Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/2f3a44-5023-4695-a5fb-7b66e32a40fa/1/fy33chKRP3JWUMSt3AAjvQCtgz0.roa
File:                     fy33chKRP3JWUMSt3AAjvQCtgz0.roa (raw, json)
Hash identifier:          hnFWQpg0QgaQ/SfHaQScF8u53E9F/WN0RCTsL8qj/2s=
Subject key identifier:   7F:2D:F7:72:12:91:3F:72:56:50:C4:AD:DC:00:23:BD:00:AD:83:3D
Certificate issuer:       /CN=279fdf3e491ef66d77714389ae36f045715f2768
Certificate serial:       019E44A30CB18071BE89597A51043116F629
Authority key identifier: 27:9F:DF:3E:49:1E:F6:6D:77:71:43:89:AE:36:F0:45:71:5F:27:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J5_fPkke9m13cUOJrjbwRXFfJ2g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/2f3a44-5023-4695-a5fb-7b66e32a40fa/1/fy33chKRP3JWUMSt3AAjvQCtgz0.roa
Signing time:             Wed 20 May 2026 09:06:36 +0000
ROA not before:           Wed 20 May 2026 09:06:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13287
IP address blocks:        195.93.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/2f3a44-5023-4695-a5fb-7b66e32a40fa/1/J5_fPkke9m13cUOJrjbwRXFfJ2g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/2f3a44-5023-4695-a5fb-7b66e32a40fa/1/J5_fPkke9m13cUOJrjbwRXFfJ2g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J5_fPkke9m13cUOJrjbwRXFfJ2g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 00:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:44:a3:0c:b1:80:71:be:89:59:7a:51:04:31:16:f6:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279fdf3e491ef66d77714389ae36f045715f2768
        Validity
            Not Before: May 20 09:06:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7f2df77212913f725650c4addc0023bd00ad833d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:e8:a2:f9:b0:e1:c2:94:83:29:a0:49:fc:8e:
                    7f:0c:2b:65:63:24:c9:70:be:40:8d:20:23:af:1e:
                    73:d5:63:f6:26:9c:f8:bc:c4:5f:65:1b:1c:14:12:
                    20:7f:bb:b7:04:6a:47:a8:8f:64:72:87:0d:b3:65:
                    2c:7c:b0:3a:5d:f8:59:bc:32:0c:8f:f8:70:8e:79:
                    0e:be:0f:a4:56:87:37:08:95:99:cb:23:5a:11:2c:
                    2c:f9:39:92:3a:c3:ec:11:f0:cf:7e:a1:d3:36:24:
                    57:6f:be:65:cf:27:96:35:3c:ff:32:f8:92:11:48:
                    a3:bc:c8:02:d5:bf:66:d8:9a:b2:37:ca:79:fe:45:
                    b5:2d:0d:37:0c:7c:7e:26:7f:73:dc:b7:ce:d7:3a:
                    40:53:a3:17:bb:a7:87:3f:e5:2c:7b:3c:7e:1a:f0:
                    a9:77:47:43:c5:78:13:a0:a4:71:18:a2:cd:b9:af:
                    01:97:92:a9:2a:f6:8e:d6:bd:8c:56:bc:ef:f9:86:
                    86:0d:af:56:c9:d0:c9:4a:11:3c:72:a2:04:e2:f8:
                    a8:8d:f3:35:56:c3:c1:9f:91:21:ff:8f:d0:45:f3:
                    62:48:36:00:28:ce:e9:b6:5e:51:df:0a:74:a5:37:
                    67:22:43:df:18:48:a7:be:33:d2:b9:58:25:cd:14:
                    99:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:2D:F7:72:12:91:3F:72:56:50:C4:AD:DC:00:23:BD:00:AD:83:3D
            X509v3 Authority Key Identifier:
                keyid:27:9F:DF:3E:49:1E:F6:6D:77:71:43:89:AE:36:F0:45:71:5F:27:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J5_fPkke9m13cUOJrjbwRXFfJ2g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/2f3a44-5023-4695-a5fb-7b66e32a40fa/1/fy33chKRP3JWUMSt3AAjvQCtgz0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/2f3a44-5023-4695-a5fb-7b66e32a40fa/1/J5_fPkke9m13cUOJrjbwRXFfJ2g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.93.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:85:ff:96:ea:f6:f2:09:fb:89:29:8f:e8:97:5c:da:54:c0:
         22:6b:be:21:49:72:2b:f0:b5:9c:04:bc:ef:bd:72:0a:52:3e:
         43:2e:94:55:4c:35:08:9a:3d:dd:2a:f2:41:4d:fa:91:34:01:
         33:8e:1a:26:03:ff:72:6b:33:9c:f7:bf:85:4c:27:cf:80:b8:
         4e:c8:11:e4:c5:9b:e4:74:a5:57:00:ad:81:e7:eb:7f:4c:d5:
         bf:05:59:dc:2f:76:d6:13:ed:60:7d:59:0c:72:ca:aa:39:69:
         62:7c:a3:60:f2:e7:f8:02:ff:99:70:ff:16:d3:f8:84:05:e1:
         ed:9a:84:40:7a:25:07:b7:59:d9:c9:e7:89:f1:62:fa:68:f9:
         ab:27:a5:f7:b1:33:a1:35:55:4a:6f:8d:99:26:e7:a5:76:9e:
         f6:1b:13:d0:f6:fd:1a:3f:5e:93:b6:62:9c:56:0c:d6:42:5d:
         03:c4:10:ef:34:77:af:21:f7:2e:f5:59:e7:fe:bc:1e:9d:4a:
         65:3e:41:ca:65:8d:9b:75:1e:65:58:04:84:23:ff:a8:a6:35:
         7c:fa:e7:f3:40:01:72:ff:ee:9c:d1:49:8f:5d:14:29:62:bd:
         2f:f1:7d:4c:8a:01:3d:c4:74:93:07:97:df:d4:de:a6:67:b1:
         ed:1f:c4:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5EowyxgHG+iVl6UQQxFvYpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWZkZjNlNDkxZWY2NmQ3NzcxNDM4OWFlMzZmMDQ1NzE1
ZjI3NjgwHhcNMjYwNTIwMDkwNjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjJkZjc3MjEyOTEzZjcyNTY1MGM0YWRkYzAwMjNiZDAwYWQ4MzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqeii+bDhwpSDKaBJ/I5/DCtlYyTJ
cL5AjSAjrx5z1WP2Jpz4vMRfZRscFBIgf7u3BGpHqI9kcocNs2UsfLA6XfhZvDIM
j/hwjnkOvg+kVoc3CJWZyyNaESws+TmSOsPsEfDPfqHTNiRXb75lzyeWNTz/MviS
EUijvMgC1b9m2JqyN8p5/kW1LQ03DHx+Jn9z3LfO1zpAU6MXu6eHP+Usezx+GvCp
d0dDxXgToKRxGKLNua8Bl5KpKvaO1r2MVrzv+YaGDa9WydDJShE8cqIE4viojfM1
VsPBn5Eh/4/QRfNiSDYAKM7ptl5R3wp0pTdnIkPfGEinvjPSuVglzRSZfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH8t93ISkT9yVlDErdwAI70ArYM9MB8GA1UdIwQY
MBaAFCef3z5JHvZtd3FDia428EVxXydoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjVfZlBra2U5bTEzY1VPSnJqYndSWEZmSjJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC8yZjNhNDQtNTAyMy00Njk1LWE1ZmIt
N2I2NmUzMmE0MGZhLzEvZnkzM2NoS1JQM0pXVU1TdDNBQWp2UUN0Z3owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC8yZjNhNDQtNTAyMy00Njk1LWE1ZmItN2I2NmUzMmE0MGZh
LzEvSjVfZlBra2U5bTEzY1VPSnJqYndSWEZmSjJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw131MA0G
CSqGSIb3DQEBCwUAA4IBAQCShf+W6vbyCfuJKY/ol1zaVMAia74hSXIr8LWcBLzv
vXIKUj5DLpRVTDUImj3dKvJBTfqRNAEzjhomA/9yazOc97+FTCfPgLhOyBHkxZvk
dKVXAK2B5+t/TNW/BVncL3bWE+1gfVkMcsqqOWlifKNg8uf4Av+ZcP8W0/iEBeHt
moRAeiUHt1nZyeeJ8WL6aPmrJ6X3sTOhNVVKb42ZJueldp72GxPQ9v0aP16TtmKc
VgzWQl0DxBDvNHevIfcu9Vnn/rwenUplPkHKZY2bdR5lWASEI/+opjV8+ufzQAFy
/+6c0UmPXRQpYr0v8X1MigE9xHSTB5ff1N6mZ7HtH8S4
-----END CERTIFICATE-----