Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/10dcNCG_-MDba38nWmOg4-lXn6k.roa
File:                     10dcNCG_-MDba38nWmOg4-lXn6k.roa (raw, json)
Hash identifier:          qCJHM+Bc84ondhlGxroPFWE37OgXYxlzfthfFUOO7WQ=
Subject key identifier:   D7:47:5C:34:21:BF:F8:C0:DB:6B:7F:27:5A:63:A0:E3:E9:57:9F:A9
Certificate issuer:       /CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
Certificate serial:       019E8328273BB1A0D41A0D29C39A73F8768B
Authority key identifier: 07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/10dcNCG_-MDba38nWmOg4-lXn6k.roa
Signing time:             Mon 01 Jun 2026 12:28:27 +0000
ROA not before:           Mon 01 Jun 2026 12:28:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35029
IP address blocks:        80.66.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:83:28:27:3b:b1:a0:d4:1a:0d:29:c3:9a:73:f8:76:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
        Validity
            Not Before: Jun  1 12:28:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d7475c3421bff8c0db6b7f275a63a0e3e9579fa9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:29:0e:e5:7e:1d:b7:5a:0d:d7:b4:fc:9e:f2:
                    dc:f2:f6:eb:e0:c4:b3:e6:93:77:89:99:cc:4f:b7:
                    01:f3:cf:10:f1:6d:83:d8:c4:73:a1:4c:4d:fb:7d:
                    b4:7e:27:3b:92:24:89:f4:2a:f4:5e:e7:5a:7a:9d:
                    9f:ec:7d:d8:bc:26:50:e9:c9:62:44:e1:f7:dd:66:
                    2d:18:23:4d:3f:af:5c:e6:f9:19:30:ae:4c:f6:26:
                    3e:38:55:ba:ed:49:8e:b9:db:f7:1a:cd:20:73:ce:
                    ee:97:46:41:de:39:a0:e4:a2:fb:8c:97:36:a0:d2:
                    c3:48:9f:23:5b:39:10:db:ec:75:4d:14:17:0f:7f:
                    b6:4d:b6:97:35:d1:d0:aa:72:b5:3e:37:d0:38:9d:
                    b3:17:cd:69:04:44:e3:ed:4a:57:cd:35:93:3a:19:
                    b5:a4:65:c4:45:8f:04:3a:b6:ed:0e:64:0a:20:72:
                    c5:a6:3c:f7:b0:40:d9:f7:e0:28:67:42:f5:42:04:
                    6a:a3:ab:dc:66:2f:71:74:08:a2:0e:cc:b4:a7:81:
                    e5:ee:0d:6c:78:b4:b6:43:ba:d2:84:df:9e:f0:7b:
                    b3:d8:ae:75:82:32:aa:c9:f9:3d:17:39:11:24:3b:
                    95:df:74:32:31:e2:2b:ec:be:25:3d:d3:f1:79:59:
                    a0:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:47:5C:34:21:BF:F8:C0:DB:6B:7F:27:5A:63:A0:E3:E9:57:9F:A9
            X509v3 Authority Key Identifier:
                keyid:07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/10dcNCG_-MDba38nWmOg4-lXn6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.66.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:2b:c8:84:5b:9f:00:92:05:09:98:2f:ad:96:5a:f2:83:c9:
         61:1d:ca:76:d6:53:95:1f:4a:19:8e:9e:c1:d3:1f:f5:8a:e7:
         bc:88:c6:79:b3:03:31:a5:25:db:4f:50:a1:a5:fb:66:15:68:
         11:2c:3e:da:e3:eb:6c:ea:93:0a:0c:42:4b:a7:cc:32:e7:24:
         3d:10:3e:6d:f9:eb:d7:70:47:36:76:ab:fd:56:59:db:aa:18:
         c7:20:bd:9a:f4:60:67:21:eb:89:a8:4d:ed:95:60:7d:52:78:
         30:d2:b1:27:cf:ab:c0:ff:ee:54:86:29:c5:cc:68:89:84:d7:
         11:0e:eb:ff:da:76:11:17:1b:b7:f1:7a:b8:fd:5a:70:71:c6:
         e0:f9:5c:1c:b9:cd:b2:1b:92:1b:13:85:6e:55:b6:7a:67:6f:
         41:b9:29:b0:26:e7:c6:d8:a2:fc:f2:f4:79:83:ee:d2:dc:7b:
         a6:52:9a:9b:67:c8:d1:df:3b:4c:ed:33:93:cc:03:92:38:b1:
         61:7b:65:48:d4:35:bb:8f:cc:59:f2:04:81:90:07:a3:4a:9e:
         e2:8e:9b:5d:ba:11:35:28:06:a8:11:17:81:5c:2d:ce:95:5f:
         fc:5a:79:56:b0:4c:34:e7:f4:26:b7:b7:40:8b:94:02:e6:99:
         dd:66:43:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6DKCc7saDUGg0pw5pz+HaLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3M2I0YzEyNDhjNGJjZjIyYjA1NzdkZmNhOWIxNGQ5MDYz
YzI4YzAwHhcNMjYwNjAxMTIyODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzQ3NWMzNDIxYmZmOGMwZGI2YjdmMjc1YTYzYTBlM2U5NTc5ZmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCkO5X4dt1oN17T8nvLc8vbr4MSz
5pN3iZnMT7cB888Q8W2D2MRzoUxN+320fic7kiSJ9Cr0Xudaep2f7H3YvCZQ6cli
ROH33WYtGCNNP69c5vkZMK5M9iY+OFW67UmOudv3Gs0gc87ul0ZB3jmg5KL7jJc2
oNLDSJ8jWzkQ2+x1TRQXD3+2TbaXNdHQqnK1PjfQOJ2zF81pBETj7UpXzTWTOhm1
pGXERY8EOrbtDmQKIHLFpjz3sEDZ9+AoZ0L1QgRqo6vcZi9xdAiiDsy0p4Hl7g1s
eLS2Q7rShN+e8Huz2K51gjKqyfk9FzkRJDuV33QyMeIr7L4lPdPxeVmg+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNdHXDQhv/jA22t/J1pjoOPpV5+pMB8GA1UdIwQY
MBaAFAc7TBJIxLzyKwV338qbFNkGPCjAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQt
YThkMzYxY2U2NGFhLzEvMTBkY05DR18tTURiYTM4bldtT2c0LWxYbjZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQtYThkMzYxY2U2NGFh
LzEvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEJLMA0G
CSqGSIb3DQEBCwUAA4IBAQBfK8iEW58AkgUJmC+tllryg8lhHcp21lOVH0oZjp7B
0x/1iue8iMZ5swMxpSXbT1ChpftmFWgRLD7a4+ts6pMKDEJLp8wy5yQ9ED5t+evX
cEc2dqv9VlnbqhjHIL2a9GBnIeuJqE3tlWB9Ungw0rEnz6vA/+5UhinFzGiJhNcR
Duv/2nYRFxu38Xq4/Vpwccbg+Vwcuc2yG5IbE4VuVbZ6Z29BuSmwJufG2KL88vR5
g+7S3HumUpqbZ8jR3ztM7TOTzAOSOLFhe2VI1DW7j8xZ8gSBkAejSp7ijptduhE1
KAaoEReBXC3OlV/8WnlWsEw05/Qmt7dAi5QC5pndZkNZ
-----END CERTIFICATE-----