Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/8lbC32bIETDDVhN-jqLeFwhPwWA.roa
File:                     8lbC32bIETDDVhN-jqLeFwhPwWA.roa (raw, json)
Hash identifier:          GjIGiQ2uoHn+ZNDThVtvZVyNe+1MRzo+99Izj00ps7M=
Subject key identifier:   F2:56:C2:DF:66:C8:11:30:C3:56:13:7E:8E:A2:DE:17:08:4F:C1:60
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019EC76A97674BD43DFC28BE9518D4AE67C3
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/8lbC32bIETDDVhN-jqLeFwhPwWA.roa
Signing time:             Sun 14 Jun 2026 18:35:12 +0000
ROA not before:           Sun 14 Jun 2026 18:35:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     154685
IP address blocks:        78.154.108.0/24 maxlen: 24
                          82.109.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 15 Jun 2026 18:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:c7:6a:97:67:4b:d4:3d:fc:28:be:95:18:d4:ae:67:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Jun 14 18:35:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f256c2df66c81130c356137e8ea2de17084fc160
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:ae:33:a4:b9:c7:21:85:34:dc:96:e0:70:1e:
                    d9:2f:43:59:4e:d3:2b:bf:f7:9b:a0:f7:f0:50:ce:
                    e6:3e:6e:a4:35:47:6c:c7:c9:68:71:bf:91:d6:fa:
                    2d:a1:f3:39:2e:01:07:d5:8c:01:67:e2:d8:00:7f:
                    f5:39:ce:df:16:85:b0:0d:4f:92:44:d5:e2:bc:6c:
                    03:6d:b1:fd:cc:45:a1:e9:17:b7:a5:50:2e:19:a4:
                    8c:88:74:d3:4b:d8:30:ab:d3:c3:24:6e:5f:0f:41:
                    e7:95:d4:12:c3:e0:7c:19:a2:97:ad:68:e7:a4:3b:
                    04:94:0f:bb:35:79:1b:fa:cb:f8:9b:0b:cd:42:ec:
                    0b:5c:84:99:47:96:0f:fa:06:4e:f7:85:04:56:c9:
                    c9:95:3c:47:2a:f8:51:01:eb:ec:df:3c:3d:cf:db:
                    d5:a3:a9:8b:5d:5e:54:01:2b:6c:0d:12:fe:1f:6b:
                    14:11:55:ac:a2:d0:58:10:14:2e:51:7a:40:18:15:
                    ae:fa:5b:06:b5:95:55:45:2e:68:d1:9b:73:f0:7b:
                    44:96:27:61:18:9d:d3:e4:a6:9c:2d:36:b2:a5:0e:
                    75:bc:72:ec:ab:2a:00:26:c2:85:0b:3c:cc:a1:11:
                    63:7b:45:3f:bd:2f:ec:4b:40:13:6c:04:4c:27:a5:
                    28:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:56:C2:DF:66:C8:11:30:C3:56:13:7E:8E:A2:DE:17:08:4F:C1:60
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/8lbC32bIETDDVhN-jqLeFwhPwWA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.154.108.0/24
                  82.109.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:37:24:48:d9:47:05:0a:39:01:bb:43:06:f2:fd:cb:2a:96:
         f2:71:00:c3:60:dc:34:2c:14:3e:a0:e8:64:ac:82:69:c1:ee:
         60:77:83:a1:86:fd:9a:b0:cc:36:58:ed:e7:c5:69:ad:78:64:
         ab:f7:53:e2:3e:25:71:84:2d:19:30:df:7d:0d:92:f3:4a:da:
         21:57:25:cb:82:10:78:9d:a3:10:0b:fd:bc:f2:4c:00:c0:18:
         b7:0b:94:8e:b9:f6:92:50:e3:f8:99:58:26:f6:7a:d3:2a:9c:
         21:87:aa:1e:4f:9f:63:cd:94:3a:37:35:1c:1e:e6:26:dd:07:
         4b:dc:cb:db:05:22:75:6b:a6:34:20:51:9e:bf:fa:6e:bd:12:
         30:11:92:d8:68:a9:c4:31:cc:80:1a:ba:0b:1a:a2:b2:b9:ec:
         02:2f:4e:30:d6:bb:28:de:0b:af:71:94:cc:45:bb:d3:6a:71:
         03:9d:80:1c:ab:80:6e:ae:7c:af:77:98:95:10:ae:fd:4c:55:
         4a:94:41:fd:94:7d:cc:3d:23:5f:25:01:fa:5d:84:68:b5:97:
         9b:e1:34:3c:ea:6e:31:81:8c:a3:a0:24:42:d2:b1:1f:c9:97:
         ec:cc:04:ee:38:0d:80:85:e1:74:5d:d5:45:d8:7c:8b:a1:e1:
         c4:86:5f:8a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ7HapdnS9Q9/Ci+lRjUrmfDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNjE0MTgzNTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjU2YzJkZjY2YzgxMTMwYzM1NjEzN2U4ZWEyZGUxNzA4NGZjMTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo64zpLnHIYU03JbgcB7ZL0NZTtMr
v/eboPfwUM7mPm6kNUdsx8locb+R1votofM5LgEH1YwBZ+LYAH/1Oc7fFoWwDU+S
RNXivGwDbbH9zEWh6Re3pVAuGaSMiHTTS9gwq9PDJG5fD0HnldQSw+B8GaKXrWjn
pDsElA+7NXkb+sv4mwvNQuwLXISZR5YP+gZO94UEVsnJlTxHKvhRAevs3zw9z9vV
o6mLXV5UAStsDRL+H2sUEVWsotBYEBQuUXpAGBWu+lsGtZVVRS5o0Ztz8HtElidh
GJ3T5KacLTaypQ51vHLsqyoAJsKFCzzMoRFje0U/vS/sS0ATbARMJ6UoPwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPJWwt9myBEww1YTfo6i3hcIT8FgMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvOGxiQzMyYklFVEREVmhOLWpxTGVGd2hQd1dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATppsAwQA
Um3yMA0GCSqGSIb3DQEBCwUAA4IBAQBnNyRI2UcFCjkBu0MG8v3LKpbycQDDYNw0
LBQ+oOhkrIJpwe5gd4Ohhv2asMw2WO3nxWmteGSr91PiPiVxhC0ZMN99DZLzStoh
VyXLghB4naMQC/288kwAwBi3C5SOufaSUOP4mVgm9nrTKpwhh6oeT59jzZQ6NzUc
HuYm3QdL3MvbBSJ1a6Y0IFGev/puvRIwEZLYaKnEMcyAGroLGqKyuewCL04w1rso
3guvcZTMRbvTanEDnYAcq4Burnyvd5iVEK79TFVKlEH9lH3MPSNfJQH6XYRotZeb
4TQ86m4xgYyjoCRC0rEfyZfszATuOA2AheF0XdVF2HyLoeHEhl+K
-----END CERTIFICATE-----