Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/cd97cc-ce2b-4264-9e79-c8f9be7d19df/1/7YQDZucpbsxyTF1dG-WSopyYoD4.roa
File:                     7YQDZucpbsxyTF1dG-WSopyYoD4.roa (raw, json)
Hash identifier:          AZ+p2vdqGYxqTemz9H7WmkXG8urZ++JrwB5Ra4yemqo=
Subject key identifier:   ED:84:03:66:E7:29:6E:CC:72:4C:5D:5D:1B:E5:92:A2:9C:98:A0:3E
Certificate issuer:       /CN=8e3f1663996be1707611fdce1ddea8920dd398a3
Certificate serial:       019D0BA13E4DEB7096E65231193017656263
Authority key identifier: 8E:3F:16:63:99:6B:E1:70:76:11:FD:CE:1D:DE:A8:92:0D:D3:98:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jj8WY5lr4XB2Ef3OHd6okg3TmKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/cd97cc-ce2b-4264-9e79-c8f9be7d19df/1/7YQDZucpbsxyTF1dG-WSopyYoD4.roa
Signing time:             Fri 20 Mar 2026 14:23:29 +0000
ROA not before:           Fri 20 Mar 2026 14:23:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     22381
IP address blocks:        45.139.208.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/cd97cc-ce2b-4264-9e79-c8f9be7d19df/1/jj8WY5lr4XB2Ef3OHd6okg3TmKM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/cd97cc-ce2b-4264-9e79-c8f9be7d19df/1/jj8WY5lr4XB2Ef3OHd6okg3TmKM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jj8WY5lr4XB2Ef3OHd6okg3TmKM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 05:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0b:a1:3e:4d:eb:70:96:e6:52:31:19:30:17:65:62:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e3f1663996be1707611fdce1ddea8920dd398a3
        Validity
            Not Before: Mar 20 14:23:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ed840366e7296ecc724c5d5d1be592a29c98a03e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:02:36:a0:38:49:30:30:ea:4b:77:bc:24:0f:
                    ad:0b:37:a5:e3:dc:9b:86:82:0b:ec:3c:e4:67:d5:
                    b6:e7:17:88:4e:0c:8e:d5:0a:e8:8d:03:a2:d7:e9:
                    7f:52:66:be:d3:4f:38:65:1a:79:bc:8e:61:5a:ef:
                    f3:9b:80:b1:46:a1:58:01:8f:a0:bd:61:c5:78:9b:
                    b5:09:80:27:5e:65:49:af:f7:25:c2:bb:8c:b7:b4:
                    85:23:d4:ea:f7:88:1c:84:85:42:5b:53:ea:e0:d2:
                    b7:b2:68:e1:fe:88:8f:31:98:09:a8:8c:97:2e:57:
                    86:14:74:10:fe:da:28:49:86:c0:c5:4e:09:a4:1d:
                    6b:76:34:ce:3c:92:d7:61:cf:39:b2:35:db:4f:fb:
                    f5:27:b6:40:59:9c:ec:b3:a3:e9:21:c4:8f:5e:e7:
                    97:1b:3f:2a:31:94:b8:aa:00:6d:18:59:ca:8c:9e:
                    b6:31:6a:c1:97:93:27:0a:30:80:84:15:48:3c:c3:
                    a6:e6:e1:75:5b:90:bf:a8:d3:05:ab:b9:7d:9f:15:
                    bf:a5:9d:b9:ee:1b:eb:bc:49:91:14:ae:4c:15:69:
                    c3:12:e2:b8:00:93:9e:10:d4:d7:4d:ce:be:46:c5:
                    74:65:70:7b:34:0e:77:bf:e5:b8:d5:84:a8:eb:dc:
                    f5:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:84:03:66:E7:29:6E:CC:72:4C:5D:5D:1B:E5:92:A2:9C:98:A0:3E
            X509v3 Authority Key Identifier:
                keyid:8E:3F:16:63:99:6B:E1:70:76:11:FD:CE:1D:DE:A8:92:0D:D3:98:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jj8WY5lr4XB2Ef3OHd6okg3TmKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/cd97cc-ce2b-4264-9e79-c8f9be7d19df/1/7YQDZucpbsxyTF1dG-WSopyYoD4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/cd97cc-ce2b-4264-9e79-c8f9be7d19df/1/jj8WY5lr4XB2Ef3OHd6okg3TmKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         12:1f:43:c0:2b:72:f0:36:81:9a:20:60:9b:28:e4:fc:8f:3d:
         56:43:9e:ae:57:f6:11:6b:32:e3:a3:bc:75:c7:0e:4e:54:0e:
         82:85:6d:a5:22:00:35:01:7e:0e:24:33:6f:1c:eb:d4:5a:82:
         90:6c:85:d1:97:48:23:45:27:e7:6e:a8:0e:42:28:30:1a:ff:
         07:ad:68:7f:ea:4e:0d:62:70:3b:b4:01:af:14:a2:34:71:00:
         c6:93:bf:53:ea:25:30:8c:06:3b:b7:5c:96:78:26:da:00:79:
         a3:ad:d0:e7:e4:61:48:a1:b3:29:eb:d9:ec:bd:ec:e9:39:bb:
         b7:93:80:2f:79:77:6f:7a:d3:49:83:a6:71:e8:e9:72:b1:a1:
         f9:a3:8e:da:bb:ee:d2:d4:c7:41:f3:03:bb:82:93:e6:e3:ed:
         2b:f6:ec:a3:0a:60:e0:d0:d1:0b:3b:99:a1:7b:17:1c:bb:b6:
         4e:b9:77:43:95:55:b6:82:43:c6:ab:ea:82:a1:bf:d4:cd:f2:
         32:93:0f:9f:b2:ce:1e:fa:97:8e:00:ef:76:f6:46:72:67:47:
         af:47:ac:e2:95:3d:47:d7:2e:9b:82:c4:47:ea:b2:7c:e0:4a:
         2b:7f:7b:a1:7c:e5:fa:2a:aa:0e:11:cb:48:4d:0a:4a:e1:57:
         91:de:f1:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0LoT5N63CW5lIxGTAXZWJjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlM2YxNjYzOTk2YmUxNzA3NjExZmRjZTFkZGVhODkyMGRk
Mzk4YTMwHhcNMjYwMzIwMTQyMzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDg0MDM2NmU3Mjk2ZWNjNzI0YzVkNWQxYmU1OTJhMjljOThhMDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQI2oDhJMDDqS3e8JA+tCzel49yb
hoIL7DzkZ9W25xeITgyO1QrojQOi1+l/Uma+0084ZRp5vI5hWu/zm4CxRqFYAY+g
vWHFeJu1CYAnXmVJr/clwruMt7SFI9Tq94gchIVCW1Pq4NK3smjh/oiPMZgJqIyX
LleGFHQQ/tooSYbAxU4JpB1rdjTOPJLXYc85sjXbT/v1J7ZAWZzss6PpIcSPXueX
Gz8qMZS4qgBtGFnKjJ62MWrBl5MnCjCAhBVIPMOm5uF1W5C/qNMFq7l9nxW/pZ25
7hvrvEmRFK5MFWnDEuK4AJOeENTXTc6+RsV0ZXB7NA53v+W41YSo69z1mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO2EA2bnKW7MckxdXRvlkqKcmKA+MB8GA1UdIwQY
MBaAFI4/FmOZa+FwdhH9zh3eqJIN05ijMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamo4V1k1bHI0WEIyRWYzT0hkNm9rZzNUbUtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9jZDk3Y2MtY2UyYi00MjY0LTllNzkt
YzhmOWJlN2QxOWRmLzEvN1lRRFp1Y3Bic3h5VEYxZEctV1NvcHlZb0Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9jZDk3Y2MtY2UyYi00MjY0LTllNzktYzhmOWJlN2QxOWRm
LzEvamo4V1k1bHI0WEIyRWYzT0hkNm9rZzNUbUtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYvQMA0G
CSqGSIb3DQEBCwUAA4IBAQASH0PAK3LwNoGaIGCbKOT8jz1WQ56uV/YRazLjo7x1
xw5OVA6ChW2lIgA1AX4OJDNvHOvUWoKQbIXRl0gjRSfnbqgOQigwGv8HrWh/6k4N
YnA7tAGvFKI0cQDGk79T6iUwjAY7t1yWeCbaAHmjrdDn5GFIobMp69nsvezpObu3
k4AveXdvetNJg6Zx6OlysaH5o47au+7S1MdB8wO7gpPm4+0r9uyjCmDg0NELO5mh
exccu7ZOuXdDlVW2gkPGq+qCob/UzfIykw+fss4e+peOAO929kZyZ0evR6zilT1H
1y6bgsRH6rJ84Eorf3uhfOX6KqoOEctITQpK4VeR3vEi
-----END CERTIFICATE-----