Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/SXUdzTeXUEkBToSh-B5v88_hToQ.roa
File:                     SXUdzTeXUEkBToSh-B5v88_hToQ.roa (raw, json)
Hash identifier:          xn0CyJkX11r74qrl+4moVEfTwnS9uVCWfWaDyK8YcG4=
Subject key identifier:   49:75:1D:CD:37:97:50:49:01:4E:84:A1:F8:1E:6F:F3:CF:E1:4E:84
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019E8898ACF0C52627E5DC9920FEAFC3C12E
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/SXUdzTeXUEkBToSh-B5v88_hToQ.roa
Signing time:             Tue 02 Jun 2026 13:49:27 +0000
ROA not before:           Tue 02 Jun 2026 13:49:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203054
IP address blocks:        87.84.239.0/24 maxlen: 24
                          212.134.170.0/24 maxlen: 24
                          212.134.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:05:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:88:98:ac:f0:c5:26:27:e5:dc:99:20:fe:af:c3:c1:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Jun  2 13:49:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=49751dcd37975049014e84a1f81e6ff3cfe14e84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:14:41:99:45:df:8d:a8:56:dd:27:81:a4:e1:
                    2e:e9:d2:7a:f8:c6:be:79:45:96:9f:33:cc:16:a3:
                    15:5f:21:0a:0e:be:27:51:9e:1e:16:31:82:c2:a9:
                    b5:df:df:6e:7d:80:67:14:8f:e6:0d:32:0d:ce:d8:
                    5b:49:a4:bc:39:d0:c0:06:34:15:da:a0:af:49:61:
                    ac:7e:2d:b9:ff:ad:b7:34:1a:f4:9c:fa:e2:43:0f:
                    5a:97:7b:9c:2d:65:9e:fd:6a:26:3d:a3:43:b5:f9:
                    0b:f0:e8:85:ac:5a:f0:02:19:34:c2:b3:63:e9:b3:
                    6d:46:4f:d1:52:ab:ca:a7:aa:bc:1c:90:e4:ec:a8:
                    c5:03:65:65:7c:9a:08:e5:76:df:4a:7c:55:3b:e1:
                    56:19:25:5a:f0:4a:11:ed:f0:84:39:2e:6e:46:1f:
                    24:f3:e1:b4:21:dd:c4:e7:df:e6:9a:71:5b:fd:60:
                    ed:7e:8f:c0:b0:dd:32:76:b8:f1:ed:8a:60:29:46:
                    72:c9:c4:9e:b5:92:d2:32:25:7b:b2:c6:7b:3e:29:
                    ce:e3:71:4c:27:36:6b:41:29:c8:a3:c9:9a:49:9c:
                    ac:cf:53:1b:b5:34:31:19:5d:21:fd:3c:7e:14:6d:
                    fd:2b:c6:b5:26:c6:47:50:d5:69:da:05:4a:66:81:
                    11:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:75:1D:CD:37:97:50:49:01:4E:84:A1:F8:1E:6F:F3:CF:E1:4E:84
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/SXUdzTeXUEkBToSh-B5v88_hToQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.84.239.0/24
                  212.134.170.0/24
                  212.134.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:e8:d1:8f:ae:b1:0d:c6:5b:bb:51:03:29:79:29:74:e6:e1:
         c9:07:be:27:91:90:f8:84:c4:b4:55:52:82:c5:08:b9:18:94:
         d4:56:7f:c7:56:a5:b6:27:8a:65:6d:d2:9d:74:25:01:2f:75:
         db:cd:be:92:55:04:00:2c:18:ba:19:ee:bd:94:52:ca:df:c3:
         51:8c:d6:98:5f:63:e1:ed:e8:21:e0:2e:1d:5c:73:97:e4:3a:
         d5:65:cd:ca:22:c9:cf:b6:1b:ab:45:6b:7e:f8:8c:69:8b:2c:
         50:c3:bb:09:97:5d:94:d7:34:d9:2d:ac:c6:d0:42:6b:0f:8a:
         f1:71:24:99:60:08:37:fb:09:66:93:08:ed:06:72:ee:97:0d:
         be:de:c0:c6:5f:e8:34:c8:cd:76:75:c5:49:d7:b4:62:f2:10:
         80:06:10:af:dc:04:19:6c:55:f0:22:25:e8:cf:45:68:6b:97:
         d5:1c:88:3c:b3:72:4f:a3:bd:c9:14:91:71:84:38:1d:63:4a:
         5a:e5:5e:69:46:36:05:e2:05:87:26:ab:ed:a5:e9:e0:d1:36:
         de:26:9b:0a:24:ca:c6:f3:65:7c:88:cc:de:54:0a:6c:1d:24:
         db:41:a4:0b:1b:37:91:72:9b:6e:5c:4c:17:28:b3:c7:8e:ff:
         c8:ae:45:7f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ6ImKzwxSYn5dyZIP6vw8EuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNjAyMTM0OTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTc1MWRjZDM3OTc1MDQ5MDE0ZTg0YTFmODFlNmZmM2NmZTE0ZTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoxRBmUXfjahW3SeBpOEu6dJ6+Ma+
eUWWnzPMFqMVXyEKDr4nUZ4eFjGCwqm1399ufYBnFI/mDTINzthbSaS8OdDABjQV
2qCvSWGsfi25/623NBr0nPriQw9al3ucLWWe/WomPaNDtfkL8OiFrFrwAhk0wrNj
6bNtRk/RUqvKp6q8HJDk7KjFA2VlfJoI5XbfSnxVO+FWGSVa8EoR7fCEOS5uRh8k
8+G0Id3E59/mmnFb/WDtfo/AsN0ydrjx7YpgKUZyycSetZLSMiV7ssZ7PinO43FM
JzZrQSnIo8maSZysz1MbtTQxGV0h/Tx+FG39K8a1JsZHUNVp2gVKZoER5wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEl1Hc03l1BJAU6Eofgeb/PP4U6EMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvU1hVZHpUZVhVRWtCVG9TaC1CNXY4OF9oVG9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAV1TvAwQA
1IaqAwQA1IbKMA0GCSqGSIb3DQEBCwUAA4IBAQBl6NGPrrENxlu7UQMpeSl05uHJ
B74nkZD4hMS0VVKCxQi5GJTUVn/HVqW2J4plbdKddCUBL3Xbzb6SVQQALBi6Ge69
lFLK38NRjNaYX2Ph7egh4C4dXHOX5DrVZc3KIsnPthurRWt++IxpiyxQw7sJl12U
1zTZLazG0EJrD4rxcSSZYAg3+wlmkwjtBnLulw2+3sDGX+g0yM12dcVJ17Ri8hCA
BhCv3AQZbFXwIiXoz0Voa5fVHIg8s3JPo73JFJFxhDgdY0pa5V5pRjYF4gWHJqvt
peng0TbeJpsKJMrG82V8iMzeVApsHSTbQaQLGzeRcptuXEwXKLPHjv/IrkV/
-----END CERTIFICATE-----