Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/eaf6ed-baf4-41bf-9f22-7d972e1d2e61/1/nItQAnIAzb9o-_NFZpkYT1kwfQ4.roa
File:                     nItQAnIAzb9o-_NFZpkYT1kwfQ4.roa (raw, json)
Hash identifier:          Yl7knjFB/hvlbYhFm7QXcfKUixHSHJRe7GQrQlY6cTA=
Subject key identifier:   9C:8B:50:02:72:00:CD:BF:68:FB:F3:45:66:99:18:4F:59:30:7D:0E
Certificate issuer:       /CN=c5e3f7f40c100dffdb18121c726199e85804c585
Certificate serial:       019B76EAD1D91F855AC09FE3D68378E3633C
Authority key identifier: C5:E3:F7:F4:0C:10:0D:FF:DB:18:12:1C:72:61:99:E8:58:04:C5:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xeP39AwQDf_bGBIccmGZ6FgExYU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/eaf6ed-baf4-41bf-9f22-7d972e1d2e61/1/nItQAnIAzb9o-_NFZpkYT1kwfQ4.roa
Signing time:             Thu 01 Jan 2026 00:17:39 +0000
ROA not before:           Thu 01 Jan 2026 00:17:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41838
IP address blocks:        93.90.68.0/22 maxlen: 24
                          2a0d:3a40::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/eaf6ed-baf4-41bf-9f22-7d972e1d2e61/1/xeP39AwQDf_bGBIccmGZ6FgExYU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/eaf6ed-baf4-41bf-9f22-7d972e1d2e61/1/xeP39AwQDf_bGBIccmGZ6FgExYU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xeP39AwQDf_bGBIccmGZ6FgExYU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:d1:d9:1f:85:5a:c0:9f:e3:d6:83:78:e3:63:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5e3f7f40c100dffdb18121c726199e85804c585
        Validity
            Not Before: Jan  1 00:17:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9c8b50027200cdbf68fbf3456699184f59307d0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:9d:72:86:f8:4c:12:a8:8f:e4:e3:a4:60:41:
                    30:f4:d3:ed:d8:33:9f:41:8f:02:a2:e2:d2:66:1b:
                    92:d2:73:8b:3b:0f:4b:cd:d8:ce:a4:f0:d3:ee:39:
                    b6:2c:5a:8e:56:8c:ea:02:1d:87:c8:1e:2b:5c:67:
                    ff:34:7f:a4:9f:c9:c5:0c:a7:c6:b9:53:98:a8:db:
                    60:d6:31:1f:5c:28:ee:a5:94:b8:ad:da:57:31:23:
                    e6:00:b5:9e:4c:e0:c6:17:4c:cf:62:30:02:eb:f8:
                    2c:29:98:e1:bf:73:a7:25:74:1b:af:b0:8d:72:71:
                    e3:0b:56:e1:d5:02:cc:61:2d:7d:87:2d:22:a2:68:
                    7c:dc:cc:63:d7:d9:b9:6f:40:46:e7:39:74:43:a2:
                    db:ef:26:53:91:b6:52:a9:b6:61:55:08:20:e3:a4:
                    88:3a:11:4e:4f:e5:58:2b:8f:b5:a3:08:fa:1d:e7:
                    8e:0d:2f:68:10:ad:9f:47:9d:15:74:45:d9:53:c3:
                    bb:62:94:69:8c:1c:fb:e3:58:42:3a:85:d1:7a:77:
                    56:c4:40:5c:78:c8:33:66:eb:3c:da:fc:23:c8:34:
                    d4:12:aa:d5:7f:5c:d3:9b:0d:de:bf:24:b6:ac:d9:
                    6b:2a:54:a8:e2:aa:8c:78:56:ea:50:fa:9b:7f:4c:
                    c2:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:8B:50:02:72:00:CD:BF:68:FB:F3:45:66:99:18:4F:59:30:7D:0E
            X509v3 Authority Key Identifier:
                keyid:C5:E3:F7:F4:0C:10:0D:FF:DB:18:12:1C:72:61:99:E8:58:04:C5:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xeP39AwQDf_bGBIccmGZ6FgExYU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/eaf6ed-baf4-41bf-9f22-7d972e1d2e61/1/nItQAnIAzb9o-_NFZpkYT1kwfQ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/eaf6ed-baf4-41bf-9f22-7d972e1d2e61/1/xeP39AwQDf_bGBIccmGZ6FgExYU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.90.68.0/22
                IPv6:
                  2a0d:3a40::/32

    Signature Algorithm: sha256WithRSAEncryption
         11:c1:8b:32:fb:9c:f5:f5:eb:34:da:5a:1a:93:91:48:64:24:
         36:ab:0c:c0:64:16:89:bd:73:44:6f:f7:a2:ec:23:6f:24:34:
         17:42:5b:c2:4b:ea:b1:82:f5:ef:66:1c:c1:81:99:97:cd:bb:
         03:4f:be:3f:f2:fc:9a:d7:bb:23:a5:31:7b:9d:65:99:b5:16:
         e8:7f:12:28:4d:bd:c9:98:76:e8:09:78:33:ff:0b:92:9e:3b:
         06:f2:8e:92:d0:57:fa:10:a7:0e:73:49:e7:38:c6:a3:55:45:
         76:9c:53:ab:93:14:59:13:82:bb:13:d4:97:20:ba:62:5b:e2:
         3f:af:1b:a9:4c:cd:f4:ab:c6:5b:e9:2c:fe:f6:57:ad:bd:80:
         c5:98:e8:ff:97:a1:75:71:72:4c:0a:87:25:3f:35:c7:16:02:
         76:6a:3e:80:ec:15:01:86:f7:58:7b:55:19:c7:a6:5c:ff:b7:
         d4:b1:84:70:30:7f:9e:83:30:5b:81:38:1f:99:00:7c:03:7c:
         41:7b:65:a3:50:8f:5b:2e:9c:49:2c:54:ea:70:2f:d1:77:d8:
         0f:c1:43:df:a8:f0:a9:bd:4b:cc:35:27:d0:a3:21:75:3a:5b:
         3b:44:d8:08:1c:a8:bb:fd:ea:68:e9:8f:2f:31:2e:d1:21:40:
         80:b2:38:cd
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt26tHZH4VawJ/j1oN442M8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1ZTNmN2Y0MGMxMDBkZmZkYjE4MTIxYzcyNjE5OWU4NTgw
NGM1ODUwHhcNMjYwMTAxMDAxNzM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzhiNTAwMjcyMDBjZGJmNjhmYmYzNDU2Njk5MTg0ZjU5MzA3ZDBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApZ1yhvhMEqiP5OOkYEEw9NPt2DOf
QY8CouLSZhuS0nOLOw9LzdjOpPDT7jm2LFqOVozqAh2HyB4rXGf/NH+kn8nFDKfG
uVOYqNtg1jEfXCjupZS4rdpXMSPmALWeTODGF0zPYjAC6/gsKZjhv3OnJXQbr7CN
cnHjC1bh1QLMYS19hy0iomh83Mxj19m5b0BG5zl0Q6Lb7yZTkbZSqbZhVQgg46SI
OhFOT+VYK4+1owj6HeeODS9oEK2fR50VdEXZU8O7YpRpjBz741hCOoXRendWxEBc
eMgzZus82vwjyDTUEqrVf1zTmw3evyS2rNlrKlSo4qqMeFbqUPqbf0zCzQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJyLUAJyAM2/aPvzRWaZGE9ZMH0OMB8GA1UdIwQY
MBaAFMXj9/QMEA3/2xgSHHJhmehYBMWFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGVQMzlBd1FEZl9iR0JJY2NtR1o2RmdFeFlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9lYWY2ZWQtYmFmNC00MWJmLTlmMjIt
N2Q5NzJlMWQyZTYxLzEvbkl0UUFuSUF6YjlvLV9ORlpwa1lUMWt3ZlE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9lYWY2ZWQtYmFmNC00MWJmLTlmMjItN2Q5NzJlMWQyZTYx
LzEveGVQMzlBd1FEZl9iR0JJY2NtR1o2RmdFeFlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCXVpEMA0E
AgACMAcDBQAqDTpAMA0GCSqGSIb3DQEBCwUAA4IBAQARwYsy+5z19es02loak5FI
ZCQ2qwzAZBaJvXNEb/ei7CNvJDQXQlvCS+qxgvXvZhzBgZmXzbsDT74/8vya17sj
pTF7nWWZtRbofxIoTb3JmHboCXgz/wuSnjsG8o6S0Ff6EKcOc0nnOMajVUV2nFOr
kxRZE4K7E9SXILpiW+I/rxupTM30q8Zb6Sz+9letvYDFmOj/l6F1cXJMCoclPzXH
FgJ2aj6A7BUBhvdYe1UZx6Zc/7fUsYRwMH+egzBbgTgfmQB8A3xBe2WjUI9bLpxJ
LFTqcC/Rd9gPwUPfqPCpvUvMNSfQoyF1Ols7RNgIHKi7/epo6Y8vMS7RIUCAsjjN
-----END CERTIFICATE-----