Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/af334a-f9b3-419d-b590-fb0fb1c06c74/1/8sUmY3d_fBjNKoah_kXD2nXdcuY.roa
File:                     8sUmY3d_fBjNKoah_kXD2nXdcuY.roa (raw, json)
Hash identifier:          97Wzx4qbPJ85JZpPVzF/01GChfo0hYHtP4G+A4D6wjE=
Subject key identifier:   F2:C5:26:63:77:7F:7C:18:CD:2A:86:A1:FE:45:C3:DA:75:DD:72:E6
Certificate issuer:       /CN=63703ca50c432acd7f1cbba7c07da2202299ca63
Certificate serial:       019B7A5B9F58C8FDCC3EBEA3ADE134C84AE6
Authority key identifier: 63:70:3C:A5:0C:43:2A:CD:7F:1C:BB:A7:C0:7D:A2:20:22:99:CA:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y3A8pQxDKs1_HLunwH2iICKZymM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/af334a-f9b3-419d-b590-fb0fb1c06c74/1/8sUmY3d_fBjNKoah_kXD2nXdcuY.roa
Signing time:             Thu 01 Jan 2026 16:19:43 +0000
ROA not before:           Thu 01 Jan 2026 16:19:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9158
IP address blocks:        193.3.233.0/24 maxlen: 24
                          2a10:e200::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/af334a-f9b3-419d-b590-fb0fb1c06c74/1/Y3A8pQxDKs1_HLunwH2iICKZymM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/af334a-f9b3-419d-b590-fb0fb1c06c74/1/Y3A8pQxDKs1_HLunwH2iICKZymM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y3A8pQxDKs1_HLunwH2iICKZymM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:05:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:9f:58:c8:fd:cc:3e:be:a3:ad:e1:34:c8:4a:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63703ca50c432acd7f1cbba7c07da2202299ca63
        Validity
            Not Before: Jan  1 16:19:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f2c52663777f7c18cd2a86a1fe45c3da75dd72e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:b6:32:9b:e7:b0:bb:52:1d:1d:62:2b:5b:77:
                    33:20:c2:dc:ae:ad:bc:98:40:ca:04:47:a3:7d:fb:
                    aa:d6:76:8e:8f:93:22:a5:04:a2:3b:3c:76:cd:3f:
                    47:a4:66:24:c9:8a:2a:df:c8:26:97:bc:45:d0:cc:
                    dd:50:be:02:b8:76:b3:37:af:f0:95:ce:33:25:e5:
                    e6:02:f7:f8:5c:c7:36:76:6a:4e:a1:c2:6d:f3:5d:
                    64:38:21:16:73:74:d3:fa:4e:e2:4c:ca:b2:11:35:
                    6c:d0:b0:f7:11:5e:0a:eb:4c:9f:51:6a:7f:f5:d4:
                    91:f0:f1:01:dd:c2:ed:a6:b7:08:56:ca:53:92:c9:
                    1b:1d:2b:df:63:5e:0b:1b:e9:7e:06:69:bd:05:ac:
                    37:67:5d:0f:08:88:e5:21:32:2a:45:45:6d:1d:0a:
                    46:03:c4:e2:77:de:a4:77:2f:44:48:c0:ef:49:a6:
                    9f:04:10:e5:3b:23:d3:d5:ce:a4:98:0c:09:21:46:
                    8b:f1:29:20:c7:49:66:8f:82:b8:ae:63:28:d1:6e:
                    5a:41:f9:aa:35:d3:bd:41:8c:ab:a9:c8:c4:f6:b7:
                    1e:d9:9e:07:61:df:21:1e:00:49:1d:9c:b5:82:f5:
                    e7:97:3f:d9:b0:87:27:bc:ba:c5:32:98:36:ae:a7:
                    7f:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:C5:26:63:77:7F:7C:18:CD:2A:86:A1:FE:45:C3:DA:75:DD:72:E6
            X509v3 Authority Key Identifier:
                keyid:63:70:3C:A5:0C:43:2A:CD:7F:1C:BB:A7:C0:7D:A2:20:22:99:CA:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y3A8pQxDKs1_HLunwH2iICKZymM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/af334a-f9b3-419d-b590-fb0fb1c06c74/1/8sUmY3d_fBjNKoah_kXD2nXdcuY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/af334a-f9b3-419d-b590-fb0fb1c06c74/1/Y3A8pQxDKs1_HLunwH2iICKZymM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.233.0/24
                IPv6:
                  2a10:e200::/32

    Signature Algorithm: sha256WithRSAEncryption
         ac:84:e6:97:37:60:1b:5e:43:a1:29:dd:ff:77:2a:7c:30:33:
         00:46:63:f7:91:9d:30:f5:e8:73:d7:35:05:22:77:18:26:f2:
         d4:ee:a2:68:d1:f4:e7:2c:a9:9f:9e:e3:db:d3:92:59:84:e9:
         61:78:45:6c:57:d8:b6:3a:43:19:2c:48:70:9f:ad:ef:e4:b5:
         1f:e1:e9:0d:56:d4:3c:24:fb:45:94:3e:37:70:ba:bf:a3:30:
         d8:9c:8f:5e:6f:d9:4e:8e:52:59:53:7b:bd:f4:8f:b9:9c:0a:
         25:ae:d2:19:6f:b5:78:50:57:97:41:7a:87:99:77:47:7a:20:
         38:38:2b:80:64:f7:28:d0:a8:fd:7c:ba:ba:1e:64:6b:d8:51:
         4a:84:58:b0:b7:eb:85:fb:a3:39:9f:01:43:d1:08:23:1a:82:
         f0:80:30:3e:30:6c:47:20:fc:f7:eb:68:97:66:80:d8:c4:e6:
         26:43:05:16:03:7e:78:bb:93:e4:5e:8a:2f:4f:42:3f:1d:70:
         4e:dd:8b:2f:95:8e:57:8c:bc:0e:ff:b9:32:e8:34:78:f7:09:
         79:d9:65:7f:4e:51:be:b8:8d:b7:58:e0:ea:dc:13:97:04:d6:
         ce:d5:c6:23:02:a9:6e:87:bb:29:a7:c7:49:e6:a7:96:33:b4:
         40:fc:6c:23
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt6W59YyP3MPr6jreE0yErmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNzAzY2E1MGM0MzJhY2Q3ZjFjYmJhN2MwN2RhMjIwMjI5
OWNhNjMwHhcNMjYwMTAxMTYxOTQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmM1MjY2Mzc3N2Y3YzE4Y2QyYTg2YTFmZTQ1YzNkYTc1ZGQ3MmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7Yym+ewu1IdHWIrW3czIMLcrq28
mEDKBEejffuq1naOj5MipQSiOzx2zT9HpGYkyYoq38gml7xF0MzdUL4CuHazN6/w
lc4zJeXmAvf4XMc2dmpOocJt811kOCEWc3TT+k7iTMqyETVs0LD3EV4K60yfUWp/
9dSR8PEB3cLtprcIVspTkskbHSvfY14LG+l+Bmm9Baw3Z10PCIjlITIqRUVtHQpG
A8Tid96kdy9ESMDvSaafBBDlOyPT1c6kmAwJIUaL8Skgx0lmj4K4rmMo0W5aQfmq
NdO9QYyrqcjE9rce2Z4HYd8hHgBJHZy1gvXnlz/ZsIcnvLrFMpg2rqd/4QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPLFJmN3f3wYzSqGof5Fw9p13XLmMB8GA1UdIwQY
MBaAFGNwPKUMQyrNfxy7p8B9oiAimcpjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTNBOHBReERLczFfSEx1bndIMmlJQ0taeW1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy9hZjMzNGEtZjliMy00MTlkLWI1OTAt
ZmIwZmIxYzA2Yzc0LzEvOHNVbVkzZF9mQmpOS29haF9rWEQyblhkY3VZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy9hZjMzNGEtZjliMy00MTlkLWI1OTAtZmIwZmIxYzA2Yzc0
LzEvWTNBOHBReERLczFfSEx1bndIMmlJQ0taeW1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwQPpMA0E
AgACMAcDBQAqEOIAMA0GCSqGSIb3DQEBCwUAA4IBAQCshOaXN2AbXkOhKd3/dyp8
MDMARmP3kZ0w9ehz1zUFIncYJvLU7qJo0fTnLKmfnuPb05JZhOlheEVsV9i2OkMZ
LEhwn63v5LUf4ekNVtQ8JPtFlD43cLq/ozDYnI9eb9lOjlJZU3u99I+5nAolrtIZ
b7V4UFeXQXqHmXdHeiA4OCuAZPco0Kj9fLq6HmRr2FFKhFiwt+uF+6M5nwFD0Qgj
GoLwgDA+MGxHIPz362iXZoDYxOYmQwUWA354u5PkXoovT0I/HXBO3YsvlY5XjLwO
/7ky6DR49wl52WV/TlG+uI23WODq3BOXBNbO1cYjAqluh7spp8dJ5qeWM7RA/Gwj
-----END CERTIFICATE-----