Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/9AEZsUO8lblxnHvWzf94d5QmX3o.roa
File:                     9AEZsUO8lblxnHvWzf94d5QmX3o.roa (raw, json)
Hash identifier:          QTZtQFIK1EUH2rxY+7DzYgGkZzq3kHaaHvQfQm8W0hY=
Subject key identifier:   F4:01:19:B1:43:BC:95:B9:71:9C:7B:D6:CD:FF:78:77:94:26:5F:7A
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019ECF5991FF08C383F3FA9DC6239F8E2B4F
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/9AEZsUO8lblxnHvWzf94d5QmX3o.roa
Signing time:             Tue 16 Jun 2026 07:33:34 +0000
ROA not before:           Tue 16 Jun 2026 07:33:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402475
IP address blocks:        82.108.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Jun 2026 21:46:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:cf:59:91:ff:08:c3:83:f3:fa:9d:c6:23:9f:8e:2b:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Jun 16 07:33:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f40119b143bc95b9719c7bd6cdff787794265f7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:9a:75:3d:6c:1d:b8:1d:a6:ef:9b:8c:0c:d3:
                    e7:d4:4f:ab:cc:b7:d8:fc:ed:26:cf:03:b7:80:ec:
                    63:eb:90:23:da:91:b6:e1:cb:55:a9:fe:26:60:b2:
                    df:3e:c6:3c:81:a6:6b:36:72:0c:7f:2e:ed:06:5b:
                    8b:4c:24:cc:99:7c:ad:c4:e1:81:1a:06:f3:47:c8:
                    c5:92:42:42:32:1a:c1:34:71:97:b3:d7:49:8a:90:
                    ad:23:59:f2:8a:a6:bc:7d:4a:5a:be:25:98:d9:44:
                    aa:7a:82:5d:b4:9a:29:4c:e8:17:fe:20:52:7b:7e:
                    0a:3e:ba:2d:d4:7d:82:90:5c:77:2b:27:a1:89:0b:
                    b3:50:cb:49:88:d6:33:f6:dc:c1:9c:fd:e1:c8:1b:
                    3d:0f:6c:f9:22:03:89:27:69:5e:86:4b:88:aa:89:
                    c2:3c:17:c9:62:a4:c6:0e:b8:14:58:71:6e:6e:08:
                    48:b0:56:5a:c3:2f:3c:b0:0a:fc:e2:aa:60:eb:36:
                    49:2d:cd:aa:ed:97:b6:71:d3:55:82:c0:29:7d:fb:
                    84:5d:12:85:0c:e5:ed:99:29:23:bc:c4:fe:22:3e:
                    be:38:3c:52:af:71:bf:ea:57:74:f5:c1:38:cb:5b:
                    f4:50:61:8f:51:89:db:c4:98:1e:b1:99:e3:cf:5c:
                    a7:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:01:19:B1:43:BC:95:B9:71:9C:7B:D6:CD:FF:78:77:94:26:5F:7A
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/9AEZsUO8lblxnHvWzf94d5QmX3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.108.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:bc:31:05:03:67:f7:2f:39:40:bc:8e:7a:96:96:38:5e:bb:
         c9:7e:03:7a:41:0e:80:c9:2e:bf:ca:81:ce:99:73:e3:23:fe:
         bf:bc:11:c0:ab:a3:c5:11:5d:ed:1a:aa:24:23:9c:a1:59:c3:
         b0:bd:dd:c3:df:0f:2e:aa:86:af:ea:98:85:97:64:93:70:1c:
         32:0c:be:fe:d1:9d:cd:17:79:52:bd:b3:05:c6:be:57:22:f9:
         13:52:ec:ac:42:b8:0c:37:64:16:5b:b3:2f:31:62:cb:dc:ee:
         31:92:a9:99:cb:76:61:99:72:de:4f:e3:a3:1e:b0:92:9f:33:
         5c:ae:88:f1:3e:01:56:74:7e:62:55:82:20:5e:7b:bf:1e:f2:
         6f:69:4a:80:1b:fa:63:67:77:a9:08:98:00:03:42:8c:17:6e:
         28:d4:75:7e:b3:23:f7:92:34:ed:0e:d0:11:0c:0d:1a:ba:c5:
         11:e6:0c:68:c4:4f:0a:db:7e:ee:78:26:d9:9a:06:98:b2:95:
         2a:f6:c9:92:aa:ff:6f:0c:db:86:f9:82:a7:5b:85:25:a0:b2:
         59:d1:45:b3:46:f0:26:a7:d5:66:cc:41:52:c0:ec:26:2b:75:
         ec:32:1a:4e:9a:7e:88:e2:d2:bd:7d:9f:5c:69:33:3e:74:c2:
         72:79:21:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7PWZH/CMOD8/qdxiOfjitPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNjE2MDczMzM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDAxMTliMTQzYmM5NWI5NzE5YzdiZDZjZGZmNzg3Nzk0MjY1ZjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpp1PWwduB2m75uMDNPn1E+rzLfY
/O0mzwO3gOxj65Aj2pG24ctVqf4mYLLfPsY8gaZrNnIMfy7tBluLTCTMmXytxOGB
GgbzR8jFkkJCMhrBNHGXs9dJipCtI1nyiqa8fUpaviWY2USqeoJdtJopTOgX/iBS
e34KProt1H2CkFx3KyehiQuzUMtJiNYz9tzBnP3hyBs9D2z5IgOJJ2lehkuIqonC
PBfJYqTGDrgUWHFubghIsFZawy88sAr84qpg6zZJLc2q7Ze2cdNVgsApffuEXRKF
DOXtmSkjvMT+Ij6+ODxSr3G/6ld09cE4y1v0UGGPUYnbxJgesZnjz1yniwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPQBGbFDvJW5cZx71s3/eHeUJl96MB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvOUFFWnNVTzhsYmx4bkh2V3pmOTRkNVFtWDNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUmxaMA0G
CSqGSIb3DQEBCwUAA4IBAQAgvDEFA2f3LzlAvI56lpY4XrvJfgN6QQ6AyS6/yoHO
mXPjI/6/vBHAq6PFEV3tGqokI5yhWcOwvd3D3w8uqoav6piFl2STcBwyDL7+0Z3N
F3lSvbMFxr5XIvkTUuysQrgMN2QWW7MvMWLL3O4xkqmZy3ZhmXLeT+OjHrCSnzNc
rojxPgFWdH5iVYIgXnu/HvJvaUqAG/pjZ3epCJgAA0KMF24o1HV+syP3kjTtDtAR
DA0ausUR5gxoxE8K237ueCbZmgaYspUq9smSqv9vDNuG+YKnW4UloLJZ0UWzRvAm
p9VmzEFSwOwmK3XsMhpOmn6I4tK9fZ9caTM+dMJyeSHO
-----END CERTIFICATE-----