Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/l_0dxVKbxzsaPQrxLnvADv0NhkY.roa
File:                     l_0dxVKbxzsaPQrxLnvADv0NhkY.roa (raw, json)
Hash identifier:          Rj1/6kdHzftiVMvN1z8yJ3vHxwdZun1g2wcl0qQa1BQ=
Subject key identifier:   97:FD:1D:C5:52:9B:C7:3B:1A:3D:0A:F1:2E:7B:C0:0E:FD:0D:86:46
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019D335455894A082D972D890DFDD6D22D53
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/l_0dxVKbxzsaPQrxLnvADv0NhkY.roa
Signing time:             Sat 28 Mar 2026 07:24:18 +0000
ROA not before:           Sat 28 Mar 2026 07:24:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214578
IP address blocks:        93.119.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:33:54:55:89:4a:08:2d:97:2d:89:0d:fd:d6:d2:2d:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Mar 28 07:24:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=97fd1dc5529bc73b1a3d0af12e7bc00efd0d8646
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:de:12:92:02:4f:3e:17:8c:cc:13:59:3a:b8:
                    19:e5:71:de:e3:ee:c1:d8:fb:fd:c8:4f:20:ea:7e:
                    0d:a9:0f:9e:ff:b3:46:bd:81:89:f2:ea:53:6b:21:
                    d2:65:6d:57:1d:90:c8:93:9d:4c:a0:dc:83:88:7d:
                    2e:45:30:f2:c5:88:32:49:d4:dc:01:20:ad:f2:3a:
                    bf:e7:06:19:1c:8f:32:13:76:f1:4e:a6:1d:57:bf:
                    22:72:cf:c1:da:ff:f9:4f:51:a6:b0:6f:f2:5d:fd:
                    4f:eb:dc:6c:ee:e1:41:c2:6a:04:d0:2e:ec:0f:7f:
                    9c:92:72:f0:46:f5:19:82:2c:df:bb:36:43:c6:89:
                    a9:96:aa:bf:8c:ff:71:cb:78:2c:a4:a6:b0:88:df:
                    aa:38:95:89:59:3c:e2:38:5c:b0:2f:e4:72:e9:96:
                    1d:62:b1:a3:44:1f:58:be:35:48:3b:6b:c3:a2:c8:
                    53:4c:02:d4:4d:12:f9:1d:44:2f:02:f9:86:71:b1:
                    42:d0:b2:42:25:33:97:1f:2c:72:c2:9e:aa:5f:e7:
                    3f:c7:fa:3f:cc:e3:9b:e3:d1:3f:15:03:28:38:60:
                    e6:73:db:1b:a1:fd:52:d2:9e:9a:15:3d:64:cc:d4:
                    0f:05:01:f4:57:65:d2:37:7e:53:75:6f:f4:a6:16:
                    79:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:FD:1D:C5:52:9B:C7:3B:1A:3D:0A:F1:2E:7B:C0:0E:FD:0D:86:46
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/l_0dxVKbxzsaPQrxLnvADv0NhkY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.119.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:b4:fd:f6:d3:c5:b8:ec:0f:cc:85:da:8b:f4:62:51:34:25:
         ce:3f:e9:3d:18:06:4f:77:27:33:68:54:1d:79:a5:9a:3d:4b:
         f1:fc:11:41:9c:35:d1:c8:92:1a:03:b6:da:be:fa:37:63:3f:
         d9:10:a9:9e:8a:1a:7a:d8:1a:a7:17:00:ba:2b:87:02:34:4e:
         36:a5:70:94:4f:a8:de:25:65:05:ea:2e:8e:3f:b8:40:c0:1c:
         e0:e0:cb:d9:e9:0a:df:80:d0:03:7c:bf:36:d5:6c:f2:e7:2f:
         f2:e8:cb:28:a3:2a:db:86:a8:e8:bf:c3:cb:34:94:c4:fc:11:
         a8:23:be:53:9e:43:97:5c:df:ac:56:88:bb:d4:63:da:6d:bd:
         98:bb:c7:0c:d4:58:b4:8d:bc:71:64:06:a9:f9:da:ee:ba:3c:
         05:60:60:3d:43:23:25:51:57:31:a7:20:f2:4e:0c:db:d6:ed:
         68:4a:10:b7:30:cc:55:ab:f5:06:78:80:7c:2b:7a:4a:3c:a2:
         d5:00:e5:85:89:ab:71:b2:65:87:79:20:4e:bc:5e:5b:3f:d6:
         0d:ad:3e:61:5b:1e:70:61:2f:91:b4:f3:8f:0b:30:67:16:68:
         cd:d1:55:55:bc:81:b3:4d:81:70:f6:fe:96:3b:59:06:d0:28:
         da:85:fa:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0zVFWJSggtly2JDf3W0i1TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjYwMzI4MDcyNDE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2ZkMWRjNTUyOWJjNzNiMWEzZDBhZjEyZTdiYzAwZWZkMGQ4NjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnN4SkgJPPheMzBNZOrgZ5XHe4+7B
2Pv9yE8g6n4NqQ+e/7NGvYGJ8upTayHSZW1XHZDIk51MoNyDiH0uRTDyxYgySdTc
ASCt8jq/5wYZHI8yE3bxTqYdV78ics/B2v/5T1GmsG/yXf1P69xs7uFBwmoE0C7s
D3+cknLwRvUZgizfuzZDxomplqq/jP9xy3gspKawiN+qOJWJWTziOFywL+Ry6ZYd
YrGjRB9YvjVIO2vDoshTTALUTRL5HUQvAvmGcbFC0LJCJTOXHyxywp6qX+c/x/o/
zOOb49E/FQMoOGDmc9sbof1S0p6aFT1kzNQPBQH0V2XSN35TdW/0phZ5zQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJf9HcVSm8c7Gj0K8S57wA79DYZGMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvbF8wZHhWS2J4enNhUFFyeExudkFEdjBOaGtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXXdrMA0G
CSqGSIb3DQEBCwUAA4IBAQB7tP3208W47A/MhdqL9GJRNCXOP+k9GAZPdyczaFQd
eaWaPUvx/BFBnDXRyJIaA7bavvo3Yz/ZEKmeihp62BqnFwC6K4cCNE42pXCUT6je
JWUF6i6OP7hAwBzg4MvZ6QrfgNADfL821Wzy5y/y6Msooyrbhqjov8PLNJTE/BGo
I75TnkOXXN+sVoi71GPabb2Yu8cM1Fi0jbxxZAap+druujwFYGA9QyMlUVcxpyDy
Tgzb1u1oShC3MMxVq/UGeIB8K3pKPKLVAOWFiatxsmWHeSBOvF5bP9YNrT5hWx5w
YS+RtPOPCzBnFmjN0VVVvIGzTYFw9v6WO1kG0CjahfoA
-----END CERTIFICATE-----