Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/R94LQyN_Bice-mqwm23_7oahpdE.roa
File:                     R94LQyN_Bice-mqwm23_7oahpdE.roa (raw, json)
Hash identifier:          uN+A8+G8qVqbMZurihOGeCkHxzaNIfplcMeMNGBCPMA=
Subject key identifier:   47:DE:0B:43:23:7F:06:27:1E:FA:6A:B0:9B:6D:FF:EE:86:A1:A5:D1
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       019C10DAA596D1910D5CB657289A1AD3EBC2
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/R94LQyN_Bice-mqwm23_7oahpdE.roa
Signing time:             Fri 30 Jan 2026 21:41:30 +0000
ROA not before:           Fri 30 Jan 2026 21:41:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25198
IP address blocks:        5.1.40.0/24 maxlen: 24
                          217.147.13.0/24 maxlen: 24
                          217.147.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 13:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:10:da:a5:96:d1:91:0d:5c:b6:57:28:9a:1a:d3:eb:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Jan 30 21:41:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=47de0b43237f06271efa6ab09b6dffee86a1a5d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:ea:bb:e4:9c:f1:30:fa:aa:ca:b3:e9:13:b0:
                    4e:10:41:6a:c1:35:6e:f2:3d:a2:81:dc:44:56:44:
                    4e:62:db:b7:c6:28:00:ea:cf:85:a3:97:28:82:30:
                    4c:4b:f7:ef:2d:63:03:47:ad:d7:a0:67:a4:01:65:
                    4b:90:78:a0:bf:76:7d:8b:4b:de:83:8f:67:c2:ac:
                    db:f8:88:da:e8:97:41:e8:b4:68:ef:a1:ea:a7:4c:
                    dd:39:c4:f4:81:ce:88:27:1d:1b:b0:cf:63:6e:f0:
                    08:0a:40:ce:d4:08:34:fc:23:4f:b9:cd:08:b3:80:
                    23:d5:a1:55:a8:86:03:27:6e:3e:e4:fc:c5:1a:aa:
                    e9:f6:ec:a2:4c:e4:b9:bd:b2:a6:ac:ad:dc:c7:11:
                    23:46:ad:89:8f:ec:4f:1b:25:56:b6:34:45:52:19:
                    5b:f0:d1:ee:15:fc:6f:b0:49:55:3b:a9:ef:0b:61:
                    e7:2c:3d:f1:00:94:93:ff:d4:b1:34:c0:01:0c:b0:
                    58:d0:8b:32:32:9a:63:7b:e5:e8:89:17:7a:b7:e5:
                    59:8b:4c:c6:62:ac:45:fb:11:19:1b:87:4e:62:68:
                    c3:b9:ee:ab:81:9d:f9:bd:22:94:47:54:c5:78:bd:
                    c5:40:c2:30:e9:f8:cd:a8:ef:1d:7a:d1:7b:c4:38:
                    86:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:DE:0B:43:23:7F:06:27:1E:FA:6A:B0:9B:6D:FF:EE:86:A1:A5:D1
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/R94LQyN_Bice-mqwm23_7oahpdE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.1.40.0/24
                  217.147.13.0-217.147.14.255

    Signature Algorithm: sha256WithRSAEncryption
         05:fa:5a:53:34:cd:6b:c0:ec:b1:c2:04:3e:52:d5:60:0b:d9:
         bc:d3:c7:98:13:93:ea:ee:b7:45:4d:0b:97:52:2a:59:c6:9e:
         1d:ab:ac:5b:ee:e1:57:6a:c8:7b:0d:a8:6b:f3:05:b6:e4:f7:
         d7:be:99:74:69:cf:8e:31:28:a1:d3:d1:29:ee:fd:6e:00:d3:
         11:f5:8e:1c:45:8e:f5:36:eb:ee:0c:78:87:7d:ca:fa:dc:52:
         c3:57:29:a6:0b:c7:0c:9f:ee:b4:37:97:3d:86:11:a8:db:6b:
         53:8e:a2:fc:8c:56:ce:9e:00:4a:81:e5:ad:4d:38:67:94:1a:
         5b:13:6c:9b:4e:fb:61:fe:cb:ee:e1:f5:e9:a2:ac:9a:c5:a6:
         2b:6b:ed:e2:d4:2a:cf:06:2b:60:ec:1c:61:a3:51:5e:f9:ed:
         ce:e1:33:d0:76:1e:93:34:93:4e:3b:da:60:00:62:1c:b7:be:
         57:a7:bd:be:37:c1:cc:f8:a0:b9:31:18:96:3d:20:94:1c:72:
         de:7d:cb:1d:ac:fb:fb:54:e6:7f:f0:be:1e:ef:4e:24:0e:f7:
         1e:e4:43:22:53:58:fd:de:e7:f3:56:af:73:33:41:32:fb:e6:
         c4:ee:d6:3d:3f:a6:90:22:8d:5a:ae:7e:2c:fb:2d:2a:c2:b6:
         75:de:b8:03
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZwQ2qWW0ZENXLZXKJoa0+vCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjYwMTMwMjE0MTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2RlMGI0MzIzN2YwNjI3MWVmYTZhYjA5YjZkZmZlZTg2YTFhNWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1uq75JzxMPqqyrPpE7BOEEFqwTVu
8j2igdxEVkROYtu3xigA6s+Fo5cogjBMS/fvLWMDR63XoGekAWVLkHigv3Z9i0ve
g49nwqzb+Ija6JdB6LRo76Hqp0zdOcT0gc6IJx0bsM9jbvAICkDO1Ag0/CNPuc0I
s4Aj1aFVqIYDJ24+5PzFGqrp9uyiTOS5vbKmrK3cxxEjRq2Jj+xPGyVWtjRFUhlb
8NHuFfxvsElVO6nvC2HnLD3xAJST/9SxNMABDLBY0IsyMppje+XoiRd6t+VZi0zG
YqxF+xEZG4dOYmjDue6rgZ35vSKUR1TFeL3FQMIw6fjNqO8detF7xDiGowIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFEfeC0MjfwYnHvpqsJtt/+6GoaXRMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvUjk0TFF5Tl9CaWNlLW1xd20yM183b2FocGRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQABQEoMAwD
BADZkw0DBADZkw4wDQYJKoZIhvcNAQELBQADggEBAAX6WlM0zWvA7LHCBD5S1WAL
2bzTx5gTk+rut0VNC5dSKlnGnh2rrFvu4VdqyHsNqGvzBbbk99e+mXRpz44xKKHT
0Snu/W4A0xH1jhxFjvU26+4MeId9yvrcUsNXKaYLxwyf7rQ3lz2GEajba1OOovyM
Vs6eAEqB5a1NOGeUGlsTbJtO+2H+y+7h9emirJrFpitr7eLUKs8GK2DsHGGjUV75
7c7hM9B2HpM0k0472mAAYhy3vlenvb43wcz4oLkxGJY9IJQcct59yx2s+/tU5n/w
vh7vTiQO9x7kQyJTWP3e5/NWr3MzQTL75sTu1j0/ppAijVqufiz7LSrCtnXeuAM=
-----END CERTIFICATE-----