                    bc:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:5B:27:00:C5:F3:2E:6E:B0:F6:D6:EA:AB:95:93:89:2B:99:F8:A4
            X509v3 Authority Key Identifier:
                keyid:F3:4A:E9:FF:58:C9:36:BB:4B:62:1B:D1:3F:A8:7C:57:6D:D8:73:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/80rp_1jJNrtLYhvRP6h8V23Yc_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/79d860-09ec-47bc-92f4-2a6a06060b09/1/N1snAMXzLm6w9tbqq5WTiSuZ-KQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/79d860-09ec-47bc-92f4-2a6a06060b09/1/80rp_1jJNrtLYhvRP6h8V23Yc_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.187.240.0-93.187.244.255
                  93.187.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:be:25:3f:f8:ce:c0:66:3f:05:28:97:a3:8b:d5:7d:11:d7:
         ab:58:63:ee:35:ec:95:59:2d:2b:93:79:6e:eb:d0:c7:97:62:
         6b:48:54:60:ed:00:0c:37:71:08:96:30:82:33:91:86:23:31:
         b0:fb:b6:44:96:55:d0:aa:5c:30:73:55:33:e9:0f:43:6a:41:
         45:e3:a0:06:c8:66:81:5e:52:28:8d:6b:07:33:24:bf:b1:e0:
         66:38:5a:df:3c:22:5c:0b:86:e0:89:24:7d:e2:85:32:93:52:
         6c:9d:a1:a2:c5:a1:9c:1a:77:f3:7b:b5:bf:43:9c:df:aa:f1:
         f7:04:f4:73:48:98:dd:d3:6d:e2:95:64:3b:32:b2:70:3c:e0:
         15:54:84:92:a8:90:c8:85:f2:e9:d8:9b:09:7d:41:5a:40:d5:
         a7:b9:59:77:92:d7:bd:50:d4:49:18:98:c5:47:95:c3:d5:94:
         96:15:05:0b:f8:90:4f:c9:97:0a:b9:1d:13:d0:e1:02:a1:33:
         7a:ac:43:cb:de:d0:a1:41:4d:95:80:4a:61:4c:cc:94:3a:f6:
         17:15:7f:a6:70:81:62:6d:8e:eb:5b:91:50:ec:b0:f2:be:9d:
         c2:42:f9:7a:1f:56:55:66:51:ca:b8:16:bd:00:44:2a:2e:ca:
         e7:f5:c2:17
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZt/FV1lkEGTlAWKlWfCO7TCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzNGFlOWZmNThjOTM2YmI0YjYyMWJkMTNmYTg3YzU3NmRk
ODczZmIwHhcNMjYwMTAyMTQyMTA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzViMjcwMGM1ZjMyZTZlYjBmNmQ2ZWFhYjk1OTM4OTJiOTlmOGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqye2GW5+PwHXpf+tD3nLAmARqlV2
QkxlAwGwA4ftWZKjhbBB4vdycB9MMt5U7uLEt8saMO14J+rJW7do6FJXkFenz/24
lzpNUvVm2NB/dYcaAtYtIHEyVrEc8BXRROeU2G2cpjP3HU1LLPg8XB4j5cTN6qyF
MR05xY2+H09hwkikeffYjlybLYkSxdtLTliEObhuLU5BBQTLrBa3DRrPDu38z9R2
YDOOjka3EWEjRgwGopFZ6JfuVNhyoBSLsoEOgX/8td1krkWArTfi3WV97NtEH20P
fOAguHNR7+5hQdJHjxWlff252utOjn9krj+Y2XWbgkw8GeitA9+6Hfe8lQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFDdbJwDF8y5usPbW6quVk4krmfikMB8GA1UdIwQY
MBaAFPNK6f9YyTa7S2Ib0T+ofFdt2HP7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODBycF8xakpOcnRMWWh2UlA2aDhWMjNZY19zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy83OWQ4NjAtMDllYy00N2JjLTkyZjQt
MmE2YTA2MDYwYjA5LzEvTjFzbkFNWHpMbTZ3OXRicXE1V1RpU3VaLUtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy83OWQ4NjAtMDllYy00N2JjLTkyZjQtMmE2YTA2MDYwYjA5
LzEvODBycF8xakpOcnRMWWh2UlA2aDhWMjNZY19zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBARdu/AD
BABdu/QDBABdu/cwDQYJKoZIhvcNAQELBQADggEBADO+JT/4zsBmPwUol6OL1X0R
16tYY+417JVZLSuTeW7r0MeXYmtIVGDtAAw3cQiWMIIzkYYjMbD7tkSWVdCqXDBz
VTPpD0NqQUXjoAbIZoFeUiiNawczJL+x4GY4Wt88IlwLhuCJJH3ihTKTUmydoaLF
oZwad/N7tb9DnN+q8fcE9HNImN3TbeKVZDsysnA84BVUhJKokMiF8unYmwl9QVpA
1ae5WXeS171Q1EkYmMVHlcPVlJYVBQv4kE/Jlwq5HRPQ4QKhM3qsQ8ve0KFBTZWA
SmFMzJQ69hcVf6ZwgWJtjutbkVDssPK+ncJC+XofVlVmUcq4Fr0ARCouyuf1whc=
-----END CERTIFICATE-----