Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/R95VBgYvoklHVwX6tszk8NZd_8M.roa
File:                     R95VBgYvoklHVwX6tszk8NZd_8M.roa (raw, json)
Hash identifier:          v8AswRf10aQnlM5WGa2q9ynVNQf+eo/HoNwIMjiHQiQ=
Subject key identifier:   47:DE:55:06:06:2F:A2:49:47:57:05:FA:B6:CC:E4:F0:D6:5D:FF:C3
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       019CE2422320C7CB11BC1DB5C33C6D2F2873
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/R95VBgYvoklHVwX6tszk8NZd_8M.roa
Signing time:             Thu 12 Mar 2026 13:35:11 +0000
ROA not before:           Thu 12 Mar 2026 13:35:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213791
IP address blocks:        79.172.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Mar 2026 05:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e2:42:23:20:c7:cb:11:bc:1d:b5:c3:3c:6d:2f:28:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Mar 12 13:35:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=47de5506062fa249475705fab6cce4f0d65dffc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:62:14:fb:73:f4:1a:e7:ea:61:1b:30:3c:63:
                    39:05:d1:38:a4:10:13:f6:b6:27:1f:99:94:c3:5d:
                    ac:d9:5d:a0:82:6d:0b:e3:5a:7e:15:87:92:1d:9b:
                    84:dd:18:f7:d9:33:41:fc:de:ed:0d:a8:f5:eb:77:
                    61:0e:5b:3d:07:c1:55:66:bb:66:53:67:ad:8f:f2:
                    d6:0a:6c:83:6d:5d:99:31:48:b9:01:47:cf:1d:77:
                    d6:36:15:74:6e:0d:e8:f4:9a:99:82:d4:35:2e:5b:
                    18:b2:31:23:14:1e:d9:6f:fd:d7:8b:95:e0:7a:c2:
                    ab:ce:13:30:b6:75:17:96:7f:09:0f:79:b9:1c:9d:
                    33:90:0c:d6:6b:7b:51:ae:e4:38:1a:71:ce:fb:32:
                    2c:27:2f:35:ff:d0:04:37:52:2a:38:7a:83:0b:8d:
                    1a:5a:80:db:30:61:4d:03:9d:7a:f9:08:6a:a2:e1:
                    bb:c5:18:b8:e0:30:1d:2f:d0:6b:42:f8:f8:cd:d7:
                    03:22:59:42:37:0b:e4:6d:45:8c:0b:86:34:b5:25:
                    b9:01:ff:ad:bd:6c:ca:69:5e:06:a6:c3:55:03:12:
                    ab:63:79:58:8e:73:e9:8e:14:2a:04:28:94:44:09:
                    13:b0:00:d2:fc:c0:86:70:8b:dc:b9:6c:b1:8d:89:
                    09:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:DE:55:06:06:2F:A2:49:47:57:05:FA:B6:CC:E4:F0:D6:5D:FF:C3
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/R95VBgYvoklHVwX6tszk8NZd_8M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.172.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:ce:96:66:f6:21:ff:61:90:66:49:d3:53:95:87:49:19:a2:
         16:38:3a:7e:c2:3f:a6:61:14:75:0e:f6:cb:6c:3d:2a:28:17:
         cd:1e:af:27:a6:2b:52:11:3c:1a:a9:7d:d7:2d:09:c6:68:5b:
         71:42:99:1d:bc:30:b0:c0:5b:27:33:6e:99:f5:a2:da:09:a1:
         b8:14:d1:68:d1:16:e9:b4:5c:62:82:36:3e:2c:7a:f0:c3:a5:
         4e:40:7f:d5:d8:0b:15:ac:99:3c:02:56:1b:c2:35:95:74:c5:
         94:42:fe:d3:a2:6e:56:5e:ce:32:c1:8c:b6:56:a0:ec:28:11:
         90:88:82:f9:a8:68:e6:c4:66:8c:b2:68:bc:98:c2:aa:49:9d:
         6f:21:02:1c:33:6b:c9:90:a1:91:e3:b3:fe:38:7d:c9:53:98:
         3d:fc:b3:f0:fd:70:a2:aa:e7:d7:2e:19:63:2c:7a:56:e6:16:
         d5:7d:fa:1f:27:50:fd:68:df:fd:9b:b4:c8:a5:5f:85:07:0b:
         e9:f5:9c:1a:af:3b:19:d7:56:57:b7:19:a7:5b:d7:d6:54:57:
         81:8b:74:fd:03:59:98:aa:9d:61:2b:32:e5:e9:7c:87:98:a7:
         50:d2:58:95:2d:86:df:8e:76:14:bc:2f:1e:85:4a:b7:cf:2d:
         83:df:12:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZziQiMgx8sRvB21wzxtLyhzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjYwMzEyMTMzNTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2RlNTUwNjA2MmZhMjQ5NDc1NzA1ZmFiNmNjZTRmMGQ2NWRmZmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmIU+3P0GufqYRswPGM5BdE4pBAT
9rYnH5mUw12s2V2ggm0L41p+FYeSHZuE3Rj32TNB/N7tDaj163dhDls9B8FVZrtm
U2etj/LWCmyDbV2ZMUi5AUfPHXfWNhV0bg3o9JqZgtQ1LlsYsjEjFB7Zb/3Xi5Xg
esKrzhMwtnUXln8JD3m5HJ0zkAzWa3tRruQ4GnHO+zIsJy81/9AEN1IqOHqDC40a
WoDbMGFNA516+QhqouG7xRi44DAdL9BrQvj4zdcDIllCNwvkbUWMC4Y0tSW5Af+t
vWzKaV4GpsNVAxKrY3lYjnPpjhQqBCiURAkTsADS/MCGcIvcuWyxjYkJTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEfeVQYGL6JJR1cF+rbM5PDWXf/DMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvUjk1VkJnWXZva2xIVndYNnRzems4TlpkXzhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT6zPMA0G
CSqGSIb3DQEBCwUAA4IBAQApzpZm9iH/YZBmSdNTlYdJGaIWODp+wj+mYRR1DvbL
bD0qKBfNHq8npitSETwaqX3XLQnGaFtxQpkdvDCwwFsnM26Z9aLaCaG4FNFo0Rbp
tFxigjY+LHrww6VOQH/V2AsVrJk8AlYbwjWVdMWUQv7Tom5WXs4ywYy2VqDsKBGQ
iIL5qGjmxGaMsmi8mMKqSZ1vIQIcM2vJkKGR47P+OH3JU5g9/LPw/XCiqufXLhlj
LHpW5hbVffofJ1D9aN/9m7TIpV+FBwvp9ZwarzsZ11ZXtxmnW9fWVFeBi3T9A1mY
qp1hKzLl6XyHmKdQ0liVLYbfjnYUvC8ehUq3zy2D3xLU
-----END CERTIFICATE-----