Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/7B9hHTypErB06lBzHQxbWrURzMU.roa
File:                     7B9hHTypErB06lBzHQxbWrURzMU.roa (raw, json)
Hash identifier:          CfdzUFGDwWkqGdXZ5dFsj5NYowB9suqWoVeJooBp1f0=
Subject key identifier:   EC:1F:61:1D:3C:A9:12:B0:74:EA:50:73:1D:0C:5B:5A:B5:11:CC:C5
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       019E4C5E6BE5B00BCA569F91C155F0AB281C
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/7B9hHTypErB06lBzHQxbWrURzMU.roa
Signing time:             Thu 21 May 2026 21:08:36 +0000
ROA not before:           Thu 21 May 2026 21:08:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2497
IP address blocks:        178.239.124.0/24 maxlen: 24
                          178.239.125.0/24 maxlen: 24
                          178.239.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 May 2026 08:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4c:5e:6b:e5:b0:0b:ca:56:9f:91:c1:55:f0:ab:28:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: May 21 21:08:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ec1f611d3ca912b074ea50731d0c5b5ab511ccc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:b5:74:38:fd:0d:df:c0:27:e6:f2:55:2c:bc:
                    12:78:d7:f4:ac:39:5c:89:90:35:5d:14:94:f1:4f:
                    99:6a:ab:f5:d8:f9:e9:4b:df:a6:1e:7e:60:36:93:
                    8c:14:56:31:8f:3d:b9:e3:30:d8:02:7c:08:cc:ee:
                    0f:14:fa:19:2a:fe:68:f4:31:90:3d:1d:99:f6:06:
                    d8:17:00:61:1e:bd:c1:32:48:e1:7e:eb:f4:3c:d3:
                    0b:0e:57:b7:02:06:d1:f3:03:b6:de:3e:15:a6:b2:
                    9f:7f:7b:c2:af:99:89:08:ee:9f:7a:d9:58:a3:a9:
                    a6:52:0e:1a:98:ea:ce:dd:b3:5e:a1:36:54:6c:80:
                    7e:44:bb:98:e4:97:38:de:42:41:fe:f1:64:c2:a4:
                    41:f6:0e:1b:25:f6:df:34:c7:17:57:22:51:41:d1:
                    21:03:1e:55:ca:dc:92:ff:46:e4:ff:5a:4d:b6:b1:
                    ed:ab:3d:5a:89:cf:86:f9:ad:c6:94:4b:2e:0e:d0:
                    91:ba:ae:cf:80:3d:44:cf:7c:20:2c:5e:a1:d6:e7:
                    61:1c:53:ff:ea:77:0f:7a:60:b6:58:f8:9d:36:e1:
                    c5:a6:13:e9:8e:1b:27:23:e4:97:b1:a2:d6:65:76:
                    b5:15:6e:ab:ed:28:ae:07:d5:76:31:50:9a:fc:c0:
                    96:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:1F:61:1D:3C:A9:12:B0:74:EA:50:73:1D:0C:5B:5A:B5:11:CC:C5
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/7B9hHTypErB06lBzHQxbWrURzMU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.124.0-178.239.126.255

    Signature Algorithm: sha256WithRSAEncryption
         5b:0b:a3:8a:74:f2:38:bc:3a:a9:67:79:7a:70:dc:5f:13:49:
         80:14:00:6d:e3:09:9a:78:74:3e:84:03:10:14:5c:f3:56:dc:
         8e:0e:87:3c:f0:d8:13:00:79:7a:c8:1d:60:3d:a1:48:5d:39:
         3c:91:d3:1b:7c:3b:60:69:0c:f6:2d:78:53:9a:23:3e:7d:ea:
         a0:50:18:8c:1a:9a:5d:fc:aa:07:73:37:40:11:17:97:1a:78:
         ec:1e:7a:5b:86:32:78:00:e1:c5:78:1f:07:9c:e8:71:7e:56:
         1a:12:00:f3:2c:17:cf:f3:d1:f2:4f:8d:3e:3d:3c:fa:dd:00:
         22:1a:14:89:b4:2f:29:21:e3:32:ab:3a:b5:8d:90:3c:0d:52:
         cf:72:fa:0a:c4:46:8f:66:8b:21:a3:8c:bc:bc:4b:cd:9f:73:
         3a:25:9a:90:54:1e:2d:3e:fe:58:e7:8c:61:38:1b:96:7f:60:
         84:27:a2:a6:e9:3c:98:cf:25:7e:a5:a9:3a:7c:92:bd:31:92:
         e7:62:fb:b9:9f:87:21:2b:db:f1:70:79:d4:e2:a9:05:3d:7c:
         be:7a:22:6c:30:2d:c9:61:f1:d6:6c:69:78:2e:23:aa:58:31:
         30:5b:00:d4:83:ea:77:78:f0:e2:4f:a8:9c:50:3c:79:59:56:
         96:38:97:58
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ5MXmvlsAvKVp+RwVXwqygcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjYwNTIxMjEwODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzFmNjExZDNjYTkxMmIwNzRlYTUwNzMxZDBjNWI1YWI1MTFjY2M1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbV0OP0N38An5vJVLLwSeNf0rDlc
iZA1XRSU8U+Zaqv12PnpS9+mHn5gNpOMFFYxjz254zDYAnwIzO4PFPoZKv5o9DGQ
PR2Z9gbYFwBhHr3BMkjhfuv0PNMLDle3AgbR8wO23j4VprKff3vCr5mJCO6fetlY
o6mmUg4amOrO3bNeoTZUbIB+RLuY5Jc43kJB/vFkwqRB9g4bJfbfNMcXVyJRQdEh
Ax5VytyS/0bk/1pNtrHtqz1aic+G+a3GlEsuDtCRuq7PgD1Ez3wgLF6h1udhHFP/
6ncPemC2WPidNuHFphPpjhsnI+SXsaLWZXa1FW6r7SiuB9V2MVCa/MCW/QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFOwfYR08qRKwdOpQcx0MW1q1EczFMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvN0I5aEhUeXBFckIwNmxCekhReGJXclVSek1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAKy73wD
BACy734wDQYJKoZIhvcNAQELBQADggEBAFsLo4p08ji8OqlneXpw3F8TSYAUAG3j
CZp4dD6EAxAUXPNW3I4Ohzzw2BMAeXrIHWA9oUhdOTyR0xt8O2BpDPYteFOaIz59
6qBQGIwaml38qgdzN0ARF5caeOweeluGMngA4cV4Hwec6HF+VhoSAPMsF8/z0fJP
jT49PPrdACIaFIm0Lykh4zKrOrWNkDwNUs9y+grERo9miyGjjLy8S82fczolmpBU
Hi0+/ljnjGE4G5Z/YIQnoqbpPJjPJX6lqTp8kr0xkudi+7mfhyEr2/FwedTiqQU9
fL56ImwwLclh8dZsaXguI6pYMTBbANSD6nd48OJPqJxQPHlZVpY4l1g=
-----END CERTIFICATE-----