Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/99d683-43dc-484a-9047-b43cae6e2319/1/vBEDZky1DrDyLEUWSCcKSfFchsA.roa
File:                     vBEDZky1DrDyLEUWSCcKSfFchsA.roa (raw, json)
Hash identifier:          K1r/2AFcY8elhH0ckxTVORnjb/4FnfMG0iSbfTKXjq0=
Subject key identifier:   BC:11:03:66:4C:B5:0E:B0:F2:2C:45:16:48:27:0A:49:F1:5C:86:C0
Certificate issuer:       /CN=1d01ed2364ec82265c68869fe72be757319a31eb
Certificate serial:       019B7DC99CE261D7ECA28B3F844F4012B49E
Authority key identifier: 1D:01:ED:23:64:EC:82:26:5C:68:86:9F:E7:2B:E7:57:31:9A:31:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HQHtI2TsgiZcaIaf5yvnVzGaMes.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/99d683-43dc-484a-9047-b43cae6e2319/1/vBEDZky1DrDyLEUWSCcKSfFchsA.roa
Signing time:             Fri 02 Jan 2026 08:18:43 +0000
ROA not before:           Fri 02 Jan 2026 08:18:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213111
IP address blocks:        93.177.82.0/24 maxlen: 24
                          2a0a:e540::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/99d683-43dc-484a-9047-b43cae6e2319/1/HQHtI2TsgiZcaIaf5yvnVzGaMes.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/99d683-43dc-484a-9047-b43cae6e2319/1/HQHtI2TsgiZcaIaf5yvnVzGaMes.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HQHtI2TsgiZcaIaf5yvnVzGaMes.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c9:9c:e2:61:d7:ec:a2:8b:3f:84:4f:40:12:b4:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d01ed2364ec82265c68869fe72be757319a31eb
        Validity
            Not Before: Jan  2 08:18:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bc1103664cb50eb0f22c451648270a49f15c86c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:8a:cc:dd:78:69:71:9c:0f:2b:28:86:af:b8:
                    11:87:55:9d:6c:d6:c5:82:4e:26:ff:11:1a:6d:66:
                    49:7a:5f:07:8a:bc:15:eb:8c:fe:ce:d3:fb:57:f2:
                    5c:93:58:b3:59:d2:b8:79:43:8c:7a:ad:d6:11:53:
                    5e:37:41:56:36:63:39:2a:db:ae:92:fe:e0:a4:6d:
                    e1:66:f3:2c:2d:82:7a:a3:68:d9:4d:bd:c1:db:54:
                    8a:dd:8f:01:03:8a:be:b4:b3:10:f1:a8:39:a8:f2:
                    83:43:98:2e:7d:bf:b6:cf:72:88:72:1d:3d:be:52:
                    bc:07:e8:b6:ae:f5:d2:1b:03:86:25:89:4f:9f:f9:
                    d1:b0:53:c0:79:3a:59:4a:4b:7e:ca:0e:97:37:2d:
                    4b:c2:71:46:6a:ba:61:be:8a:49:ed:07:15:2f:87:
                    98:52:3d:73:4a:04:c0:67:89:a4:25:e5:60:ca:b8:
                    29:e2:64:b2:84:5c:43:6f:fb:68:39:e3:c1:54:98:
                    76:28:58:dc:6c:73:2f:61:2c:4b:17:05:17:64:95:
                    7c:29:dc:d1:e4:1e:73:52:a4:70:65:c3:3d:6d:9a:
                    c9:f5:28:a2:83:af:a5:81:34:91:8d:ed:7e:43:1c:
                    96:a9:ac:3a:e5:09:fe:b6:6c:80:5c:03:a9:b8:af:
                    b7:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:11:03:66:4C:B5:0E:B0:F2:2C:45:16:48:27:0A:49:F1:5C:86:C0
            X509v3 Authority Key Identifier:
                keyid:1D:01:ED:23:64:EC:82:26:5C:68:86:9F:E7:2B:E7:57:31:9A:31:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQHtI2TsgiZcaIaf5yvnVzGaMes.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/99d683-43dc-484a-9047-b43cae6e2319/1/vBEDZky1DrDyLEUWSCcKSfFchsA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/99d683-43dc-484a-9047-b43cae6e2319/1/HQHtI2TsgiZcaIaf5yvnVzGaMes.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.177.82.0/24
                IPv6:
                  2a0a:e540::/32

    Signature Algorithm: sha256WithRSAEncryption
         33:0e:0b:a8:63:3a:ac:e4:e0:fa:7e:34:a7:bc:1a:02:e4:c4:
         8f:76:4d:4c:26:67:c5:ea:14:70:b3:10:1d:19:b5:83:98:d7:
         c4:2d:c4:9f:4f:06:57:a0:62:59:4d:8f:98:a9:8b:fd:dd:df:
         f2:c2:d3:d7:de:b6:82:16:ef:b4:0c:96:a1:7b:ff:e9:c6:60:
         36:40:e1:2e:0b:ed:fd:9a:b4:58:96:ac:b9:66:64:17:23:3c:
         22:d3:95:58:c7:72:2d:f7:4f:c5:b3:e2:50:35:fa:d4:30:41:
         61:10:15:7c:ac:55:d8:aa:8b:5e:09:3a:ac:c3:2f:2a:5b:97:
         73:39:07:ff:b0:ce:c5:b9:60:60:8e:f7:1f:dc:db:eb:96:45:
         3d:ba:c3:15:78:53:b8:45:f0:2e:8f:db:b8:00:58:9f:96:e5:
         d8:f5:c6:81:16:78:41:b5:14:21:6b:7f:03:95:93:a2:25:f1:
         21:22:c1:a4:99:7c:1d:54:b8:85:d4:b3:86:4b:81:54:5b:ce:
         18:ce:d1:8c:07:95:d1:92:58:36:54:81:fc:c9:ea:2b:82:44:
         80:78:f8:bc:b5:59:00:8e:77:90:02:ad:84:1a:00:e8:68:7b:
         f5:1f:7e:65:c1:c0:0e:05:40:a8:bb:ac:fb:cd:42:d3:a5:88:
         42:ba:e7:e3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt9yZziYdfsoos/hE9AErSeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDFlZDIzNjRlYzgyMjY1YzY4ODY5ZmU3MmJlNzU3MzE5
YTMxZWIwHhcNMjYwMTAyMDgxODQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzExMDM2NjRjYjUwZWIwZjIyYzQ1MTY0ODI3MGE0OWYxNWM4NmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu4rM3XhpcZwPKyiGr7gRh1WdbNbF
gk4m/xEabWZJel8HirwV64z+ztP7V/Jck1izWdK4eUOMeq3WEVNeN0FWNmM5Ktuu
kv7gpG3hZvMsLYJ6o2jZTb3B21SK3Y8BA4q+tLMQ8ag5qPKDQ5gufb+2z3KIch09
vlK8B+i2rvXSGwOGJYlPn/nRsFPAeTpZSkt+yg6XNy1LwnFGarphvopJ7QcVL4eY
Uj1zSgTAZ4mkJeVgyrgp4mSyhFxDb/toOePBVJh2KFjcbHMvYSxLFwUXZJV8KdzR
5B5zUqRwZcM9bZrJ9Siig6+lgTSRje1+QxyWqaw65Qn+tmyAXAOpuK+30wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLwRA2ZMtQ6w8ixFFkgnCknxXIbAMB8GA1UdIwQY
MBaAFB0B7SNk7IImXGiGn+cr51cxmjHrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFIdEkyVHNnaVpjYUlhZjV5dm5WekdhTWVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS85OWQ2ODMtNDNkYy00ODRhLTkwNDct
YjQzY2FlNmUyMzE5LzEvdkJFRFpreTFEckR5TEVVV1NDY0tTZkZjaHNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS85OWQ2ODMtNDNkYy00ODRhLTkwNDctYjQzY2FlNmUyMzE5
LzEvSFFIdEkyVHNnaVpjYUlhZjV5dm5WekdhTWVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAXbFSMA0E
AgACMAcDBQAqCuVAMA0GCSqGSIb3DQEBCwUAA4IBAQAzDguoYzqs5OD6fjSnvBoC
5MSPdk1MJmfF6hRwsxAdGbWDmNfELcSfTwZXoGJZTY+YqYv93d/ywtPX3raCFu+0
DJahe//pxmA2QOEuC+39mrRYlqy5ZmQXIzwi05VYx3It90/Fs+JQNfrUMEFhEBV8
rFXYqoteCTqswy8qW5dzOQf/sM7FuWBgjvcf3NvrlkU9usMVeFO4RfAuj9u4AFif
luXY9caBFnhBtRQha38DlZOiJfEhIsGkmXwdVLiF1LOGS4FUW84YztGMB5XRklg2
VIH8yeorgkSAePi8tVkAjneQAq2EGgDoaHv1H35lwcAOBUCou6z7zULTpYhCuufj
-----END CERTIFICATE-----