Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/8490a4-87c1-4b8c-8344-2ad02eb04915/1/eVKy09rq3QfhUu366x-o_l_W4r4.roa
File:                     eVKy09rq3QfhUu366x-o_l_W4r4.roa (raw, json)
Hash identifier:          i7w7tNXg2Wg88yWl33GjEN2bIhic797RLFz99Aiw73A=
Subject key identifier:   79:52:B2:D3:DA:EA:DD:07:E1:52:ED:FA:EB:1F:A8:FE:5F:D6:E2:BE
Certificate issuer:       /CN=8c17f04e9c407458a7ac9ad15f7a0ccea511ba52
Certificate serial:       019E4EBC7F29335FDD94BCCD9FD9BB917A97
Authority key identifier: 8C:17:F0:4E:9C:40:74:58:A7:AC:9A:D1:5F:7A:0C:CE:A5:11:BA:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jBfwTpxAdFinrJrRX3oMzqURulI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/8490a4-87c1-4b8c-8344-2ad02eb04915/1/eVKy09rq3QfhUu366x-o_l_W4r4.roa
Signing time:             Fri 22 May 2026 08:10:36 +0000
ROA not before:           Fri 22 May 2026 08:10:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206216
IP address blocks:        207.241.172.0/23 maxlen: 24
                          2a04:c300::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/8490a4-87c1-4b8c-8344-2ad02eb04915/1/jBfwTpxAdFinrJrRX3oMzqURulI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/8490a4-87c1-4b8c-8344-2ad02eb04915/1/jBfwTpxAdFinrJrRX3oMzqURulI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jBfwTpxAdFinrJrRX3oMzqURulI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 14:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4e:bc:7f:29:33:5f:dd:94:bc:cd:9f:d9:bb:91:7a:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c17f04e9c407458a7ac9ad15f7a0ccea511ba52
        Validity
            Not Before: May 22 08:10:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7952b2d3daeadd07e152edfaeb1fa8fe5fd6e2be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:fe:fc:78:67:b8:09:bd:d2:a2:0b:e0:24:6e:
                    3f:74:b5:ba:f5:a5:09:be:e2:b6:4d:96:54:a7:58:
                    81:6f:13:12:a4:b5:fc:59:32:9e:05:18:a2:24:5f:
                    77:b4:d4:57:60:ac:26:00:d3:7f:94:77:23:82:94:
                    7d:66:d5:04:26:5a:dd:e3:6a:c7:2c:9f:de:e1:d4:
                    79:1b:b8:84:72:d3:f0:09:26:5c:97:37:8e:75:04:
                    1b:e8:74:5b:dc:bb:97:c1:08:e6:d2:ea:d5:60:f0:
                    6c:38:2a:68:ea:3b:e9:89:43:da:dc:0b:93:90:75:
                    6f:49:fd:16:ee:1d:ff:75:fa:f2:59:2f:86:65:89:
                    dc:1b:8c:37:a6:5b:32:97:a0:9e:f6:67:2f:a7:78:
                    07:2e:f8:7f:ca:d1:9a:9e:ca:71:27:24:9f:90:35:
                    94:48:79:a9:44:ea:b5:fb:5f:62:c9:d2:33:bd:f5:
                    90:9c:3e:1a:33:e7:46:ae:7d:32:a7:2a:1b:59:f7:
                    0a:bc:87:73:9c:8c:df:41:3c:a6:4f:7a:05:de:b6:
                    21:22:46:63:6d:cb:f3:48:ed:8b:99:44:7f:9a:b8:
                    35:02:23:ee:8a:f3:91:ff:54:54:80:01:dc:07:68:
                    23:e9:43:1b:62:65:65:bb:8f:d3:2d:20:2e:d2:47:
                    e5:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:52:B2:D3:DA:EA:DD:07:E1:52:ED:FA:EB:1F:A8:FE:5F:D6:E2:BE
            X509v3 Authority Key Identifier:
                keyid:8C:17:F0:4E:9C:40:74:58:A7:AC:9A:D1:5F:7A:0C:CE:A5:11:BA:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jBfwTpxAdFinrJrRX3oMzqURulI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/8490a4-87c1-4b8c-8344-2ad02eb04915/1/eVKy09rq3QfhUu366x-o_l_W4r4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/8490a4-87c1-4b8c-8344-2ad02eb04915/1/jBfwTpxAdFinrJrRX3oMzqURulI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.241.172.0/23
                IPv6:
                  2a04:c300::/29

    Signature Algorithm: sha256WithRSAEncryption
         6c:d5:fc:b7:18:02:23:fe:6c:48:61:f0:be:f2:c0:47:4d:c1:
         9c:2c:26:6e:0a:a8:e1:f2:58:58:46:e6:b5:07:19:93:eb:e2:
         9e:9b:24:9f:23:d5:30:4c:f1:46:63:7a:b8:5f:4a:d0:4d:93:
         75:0c:25:22:89:f0:ce:cf:39:c9:56:cc:6c:c9:63:86:6c:f8:
         0d:56:05:f5:b4:33:a9:fa:9a:8f:84:97:f3:9d:c0:cf:51:a3:
         20:90:0d:c5:37:17:7c:fe:37:17:e9:61:a5:36:b1:0a:b6:2f:
         0b:0b:d5:97:d7:0a:2b:1d:92:fe:4c:3d:5c:1b:ee:72:2e:42:
         6d:5d:3a:64:cc:ea:25:4f:78:b2:44:87:e7:17:50:19:9c:6a:
         c6:58:0e:fa:8e:65:87:36:23:57:85:4f:c8:ed:5d:0a:b0:ba:
         ed:43:98:c3:ed:03:40:a6:42:39:76:60:99:fd:4a:67:b4:7a:
         a4:d3:45:8d:bf:97:b7:9a:84:42:36:64:24:8a:ca:1d:b9:f6:
         12:24:c7:a8:d8:de:ac:19:1f:6d:cf:8a:82:18:79:0d:56:a0:
         01:be:f3:56:80:d1:87:fb:93:76:cd:a7:96:c4:51:7a:99:e3:
         2b:e2:f6:48:81:81:66:ca:f3:b3:bd:a4:68:0c:23:5c:02:12:
         e3:b8:ba:3f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ5OvH8pM1/dlLzNn9m7kXqXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjMTdmMDRlOWM0MDc0NThhN2FjOWFkMTVmN2EwY2NlYTUx
MWJhNTIwHhcNMjYwNTIyMDgxMDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTUyYjJkM2RhZWFkZDA3ZTE1MmVkZmFlYjFmYThmZTVmZDZlMmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkv78eGe4Cb3SogvgJG4/dLW69aUJ
vuK2TZZUp1iBbxMSpLX8WTKeBRiiJF93tNRXYKwmANN/lHcjgpR9ZtUEJlrd42rH
LJ/e4dR5G7iEctPwCSZclzeOdQQb6HRb3LuXwQjm0urVYPBsOCpo6jvpiUPa3AuT
kHVvSf0W7h3/dfryWS+GZYncG4w3plsyl6Ce9mcvp3gHLvh/ytGanspxJySfkDWU
SHmpROq1+19iydIzvfWQnD4aM+dGrn0ypyobWfcKvIdznIzfQTymT3oF3rYhIkZj
bcvzSO2LmUR/mrg1AiPuivOR/1RUgAHcB2gj6UMbYmVlu4/TLSAu0kflXwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHlSstPa6t0H4VLt+usfqP5f1uK+MB8GA1UdIwQY
MBaAFIwX8E6cQHRYp6ya0V96DM6lEbpSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakJmd1RweEFkRmluckpyUlgzb016cVVSdWxJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC84NDkwYTQtODdjMS00YjhjLTgzNDQt
MmFkMDJlYjA0OTE1LzEvZVZLeTA5cnEzUWZoVXUzNjZ4LW9fbF9XNHI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC84NDkwYTQtODdjMS00YjhjLTgzNDQtMmFkMDJlYjA0OTE1
LzEvakJmd1RweEFkRmluckpyUlgzb016cVVSdWxJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBz/GsMA0E
AgACMAcDBQMqBMMAMA0GCSqGSIb3DQEBCwUAA4IBAQBs1fy3GAIj/mxIYfC+8sBH
TcGcLCZuCqjh8lhYRua1BxmT6+KemySfI9UwTPFGY3q4X0rQTZN1DCUiifDOzznJ
VsxsyWOGbPgNVgX1tDOp+pqPhJfzncDPUaMgkA3FNxd8/jcX6WGlNrEKti8LC9WX
1worHZL+TD1cG+5yLkJtXTpkzOolT3iyRIfnF1AZnGrGWA76jmWHNiNXhU/I7V0K
sLrtQ5jD7QNApkI5dmCZ/UpntHqk00WNv5e3moRCNmQkisodufYSJMeo2N6sGR9t
z4qCGHkNVqABvvNWgNGH+5N2zaeWxFF6meMr4vZIgYFmyvOzvaRoDCNcAhLjuLo/
-----END CERTIFICATE-----