Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/SHrDuLu1n_sOrM4QgHdTZEoTAJE.roa
File:                     SHrDuLu1n_sOrM4QgHdTZEoTAJE.roa (raw, json)
Hash identifier:          CZGD8h+L9lai75+mnZoqHO1PESA8rXkcIWZSY/P/7rM=
Subject key identifier:   48:7A:C3:B8:BB:B5:9F:FB:0E:AC:CE:10:80:77:53:64:4A:13:00:91
Certificate issuer:       /CN=66feef09c450990af34779ce701be6cd54b3d924
Certificate serial:       019EF0005A23D1136A6400C318C1E647978B
Authority key identifier: 66:FE:EF:09:C4:50:99:0A:F3:47:79:CE:70:1B:E6:CD:54:B3:D9:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/SHrDuLu1n_sOrM4QgHdTZEoTAJE.roa
Signing time:             Mon 22 Jun 2026 15:43:35 +0000
ROA not before:           Mon 22 Jun 2026 15:43:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216138
IP address blocks:        83.168.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 13:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:f0:00:5a:23:d1:13:6a:64:00:c3:18:c1:e6:47:97:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66feef09c450990af34779ce701be6cd54b3d924
        Validity
            Not Before: Jun 22 15:43:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=487ac3b8bbb59ffb0eacce10807753644a130091
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:7e:24:ce:54:ea:65:a6:b7:24:45:73:22:75:
                    c8:c9:c0:43:8e:c2:fb:dd:d0:90:90:0f:73:ef:08:
                    07:61:32:1a:61:11:f8:f7:4f:89:e7:69:64:c2:28:
                    fe:60:a8:20:cd:14:be:ae:a6:a1:f7:ee:6a:61:a0:
                    14:81:f5:e3:c0:a2:b2:0b:c2:48:83:db:4e:10:2b:
                    32:eb:90:46:e1:ad:e6:e0:b0:eb:93:06:d7:ac:32:
                    e2:58:6e:96:9a:89:5e:bb:cb:5e:fc:f0:6d:e7:8f:
                    58:0b:d0:66:1b:aa:e5:2f:11:0c:3a:bf:58:5b:68:
                    78:c1:8d:97:b8:56:da:85:c6:1d:0c:86:1f:1c:0c:
                    7e:58:ee:ef:15:84:df:fc:0f:8c:21:fa:80:85:5f:
                    19:81:1a:cd:ad:6f:8a:3f:05:1b:95:9d:a3:21:e3:
                    26:ab:a2:25:f6:f5:19:5d:39:c3:fd:47:d9:ee:b9:
                    cd:c8:eb:ff:7c:fa:00:5f:f6:98:f7:6d:1e:05:6a:
                    fb:05:2c:2e:64:4e:ca:cd:90:90:12:06:32:26:5d:
                    c4:99:a9:b5:05:ae:56:f6:31:be:f0:c6:74:a5:e2:
                    7c:1b:7b:b6:c3:6e:5a:50:be:96:e8:25:6c:c4:23:
                    94:89:97:66:0f:34:61:53:60:f9:45:3a:d2:a4:1b:
                    24:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:7A:C3:B8:BB:B5:9F:FB:0E:AC:CE:10:80:77:53:64:4A:13:00:91
            X509v3 Authority Key Identifier:
                keyid:66:FE:EF:09:C4:50:99:0A:F3:47:79:CE:70:1B:E6:CD:54:B3:D9:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/SHrDuLu1n_sOrM4QgHdTZEoTAJE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.168.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:72:c5:7f:99:ba:bb:60:0e:3b:82:d0:70:31:80:8d:43:f1:
         fe:7a:77:0b:69:76:08:de:b0:35:4e:df:4e:e9:a7:01:a2:fe:
         6e:40:0b:2d:53:7a:49:12:e9:ba:7f:33:cd:5f:fb:51:56:31:
         bd:6a:68:52:62:74:30:10:56:70:ac:de:9a:20:66:57:71:5e:
         2e:f2:4b:5a:6e:92:23:b2:03:90:14:11:43:b5:09:ba:18:51:
         9e:c2:b0:d0:70:cf:99:53:dd:db:e5:1f:44:2a:8c:8b:77:f4:
         eb:a3:bf:41:b8:f1:14:6d:2c:e3:97:d6:89:68:68:43:9e:af:
         63:fa:87:a7:d8:31:b0:84:26:a9:52:1d:27:2b:fb:4d:92:74:
         1d:f2:3c:b7:9b:dc:b0:1e:ae:b4:6c:ef:54:42:0d:5c:06:78:
         0f:90:22:f0:c7:3e:dd:fa:67:d3:85:92:5e:d1:51:50:bb:d4:
         a1:9b:71:40:5c:a4:f9:09:39:8b:bb:b5:f6:be:41:e5:fc:0c:
         8e:36:f8:fa:a2:ff:a8:50:79:0c:ba:0d:af:52:17:ae:85:89:
         e1:f6:64:31:b6:15:bc:a2:5b:fb:05:e0:1c:a6:55:59:ca:7e:
         e1:68:06:e0:00:15:c2:cb:59:0f:42:60:3a:9c:53:ce:ba:47:
         db:fe:2b:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7wAFoj0RNqZADDGMHmR5eLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZmVlZjA5YzQ1MDk5MGFmMzQ3NzljZTcwMWJlNmNkNTRi
M2Q5MjQwHhcNMjYwNjIyMTU0MzM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODdhYzNiOGJiYjU5ZmZiMGVhY2NlMTA4MDc3NTM2NDRhMTMwMDkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1X4kzlTqZaa3JEVzInXIycBDjsL7
3dCQkA9z7wgHYTIaYRH490+J52lkwij+YKggzRS+rqah9+5qYaAUgfXjwKKyC8JI
g9tOECsy65BG4a3m4LDrkwbXrDLiWG6Wmoleu8te/PBt549YC9BmG6rlLxEMOr9Y
W2h4wY2XuFbahcYdDIYfHAx+WO7vFYTf/A+MIfqAhV8ZgRrNrW+KPwUblZ2jIeMm
q6Il9vUZXTnD/UfZ7rnNyOv/fPoAX/aY920eBWr7BSwuZE7KzZCQEgYyJl3Emam1
Ba5W9jG+8MZ0peJ8G3u2w25aUL6W6CVsxCOUiZdmDzRhU2D5RTrSpBskiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEh6w7i7tZ/7DqzOEIB3U2RKEwCRMB8GA1UdIwQY
MBaAFGb+7wnEUJkK80d5znAb5s1Us9kkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnY3dkNjUlFtUXJ6UjNuT2NCdm16VlN6MlNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9hMTU5N2ItNmVmMi00NDMwLWFhNTYt
ODI0NTFmMzNmNGNhLzEvU0hyRHVMdTFuX3NPck00UWdIZFRaRW9UQUpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9hMTU5N2ItNmVmMi00NDMwLWFhNTYtODI0NTFmMzNmNGNh
LzEvWnY3dkNjUlFtUXJ6UjNuT2NCdm16VlN6MlNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU6h9MA0G
CSqGSIb3DQEBCwUAA4IBAQB8csV/mbq7YA47gtBwMYCNQ/H+encLaXYI3rA1Tt9O
6acBov5uQAstU3pJEum6fzPNX/tRVjG9amhSYnQwEFZwrN6aIGZXcV4u8ktabpIj
sgOQFBFDtQm6GFGewrDQcM+ZU93b5R9EKoyLd/Tro79BuPEUbSzjl9aJaGhDnq9j
+oen2DGwhCapUh0nK/tNknQd8jy3m9ywHq60bO9UQg1cBngPkCLwxz7d+mfThZJe
0VFQu9Shm3FAXKT5CTmLu7X2vkHl/AyONvj6ov+oUHkMug2vUheuhYnh9mQxthW8
olv7BeAcplVZyn7haAbgABXCy1kPQmA6nFPOukfb/isq
-----END CERTIFICATE-----