Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/cSlZPGYiu5nAQe8aJFwNZt9ujt4.roa
File:                     cSlZPGYiu5nAQe8aJFwNZt9ujt4.roa (raw, json)
Hash identifier:          ZL/fsoz5OmQO62m02xl7xkYXDg7wFeWQSC0MlCRuMCw=
Subject key identifier:   71:29:59:3C:66:22:BB:99:C0:41:EF:1A:24:5C:0D:66:DF:6E:8E:DE
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019E8DC618F77508A688FF7B6156E8D96987
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/cSlZPGYiu5nAQe8aJFwNZt9ujt4.roa
Signing time:             Wed 03 Jun 2026 13:57:10 +0000
ROA not before:           Wed 03 Jun 2026 13:57:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     142433
IP address blocks:        82.108.198.0/23 maxlen: 24
                          82.109.96.0/23 maxlen: 24
                          82.110.234.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:05:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8d:c6:18:f7:75:08:a6:88:ff:7b:61:56:e8:d9:69:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Jun  3 13:57:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7129593c6622bb99c041ef1a245c0d66df6e8ede
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:18:07:2c:6e:7f:b2:6e:4c:fc:63:81:0c:a9:
                    db:9f:28:1d:cc:29:98:c5:18:80:d7:f0:02:f9:be:
                    e8:26:85:9b:45:76:0e:c1:40:c3:3a:d7:bc:51:7e:
                    ba:9d:5d:ca:2e:f7:8d:0b:3e:5e:13:4d:43:d9:79:
                    c6:ce:56:8d:7c:ca:1c:71:93:fd:bf:c9:f6:fe:9b:
                    17:f1:ea:7c:13:53:70:1c:56:52:b9:68:5a:ea:c3:
                    73:4f:bc:c5:ff:59:b4:00:6e:ee:b0:62:8f:28:8e:
                    f1:93:c8:c0:97:00:7a:c6:0b:24:51:22:b9:a2:95:
                    03:51:55:f5:62:8e:53:07:52:59:ac:98:46:f0:61:
                    c6:b6:09:f3:03:75:0a:1a:b9:d9:14:ff:33:48:86:
                    73:25:b5:6e:20:37:60:c1:68:56:93:17:66:c4:af:
                    33:d0:f3:e7:10:99:02:55:13:37:73:75:75:0d:87:
                    84:76:72:e3:03:c2:15:3c:3a:17:34:19:12:0a:8b:
                    36:53:36:72:8c:e7:90:dd:c0:91:e1:e7:74:68:03:
                    ba:a9:50:c9:b0:ff:f5:4a:73:6a:1d:b1:7e:2d:d0:
                    de:f0:da:3e:28:dc:af:c9:8c:fd:c0:aa:b6:57:24:
                    d7:d6:1f:b7:9d:b8:40:e2:b1:f7:4f:80:e1:0e:09:
                    71:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:29:59:3C:66:22:BB:99:C0:41:EF:1A:24:5C:0D:66:DF:6E:8E:DE
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/cSlZPGYiu5nAQe8aJFwNZt9ujt4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.108.198.0/23
                  82.109.96.0/23
                  82.110.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         26:5e:9e:1a:c5:b3:4d:a6:b5:ae:6c:34:04:65:32:b8:0e:57:
         47:d7:92:da:5b:7d:e9:ab:c4:39:c2:e7:7e:99:37:90:4c:0f:
         d6:9e:d6:e6:0b:26:c4:87:b3:77:64:6a:31:05:c7:df:09:2d:
         1b:19:08:29:b5:b1:5c:58:03:8d:ec:b9:38:34:8d:2b:14:3d:
         f3:b0:91:b7:e4:9f:bc:49:1e:53:3e:79:55:8b:d8:92:e3:c6:
         a1:2e:4f:09:0c:76:5d:89:fc:27:16:b8:90:d1:95:e3:fd:fc:
         98:d0:a3:1e:b1:37:0b:21:b5:9b:ea:f5:f6:16:98:b5:01:60:
         db:2b:51:db:ca:34:80:70:cc:97:eb:7d:56:fd:1a:d7:00:e7:
         e6:7d:32:d0:da:03:1f:01:54:39:dd:60:5f:d6:c6:bd:36:c3:
         89:f4:2a:d4:43:46:a2:cb:10:0d:0e:d9:78:1b:a7:45:8d:50:
         cb:3a:7a:25:4c:14:5a:b7:ca:86:9e:fd:6f:0a:8c:f1:14:0a:
         7f:de:fd:96:6c:ba:a6:69:f9:c3:07:97:42:e8:bf:df:7d:91:
         b9:b5:56:d9:46:89:b1:7a:98:67:36:2b:44:cf:71:6c:10:de:
         4d:fb:24:53:f1:3b:ab:63:82:b3:7e:af:91:a3:de:79:c8:42:
         68:38:8e:6f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ6Nxhj3dQimiP97YVbo2WmHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNjAzMTM1NzEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTI5NTkzYzY2MjJiYjk5YzA0MWVmMWEyNDVjMGQ2NmRmNmU4ZWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApBgHLG5/sm5M/GOBDKnbnygdzCmY
xRiA1/AC+b7oJoWbRXYOwUDDOte8UX66nV3KLveNCz5eE01D2XnGzlaNfMoccZP9
v8n2/psX8ep8E1NwHFZSuWha6sNzT7zF/1m0AG7usGKPKI7xk8jAlwB6xgskUSK5
opUDUVX1Yo5TB1JZrJhG8GHGtgnzA3UKGrnZFP8zSIZzJbVuIDdgwWhWkxdmxK8z
0PPnEJkCVRM3c3V1DYeEdnLjA8IVPDoXNBkSCos2UzZyjOeQ3cCR4ed0aAO6qVDJ
sP/1SnNqHbF+LdDe8No+KNyvyYz9wKq2VyTX1h+3nbhA4rH3T4DhDglxFwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHEpWTxmIruZwEHvGiRcDWbfbo7eMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvY1NsWlBHWWl1NW5BUWU4YUpGd05adDl1anQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBUmzGAwQB
Um1gAwQBUm7qMA0GCSqGSIb3DQEBCwUAA4IBAQAmXp4axbNNprWubDQEZTK4DldH
15LaW33pq8Q5wud+mTeQTA/WntbmCybEh7N3ZGoxBcffCS0bGQgptbFcWAON7Lk4
NI0rFD3zsJG35J+8SR5TPnlVi9iS48ahLk8JDHZdifwnFriQ0ZXj/fyY0KMesTcL
IbWb6vX2Fpi1AWDbK1HbyjSAcMyX631W/RrXAOfmfTLQ2gMfAVQ53WBf1sa9NsOJ
9CrUQ0aiyxANDtl4G6dFjVDLOnolTBRat8qGnv1vCozxFAp/3v2WbLqmafnDB5dC
6L/ffZG5tVbZRomxephnNitEz3FsEN5N+yRT8TurY4Kzfq+Ro955yEJoOI5v
-----END CERTIFICATE-----