Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/b5d5bb-23c6-4b3d-94c8-42bbf1a6a65b/1/XXd0WIyi139zpFSxIuQKUTBMQSc.roa
File:                     XXd0WIyi139zpFSxIuQKUTBMQSc.roa (raw, json)
Hash identifier:          HPFliFzeSS2Citwy2MnwTKC59AU9S/zpQxFYiZ8is2Y=
Subject key identifier:   5D:77:74:58:8C:A2:D7:7F:73:A4:54:B1:22:E4:0A:51:30:4C:41:27
Certificate issuer:       /CN=bd60edf96266b7c0d43836c854ab472cb74db034
Certificate serial:       019EAD06E868E93514885E89D279BD8B081C
Authority key identifier: BD:60:ED:F9:62:66:B7:C0:D4:38:36:C8:54:AB:47:2C:B7:4D:B0:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vWDt-WJmt8DUODbIVKtHLLdNsDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/b5d5bb-23c6-4b3d-94c8-42bbf1a6a65b/1/XXd0WIyi139zpFSxIuQKUTBMQSc.roa
Signing time:             Tue 09 Jun 2026 15:36:11 +0000
ROA not before:           Tue 09 Jun 2026 15:36:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214061
IP address blocks:        83.142.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/b5d5bb-23c6-4b3d-94c8-42bbf1a6a65b/1/vWDt-WJmt8DUODbIVKtHLLdNsDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/b5d5bb-23c6-4b3d-94c8-42bbf1a6a65b/1/vWDt-WJmt8DUODbIVKtHLLdNsDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vWDt-WJmt8DUODbIVKtHLLdNsDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 21:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ad:06:e8:68:e9:35:14:88:5e:89:d2:79:bd:8b:08:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd60edf96266b7c0d43836c854ab472cb74db034
        Validity
            Not Before: Jun  9 15:36:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5d7774588ca2d77f73a454b122e40a51304c4127
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:d4:4b:64:da:ef:79:cb:40:55:f0:fe:71:d2:
                    76:57:ef:62:40:20:0f:b7:6c:87:ae:7a:85:c5:7c:
                    0e:5d:66:a9:80:43:43:e7:c4:59:3b:c3:a1:ca:21:
                    d7:f8:65:0a:3e:56:f2:2a:34:53:7a:a7:a0:24:02:
                    ca:ee:75:dd:6a:95:75:94:53:ce:bc:19:54:77:88:
                    f2:58:f2:f3:c0:1f:f4:75:85:d0:0c:be:46:0b:70:
                    9f:70:f1:e6:b0:22:0b:3c:79:4a:f8:c2:27:f4:4e:
                    2f:00:57:f2:71:8f:be:e7:5d:cb:af:67:01:d8:5f:
                    d8:5a:9f:6e:48:65:34:ec:28:33:64:5f:77:de:1d:
                    f0:cf:75:ab:f1:72:f3:b8:41:59:78:3a:c0:f7:a1:
                    e2:0e:d8:11:d2:d2:82:15:10:16:f3:8c:b0:73:9a:
                    41:0b:b2:60:dd:ce:b2:2f:76:85:b3:d1:b1:e9:f2:
                    4e:ce:d9:ac:f3:e2:9c:e8:d8:bd:21:62:d4:f4:21:
                    a7:b4:72:c1:f2:a3:6b:fa:c8:8b:c5:64:95:ab:3e:
                    65:be:cb:5e:a3:6b:b2:1a:9f:7b:15:72:3f:c3:34:
                    f8:6e:84:c8:07:fe:e0:af:95:8d:f0:ff:83:ce:64:
                    50:ac:8e:0e:57:76:ee:f7:f5:05:93:3a:d6:a8:e7:
                    71:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:77:74:58:8C:A2:D7:7F:73:A4:54:B1:22:E4:0A:51:30:4C:41:27
            X509v3 Authority Key Identifier:
                keyid:BD:60:ED:F9:62:66:B7:C0:D4:38:36:C8:54:AB:47:2C:B7:4D:B0:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vWDt-WJmt8DUODbIVKtHLLdNsDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/b5d5bb-23c6-4b3d-94c8-42bbf1a6a65b/1/XXd0WIyi139zpFSxIuQKUTBMQSc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/b5d5bb-23c6-4b3d-94c8-42bbf1a6a65b/1/vWDt-WJmt8DUODbIVKtHLLdNsDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.142.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:9a:20:9d:d9:6b:2c:09:37:b1:61:9a:7c:78:70:af:4a:2b:
         5f:5b:f5:e8:cb:a1:30:1e:46:8d:c3:7b:cc:5f:e2:5b:46:04:
         0e:88:dd:c5:06:53:9d:79:95:10:70:2a:ef:15:5e:04:74:bc:
         68:92:b5:4f:e0:3c:1c:f3:8d:6f:3e:2c:9e:52:e3:fb:48:7b:
         10:49:9a:c7:15:97:c5:7c:70:53:cd:3d:00:f5:8d:0c:98:d0:
         8e:d0:7c:44:60:fb:cf:4d:28:61:ec:8b:60:d4:a5:99:df:7c:
         f5:e0:ce:2d:9e:c2:5a:b3:65:cb:24:45:7a:24:cb:f3:7c:ba:
         d3:a5:e0:7b:c5:56:ae:74:44:df:9e:9d:c7:cb:cf:9d:0e:a2:
         cb:98:41:bd:eb:b2:92:08:c4:dc:fd:1d:01:f4:f9:c2:44:ab:
         ce:69:78:f4:71:f8:20:5b:f4:40:b8:73:d2:9e:ac:40:30:28:
         dd:72:de:9d:6e:57:b8:29:97:ac:0c:59:26:bd:f1:d3:a4:f8:
         ed:3d:da:22:b7:44:a7:f6:50:f6:5c:68:84:0b:e3:a9:8d:ef:
         b7:e2:40:c8:2a:2f:4d:1a:03:a9:05:ab:ab:cb:bb:51:19:89:
         1a:84:6b:db:bb:29:95:ed:f4:03:d6:2b:07:f1:46:28:4a:f5:
         a9:47:5f:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6tBuho6TUUiF6J0nm9iwgcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkNjBlZGY5NjI2NmI3YzBkNDM4MzZjODU0YWI0NzJjYjc0
ZGIwMzQwHhcNMjYwNjA5MTUzNjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDc3NzQ1ODhjYTJkNzdmNzNhNDU0YjEyMmU0MGE1MTMwNGM0MTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstRLZNrvectAVfD+cdJ2V+9iQCAP
t2yHrnqFxXwOXWapgEND58RZO8OhyiHX+GUKPlbyKjRTeqegJALK7nXdapV1lFPO
vBlUd4jyWPLzwB/0dYXQDL5GC3CfcPHmsCILPHlK+MIn9E4vAFfycY++513Lr2cB
2F/YWp9uSGU07CgzZF933h3wz3Wr8XLzuEFZeDrA96HiDtgR0tKCFRAW84ywc5pB
C7Jg3c6yL3aFs9Gx6fJOztms8+Kc6Ni9IWLU9CGntHLB8qNr+siLxWSVqz5lvste
o2uyGp97FXI/wzT4boTIB/7gr5WN8P+DzmRQrI4OV3bu9/UFkzrWqOdxpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF13dFiMotd/c6RUsSLkClEwTEEnMB8GA1UdIwQY
MBaAFL1g7fliZrfA1Dg2yFSrRyy3TbA0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdldEdC1XSm10OERVT0RiSVZLdEhMTGROc0RRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9iNWQ1YmItMjNjNi00YjNkLTk0Yzgt
NDJiYmYxYTZhNjViLzEvWFhkMFdJeWkxMzl6cEZTeEl1UUtVVEJNUVNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9iNWQ1YmItMjNjNi00YjNkLTk0YzgtNDJiYmYxYTZhNjVi
LzEvdldEdC1XSm10OERVT0RiSVZLdEhMTGROc0RRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU47VMA0G
CSqGSIb3DQEBCwUAA4IBAQCTmiCd2WssCTexYZp8eHCvSitfW/Xoy6EwHkaNw3vM
X+JbRgQOiN3FBlOdeZUQcCrvFV4EdLxokrVP4Dwc841vPiyeUuP7SHsQSZrHFZfF
fHBTzT0A9Y0MmNCO0HxEYPvPTShh7Itg1KWZ33z14M4tnsJas2XLJEV6JMvzfLrT
peB7xVaudETfnp3Hy8+dDqLLmEG967KSCMTc/R0B9PnCRKvOaXj0cfggW/RAuHPS
nqxAMCjdct6dble4KZesDFkmvfHTpPjtPdoit0Sn9lD2XGiEC+Opje+34kDIKi9N
GgOpBaury7tRGYkahGvbuymV7fQD1isH8UYoSvWpR196
-----END CERTIFICATE-----